Skip to content

GitLab

Switch branch/tag
  1. 08 Aug, 2016 1 commit
    • Aaron Wells's avatar
      Bug 1570221 Don't print parameter values to logs when in production mode · b984a1b4
      Aaron Wells authored 
      The best way to prevent sensitive data from being printed to the logs
is to avoid printing the value of *any* parameter. For instance, a
password parameter may have an unusual name, or it may be passed
through a general-purpose function like "strlen()".

Since parameter values are useful for debugging, we can still print
them when not in production mode (although with known password
params still scrubbed out).

Note this patch both scrubs likely password params, and hides their
scrubbed value. That's mostly because I'm lazy, but it also obscures
the password's actual length.

Change-Id: I4a1ab4c89a169c6b29a7b63384c2412cee761ab7
behatnotneeded: Can't test with behat
(cherry picked from commit 9a297249)
      b984a1b4
  3. 01 Oct, 2015 1 commit
  5. 14 Apr, 2015 1 commit
  7. 27 Mar, 2015 1 commit
  9. 28 Oct, 2014 1 commit
  11. 06 Oct, 2014 1 commit
  13. 01 Jul, 2014 1 commit
  15. 02 Apr, 2014 3 commits
  17. 25 Mar, 2014 1 commit
    • Aaron Wells's avatar
      Prevent new users from taking spammy actions · 7b08f438
      Aaron Wells authored 
      Bug 1252101

1. New users get 2 "new user points" on their user record

2. While they have these, they're on probation and can't post
links in public places, or make public pages.

3. "new user points" are decreased each time a non-probationary
user responds to a forum post by the user

4. Admins & Staff are automatically non-probationary

Change-Id: Ibccd2e330945f66b07aac062c4f51b67a0c0dba2
      7b08f438
  19. 09 Mar, 2014 1 commit
  21. 27 Feb, 2014 1 commit
    • Aaron Wells's avatar
      Replace obsolete TinyMCE GoogleSpell with in-browser spellcheck as default · 75797883
      Aaron Wells authored 
      Bug 1212541: The web service the TinyMCE GoogleSpell code was using,
is no longer in existence. This patch changes things so that TinyMCE will
let the browser's spellchecker work, by default.

The "pathtoaspell" is now null by default. If pathtoaspell is null, we
eliminate the TinyMCE spellcheck button and set the "gecko_spellcheck"
flag to let the browser spellcheck work. If pathtoaspell is not null,
we show the TinyMCE spellcheck button as before.

Change-Id: I9fd2b12169669d3d9705a1e23dc6c03af6f01948
      75797883
  23. 29 Jan, 2014 1 commit
  25. 22 Jan, 2014 1 commit
  27. 13 Jan, 2014 2 commits
    • Aaron Wells's avatar
      Silence most E_STRICT errors · 8d17e071
      Aaron Wells authored 
      Bug 1268746: In PHP 5.4 E_ALL changed to include E_STRICT, causing Mahara to throw
a lot of strict standards errors. This should silence most of them.

HOWEVER, because most strict standards happen at compile-time, this will have no
effect on strict standards errors caused in the files that have already been
loaded by the time we call error_reporting() and set_error_handler(), which includes:
 - The file invoked directly by the URL
 - init.php
 - errors.php
 - config.php
 - config-defaults.php

Change-Id: I7a7fdf7facb1f30e186a0e8a27f1c3b7473200da
      8d17e071
    • Aaron Wells's avatar
      Updating $cfg->productionmode description · 2d0a6ccd
      Aaron Wells authored 
      Change-Id: Ic4cf6ce503c340c4f2833e5b6b81d7271b0edafe
      2d0a6ccd
  29. 06 Jan, 2014 1 commit
  31. 31 Dec, 2013 1 commit
  33. 17 Dec, 2013 1 commit
  35. 15 Dec, 2013 1 commit
    • Aaron Wells's avatar
      Allow a $cfg->bounces_ratio of 0 · 044a5f39
      Aaron Wells authored 
      Bug 1261233: If you set the ratio to 0, you'll bounce someone
as soon as they hit bounces_min, regardless of what the sent/bounced
ratio is

Change-Id: Ibe8223054fa70ea27748d78b099afa079be7f900
      044a5f39
  37. 19 Nov, 2013 1 commit
  39. 12 Nov, 2013 1 commit
  41. 11 Nov, 2013 1 commit
  43. 22 Oct, 2013 1 commit
  45. 14 Oct, 2013 1 commit
  47. 19 Sep, 2013 2 commits
  49. 05 Sep, 2013 2 commits
  51. 04 Sep, 2013 1 commit
  53. 22 Aug, 2013 1 commit
  55. 20 Aug, 2013 1 commit
  57. 19 Aug, 2013 1 commit
  59. 29 May, 2013 1 commit
  61. 03 Feb, 2013 1 commit
  63. 07 Sep, 2012 1 commit
    • Son Nguyen's avatar
      Allow users to choose institution themes for browsing if in multiple · 7cf320bc
      Son Nguyen authored 
      institutions (Bug #793308)

- Add a help file to explain the user setting: 'Theme'
- By default, users can choose one of their institution's themes as
their prefered theme.
- if site admins set $cfg->sitethemeprefs = true in config.php,
users can ALSO choose standard site's themes as preferred theme for
browsing the site.
- remove the option 'No theme selected'
- sort the themes in alphabetical order

Change-Id: I6f144747338e88eb1f90c79f0f7934449fe0ab63
Signed-off-by: default avatarSon Nguyen <son.nguyen@catalyst.net.nz>
      7cf320bc
  65. 06 Aug, 2012 1 commit
    • Hugh Davenport's avatar
      Add cron job to poll an imap mailbox for bounces · ed5e91ab
      Hugh Davenport authored 
      Bug #993018

Checks an imap mailbox, assumes that you have set up a
seperate mailbox for recieving the mailbounces.

To enable this change, the php imap extension must be loaded

This uses 9b9b2a5c for the
mail bounce checking. It also adds a few extra config.php
settings that need to be set for this cronjob to work.

The config settings that need to be set are:
$cfg->bounces_handle = true
$cfg->bouncedomain
$cfg->imapserver

There are also some other options shown in lib/config-defaults.php
for power users.

By default, email will only be disabled when more than 4 bounces
have been received, and the ratio between bounces and emails sent
to the user is above 0.2

Change-Id: I0bbc4cae26fd5284e4cbdc25b01ea4b566dd045a
Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
      ed5e91ab
  67. 18 Jun, 2012 1 commit
  69. 08 Jun, 2012 1 commit