Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,866 Commits 1 Branch 0 Tags
33bff3b24406f5bcbf74ca274145e692ccfdec57
Commit Graph

13666 Commits

Author SHA1 Message Date
Dennis Jen
33bff3b244 Merge pull request #11897 from edx/dsjen/instructor-dash-enrollment-safe-temp 
Added safe templating to instructor_analytics.html.
 2016-03-24 15:36:39 -04:00
Ned Batchelder
8703affe59 Merge pull request #11940 from edx/ned/update-translations 
Update translations (autogenerated message)
 2016-03-24 15:06:35 -04:00
Ned Batchelder
026ac6636f Update translations (autogenerated message) 2016-03-24 18:04:37 +00:00
Kevin Falcone
93dc905081 Merge pull request #11913 from edx/jibsheet/submission-history-time-zone 
This appears to actually be in UTC (not in the django TZ default).
 2016-03-24 14:01:24 -04:00
sanfordstudent
5ec01207be Merge pull request #11924 from edx/sstudent/safe_video_template 
Sstudent/safe video template
 2016-03-24 10:10:30 -04:00
sanfordstudent
4a496e7db4 Merge pull request #11921 from edx/sstudent/safe_welcome_back 
making the welcome_back template safe
 2016-03-24 10:10:21 -04:00
Dennis Jen
3ff09dee9a Added safe templating to instructor_analytics.html. 2016-03-24 09:45:57 -04:00
Sanford Student
3d6fb38d69 making video template safe 2016-03-24 08:31:10 -04:00
Usman Khalid
78016db313 Merge pull request #11932 from edx/release 
Merge release to master
 2016-03-24 16:58:12 +05:00
Ned Batchelder
69339390c7 Merge pull request #11910 from edx/ned/safe-templates-1 
Safe templates for static_templates
 2016-03-23 20:36:43 -04:00
Usman Khalid
59b452a4b3 Quality fixes. 2016-03-24 02:46:54 +05:00
Renzo Lucioni
40ef82d513 Merge pull request #11911 from edx/renzo/safe-templates 
Secure templates used to inject Segment and Optimizely
 2016-03-23 17:15:11 -04:00
Ned Batchelder
e53e5d9d03 Safe templates for static_templates 2016-03-23 17:04:40 -04:00
Akiva Leffert
f0d8d48a02 Merge pull request #11914 from edx/aleffert/sidebar-template 
Mark register-sidebar template safe by default
 2016-03-23 16:32:08 -04:00
Simon Chen
97590928ad Merge branch 'master' into schen/xss-fix-dashboard-course-upsell 2016-03-23 16:24:01 -04:00
Sanford Student
d64b6d35ef making the welcome_back template safe 2016-03-23 16:19:09 -04:00
Simon Chen
79783800b4 Escape properly the elements on the dashboard xseries upsell template 2016-03-23 15:41:30 -04:00
Akiva Leffert
d44b4d28ce Mark register-sidebar template safe by default 2016-03-23 15:10:07 -04:00
Renzo Lucioni
a104d82e70 Secure templates used to inject Segment and Optimizely 2016-03-23 14:40:24 -04:00
Kevin Falcone
06f5e49978 This appears to actually be in UTC (not in the django TZ default). 
You can see the times are marked +00:00 for the ISO 8601 format date and
I see no code in the backend that tries to convert.
 2016-03-23 14:38:18 -04:00
Michael Katz
c4a18db989 Merge pull request #11896 from edx/mkatz/3pauthsafetemplate 
add filter to profile page
 2016-03-23 13:11:49 -04:00
Michael Katz
4d6c787930 add filter 2016-03-23 11:34:21 -04:00
Peter Fogg
11bb281019 Remove old teams example templates. 2016-03-23 11:19:01 -04:00
Ehtesham
5ad2eb300c [TNL-4073][TNL-4273] Make sure that domain defined for preview exists in 
HOSTNAME_MODULESTORE_DEFAULT_MAPPINGS,
 2016-03-23 18:52:32 +05:00
vkaracic
3c8ae7c3b2 Change EcommerceService's is_enabled to accept User instead of request 
. And change the verification link in the sidebar to redirect to new basket if the EcommerceService is enabled.
 2016-03-23 07:44:55 +00:00
Andy Armstrong
0177eeded4 Add the UI Toolkit to edx-platform 
UITK-75
 2016-03-22 15:31:27 -04:00
Jesse Zoldak
a77000a89c Merge pull request #11881 from edx/zoldak/TE-1235 
Remove executable bit from test file  TE-1235
 2016-03-22 13:40:34 -04:00
Jesse Zoldak
7e79d335a6 Remove executable bit from test file TE-1235 2016-03-22 11:46:06 -04:00
Andy Armstrong
e854690a99 Revert "Upgrade underscore.string.min.js." 
This reverts commit e5c7fdda03.

