MantisBT

Changesets: ATutor Search ] Browse ] Back to Index ]
master 81fef884
Timestamp: 2017-04-07 20:16:59
Author: greg
Committer: GitHub
Details ] Diff ]
Merge pull request 0000131 from cindyli/5781

5781: Fixed a typo.
mod - themes/mobile/admin/index.tmpl.php Diff ] File ]
master be4807a9
Timestamp: 2017-04-04 09:57:24
Author: cindy
Details ] Diff ]
5781: Fixed a typo.
mod - themes/mobile/admin/index.tmpl.php Diff ] File ]
master ded49bdf
Timestamp: 2017-03-15 19:44:15
Author: greg
Details ] Diff ]
5773 fixes quote enties in forum subject line in notifications
mod - mods/_standard/forums/forum/new_thread.php Diff ] File ]
master d0fcc1d6
Timestamp: 2017-03-15 19:37:31
Author: greg
Details ] Diff ]
Merge branch 'master' of https://github.com/atutor/ATutor [^]
master 2f914e48
Timestamp: 2017-03-15 19:37:07
Author: greg
Details ] Diff ]
5773 add decode to fail/pass feedback and instrucions
mod - mods/_standard/tests/view_results.php Diff ] File ]
master 9ff1e8ed
Timestamp: 2017-03-15 19:07:32
Author: greg
Details ] Diff ]
Merge branch 'master' of github.com:atutor/ATutor
mod - mods/_standard/tests/edit_test.php Diff ] File ]
master 1dca65ea
Timestamp: 2017-03-15 19:07:22
Author: greg
Details ] Diff ]
5773 add decode to instructions as well.
mod - mods/_standard/tests/view_results.php Diff ] File ]
master 56741876
Timestamp: 2017-03-15 18:25:58
Author: greg
Details ] Diff ]
5773 encode textarea on the way into the db, decode on the way out.
mod - mods/_standard/tests/edit_test.php Diff ] File ]
master 7db187cd
Timestamp: 2017-03-13 19:53:02
Author: greg
Details ] Diff ]
5772 add encoding and decoding with saving and displaying opended feedback and remedial content
mod - include/lib/constants.inc.php Diff ] File ]
mod - mods/_standard/tests/create_question_long.php Diff ] File ]
mod - mods/_standard/tests/question_footer.php Diff ] File ]
master cce297e0
Timestamp: 2017-03-13 18:32:01
Author: greg
Details ] Diff ]
5762 decode forum body to turn quote entities back into quotes for email notification
mod - mods/_standard/forums/forum/new_thread.php Diff ] File ]
master 6b35d060
Timestamp: 2017-03-11 13:09:50
Author: greg
Details ] Diff ]
5770 added htmlspecialchars() to POST[question]
mod - mods/_standard/tests/create_question_long.php Diff ] File ]
master ed2cca42
Timestamp: 2017-03-11 13:07:35
Author: greg
Details ] Diff ]
5771 add csrftoken field to upload patch form
mod - mods/_standard/patcher/index_admin.php Diff ] File ]
master 25318a7d
Timestamp: 2017-03-03 19:34:10
Author: greg
Details ] Diff ]
Merge branch 'master' of github.com:atutor/ATutor
mod - admin/config_edit.php Diff ] File ]
mod - include/lib/vital_funcs.inc.php Diff ] File ]
mod - index.php Diff ] File ]
mod - mods/_core/courses/admin/create_course.php Diff ] File ]
mod - mods/_core/courses/users/create_course.php Diff ] File ]
mod - mods/_core/enrolment/html/enroll_edit.inc.php Diff ] File ]
mod - mods/_core/properties/admin/delete_course.php Diff ] File ]
mod - mods/_core/properties/admin/edit_course.php Diff ] File ]
mod - mods/_core/users/admin_delete.php Diff ] File ]
mod - mods/_core/users/admin_email.php Diff ] File ]
mod - mods/_core/users/admins/delete.php Diff ] File ]
mod - mods/_core/users/admins/edit.php Diff ] File ]
mod - mods/_core/users/admins/password.php Diff ] File ]
mod - mods/_core/users/admins/reset_log.php Diff ] File ]
mod - mods/_core/users/edit_user.php Diff ] File ]
mod - mods/_core/users/instructor_requests.php Diff ] File ]
mod - mods/_core/users/password_user.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_create.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_delete.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_edit.php Diff ] File ]
mod - mods/_standard/patcher/classes/Patch.class.php Diff ] File ]
mod - mods/_standard/patcher/index_admin.php Diff ] File ]
mod - registration.php Diff ] File ]
mod - themes/default/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/default/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/default/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/default/admin/users/edit.tmpl.php Diff ] File ]
mod - themes/default/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/default/admin/users/password.tmpl.php Diff ] File ]
mod - themes/default/admin/users/password_user.tmpl.php Diff ] File ]
mod - themes/default/registration.tmpl.php Diff ] File ]
mod - themes/default/styles.css Diff ] File ]
mod - themes/mobile/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/mobile/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/mobile/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/mobile/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/mobile/registration.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/registration.tmpl.php Diff ] File ]
master 19b41648
Timestamp: 2017-03-03 19:33:45
Author: greg
Details ] Diff ]
5769 urlencode GET var passed into language editor template
mod - themes/default/admin/system_preferences/language_edit.tmpl.php Diff ] File ]
mod - themes/mobile/admin/system_preferences/language_edit.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/system_preferences/language_edit.tmpl.php Diff ] File ]
master add6ce09
Timestamp: 2017-01-09 17:53:25
Author: greg
Committer: GitHub
Details ] Diff ]
Merge pull request 0000128 from permw/Protection_against_CSRF_attacks_for_admin_actions

