GitLab

Currently there's no warning if the PHP GD library has been
compiled without one support for a file type. When a user attempts
to upload an image of an unsupported type, it will fail.

Change-Id: I682a39aeaba2d06494868210b9ef9d8f46f1b136
Signed-off-by: Melissa Draper <melissa@catalyst.net.nz>

* changes:
  Add "shared with" option to shared pages (part of bug #857793)
  Add sorting options to Shared Pages (part of bug #857793)
  Use http_build_query rather than urlencode on Shared pages
  Use view_search function to fetch data for Shared pages
  Add sorting by owner name in view_search

Adds a set of checkboxes to Shared Pages which allows the user to
filter by the various access types.  The default remains unchanged
(pages shared with you, friends, or your groups).  Additional options
are public, logged-in, and institutions, and any combination of these
can be searched.

This allows users to find all public pages on the site, for example.

Change-Id: I7b123f2088756cea04d2685e2e35ef578252991a
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Adds a second drop-down to Shared pages to allow sorting of results by
owner, title, and last modification time.

Change-Id: I760eec99a6d187b72389b017a55bc7fd7a544e05
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

This change does not affect the behaviour of Shared pages, but will
make it easier to add more query parameters later.

Also, by turning off the pieforms 'dieaftersubmit' setting and
modifying the global parameter variables, it's possible to avoid a
second page reload after submitting the form.

Change-Id: Ib0352e627752b9d3c47f9c08bf7b23f25ea0f08f
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The shared pages query can be simplified to use new parameters in
view_search.  This cuts down on code duplication, but requires a
second query to fetch information about the number of comments on each
view, and the name of the last commenter.

Change-Id: I43e4f752c803daac7546614b830daf2aa79b0adb
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Adds an 'ownername' sort option to view_search, so that results can be
sorted alphabetically by the name of the user, group, or institution
who owns the view.

Change-Id: I78086fb37e3bbc1313a7671f3aa508ed1c0cc93a
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* changes:
  Compress sitemaps using php's zlib rather than gzip executable
  Serve sitemaps from download.php and use download url in the index
  Remove daily sitemap before writing if it already exists
  Write sitemap xml files to dataroot, not docroot (bug #914490)
  Move check for sitemap configuration setting

Change-Id: I6617bef556346da9261578910535e258ce554c03
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Adds a 'type' parameter to download.php, which, if equal to 'sitemap',
will serve up a sitemap file from dataroot.  The download.php links
are then used in the generation of the sitemap index.

Change-Id: I8b7af1a6820cf32542f3ae1bdfc8940c309939b0
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

If for some reason the sitemap generator is called twice in a day, it
fails the second time while trying to overwrite the previous version.
This can be fixed by removing all sitemaps for the current day before
attempting to regenerate them.

Change-Id: I48c3ff5c99948e4c5ab93007f068f0319dfac2f8
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

The cron process can't write to the docroot, so we'll have to write
sitemaps to dataroot and make them accessible another way.

Change-Id: If3b09f7322f59beed9eba1ac3d6f63c667909dfa
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

When sitemap generation is disabled, we don't need to include all the
relevant libraries and log the message about disabled sitemap
generation.

Change-Id: I1f7e92f58dcb455bbfaab7745ce28e496ee7276b
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* changes:
  Add navigation for staff to access the user search page
  Add admin report on access lists of user pages (bug #919009)

* changes:
  jquery: New upstream version 1.7.1 (bug #923192)
  jquery: don't hardcode the version number in lib/web.php
  jquery: remove minified copy from core

Although this is currently just for user searches, using the terms
"Site Information" for site staff, and "Institution Information" for
institution staff will allow us to add site/institution statistics
under the same menu.

Change-Id: I40bae94406a1a6f16b428e3821f3be1ec41ae52d
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Adds a new "User reports" page to the admin section, accessible by
admins, which produces a list of all the pages owned by a given set of
users, and a list of who is on the access list for each page.

The users are selected using the checkboxes on the admin user search
page, and the page is reachable from admin user search using a new
"View reports" button on that page.

