1. 11 May, 2015 1 commit
  2. 07 May, 2015 1 commit
  3. 04 May, 2015 2 commits
  4. 03 May, 2015 1 commit
  5. 29 Apr, 2015 1 commit
  6. 28 Apr, 2015 2 commits
  7. 24 Apr, 2015 1 commit
  8. 21 Apr, 2015 1 commit
  9. 15 Apr, 2015 2 commits
    • Robert Lyon's avatar
      Stopping SWF files XSS exploitation (Bug #1190788) · 8df9bdfa
      Robert Lyon authored
      By doing two things:
      
      1) Getting the embedded SWF object to set the
       allowscriptaccess = "never" and allownetworking = "never"
      
      2) By forcing a 'download file' link to actually download file
      - this goes for all files now that don't have embedded=1
      in their url.
      
      I've done it this way, having the embedded item have extra url param
      so that if a user tries to manipulate a url by removing params it
      will default to force download.
      
      I've merged the changes I'd done here https://reviews.mahara.org/#/c/3522/2
      
      
      and I've also cleaned up places where the download=1 was used as that is
      not needed now. Now if there are places where we need to embed rather
      than download we add the embedded=1 to the url.
      
      Change-Id: If5290a7c571d06d4178ef2ae5c4c09ed287403b4
      Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
      8df9bdfa
    • Aaron Wells's avatar
      Explicitly tell the template to use the AJAX block loader · 29053d1b
      Aaron Wells authored
      Bug 1444229: It was hacky to rely on the block content being empty
      to signal the AJAX block loader. We should tell it to do so explicitly.
      
      Change-Id: I9816c43c96ffed85282ac0d874fa5bfe1ca62e00
      29053d1b
  10. 13 Apr, 2015 1 commit
  11. 07 Apr, 2015 1 commit
  12. 01 Apr, 2015 1 commit
  13. 31 Mar, 2015 1 commit
  14. 26 Mar, 2015 1 commit
  15. 24 Mar, 2015 1 commit
  16. 23 Mar, 2015 2 commits
  17. 19 Mar, 2015 3 commits
  18. 18 Mar, 2015 3 commits
  19. 17 Mar, 2015 2 commits
  20. 16 Mar, 2015 1 commit
  21. 13 Mar, 2015 1 commit
    • Ghada El-Zoghbi's avatar
      Annotation artefact: Bug 1397759 · 389df353
      Ghada El-Zoghbi authored
      A new artefact similar to the comment artefact but with less
      functionality (i.e. no attached files, etc).
      It's an explenation of why a particular evidence meets a
      particular standard.
      
      If an annotation is created and added to a page, when the user
      deletes it from the page, the instance is deleted along with the
      annotation and its feedback.
      
      TODO:
      
      1. Imports seem to be working.
      Can get all comments to import and display.
      Needs some serious testing.
      
      2. Made changes for broken images but another bug was reported and is
      currently being worked on. So, may not need the fixes in here. Changes in:
      - htdocs/artefact/file/download.php
      
      To completely fix the broken images for all artefacts, changes are also required
      in htdocs/lib/embeddedimage.php to delete based on resourceid instead of fileid.
      
      Change-Id: Ibdb2e1c6500862645bac741bf61cff37e5a5b35c
      389df353
  22. 11 Mar, 2015 1 commit
  23. 10 Mar, 2015 1 commit
  24. 09 Mar, 2015 1 commit
  25. 08 Mar, 2015 7 commits