Make escaping for json simpler and more consistent in Mako templates
- add escape_json_dumps to escape and json.dumps
- add escape_js_str to escape javascript string
- refactor Studio to use escape_json_dumps in Mako templates
TNL-2646: Escape json.dumps
- Resolve SEC-27 by escaping course name in advanced settings
- Add escape_json_dumps to simplify escaping json in Mako templates
SEC-27: XSS/JS Error in Advanced Settings with invalid course name
On devops recommendation, now handling the potential for an 'inconsistency
window' via a management command instead of a hacky "re-run the data migration"
bash script.
By using the before_after library, we can force a race condition to reliably
occur in the CohortMembership.save() method. This unit test will do just that,
and ensure that our race-condition-handling code functions as it should.
The code changes needed to get CohortMembership functioning properly.
The key of this change is twofold: first, CohortMemberships are unique
per-user, per-course. This is enforced at the database level. Secondly,
the updates are done using a select_for_update, which ensures atomicity.
These are the migrations needed for CohortMembership to function.
0005 establishes the table, 0006 will be used to move existing data
into the table as needed.
Per product guidance, we can just arbitrarily reassign problem users.
Implementing that decision, as well as the remainder of the data migration.
Also including a short script to re-run the 0006 migration after code changes
are live, to prevent a potential issue where the database become out-of-sync.
Add configuration model for enrollment refunds.
Use order info from otto in refund window calculation
Delete dupe tests. Extend tests to include window tests
Move ecom client from lib to djangoapps in openedx
The update (PUT) endpoint now supports creating new CreditCourse objects in addition to updating existing ones. This functionality greatly simplifies the logic needed by consumers (e.g. the Course Administration Tool) to create or update CreditCourse objects.
ECOM-2524
This will allow v1 code of CourseOverview to delete entries. While
this is not a good thing in general (and future versions will ignore
entries with higher versions than they support), this is necessary
to prevent errors with the existing code in a rollback situation.
Otherwise, old code trying to delete CourseOverview entries will
fail with a foreign key constraint violation.
Previously, CourseOverview would delete data for any version
that didn't match the current one. That could cause problems
during deploys, when multiple versions of CourseOverview
were active. They would overwrite each other, and that could
cause problems if the old one overwrote the new one -- in
our case, the new one created a new table with foreign key
links that the old one was unaware of, and trying to delete
it would have caused an error.
