Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,450 Commits 1 Branch 0 Tags
079f43f40d399cfc0da17039b6dede4e06bda2fb
Commit Graph

6923 Commits

Author SHA1 Message Date
Akiva Leffert
d44b4d28ce Mark register-sidebar template safe by default 2016-03-23 15:10:07 -04:00
Renzo Lucioni
a104d82e70 Secure templates used to inject Segment and Optimizely 2016-03-23 14:40:24 -04:00
Kevin Falcone
06f5e49978 This appears to actually be in UTC (not in the django TZ default). 
You can see the times are marked +00:00 for the ISO 8601 format date and
I see no code in the backend that tries to convert.
 2016-03-23 14:38:18 -04:00
Kevin Falcone
8a85d7e346 Udpate to secure by default 
Most things were already escaped, including the json.dumps, and we've
decided not to use dump_html_escaped_json
 2016-03-23 14:35:08 -04:00
Michael Katz
c4a18db989 Merge pull request #11896 from edx/mkatz/3pauthsafetemplate 
add filter to profile page
 2016-03-23 13:11:49 -04:00
Michael Katz
4d6c787930 add filter 2016-03-23 11:34:21 -04:00
Peter Fogg
11bb281019 Remove old teams example templates. 2016-03-23 11:19:01 -04:00
Michael Katz
9a94b106f8 safe template 2016-03-23 10:49:35 -04:00
Eric Fischer
e2c4131a5d Merge pull request #11797 from edx/christina/fix-improper-escaping 
Fix improper escaping.
 2016-03-22 08:49:20 -04:00
Awais Qureshi
4f5589e356 Merge pull request #11759 from edx/awais786/ECOM-2931-update-credit-eligible-email 
Add the providers information in the email.
 2016-03-22 16:03:14 +05:00
Awais
a154e7f1c3 Adding the ecom api functionality for the credentials. 
ECOM-2931
 2016-03-22 14:01:54 +05:00
cahrens
358ed2559a Fix improper escaping. 2016-03-21 16:01:04 -04:00
Christina Roberts
4626746678 Merge pull request #11844 from edx/christina/delete-carousel 
Delete face_upload and responsive-carousel.
 2016-03-21 13:26:04 -04:00
Ayub-khan
90a72ddba6 Properly escaping fullname 
To prevent XSS attacks, we now properly escape any string containing
the user's fullname. Enumerated by searching webview.py for "fullname",
and "git grep"-ing any occurrences. This also exposed some unused strings,
which I deleted for clarity.
 2016-03-21 11:07:00 -04:00
Robert Raposa
0a8f6fa3fe Properly escape the name 2016-03-21 11:06:56 -04:00
Robert Raposa
15ef27fe0f Escape full name 
TNL-3849/SEC-69
 2016-03-21 11:06:52 -04:00
Peter Pinch
7eb079df3e Merge pull request #11712 from mitocw/enhancement/aq/prevent_ccx_creation_if_CCXConnector_is_set_mitocw#189 
Prevented creation of new CCX in lms, when a CCXConnector URL is set on a course
 2016-03-21 08:52:51 -04:00
Andy Armstrong
76b8e2e897 Merge pull request #11631 from edx/fedx/upgrade-libraries 
Upgrade Underscore.js and Underscore.string.js
 2016-03-18 16:32:16 -04:00
Adam
ec57ee027d Merge pull request #11848 from edx/release 
Release
 2016-03-17 22:58:10 -04:00
Clinton Blackburn
6ad750a1f3 Fixed accessibility issues with password reset 
ECOM-3938
 2016-03-17 16:40:42 -04:00
cahrens
f9901614f1 Delete face_upload and responsive-carousel. 
This appears to be dead code.
 2016-03-17 15:14:19 -04:00
David Ormsbee
b8b7327e93 Revert "Make Capa problems do initial load without AJAX." 
This reverts commit 9984bbc29a.
 2016-03-17 14:26:04 -04:00
Toby Lawrence
9b8ff773ee Merge pull request #11824 from edx/release 
Merge release back to master.
 2016-03-16 21:11:37 -04:00
cahrens
a1f73f7ba8 Simplify how underscore.string is referred to. 2016-03-16 17:09:26 -04:00
cahrens
dd2a203677 Upgrade underscore to newest version. 
FEDX-24
 2016-03-16 17:08:27 -04:00
Jesse Zoldak
f01f36a541 Merge pull request #11822 from edx/zoldak/revert-pr11613 
Revert "ziafazal/WL-328: Multi-Site Comprehensive Theming"
 2016-03-16 13:23:42 -04:00
Peter Fogg
954504d72c Merge pull request #11786 from edx/peter-fogg/course-home-a11y 
Accessibility fixes for the course home page.
 2016-03-16 12:45:17 -04:00
Jesse Zoldak
f891d27cbb Revert "ziafazal/WL-328: Multi-Site Comprehensive Theming" 
This reverts commit 954dae584a.
 2016-03-16 11:19:36 -04:00
Toby Lawrence
a32ee429a3 Revert "Fixed the other half of forgot password flow accourding to logistration." 
This reverts commit 178f5a6056.
 2016-03-16 11:19:01 -04:00
Diana Huang
091dc27c4f Use is-hidden instead of hidden. 2016-03-15 17:17:56 -04:00
Amir Qayyum Khan
8a9e81fdda Added validation to ccx create form, If ccxcon url is set then app will ask user to create ccx from ccxcon app 2016-03-15 18:02:12 +05:00
Zia Fazal
954dae584a ziafazal/WL-328: Multi-Site Comprehensive Theming 
ziafazal: improvements need for multi-tenancy
ziafazal: fixed broken tests
ziafazal: no need to add setting in test.py
ziafazal: added hostname validation
ziafazal: changes after feedback from mattdrayer
ziafazal: fixed branding and microsite broken tests
ziafazal: make STATICFILES_DIRS to list
ziafazal: added theme directory to mako lookup for tests
ziafazal: added more protection in test_util
saleem-latif: Enable SCSS Overrides for Comprehensive Theming
saleem-latif: Incoporate feedback changes, Correct test failures, add tests and enable theming for django templates
saleem-latif: Correct errors in python tests
mattdrayer: Fix invalid release reference
mattdrayer: Update django-wiki reference to latest release
 2016-03-14 13:42:53 -04:00
muzaffaryousaf
d43f33db31 Properly escape mixed content. text + html. 
TNL-4243
 2016-03-14 19:52:58 +05:00
Toby Lawrence
4debb4a26b Merge pull request #11784 from edx/PERF-265 
Move any uncached JS to be cached
 2016-03-11 11:27:41 -05:00
Peter Fogg
9188f9682c Accessibility fixes for the course home page. 
ECOM-3799
 2016-03-11 09:48:44 -05:00
Toby Lawrence
4eb95737b5 Update and take advantage of our ability to override RequireJS paths. 
We had a mechanism to, at runtime, generate a RequireJS config that
would override the base paths and, instead, use the hashed versions of
assets for things that RequireJs was loading on demand.