Fixes to cross site request forgery (CSRF) vulnerabilities for administrator actions.

Much appreciated! Reported in Mantis at:
http://www.atutor.ca/atutor/mantis/view.php?id=5747 [^]
mod - admin/config_edit.php Diff ] File ]
mod - include/lib/vital_funcs.inc.php Diff ] File ]
mod - mods/_core/courses/admin/create_course.php Diff ] File ]
mod - mods/_core/courses/users/create_course.php Diff ] File ]
mod - mods/_core/enrolment/html/enroll_edit.inc.php Diff ] File ]
mod - mods/_core/properties/admin/delete_course.php Diff ] File ]
mod - mods/_core/properties/admin/edit_course.php Diff ] File ]
mod - mods/_core/users/admin_delete.php Diff ] File ]
mod - mods/_core/users/admin_email.php Diff ] File ]
mod - mods/_core/users/admins/delete.php Diff ] File ]
mod - mods/_core/users/admins/edit.php Diff ] File ]
mod - mods/_core/users/admins/password.php Diff ] File ]
mod - mods/_core/users/admins/reset_log.php Diff ] File ]
mod - mods/_core/users/edit_user.php Diff ] File ]
mod - mods/_core/users/instructor_requests.php Diff ] File ]
mod - mods/_core/users/password_user.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_create.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_delete.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_edit.php Diff ] File ]
mod - mods/_standard/patcher/classes/Patch.class.php Diff ] File ]
mod - mods/_standard/patcher/index_admin.php Diff ] File ]
mod - registration.php Diff ] File ]
mod - themes/default/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/default/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/default/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/default/admin/users/edit.tmpl.php Diff ] File ]
mod - themes/default/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/default/admin/users/password.tmpl.php Diff ] File ]
mod - themes/default/admin/users/password_user.tmpl.php Diff ] File ]
mod - themes/default/registration.tmpl.php Diff ] File ]
mod - themes/mobile/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/mobile/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/mobile/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/mobile/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/mobile/registration.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/registration.tmpl.php Diff ] File ]
master 9c11deea
Timestamp: 2017-01-09 02:28:23
Author: permw
Details ] Diff ]
Fixed CSRF vulnerabilities for high-impact administrator actions. Also some minor refactoring of the naming of the CSRF token.
mod - admin/config_edit.php Diff ] File ]
mod - include/lib/vital_funcs.inc.php Diff ] File ]
mod - mods/_core/courses/admin/create_course.php Diff ] File ]
mod - mods/_core/courses/users/create_course.php Diff ] File ]
mod - mods/_core/enrolment/html/enroll_edit.inc.php Diff ] File ]
mod - mods/_core/properties/admin/delete_course.php Diff ] File ]
mod - mods/_core/properties/admin/edit_course.php Diff ] File ]
mod - mods/_core/users/admin_delete.php Diff ] File ]
mod - mods/_core/users/admin_email.php Diff ] File ]
mod - mods/_core/users/admins/delete.php Diff ] File ]
mod - mods/_core/users/admins/edit.php Diff ] File ]
mod - mods/_core/users/admins/password.php Diff ] File ]
mod - mods/_core/users/admins/reset_log.php Diff ] File ]
mod - mods/_core/users/edit_user.php Diff ] File ]
mod - mods/_core/users/instructor_requests.php Diff ] File ]
mod - mods/_core/users/password_user.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_create.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_delete.php Diff ] File ]
mod - mods/_standard/basiclti/tool/admin_edit.php Diff ] File ]
mod - mods/_standard/patcher/classes/Patch.class.php Diff ] File ]
mod - mods/_standard/patcher/index_admin.php Diff ] File ]
mod - registration.php Diff ] File ]
mod - themes/default/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/default/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/default/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/default/admin/users/edit.tmpl.php Diff ] File ]
mod - themes/default/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/default/admin/users/password.tmpl.php Diff ] File ]
mod - themes/default/admin/users/password_user.tmpl.php Diff ] File ]
mod - themes/default/registration.tmpl.php Diff ] File ]
mod - themes/mobile/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/mobile/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/mobile/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/mobile/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/mobile/registration.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/courses/edit_course.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/system_preferences/config_edit.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/users/admin_email.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/admin/users/instructor_requests.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/registration.tmpl.php Diff ] File ]
master 75df1862
Timestamp: 2017-01-04 10:57:45
Author: greg
Details ] Diff ]
add some spacing around content paragraphs
mod - themes/default/styles.css Diff ] File ]
master 5b03b8bf
Timestamp: 2017-01-04 10:29:33
Author: greg
Details ] Diff ]
add replace for line breaks and carrage returns, and slashes
mod - index.php Diff ] File ]
master 2c0738b8
Timestamp: 2017-01-02 08:45:17
Author: greg
Committer: GitHub
Details ] Diff ]
Merge pull request 0000127 from permw/XSS_vulnerability_fixes

