From 461fadb2b902982d39c74a17184d254fd44c09fd Mon Sep 17 00:00:00 2001 From: John Eskew Date: Wed, 15 Nov 2017 14:02:26 -0500 Subject: [PATCH 1/2] Remove unused direct reference to specific course in common settings. --- lms/envs/common.py | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/lms/envs/common.py b/lms/envs/common.py index 68675917db..64968ad319 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -652,10 +652,6 @@ EDX_ROOT_URL = '' LOGIN_REDIRECT_URL = EDX_ROOT_URL + '/login' LOGIN_URL = EDX_ROOT_URL + '/login' -COURSE_NAME = "6.002_Spring_2012" -COURSE_NUMBER = "6.002x" -COURSE_TITLE = "Circuits and Electronics" - ### Dark code. Should be enabled in local settings for devel. ENABLE_MULTICOURSE = False # set to False to disable multicourse display (see lib.util.views.edXhome) @@ -664,16 +660,6 @@ WIKI_ENABLED = False ### -COURSE_DEFAULT = '6.002x_Fall_2012' -COURSE_SETTINGS = { - '6.002x_Fall_2012': { - 'number': '6.002x', - 'title': 'Circuits and Electronics', - 'xmlpath': '6002x/', - 'location': 'i4x://edx/6002xs12/course/6.002x_Fall_2012', - } -} - COURSE_MODE_DEFAULTS = { 'bulk_sku': None, 'currency': 'usd', From 1bf74c7d32ef6dfb29ba53d641feb8a0b7a390be Mon Sep 17 00:00:00 2001 From: John Eskew Date: Wed, 15 Nov 2017 14:16:10 -0500 Subject: [PATCH 2/2] Add disabled request limits implemented in Django 1.11 --- cms/envs/common.py | 5 +++++ lms/envs/common.py | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/cms/envs/common.py b/cms/envs/common.py index f1572e34d0..ee2cd04ca0 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -1241,6 +1241,11 @@ ADVANCED_SECURITY_CONFIG = {} SHIBBOLETH_DOMAIN_PREFIX = 'shib:' OPENID_DOMAIN_PREFIX = 'openid:' +# Set request limits for maximum size of a request body and maximum number of GET/POST parameters. (>=Django 1.10) +# Limits are currently disabled - but can be used for finer-grained denial-of-service protection. +DATA_UPLOAD_MAX_MEMORY_SIZE = None +DATA_UPLOAD_MAX_NUMBER_FIELDS = None + ### Size of chunks into which asset uploads will be divided UPLOAD_CHUNK_SIZE_IN_MB = 10 diff --git a/lms/envs/common.py b/lms/envs/common.py index 64968ad319..c706042f77 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -643,6 +643,11 @@ AUTHENTICATION_BACKENDS = ['ratelimitbackend.backends.RateLimitModelBackend'] STUDENT_FILEUPLOAD_MAX_SIZE = 4 * 1000 * 1000 # 4 MB MAX_FILEUPLOADS_PER_INPUT = 20 +# Set request limits for maximum size of a request body and maximum number of GET/POST parameters. (>=Django 1.10) +# Limits are currently disabled - but can be used for finer-grained denial-of-service protection. +DATA_UPLOAD_MAX_MEMORY_SIZE = None +DATA_UPLOAD_MAX_NUMBER_FIELDS = None + # Configuration option for when we want to grab server error pages STATIC_GRAB = False DEV_CONTENT = True