1. 08 Aug, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1570221 Don't print parameter values to logs when in production mode · b984a1b4
      Aaron Wells authored
      The best way to prevent sensitive data from being printed to the logs
      is to avoid printing the value of *any* parameter. For instance, a
      password parameter may have an unusual name, or it may be passed
      through a general-purpose function like "strlen()".
      Since parameter values are useful for debugging, we can still print
      them when not in production mode (although with known password
      params still scrubbed out).
      Note this patch both scrubs likely password params, and hides their
      scrubbed value. That's mostly because I'm lazy, but it also obscures
      the password's actual length.
      Change-Id: I4a1ab4c89a169c6b29a7b63384c2412cee761ab7
      behatnotneeded: Can't test with behat
      (cherry picked from commit 9a297249)
  2. 04 Aug, 2016 1 commit
  3. 03 Aug, 2016 1 commit
  4. 02 Aug, 2016 7 commits
  5. 01 Aug, 2016 6 commits
    • Robert Lyon's avatar
    • Robert Lyon's avatar
      Merge "bug#1607669: Validate the results of ldap_search() and ldap_list() when... · 1c229ae8
      Robert Lyon authored
      Merge "bug#1607669: Validate the results of ldap_search() and ldap_list() when syncing users." into 15.04_STABLE
    • Aaron Wells's avatar
      Bug 1605127: Method signature mismatch in Activity::update_url() · 3b1580d9
      Aaron Wells authored
      The abstract Activity class defines the function update_url()
      with no parameters, but the two subclasses that override it
      define it with one parameter. This will cause problems in PHP 7.
      It's always called with one parameter, (even in the Activity
      class itself) so the best option is to add one parameter to the
      implementation in Activity.
      Change-Id: I810061ed6f8c55101327e2e907bb68ebf9870380
      behatnotneeded: Covered by existing tests
      (cherry picked from commit b469030b)
    • Ghada El-Zoghbi's avatar
      Bug 1606101: usr.suspendedcusr must be non-zero · 1b577978
      Ghada El-Zoghbi authored
      It turns out a lot of existing code checks the boolean
      value of usr.suspendedcusr to determine if a user should
      be treated as suspended or not. The LDAP sync cron (and,
      indeed, any code suspending users via a cron task) was
      setting usr.suspendedcusr to 0, which is boolean false,
      so these users would be treated as not suspended.
      We are going to update all usr.suspendedcusr = 0
      to a valid site admin ID.
      Change-Id: Iecfbfd8a4cdd98d5d07149bb40c64308262ea234
      behatnotneeded: Test to come later
    • Ghada El-Zoghbi's avatar
      bug#1607669: Validate the results of ldap_search() and ldap_list() when syncing users. · fb75f139
      Ghada El-Zoghbi authored
      When retrieving data from the LDAP server, check the results retrieved from
      ldap_search() and ldap_list(). If there is an error, do not continue.
      Otherwise, the sync_users() will assume that zero users were retrieved
      from LDAP. It will then deleted or suspended users when
      'If a user is no longer present in LDAP' is set to either suspend
      users or delete them.
      Change-Id: Ib57901c61f769d96720cf932d2e0d7f643853a56
      (cherry picked from commit 1daee33a)
    • Ghada El-Zoghbi's avatar
      bug#1605067: improve accessibility by adding text placeholders for: · 2c6ae585
      Ghada El-Zoghbi authored
      1. search text at the top menu
      2. search text for users
      3. search text for elasticsearch
      4. search text for institutions
      Thus, eliminating the need for the emptyonfocus class and its
      related jquery code to hide the default text.
      Change-Id: I57b9fcac4f9fd758b7048b8567101f28dcc48cff
      (cherry picked from commit d48226c7)
  6. 14 Jul, 2016 1 commit
    • Aaron Wells's avatar
      Fixing issues in embedded images in copied pages · ffac44d1
      Aaron Wells authored
      Bug 1489274
      - DB upgrade to fill in artefact_file_embedded records for
      existing blog entries
      - Improving the regex that rewrites links in copied journal
      entries, notes, and text blocks
      behatnotneeded: Requires upgrading the site; not testable via Behat
      Change-Id: Ie5d5dc12065ed039df663910e5ee738d57377a91
  7. 11 Jul, 2016 13 commits
  8. 10 Jul, 2016 2 commits
  9. 08 Jul, 2016 1 commit
  10. 07 Jul, 2016 1 commit
  11. 06 Jul, 2016 2 commits
  12. 05 Jul, 2016 1 commit
  13. 04 Jul, 2016 1 commit
  14. 10 Jun, 2016 2 commits
    • Pramith Dayananda's avatar
      Bug 1587474: No indents forum reply fails when the last post has been deleted · 5190027b
      Pramith Dayananda authored
      Change-Id: I52cdd0199a30b0eaa6c067f079bb043ff92ce885
      (cherry picked from commit f9cef9d8)
    • Aaron Wells's avatar
      Bug 1588613: Later session start so we can use DB config table · e5e7b38c
      Aaron Wells authored
      The session init code relies on $CFG->session_timeout, which is
      normally defined in the config table. So, we need to start the
      session after opening the database connection.
      (In the event that there's an earlier session start, for instance
      due to an error message, this will cause the session for that
      page load to disregard any database config values. But that's not
      a show-stopper, and there's no easy way to fix it.)
      Change-Id: Iffbeebc8e92929970a558ff0fbc726719bb92741
      behatnotneeded: Covered by existing tests
      (cherry picked from commit 12cb73cf)