Unfortunately this change broke bundling on sandboxes, so reverting
it so that master isn't left in a bad state.
 2016-03-22 10:44:19 -04:00
Eric Fischer
e2c4131a5d Merge pull request #11797 from edx/christina/fix-improper-escaping 
Fix improper escaping.
 2016-03-22 08:49:20 -04:00
Awais Qureshi
4f5589e356 Merge pull request #11759 from edx/awais786/ECOM-2931-update-credit-eligible-email 
Add the providers information in the email.
 2016-03-22 16:03:14 +05:00
Awais
a154e7f1c3 Adding the ecom api functionality for the credentials. 
ECOM-2931
 2016-03-22 14:01:54 +05:00
cahrens
358ed2559a Fix improper escaping. 2016-03-21 16:01:04 -04:00
Christina Roberts
4626746678 Merge pull request #11844 from edx/christina/delete-carousel 
Delete face_upload and responsive-carousel.
 2016-03-21 13:26:04 -04:00
Simon Chen
82a246fbf4 Merge pull request #78 from edx/rsrct-preview-tnl4194 
Create the security fix #2 for the RC 2016-03-22
 2016-03-21 13:01:14 -04:00
Eric Fischer
15205898ce Merge pull request #11862 from edx/efischer/master_replay 
Escape full names
 2016-03-21 12:19:36 -04:00
Renzo Lucioni
a5b10ca0fe Merge pull request #11805 from edx/renzo/self-paced-modulestore-wrapper 
Override field data within the XBlock runtime
 2016-03-21 12:14:22 -04:00
muzaffaryousaf
bb952e148f Restrice non-staff users to access preview content. 
TNL-4194
 2016-03-21 20:08:24 +05:00
Ayub-khan
90a72ddba6 Properly escaping fullname 
To prevent XSS attacks, we now properly escape any string containing
the user's fullname. Enumerated by searching webview.py for "fullname",
and "git grep"-ing any occurrences. This also exposed some unused strings,
which I deleted for clarity.
 2016-03-21 11:07:00 -04:00
Robert Raposa
0a8f6fa3fe Properly escape the name 2016-03-21 11:06:56 -04:00
Robert Raposa
15ef27fe0f Escape full name 
TNL-3849/SEC-69
 2016-03-21 11:06:52 -04:00
Ayub-khan
ce2fded148 Properly escaping fullname 
To prevent XSS attacks, we now properly escape any string containing
the user's fullname. Enumerated by searching webview.py for "fullname",
and "git grep"-ing any occurrences. This also exposed some unused strings,
which I deleted for clarity.
 2016-03-21 11:02:31 -04:00
Robert Raposa
a8c4b929e2 Properly escape the name 2016-03-21 11:02:22 -04:00
Robert Raposa
e18a44a0a5 Escape full name 
TNL-3849/SEC-69
 2016-03-21 11:02:15 -04:00
Peter Pinch
7eb079df3e Merge pull request #11712 from mitocw/enhancement/aq/prevent_ccx_creation_if_CCXConnector_is_set_mitocw#189 
Prevented creation of new CCX in lms, when a CCXConnector URL is set on a course
 2016-03-21 08:52:51 -04:00
Aamir
91f59d59cb Merge pull request #11780 from edx/aamir-khan/ECOM-3345-remove-gen-cert-button 
Remove the certificate generation button from progress page for audit student
 2016-03-21 17:09:10 +05:00
sanfordstudent
a86734fe70 Merge pull request #11851 from edx/sstudent/MA-2164-cleanup 
MA-2164 cleaning up old lettuce
 2016-03-21 07:49:26 -04:00
aamir-khan
6fe0638214 Remove the certificate generation button from progress page for audit student 2016-03-21 15:52:54 +05:00
Renzo Lucioni
cd9986b662 Override field data within the XBlock runtime 
Resolves an issue preventing students in self-paced courses from seeing all available discussion modules. ECOM-3733.
 2016-03-18 17:15:00 -04:00
Andy Armstrong
76b8e2e897 Merge pull request #11631 from edx/fedx/upgrade-libraries 
Upgrade Underscore.js and Underscore.string.js
 2016-03-18 16:32:16 -04:00