When capa problem rendering was moved to happen inline on courseware
page loads, we started executing many more Mako templates on sequences
with large numbers of thse problems. To help offset this, we're caching
the context generation (it showed up as the easiest piece of low
hanging fruit on profiles of the courseware index page).
[PERF-261]
Fixed the edX middleware to lazily create request
context for Mako templates, so that it is based on
any changes made to the request object.
Verified that with this fix the "Instructor" tab is
correctly hidden when a staff member is viewing
the course as a student.
Several templates used a variable set by the user (the request host header). This led to a vulnerability where an attacker could inject their domain name into these templates (i.e., activation emails). This patch fixes this vulnerability.
LMS-532
