1. 16 Jun, 2014 1 commit
  2. 04 Jun, 2014 1 commit
  3. 29 Jan, 2014 1 commit
  4. 21 Jan, 2014 1 commit
  5. 13 Jan, 2014 1 commit
    • Aaron Wells's avatar
      Silence most E_STRICT errors · 8d17e071
      Aaron Wells authored
      Bug 1268746: In PHP 5.4 E_ALL changed to include E_STRICT, causing Mahara to throw
      a lot of strict standards errors. This should silence most of them.
      HOWEVER, because most strict standards happen at compile-time, this will have no
      effect on strict standards errors caused in the files that have already been
      loaded by the time we call error_reporting() and set_error_handler(), which includes:
       - The file invoked directly by the URL
       - init.php
       - errors.php
       - config.php
       - config-defaults.php
      Change-Id: I7a7fdf7facb1f30e186a0e8a27f1c3b7473200da
  6. 15 Dec, 2013 1 commit
  7. 12 Nov, 2013 1 commit
  8. 06 Nov, 2013 1 commit
  9. 14 Oct, 2013 1 commit
  10. 23 Sep, 2013 1 commit
  11. 18 Jun, 2013 1 commit
    • Aaron Wells's avatar
      Making links to directory index.php files more explicit · 1c56a922
      Aaron Wells authored
      Bug #1150831: Some links to directory index.php files left off the
      trailing slash,
      i.e. "{$WWWROOT}/view". This caused unnecessary redirects and greater
      potential for
      errors in users' web server setups. While I was at it, for all links to
      other than $WWWROOT itself, I changed them to be explicitly links to
      Also fixed the Windows-style line endings in homeinfo.tpl
      Fix all implicit links
      Change-Id: I87b285713e5cb1cfe785ceedd2702e5c2578058b
  12. 01 May, 2013 1 commit
  13. 15 Apr, 2013 1 commit
  14. 03 Feb, 2013 1 commit
  15. 10 Oct, 2012 2 commits
    • Hugh Davenport's avatar
      Fix Click-Jacking attack on account deletion page · b480b81a
      Hugh Davenport authored
      This attack has been mitigated by adding a HTTP header
      of X-Frame-Options to every page in Mahara.
      Bug #1057240
      Change-Id: Ia15bb43c83054ffa5540d71fcc932266b92d288f
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
    • Hugh Davenport's avatar
      Fix saved file permissions · e85c165f
      Hugh Davenport authored
      Bug #1057238
      Currently, files that are saved by Mahara use the
      directorypermissions config option, which defaults to
      0700, which allows execution.
      This allows users to potentially upload files with
      executable bits set, and if they have control of the
      config options pathtoclam, pathtozip, or pathtounzip
      then they could run this command when one of those
      commands are invocated.
      This patch bitwise-AND's the directory permissions
      config with 0666, which removes any executable bit
      and sets the result as a new config option
      A change the upload code to use this new option is made
      Change-Id: I088d9873de7797d5a9aefc2401301f8b855ed592
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
  16. 27 Sep, 2012 1 commit
  17. 25 Sep, 2012 1 commit
    • Hugh Davenport's avatar
      Add option to disable device detection · 109eb4a5
      Hugh Davenport authored
      Also add a few theme changes that allow some more
      features on small devices.
      - Printing links
      - Settings link in top right corner
      - Create/copy page/collection link
      - Edit/delete buttons
      - Remove group members button
      - Help icons
      - Administration link
      Also made the admin link show in full
      The items that are disabled when device detection is on
      and user is on a mobile device are:
      - TinyMCE editor
      - Adding new blocks to pages, this is now a non-js version
      - Dropdown menu's
      - Export functionality
      Bug #1052060
      Change-Id: I5a8fe3cf136bb0c3e76e50a2b3bc48179c675b6a
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
  18. 19 Sep, 2012 4 commits
  19. 13 Sep, 2012 1 commit
  20. 29 Aug, 2012 1 commit
  21. 18 Jun, 2012 1 commit
  22. 18 May, 2012 1 commit
    • Richard Mansfield's avatar
      Add local hooks for registration and user initialisation (bug #1001064) · 5d737aa5
      Richard Mansfield authored
      Three new hooks are added:
      local_init_user() - called after $USER is initialised.  This is useful
      for changing the user's theme before $THEME is initialised.
      local_register_submit() - called when the registration form is
      successfully submitted, but before the submitted values are saved to
      usr_registration.  This is useful for remembering the properties or
      preferences of the logged-out user when the form was submitted.
      local_post_register() - called after a user has successfully been
      created and logged in during registration.  This is useful when
      properties of the user (which may have been saved to usr_registration
      by local_register_submit()) need to be transferred to the newly
      registered user.
      Change-Id: Ifcb19737bdcecb550185624f2fd78e541690a337
      Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
  23. 22 Mar, 2012 1 commit
  24. 17 Feb, 2012 1 commit
  25. 13 Sep, 2011 1 commit
  26. 12 Sep, 2011 1 commit
  27. 02 Sep, 2011 1 commit
  28. 01 Sep, 2011 1 commit
  29. 23 Jun, 2011 1 commit
    • Francois Marier's avatar
      Revert "Remove wwwroot from the database (bug #780177)" · 5266d1b4
      Francois Marier authored
      This reverts commit fb38dd95
      It turns out that we do need the wwwroot to be in the database
      because the code that sends forum posts via email runs in php
      cli mode and is needs to get the hostname of the site to embed
      in the headers.
      While not specifically mentioned in bug #794490, it was spitting
      out warnings in the logs.
      Change-Id: I36b33ac72eee01f71056a45c706f2fc8674620ec
      Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
  30. 09 Jun, 2011 1 commit
  31. 07 Jun, 2011 1 commit
    • Hugh Davenport's avatar
      Fix autogen of wwwroot to detect symbolic links correctly · a5887e1c
      Hugh Davenport authored
      Test by appending each directory in PHP_SELF to DOCUMENT_ROOT
      when the realpath of that is the same as dirname(__FILE__) then
      stop processing.
      For most users there is little performance hit, only a few will
      have more than say two levels above DOCUMENT_ROOT
      If nothing can be autoconfigured, use a default of root (ie no
      Bug #780237
      Change-Id: I60339a180ac043ab0b89c3a49ff5f2485112f567
      Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
  32. 16 May, 2011 1 commit
  33. 13 May, 2011 2 commits
  34. 10 May, 2011 1 commit
  35. 03 May, 2011 1 commit