Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45,731 Commits 1 Branch 0 Tags
435c3c633811ea5164311caefc7d94de1595c435
Commit Graph

17975 Commits

Author SHA1 Message Date
Ned Batchelder
8703affe59 Merge pull request #11940 from edx/ned/update-translations 
Update translations (autogenerated message)
 2016-03-24 15:06:35 -04:00
Ned Batchelder
026ac6636f Update translations (autogenerated message) 2016-03-24 18:04:37 +00:00
Kevin Falcone
93dc905081 Merge pull request #11913 from edx/jibsheet/submission-history-time-zone 
This appears to actually be in UTC (not in the django TZ default).
 2016-03-24 14:01:24 -04:00
Toby Lawrence
5758a82665 Syntax error. 2016-03-24 11:44:01 -04:00
Toby Lawrence
2a87d6c8a5 Add straggler JS files to RequireJS overrides. 2016-03-24 11:35:48 -04:00
sanfordstudent
5ec01207be Merge pull request #11924 from edx/sstudent/safe_video_template 
Sstudent/safe video template
 2016-03-24 10:10:30 -04:00
sanfordstudent
4a496e7db4 Merge pull request #11921 from edx/sstudent/safe_welcome_back 
making the welcome_back template safe
 2016-03-24 10:10:21 -04:00
Dennis Jen
3ff09dee9a Added safe templating to instructor_analytics.html. 2016-03-24 09:45:57 -04:00
Sanford Student
3d6fb38d69 making video template safe 2016-03-24 08:31:10 -04:00
Usman Khalid
78016db313 Merge pull request #11932 from edx/release 
Merge release to master
 2016-03-24 16:58:12 +05:00
Ned Batchelder
69339390c7 Merge pull request #11910 from edx/ned/safe-templates-1 
Safe templates for static_templates
 2016-03-23 20:36:43 -04:00
Usman Khalid
59b452a4b3 Quality fixes. 2016-03-24 02:46:54 +05:00
Renzo Lucioni
40ef82d513 Merge pull request #11911 from edx/renzo/safe-templates 
Secure templates used to inject Segment and Optimizely
 2016-03-23 17:15:11 -04:00
Nimisha Asthagiri
15e5a7dbf1 XSS Safe by default - vert_module.html 2016-03-23 17:13:59 -04:00
Ned Batchelder
e53e5d9d03 Safe templates for static_templates 2016-03-23 17:04:40 -04:00
Akiva Leffert
f0d8d48a02 Merge pull request #11914 from edx/aleffert/sidebar-template 
Mark register-sidebar template safe by default
 2016-03-23 16:32:08 -04:00
Simon Chen
97590928ad Merge branch 'master' into schen/xss-fix-dashboard-course-upsell 2016-03-23 16:24:01 -04:00
Sanford Student
d64b6d35ef making the welcome_back template safe 2016-03-23 16:19:09 -04:00
Bill DeRusha
e6edba18b4 Safe Templatize: wiki templates 2016-03-23 16:06:36 -04:00
Simon Chen
79783800b4 Escape properly the elements on the dashboard xseries upsell template 2016-03-23 15:41:30 -04:00
Akiva Leffert
d44b4d28ce Mark register-sidebar template safe by default 2016-03-23 15:10:07 -04:00
Renzo Lucioni
a104d82e70 Secure templates used to inject Segment and Optimizely 2016-03-23 14:40:24 -04:00
Kevin Falcone
06f5e49978 This appears to actually be in UTC (not in the django TZ default). 
You can see the times are marked +00:00 for the ISO 8601 format date and
I see no code in the backend that tries to convert.
 2016-03-23 14:38:18 -04:00
Kevin Falcone
8a85d7e346 Udpate to secure by default 
Most things were already escaped, including the json.dumps, and we've
decided not to use dump_html_escaped_json
 2016-03-23 14:35:08 -04:00
Michael Katz
c4a18db989 Merge pull request #11896 from edx/mkatz/3pauthsafetemplate 
add filter to profile page
 2016-03-23 13:11:49 -04:00
Michael Katz
4d6c787930 add filter 2016-03-23 11:34:21 -04:00
Toby Lawrence
e62a8da457 Set the correct names for overridden dependencies. 2016-03-23 11:28:25 -04:00
Peter Fogg
11bb281019 Remove old teams example templates. 2016-03-23 11:19:01 -04:00
Michael Katz
9a94b106f8 safe template 2016-03-23 10:49:35 -04:00
Toby Lawrence
f8ddfb5945 Use a module/path mapping for RequireJS overrides instead of just paths. 
Instead of attempting to derive the module portion of a RequireJS
override strictly from the path to the JS file, we now use a dictionary
where the module name must be explicitly specified.  This allows us to
compensate for files which do not follow a naming scheme that is
compatible with RequireJS without having to normalize all files.  This
is extremely important when using third-party dependencies.
 2016-03-23 10:34:58 -04:00
Ehtesham
5ad2eb300c [TNL-4073][TNL-4273] Make sure that domain defined for preview exists in 
HOSTNAME_MODULESTORE_DEFAULT_MAPPINGS,
 2016-03-23 18:52:32 +05:00
vkaracic
3c8ae7c3b2 Change EcommerceService's is_enabled to accept User instead of request 
. And change the verification link in the sidebar to redirect to new basket if the EcommerceService is enabled.
 2016-03-23 07:44:55 +00:00
Andy Armstrong
0177eeded4 Add the UI Toolkit to edx-platform 
UITK-75
 2016-03-22 15:31:27 -04:00
Jesse Zoldak
a77000a89c Merge pull request #11881 from edx/zoldak/TE-1235 
Remove executable bit from test file  TE-1235
 2016-03-22 13:40:34 -04:00
Jesse Zoldak
7e79d335a6 Remove executable bit from test file TE-1235 2016-03-22 11:46:06 -04:00
Andy Armstrong
e854690a99 Revert "Upgrade underscore.string.min.js." 
This reverts commit e5c7fdda03.

