- 02 May, 2016 1 commit
-
-
Aaron Wells authored
Change-Id: I812036e85e7cdd7d2ff2fc211d167972be295fda
-
- 01 May, 2016 1 commit
-
-
Robert Lyon authored
They need to be consistent in PHP7 and include the parameter types. behatnotneeded - existing tests are ok Change-Id: I5d94ee53962a92db6faf3718e5a54f48ea31e367 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 29 Apr, 2016 1 commit
-
-
Bug 1575969. In PHP7 some errors throw an Error object (to the exception handler) instead of generating an error (handled by the error handler). The official way to make an exception handler that will work in PHP 5 & 7, is to leave off the parameter's type declaration. Change-Id: I5fc1c3765d5a311eb499d62915e676f8d9ee07a0 behatnotneeded: Covered by existing tests (cherry picked from commit c3d7f4f6)
-
- 28 Apr, 2016 1 commit
-
-
behatnotneeded Change-Id: I1aa52a076843ff0dc4dcaf86a01e76b9673885b5 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit 0a6860a9)
-
- 22 Apr, 2016 1 commit
-
-
Robert Lyon authored
In other places we check the LOWER(username) but for some reason in find_by_username() we don't. We should do it here as well for consistency. behatnotneeded Change-Id: Ie692aeace0c8aa2f6989683e094ac6625f153b98 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit fb330e38)
-
- 21 Apr, 2016 2 commits
-
-
Rather than having an increasing list of specific parameters that we know to have passwords, this patch censors the content of any parameter with a name that contains the string "password" or "pw". behatnotneeded: Can't test with Behat Change-Id: Ifaa2ec10cf749c173b1a8d0928c6cc052124a83f (cherry picked from commit ae452377)
-
When looping through all auth to see if a user can login behatnotneeded Change-Id: I51693fac3c650ff529ccfc98586c50f4d185f591 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit 4993ce1c)
-
- 13 Apr, 2016 1 commit
-
-
This setting kills your Mahara session whenever you navigate to Mahara from a link or redirect on another page. This totally prevents SAML and other redirect-based auth methods from working, makes it annoying to use links in email, and while it is mentioned on the PHP manual's "Securing Sessions" page, it's only recommended there if you also have "session.use_trans_id" enabled, which we do not. Change-Id: I8b3b14bae8043c5004cc8f36766f2db9422eac1c behatnotneeded: Can't be tested by behat (cherry picked from commit 91807920) (cherry picked from commit c9b8ff02) (cherry picked from commit bcdd15ea)
-
- 05 Apr, 2016 1 commit
-
-
Aaron Wells authored
Change-Id: I2bea376b7d403171a306c31fdc69e26a4aa1644b
-
- 31 Mar, 2016 2 commits
-
-
Robert Lyon authored
-
behatnotneeded: Changes on database columns types only. Change-Id: I0e80fe7b4ca7552c854f3496db6496e984bbdd53
-
- 30 Mar, 2016 1 commit
-
-
see more at http://php.net/manual/en/session.security.php behatnotneeded Change-Id: I70b427daa1ee29c233339ba245f56a02c1a8b3a5 (cherry picked from commit 38bfb5cf)
-
- 23 Mar, 2016 9 commits
-
-
Son Nguyen authored
Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
Son Nguyen authored
Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
behatnotneeded - should be covered by existing tests Change-Id: Ia4592c9bd261c978dc911999e81f906fa0b13450
-
Aaron Wells authored
Also setting the note block's form change checker state to "dirty" by default, so that users will get a warning before navigating away to the other page. Change-Id: I20f586781df63e942a7a1c82e5e74fd5214c233f
-
Aaron Wells authored
Bug 1558361 behatnotneed Change-Id: Idc3f0a010fef76a0908f65ce88bf52ae870170d3
-
Aaron Wells authored
Bug 1558361 Change-Id: Ifb0dba0d91a0ea2ba2b2dfc2daeda39b679c0397
-
Aaron Wells authored
Bug 1558361 behatnotneeded Change-Id: Ic7186f35eb38cf79e76dcd8347df18178ccc5a32
-
Aaron Wells authored
Bug 1558361 behatnotneeded Change-Id: Idc139a671137cbde6958fdc8406bc56f8c395f08
-
Aaron Wells authored
Bug 1558361: TinyMCE will filter them out on the editing side, and HTMLPurifier will filter them out on the display side. behatnotneeded: Would require non-trivial new Behat step to check whether links have "target" attribute. Change-Id: If27462b2ca1a382ceeaadb374aade1f795f261bd
-
- 22 Mar, 2016 1 commit
-
-
behatnotneeded: error appears in error log Change-Id: Ic816248ee56bcae7daa1f13c768afdab92c95b23 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 21 Mar, 2016 1 commit
-
-