From permw - Fixes to persistent cross site scripting vulnerabilities caused by unescaped content titles
mod - include/classes/ContentManager.class.php Diff ] File ]
mod - mods/_core/editor/delete_content.php Diff ] File ]
mod - mods/_core/editor/editor_tabs/edit.inc.php Diff ] File ]
master a39dfa36
Timestamp: 2017-01-01 14:45:48
Author: permwa
Details ] Diff ]
Escape content titles in sequence links where they are initially set, to avoid unnecessary escaping in each individual template file.
mod - include/classes/ContentManager.class.php Diff ] File ]
mod - themes/atspaces/include/footer.tmpl.php Diff ] File ]
mod - themes/atspaces/include/header.tmpl.php Diff ] File ]
mod - themes/blumin/include/footer.tmpl.php Diff ] File ]
mod - themes/blumin/include/header.tmpl.php Diff ] File ]
mod - themes/default/include/footer.tmpl.php Diff ] File ]
mod - themes/default/include/header.tmpl.php Diff ] File ]
mod - themes/default15/include/footer.tmpl.php Diff ] File ]
mod - themes/default15/include/header.tmpl.php Diff ] File ]
mod - themes/default20/include/footer.tmpl.php Diff ] File ]
mod - themes/default20/include/header.tmpl.php Diff ] File ]
mod - themes/default21/include/footer.tmpl.php Diff ] File ]
mod - themes/default21/include/header.tmpl.php Diff ] File ]
mod - themes/default_classic/include/footer.tmpl.php Diff ] File ]
mod - themes/default_classic/include/header.tmpl.php Diff ] File ]
mod - themes/fluid/include/header.tmpl.php Diff ] File ]
mod - themes/greenmin/include/footer.tmpl.php Diff ] File ]
mod - themes/greenmin/include/header.tmpl.php Diff ] File ]
mod - themes/idi/include/footer.tmpl.php Diff ] File ]
mod - themes/idi/include/header.tmpl.php Diff ] File ]
mod - themes/mobile/include/header.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/include/header.tmpl.php Diff ] File ]
mod - themes/tablet1/include/footer.tmpl.php Diff ] File ]
mod - themes/tablet1/include/header.tmpl.php Diff ] File ]
master a36b1660
Timestamp: 2016-12-31 09:48:49
Author: permwa
Details ] Diff ]
Fixed stored XSS vulnerabilities caused by unescaped content titles in:
- Content navigation pane.
- Delete content page.
- Edit content page.
- Arrange content page.
- Course page headers and footers.