We've now moved that out of the coureware.html base template and into
main.html so that more pages actually benefit from it.

As well, we've added some of the heavy hitters for unhashed assets,
namely moment.min.js, to these overrides which should allow better
caching for end users.  We'll be able to add more things to the override
list in the future as they crop up.
 2016-03-11 08:56:45 -05:00
Christine Lytwynec
5b5b4eb4fc Merge pull request #11393 from edx/clytwynec/ac-238 
Improve accessibility for dashboard course settings dropdown
 2016-03-10 12:30:20 -05:00
Eric Fischer
a647169a90 Merge pull request #11167 from edx/christina/ora-data-download 
WIP: Asynchronous download button for ORA2 data
 2016-03-10 11:09:36 -05:00
dylanrhodes
2b1a7eece2 Asynchronous download button for ORA2 data 
Conflicts:
	lms/djangoapps/instructor/tests/test_api.py
	lms/djangoapps/instructor/utils.py
	lms/djangoapps/instructor/views/api.py
	lms/djangoapps/instructor/views/api_urls.py
	lms/djangoapps/instructor/views/instructor_dashboard.py
	lms/djangoapps/instructor_task/api.py
	lms/djangoapps/instructor_task/tasks.py
	lms/djangoapps/instructor_task/tasks_helper.py
	lms/djangoapps/instructor_task/tests/test_api.py
	lms/djangoapps/instructor_task/tests/test_tasks.py
	lms/djangoapps/instructor_task/tests/test_tasks_helper.py
	lms/envs/aws.py
	lms/envs/common.py
	lms/static/coffee/src/instructor_dashboard/data_download.coffee
	lms/templates/instructor/instructor_dashboard_2/data_download.html
 2016-03-10 09:58:55 -05:00
Matjaz Gregoric
6c1f7095a7 Merge pull request #11547 from open-craft/remove-course-about-nav 
Remove course about 'Overview' link/tab.
 2016-03-10 15:45:27 +01:00
Muzaffar yousaf
770a45b720 Merge pull request #11363 from edx/notes-pagination 
Notes pagination
 2016-03-10 17:26:54 +05:00
Matjaz Gregoric
3ad0a0073b Remove course about 'Overview' link/tab. 
It looks like in the past there used to be several tabs on the
course about page, but the other tabs have been commented
out years ago.

Having a single tab is pointless and confusing, so remove it.
 2016-03-10 11:05:09 +01:00
erm0l0v
4142438372 add CourseTalk widget 
Move tests to one test class
 2016-03-09 13:32:07 +03:00
muzaffaryousaf
b095651655 Escape html/js with other bug fixes . 
TNL-4164
 2016-03-08 18:07:52 +05:00
Waheed Ahmed
178f5a6056 Fixed the other half of forgot password flow accourding to logistration. 
ECOM-2947
 2016-03-08 12:14:24 +05:00
Christina Roberts
dbc2b4161e Merge pull request #11752 from edx/christina/remove-hinter 
Delete hinter manager.
 2016-03-07 09:35:56 -05:00
cahrens
ba06c899de Delete crowdsource_hinter prototype xmodule. 
TNL-4195
 2016-03-04 15:34:48 -05:00
Robert Raposa
8e1e4a4715 Use markup HTML helper with Text 
TNL-4160
 2016-03-04 10:44:41 -05:00
Simon Chen
b47a6d592f ECOM-3415 make sure all the xseries programs associated with a course is displayed 2016-03-03 08:42:14 -05:00
clrux
650c95f9c3 Merge pull request #11501 from edx/clrux/ac-328-uxpl 
AC-328 adding UXPL classnames to headings
 2016-03-01 07:23:07 -05:00