Unfortunately this change broke bundling on sandboxes, so reverting
it so that master isn't left in a bad state.
 2016-03-22 10:44:19 -04:00
Eric Fischer
e2c4131a5d Merge pull request #11797 from edx/christina/fix-improper-escaping 
Fix improper escaping.
 2016-03-22 08:49:20 -04:00
Awais Qureshi
4f5589e356 Merge pull request #11759 from edx/awais786/ECOM-2931-update-credit-eligible-email 
Add the providers information in the email.
 2016-03-22 16:03:14 +05:00
Awais
a154e7f1c3 Adding the ecom api functionality for the credentials. 
ECOM-2931
 2016-03-22 14:01:54 +05:00
cahrens
358ed2559a Fix improper escaping. 2016-03-21 16:01:04 -04:00
Christina Roberts
4626746678 Merge pull request #11844 from edx/christina/delete-carousel 
Delete face_upload and responsive-carousel.
 2016-03-21 13:26:04 -04:00
Simon Chen
82a246fbf4 Merge pull request #78 from edx/rsrct-preview-tnl4194 
Create the security fix #2 for the RC 2016-03-22
 2016-03-21 13:01:14 -04:00
Eric Fischer
15205898ce Merge pull request #11862 from edx/efischer/master_replay 
Escape full names
 2016-03-21 12:19:36 -04:00
Renzo Lucioni
a5b10ca0fe Merge pull request #11805 from edx/renzo/self-paced-modulestore-wrapper 
Override field data within the XBlock runtime
 2016-03-21 12:14:22 -04:00
muzaffaryousaf
bb952e148f Restrice non-staff users to access preview content. 
TNL-4194
 2016-03-21 20:08:24 +05:00
Ayub-khan
90a72ddba6 Properly escaping fullname 
To prevent XSS attacks, we now properly escape any string containing
the user's fullname. Enumerated by searching webview.py for "fullname",
and "git grep"-ing any occurrences. This also exposed some unused strings,
which I deleted for clarity.
 2016-03-21 11:07:00 -04:00
Robert Raposa
0a8f6fa3fe Properly escape the name 2016-03-21 11:06:56 -04:00
Robert Raposa
15ef27fe0f Escape full name 
TNL-3849/SEC-69
 2016-03-21 11:06:52 -04:00
Ayub-khan
ce2fded148 Properly escaping fullname 
To prevent XSS attacks, we now properly escape any string containing
the user's fullname. Enumerated by searching webview.py for "fullname",
and "git grep"-ing any occurrences. This also exposed some unused strings,
which I deleted for clarity.
 2016-03-21 11:02:31 -04:00
Robert Raposa
a8c4b929e2 Properly escape the name 2016-03-21 11:02:22 -04:00