X-XSS-Protection: Tells the browser not to disable XSS protection X-Content-Type-Options: Tells the browser not to try to guess at mimetypes of downloads X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust alternate crossdomain.xml files (which set the permissions on whether this site allows itself to be accessed by scripts in Flash & PDF). Prevents an attacker from uploading a more permissive crossdomain.xml X-Powered-By: PHP by default sends this header with the current full PHP version. behatnotneeded: Selenium can't examine HTTP response headers Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357 (cherry picked from commit 29656f03)
-
- 18 Mar, 2016 1 commit
-
-
Bug 1558387 With this, we don't have to remember to bump HTML.DefinitionRev in html_clean(), or clear the htmlpurifier directory in dataroot. behatnotneeded: API change only Change-Id: I15cd291fd8e5d7d5c357f1595a89f34f44236e7d
-
- 16 Mar, 2016 1 commit
-
-
Robert Lyon authored
When displaying names for adding group members to groups behatnotneeded Change-Id: I0fb09eb1a17bd94c58533b8272db38e439897cbe Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit 564caacd)
-
- 14 Mar, 2016 1 commit
-
-
Robert Lyon authored
Bug 1556692: When used together, these can cause problems when the ID field from Moodle gets truncated to the default get_new_username() length of "30", when being inserted into usr.username in Mahara. behatnotneeded: Can't test Mnet in Behat Change-Id: Icdeb78b5298e7d63a0610987b0d8fad34e58d036
-
- 08 Mar, 2016 1 commit
-
-
Robert Lyon authored
behatnotneeded Change-Id: I88af0659d0140fc9595b15ee3d0771e819e0dee1 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit cce545b7)
-
- 03 Mar, 2016 1 commit
-
-
Robert Lyon authored
Due to a mistake in how blocks were ordered in the system behatnotneeded - existing tests should be ok Change-Id: Iac857c85d60e5948b6f95ddccee7a2e8cf43b1b4 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
- 10 Feb, 2016 1 commit
-
-
Bug 1534081 * This alters the default allowed attributes for iframe and adds: - allowfullscreen - mozallowfullscreen - webkitallowfullscreen All are allowed 0, 1 or empty values. * This resolves issues with vimeo and youtube, who require these attributes before showing the fullscreen icon: https://developer.vimeo.com/player/embedding behatnotneeded: Can't test Flash with behat Change-Id: Ie57c3c3968c4f7cd58a544135351ef506aa6be11
-
- 18 Dec, 2015 1 commit
-
-
Robert Lyon authored
When moving them downwards in a column from a non-first position to a non-last position with a jump greater than one place behatnotneeded Change-Id: Ie9bacc4a1a4ef77efd4e481c9ab3713885821dc1 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit a8750346)
-
- 11 Dec, 2015 2 commits
-
-
Aaron Wells authored
behatnotneeded: Not a change to Mahara's front end Change-Id: I379b2192c3518690ee1d39c0997b599d9dc91f7a
-
Change-Id: Ia83d2cd8b5f7b971098daf580839bd61f08be354 Signed-off-by:
Yuliya Bozhko <yuliya.bozhko@totaralms.com>
-
- 10 Dec, 2015 6 commits
-
-
Robert Lyon authored
If we have special chars like " or > in a feedback message they get saved to db as htmlspecialchars like " or $gt; When we go to display them we turn the & part into a specialchar again leading to bad display. behatnotneeded Change-Id: Ie66dd599029f0939938f0d1d829c4156b5db6d56 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-
Robert Lyon authored
-
Robert Lyon authored
-
Bug 1523499: Old wiki.mahara.org links without the "/wiki", and HTTP links that should be HTTPS. Also updated the installer release notes link to point to the base "Release_Notes" page in the wiki, because we no longer maintain separate wiki pages for each release. behatnotneeded: Covered by existing tests Change-Id: I02e80eb4d8df5adddee88e77156e8e103ca24c51 (cherry picked from commit 4c046f3d)
-
in the calls of the dml function: get_record_sql() behatnotneeded Change-Id: I28d6d03258c6141e9cdca21bf201228522d8b809 Signed-off-by:
Son Nguyen <son.nguyen@catalyst.net.nz>
-
Just need to require once 'activity.php' behatnotneeded Change-Id: Ie1de5b2b50f3de1c367bfa33f8bf4c412c40b0c8 Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz> (cherry picked from commit 079a9d6c)
-
- 30 Nov, 2015 1 commit
-
-
Aaron Wells authored
Bug 1515929: Usually when we use get_record(), we're querying against a record that has a uniqueness constraint guaranteeing that it is unique, in which case the PHP code that dies on non-uniqueness is redundant. In the remaining cases, we're dealing with records that for some reason can't have a uniqueness constraint, and the dying just causes the site to entirely stop working, when it would be more useful to have it continue to work but throw a warning message to the logs. behatnotneeded: Covered by existing test cases Change-Id: I264f72e3a8904293d78909410f68b29f2c78db3c
-
- 26 Nov, 2015 1 commit
-
-
Robert Lyon authored
Signed-off-by:
Robert Lyon <robertl@catalyst.net.nz>
-