GitLab

Changed the limit of the amount of members shown
so that a maximum 100 can be shown at once on the
group home page instead of a maximum of 40

Change-Id: If0b8a8ddd3a8e1d23bc4cf55ba1d9b527c7ad076
Signed-off-by: bonnie <kurousagiwasugoi@gmail.com>

Changed width of name, email, and subject input fields
in the 'Contact Us' page in the css.

Change-Id: I77956507694079c342cb7431fb9679839f882653
Signed-off-by: Ali Kaye <alexandrakaye.student@wegc.school.nz>

On the 'Suspended and Expired Users' page I have changed
the colour of the 'Delete Users' button from green to red.

Change-Id: Ie8c02bfcc5e31667439a59b4494d319cfb3ab7b4
Signed-off-by: bonnie <kurousagiwasugoi@gmail.com>

Made the necessary changes so that when you create a temporary URL the date error
messages are displayed properly.

Change-Id: I3d4b2d003b2b80d2e0cab7b0e8be459f78d24f56
Signed-off-by: Christian Tuveve-Aiono <handlethesandal@gmail.com>

Made it so that the messages it gives tells the user that the quota they are
looking at is for the group quota not their quota and the error message that it
gives for exceeding group quota tells the user that it is the groups quota
not their quota.

Change-Id: I04e509656e529c841ae82234f9479f14ecd1b11e
Signed-off-by: Matthew B <mattjbjb@gmail.com>

In the file htdocs/theme/raw/templates/group/group.tpl
hard coded logic was used to print a plural string.
This patch fixes this to use the new plural string syntax

Change-Id: Ic9e693e735f71dcaf3e76033dce81ec69b8455f2
Signed-off-by: Hugh Davenport <hugh@davenport.net.nz>

Make sure the string '&' does NOT passed to 'url' of a pagination.

All values of 'url' passed to build_pagination were well investigated
and fixed.
All strings of '&' were also well investigated

Change-Id: Id35837459e9dcfc42d2d6133720123e85758aac1
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

(Bug #1089730)

Change-Id: Ia244fa6fafdf32b0d8423646871a815c4397f1aa
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

Change-Id: Iee6a362c264eed24dea92ea7b86b9b29fab2e9ee
Signed-off-by: Ruslan Kabalin <r.kabalin@lancaster.ac.uk>

Added form entries
Added strings
Fixed links for non-js enabled browsers
Added function for js enabled browsers

Change-Id: I24887725d0be67c1bfab30338fb3cadf96ec362e
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

Uses the constraints system, added to the internal plugin.

Third party search libraries will need to be altered

Change-Id: Ib3a0e64eedbf8a57f449e749c97a805dcc1d49c5
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

The default value is 2 in most versions of PHP so this change
should have no effect.

However, if it were set to anything else than that, the certificate
verification would be meaningless since you could create a MITM
attack easily by swapping in a valid cert for any hostname.

Change-Id: I86156bad43507d9393f06b1f821a050e720b353f
Signed-off-by: Francois Marier <francois@mozilla.com>

Due to an override for moodle sites in Firefox 17 the useragent
in moodle and mahara cannot match, therefore jumping is broken.
This does not remove the useragent data storage, just the check
when the query for the sessions occurs in transfer and logout.

Change-Id: I59a2e3fb1aea20027ce6cf24338440c866b56f58
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

Change-Id: I947acea1d79f22b3fca796153afd898d0f317b37

Currently, the url of a pagination (used for the prev/next links as
well as the numbered pages, and also the POST action in the form tag
used for selecting a variable limit, added in the commit listed below)
was not santized on output. This was discovered from the group member
search page which passed in the query as a GET paramter in the URL for
the pages. This uses slightly different code to some of the newer
paginations, but it may affect other places that use similar era
pagination setup.

The commit introducing the new selector for a variable limit was
 f3162f80



This patch fixes this by sanitizing the url on output, in both the form
tag and the prev/next and numbered links.

CVE-2012-2253
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>
Change-Id: Id9ed08ef5e61b12580e28f4b18975b2c409b594d

Change-Id: I62c48bfc55e7bc80dca97a34592d6e8fbd00a465
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

* changes:
  Makefile: Add a test for security keywords to securitycheck
  Add security target for Makefile

Currently checks for cve or security.

Change-Id: I69ae3a2a721bf0179d7b914c8f40f612e71a6204
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

It will push a draft patch, and add the security team to the reviewers
list.

Change-Id: Icdc4672abaae327db2066c74ff7b484623de5a4f
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>

User can't join them directly or via site request.

Change-Id: I870011d42e6c6513fec33790739b3c58e375e456
Signed-off-by: Ruslan Kabalin <r.kabalin@lancaster.ac.uk>

Change-Id: I77df774a700ad846a02762bcf4e2fa75609f7f04
Signed-off-by: Ruslan Kabalin <r.kabalin@lancaster.ac.uk>

Was broken by commit 544c62b7 for
(Bug #941551)

Change-Id: I5ef546564677927e96541791ca3bbee1869e544b

split() will be replaced by explode() if using a string as a delimiter
and by preg_split() if using regular expression

Change-Id: I93a84150197fb290f89a04f10d5f0fd1e380f0da
Signed-off-by: Son Nguyen <son.nguyen@catalyst.net.nz>

When not escaped, the adodb abstraction layer did not use the prefix

Change-Id: Id44f520e2331be7f3e322f2084412d0b3545701c
Signed-off-by: Gregor Anzelj <gregor.anzelj@gmail.com>

It used to only check javascript or PHP files. Now it will check
for conflicts in all files.

In future, we should change the test to cover all file types, as
described in the following, though still only PHP and JS has been
written.

 https://wiki.mahara.org/index.php/Developer_Area/Coding_guidelines



Change-Id: I7051eedbf2691ca1dc51ccbffd1da3c7f613f351
Signed-off-by: Hugh Davenport <hugh@catalyst.net.nz>