- 10 Jul, 2015 1 commit
-
-
Bug 1470281 See https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. Change-Id: Ic46d02f65d9ed1cb57fb50e8fab2cbc9f62428a1 Signed-off-by:
Yuliya Bozhko <yuliya.bozhko@totaralms.com> Signed-off-by:
Aaron Wells <aaronw@catalyst.net.nz>
(cherry picked from commit 96b117e5)
-
- 08 Jul, 2015 1 commit
-
-
Change-Id: I445c763b09928ce03ae8561605e593bc23bba122 (cherry picked from commit 539d323f)
-
- 07 Jul, 2015 1 commit
-
-
Bug 1463629 Change-Id: I99f4df8b5ce51a58db5f122f44717ae6d12a6d72
-
- 01 Jul, 2015 1 commit
-
-
When anonymous comments is turned off Change-Id: Id2ed84cb3b532da6ec8e117ef13c283bd64af302 (cherry picked from commit 3046c5c7)
-
- 22 Jun, 2015 1 commit
-
-
Robert Lyon authored
To allow us to show a more detailed error message if site admin (not belonging to the group) goes to review an objectionable group page or group forum topic that has already been sorted out. Change-Id: If4785528bfe29736542972adce7609cdb0522248 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit a4f1dfe8)
-
- 10 Jun, 2015 2 commits
-
-
Aaron Wells authored
Change-Id: I45985d83317b675f68805bc011a9c240192ab352
-
Aaron Wells authored
The previous 1.10.4 version bump commit accidentally set the release string to "1.10.5testing" Change-Id: Ic20266dd36923cc79cb0e07b50dcbe968789a8a5
-
- 29 May, 2015 2 commits
-
-
Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Signed-off-by:Robert Lyon <robertl@catalyst.net.nz>
-
- 28 May, 2015 2 commits
-
-
Institution names were not being escaped properly in the accesslist. This patch escapes them properly as well as clearing the compiled cache for the templates where this problem occurs. Change-Id: I2e675af0b84a3a7106e0245a5faa6ee2095a7e06 Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Bug 1417120 The language location check now goes in this order: 1. /local string in selected language 2. theme/plugin directory, in selected language 3. langpack, in selected language 4. /local string in parent language (if any) 5. theme/plugin directory, in parent language 6. langpack, in parent language 7. /local string in English 8. theme/plugin directory, in English Change-Id: I24f61e24fadbca3a62fefa3855f4f444165d750a Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit 1d7a1fa4)
-
- 27 May, 2015 2 commits
-
-
Aaron Wells authored
Change-Id: I3ba68797512dd0d30087c62b17386b8417575ceb
-
Robert Lyon authored
Change-Id: Ida23b4b8d58cad2455e0fcb32efe6cad59fa5ce5 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
(cherry picked from commit e5b5ee67)
-
- 26 May, 2015 1 commit
-
-
Change-Id: Iaa1ef43f30615c253df28c70d20db415779146b8 Signed-off-by:Son Nguyen <son.nguyen@catalyst.net.nz>
-
- 25 May, 2015 1 commit
-
-
Bug 1450705: The normal Wysiwyg Pieform element's "onload()" can't handle the TinyMCE in the feedback area, because of the additional Feedback logic for hiding & showing the Feedback form. Change-Id: Ic2c7ad8c2ce8720ba1fcaf19c3ec71b6529b4ff0
-
- 17 May, 2015 1 commit
-
-
Ensures that pieform() is defined so that a "copy page" button can be created for copyable pages Change-Id: I2228ddfde04747a53b173a168d92286fc33af048 (cherry picked from commit b9839b52)
-
- 07 May, 2015 2 commits
-
-
Robert Lyon authored
-
Robert Lyon authored
It was wanting to check if the user was in the correct institution to edit the group - but was wailing if the user was in group 'mahara' or no institution. Change-Id: Ia77cb601774bdde6a2a176a0ed26760e4ccd8ea8 Signed-off-by:Robert Lyon <robertl@catalyst.net.nz>
-
- 05 May, 2015 1 commit
-
-
Robert Lyon authored
-
- 04 May, 2015 3 commits
-
-
Robert Lyon authored
On previewing a collection the greyed out overlay gets added each time you click a collection page tab - it should only be added once. Change-Id: Iebbd4a333438d629d252366a542981fbf2cf2fd6 Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Robert Lyon authored
It was incorrectly rendering it with current user's data. Also fixed a problem with facebook social profile - if one didn't add full url it will now append facebook domain to string Change-Id: Ia8b82b054d26afa7b3d0d074b5d9d97ab3f8c762 Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Robert Lyon authored
So that it works similar to how the add social profile page works Change-Id: I55816577ccc7b2b5f242d09408dcc6ebae88a65a Signed-off-by:Robert Lyon <robertl@catalyst.net.nz>
-
- 23 Apr, 2015 1 commit
-
-
Robert Lyon authored
The fix for this exists in Dwoo 1.2 so backporting it to older branches Change-Id: Idafa654ea5e71118d8fdd1512e9a32cf1f4c39cd Signed-off-by:Robert Lyon <robertl@catalyst.net.nz>
-
- 21 Apr, 2015 1 commit
-
-
Aaron Wells authored
This should make it easier when switching between master and older branches. Change-Id: I5be0afc3338fc66a05750b334f4742f7d17f4225
-
- 19 Apr, 2015 2 commits
-
-
Son Nguyen authored
Signed-off-by: -
Son Nguyen authored
Signed-off-by:
-
- 16 Apr, 2015 6 commits
-
-
Robert Lyon authored
Bug 1286935 Seeing as we check the url against FILTER_VALIDATE_URL and that only site admins can add to the 'allowed iframe sources' that should be enough without having to add the / to the end of the url. Change-Id: I82e3623d3df2fa03012278d334994224c51a092e Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Robert Lyon authored
-
Robert Lyon authored
By doing two things: 1) Getting the embedded SWF object to set the allowscriptaccess = "never" and allownetworking = "never" 2) By forcing a 'download file' link to actually download file - this goes for all files now that don't have embedded=1 in their url. I've done it this way, having the embedded item have extra url param so that if a user tries to manipulate a url by removing params it will default to force download. I've merged the changes I'd done here https://reviews.mahara.org/#/c/3522/2 and I've also cleaned up places where the download=1 was used as that is not needed now. Now if there are places where we need to embed rather than download we add the embedded=1 to the url. Change-Id: If5290a7c571d06d4178ef2ae5c4c09ed287403b4 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> -
Robert Lyon authored
Bug #1422232 Change-Id: Ia8fd7d074db3be027e1318a07d062a9ed1bb2ad8 Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Users who are logged in on the suspended institution's auth method are logged out. Change-Id: I10e1dec465a4363a076e92f4d90ec663ff8a822e Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Robert Lyon authored
Do correct string/variable comparison Change-Id: I98c5c1360891699e439108789b2015d7587222ca Signed-off-by:Robert Lyon <robertl@catalyst.net.nz>
-
- 15 Apr, 2015 6 commits
-
-
Robert Lyon authored
-
Change-Id: I45bdbbaeedf2e6bced74da0a8d7eebed753d4595 Signed-off-by: -
Robert Lyon authored
-
Change-Id: I0ae87e94bd7ad723a19045598280a6c4880aa3d8 Signed-off-by: -
And this ends up breaking the 'more' link in the inbox. Normally we don't expect the url to contain the full path so we need strip it off as it's added back in via the template. Change-Id: Ibf22f361aaf7697e9903a2374f15d4fb031d01ef Signed-off-by:Robert Lyon <robertl@catalyst.net.nz> -
Aaron Wells authored
Bug 1443770. Note this solution doesn't work fully in IE10. In that browser, the keyboard nav works, but clicking on the thumbnail won't pop open the accessibility links. The fix for that, is ultimately to change this from using MochiKit to using JQuery. Change-Id: I5f173f6b32a3a301c10262cd71838f78821b36dd
-
- 13 Apr, 2015 1 commit
-
-
Robert Lyon authored
A person can alter the viewid passed to the watchlist ajax update and so a user can end up watching a view they have no access to Change-Id: I21d00963ac3d9d53e337bcb0a7162bd2a1da1802 Signed-off-by:Robert Lyon <robertl@catalyst.net.nz>
-
- 29 Mar, 2015 1 commit
-
-
Change-Id: I643a825a3ff878cb8573e96cb2741c0dee0cb29f Signed-off-by:
-