The CSV download that previously appeared on the Bulk actions page is
more appropriate on a reports page, so CSV download is also moved from
Bulk actions to User reports.  Email and remoteuser fields are only
displayed to site and institution administrators.

Because some sites will not want to allow staff to see the page access
lists of all users in their institutions, access to this page by staff
is controlled by a new "Staff report access" site setting.

Change-Id: Id02b58416e3dfb28fd39c1170426ddefe6669efe
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* changes:
  Fix error when cancelling the edit group form (bug #924644)
  Fix error when creating publicly viewable groups (bug #917383)

* changes:
  Let buttons disguised as links be used in navigation tabs
  Move bulk actions user list into a separate template
  Allow get_accesslists() to return views for >1 user
  Allow staff to access the admin user search page (bug #919009)

When you have multiple journals allowed in your account settings and
then delete all journals and want to switch back to a single journal,
the error message "You cannot disable multiple journals unless you
only have one journal" still comes up though no journal exists.

This message is confusing, it's simpler to hide the option altogether
for users with no journals.

Change-Id: I397422d4ad043c86621180837a16e1440b1243cd
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

* changes:
  jquery rating: add a pager hook for reskining
  jquery rating: New upstream release 3.14 (bug #923192)
  jquery rating: add README.Mahara file

Commit 725ba929 tries to reload
certain admin-settable fields from the database into a LiveUser when
committing, but fails to convert the suspended date to a timestamp
when doing so.  This causes the date to be displayed incorrectly to
suspended users when they log in.

The same problem was fixed for expiry dates in commit f7dcdf81

, bug

Change-Id: I3ce83f53183cbd9003226466149f54e878749d1e
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Some recent changes to the main stylesheets have resulted in themes
not being correctly applied when "Small page headers" are turned on.
First, the addition of a body#micro rule for background colour in the
raw theme was inherited by all the child themes, when it needs to be
overridden.  Also, some rules were using the main-column id rather
than the main-column class.

Change-Id: Iea21ff4dff71ebc85a2020bca900da1e344dfa8d
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

In commit 93c012f2

, the forum and group name were added to the body
of forum post email notifications, each wrapped in a call to
clean_html (htmlpurifier).  This crashes cron due to out-of-memory
errors whenever there are more than a few subscribers, and stops
notifications from being sent out at all.

The forum and group name only need to be rendered once per forum post,
so this could be fixed by moving the clean_html call up to the
activity constructor, rather than doing it in the get_emailmessage,
get_htmlmessage functions.  These functions get called for every
single subscriber notification, to ensure the string is displayed in
the subscriber's language.

But because group and forum names are never rendered as html, we don't
need to use htmlpurifier - html escaping is more appropriate and less
memory-hungry.

Change-Id: I0a4133b0a11e0e0004bdab1c29984ab4fc5dfbbf
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Commit 011c5039 changed lot of thumb.php urls to use the
type=profileiconbyid parameter (which takes an artefact id) rather
than type=profileicon (which takes a user id, and which cannot be
cached).

Unfortunately, when a user has no locally stored profile icon, use of
type=profileiconbyid stops their remote gravatar image from being
displayed.

This commit updates the thumb.php urls that were changed in commit
011c5039 to use the profile_icon_url() function, which respects
remote avatars when no local profileicon is available.

In some cases this requires a new size of the no_userphoto.png image,
so three new sizes are added in the raw theme.  The four no_userphoto
images in the custom theme were duplicates of those in raw, and are
removed.

Finally, the type=profileiconbyid change from commit 011c5039

 in the
viewacl.tpl template has been reverted back to type=profileicon.
Because this url is constructed in javascript, it is not worth the
trouble to use a profile_icon_url call here until the number of
requests to thumb.php really becomes a problem.

Change-Id: I7dce7090842999fe090dc2d8c481cb4aca7720d5
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Change-Id: Ic8cd74935bc836ad2615b5ef689d89a7638bb9cb
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Submission of the create group form with the 'publicly viewable group'
checkbox ticked produces the error "The 'public' parameter is not an
integer".  This is caused by an error in the check for form
submission due to a change in the form names in commit 5436cc00

.

Change-Id: Idfb4b2ec10e646aa4b6ee3b517fbb13210a1ed01
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>