Also some minor refactoring in ContentManager.class.php: Cleaned up redundant variables and function calls.
mod - include/classes/ContentManager.class.php Diff ] File ]
mod - mods/_core/editor/delete_content.php Diff ] File ]
mod - mods/_core/editor/editor_tabs/edit.inc.php Diff ] File ]
mod - themes/atspaces/include/footer.tmpl.php Diff ] File ]
mod - themes/atspaces/include/header.tmpl.php Diff ] File ]
mod - themes/blumin/include/footer.tmpl.php Diff ] File ]
mod - themes/blumin/include/header.tmpl.php Diff ] File ]
mod - themes/default/include/footer.tmpl.php Diff ] File ]
mod - themes/default/include/header.tmpl.php Diff ] File ]
mod - themes/default15/include/footer.tmpl.php Diff ] File ]
mod - themes/default15/include/header.tmpl.php Diff ] File ]
mod - themes/default20/include/footer.tmpl.php Diff ] File ]
mod - themes/default20/include/header.tmpl.php Diff ] File ]
mod - themes/default21/include/footer.tmpl.php Diff ] File ]
mod - themes/default21/include/header.tmpl.php Diff ] File ]
mod - themes/default_classic/include/footer.tmpl.php Diff ] File ]
mod - themes/default_classic/include/header.tmpl.php Diff ] File ]
mod - themes/fluid/include/header.tmpl.php Diff ] File ]
mod - themes/greenmin/include/footer.tmpl.php Diff ] File ]
mod - themes/greenmin/include/header.tmpl.php Diff ] File ]
mod - themes/idi/include/footer.tmpl.php Diff ] File ]
mod - themes/idi/include/header.tmpl.php Diff ] File ]
mod - themes/mobile/include/header.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/include/header.tmpl.php Diff ] File ]
mod - themes/tablet1/include/footer.tmpl.php Diff ] File ]
mod - themes/tablet1/include/header.tmpl.php Diff ] File ]
master cd797c1e
Timestamp: 2016-12-12 18:30:11
Author: greg
Details ] Diff ]
5738 disable subnav collapse javascript
mod - jscripts/ATutor_js.php Diff ] File ]
master aef40866
Timestamp: 2016-11-09 18:02:46
Author: greg
Details ] Diff ]
5730 replaces check_referer with a csrftoken
mod - mods/_core/courses/users/create_course.php Diff ] File ]
mod - themes/default/admin/courses/edit_course.tmpl.php Diff ] File ]
master 6de104c0
Timestamp: 2016-11-08 19:24:13
Author: greg
Details ] Diff ]
5729 add printNoLookupFeedback to header templates to allow plain text message to be added through passing GET[fb]
mod - themes/atspaces/include/header.tmpl.php Diff ] File ]
mod - themes/blumin/include/header.tmpl.php Diff ] File ]
mod - themes/default/include/header.tmpl.php Diff ] File ]
mod - themes/default15/include/header.tmpl.php Diff ] File ]
mod - themes/default20/include/header.tmpl.php Diff ] File ]
mod - themes/default21/include/header.tmpl.php Diff ] File ]
mod - themes/default_classic/include/header.tmpl.php Diff ] File ]
mod - themes/fluid/include/header.tmpl.php Diff ] File ]
mod - themes/greenmin/include/header.tmpl.php Diff ] File ]
mod - themes/idi/include/header.tmpl.php Diff ] File ]
mod - themes/mobile/include/header.tmpl.php Diff ] File ]
mod - themes/simplified_desktop/include/header.tmpl.php Diff ] File ]
mod - themes/tablet1/include/header.tmpl.php Diff ] File ]
master e02bc5a0
Timestamp: 2016-11-08 18:11:37
Author: greg
Details ] Diff ]
5730 add check_referer to prevent CSRF
mod - mods/_core/courses/users/create_course.php Diff ] File ]
1 2 3 4 5 ... 20 ... 40 ... 60 ... 80 ... 100 ... 120 ... 140 ... 160 ... 180 ... 200 ... 220 ... 240 ... 260 ... 280 ... 300 ... 320 ... 340 ... 360 ... 380 ... 400 ... 420 ... 440 441 442 443  >>


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker