Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,808 Commits 1 Branch 0 Tags
8a85d7e346bfed865872d297ebe32d45b1fe40b5
Commit Graph

35808 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Falcone
8a85d7e346 Udpate to secure by default 
Most things were already escaped, including the json.dumps, and we've
decided not to use dump_html_escaped_json
 2016-03-23 14:35:08 -04:00
Jesse Zoldak
1b1f39527b Merge pull request #11902 from edx/zoldak/html-escape-mako-without-variables 
Add h filter page directive to cms mako templates without variables
 2016-03-23 13:30:46 -04:00
Michael Katz
c4a18db989 Merge pull request #11896 from edx/mkatz/3pauthsafetemplate 
add filter to profile page
 2016-03-23 13:11:49 -04:00
Peter Fogg
d28e0a277e Merge pull request #11895 from edx/peter-fogg/linter-fixes 
Minor fixes to the safe template linter.
 2016-03-23 12:39:28 -04:00
M. Rehan
8459b5be77 Merge pull request #10705 from edx/mrehan/SUST-22 
Implement 'from_string_or_404' in utils
 2016-03-23 21:26:39 +05:00
Peter Fogg
5d8a5d97e1 Merge pull request #11892 from edx/peter-fogg/remove-teams-wires 
Remove old teams example templates.
 2016-03-23 12:08:24 -04:00
Jesse Zoldak
6f0d1157f1 Add h filter page directive to cms mako templates without variables 
The files to change were found with:
`ack --literal --type=html --match '${' --files-without-matches cms/templates`
 2016-03-23 12:05:12 -04:00
Peter Fogg
6661063b5a Minor fixes to the safe template linter. 2016-03-23 11:38:45 -04:00
Michael Katz
4d6c787930 add filter 2016-03-23 11:34:21 -04:00
Peter Fogg
11bb281019 Remove old teams example templates. 2016-03-23 11:19:01 -04:00
Muhammad Rehan
771a7d06ca Implement 'from_string_or_404' util and its example usage. 2016-03-23 20:10:32 +05:00
Vedran Karačić
88aa4a9055 Merge pull request #11852 from edx/vkaracic/SOL-1712 
Change EcommerceService's is_enabled to accept User instead of request
 2016-03-23 09:40:56 +01:00
vkaracic
3c8ae7c3b2 Change EcommerceService's is_enabled to accept User instead of request 
. And change the verification link in the sidebar to redirect to new basket if the EcommerceService is enabled.
 2016-03-23 07:44:55 +00:00
Mushtaq Ali
5deb07d904 Merge pull request #11884 from edx/mushtaq/edx-ora2-version-1.1.1 
ORA2 version update
 2016-03-23 02:26:26 +05:00
Andy Armstrong
c7336b3d68 Merge pull request #11880 from edx/andya/add-ui-toolkit-only 
Add the UI Toolkit to edx-platform
 2016-03-22 16:34:54 -04:00
M. Rehan
c9e1a86086 Merge pull request #11860 from edx/adam/fix-math-input-ajax 
TNL-4217 – Initialize preview once for an input for the first time
 2016-03-23 00:58:18 +05:00
Andy Armstrong
0177eeded4 Add the UI Toolkit to edx-platform 
UITK-75
 2016-03-22 15:31:27 -04:00
Mushtaq Ali
1b60f73119 ORA2 version update to 1.1.1. Includes bug fixes for TNL-4268 2016-03-23 00:24:26 +05:00
Adam Palay
d3a467d366 Only add event listener if it hasn't been added yet 2016-03-23 00:00:27 +05:00
Ben Patterson
3332721948 Merge pull request #11867 from edx/benp/courseteam-flaky-fix 
Fix flaky condition that's showing up in firefox 42.
 2016-03-22 13:55:59 -04:00
Jesse Zoldak
a77000a89c Merge pull request #11881 from edx/zoldak/TE-1235 
Remove executable bit from test file  TE-1235
 2016-03-22 13:40:34 -04:00
Eric Fischer
c97a6a5178 Merge pull request #11758 from edx/christina/xss-tests 
Bok choy XSS changes
 2016-03-22 13:02:47 -04:00
Ben Patterson
44c7c927ed Merge pull request #11869 from edx/benp/bok-choy-race-condition 
Wait for numerical selection to load before continuing.
 2016-03-22 12:55:33 -04:00
Simon Chen
f2b7ca6f18 Merge pull request #11873 from edx/release 
Merge release 2016-03-22 back to master
 2016-03-22 12:12:56 -04:00
Andy Armstrong
4796d4f70a Merge pull request #11876 from edx/andya/revert-underscore-string-upgrade 
Revert "Upgrade underscore.string.min.js."
 2016-03-22 11:55:34 -04:00
Adam
6fc8da2769 Merge pull request #11875 from edx/adam/fix-typo 
fix typo on testing.rst page
 2016-03-22 11:54:41 -04:00
Ben Patterson
c6a2afa037 Wait for numerical selection to load before continuing. 
TNL-4272
 2016-03-22 11:53:54 -04:00
Jesse Zoldak
7e79d335a6 Remove executable bit from test file TE-1235 2016-03-22 11:46:06 -04:00
Andy Armstrong
e854690a99 Revert "Upgrade underscore.string.min.js." 
This reverts commit e5c7fdda03.

Unfortunately this change broke bundling on sandboxes, so reverting
it so that master isn't left in a bad state.
 2016-03-22 10:44:19 -04:00
Robert Raposa
f150fd9b3a Merge pull request #11800 from edx/robrap/safe-template-linter 
TNL-4214: Add safe template linter
 2016-03-22 10:40:29 -04:00
Adam Palay
82aad56e62 fix typo on testing.rst page 2016-03-22 10:25:01 -04:00
Eric Fischer
6bb06e5055 Update bok-choy requirement 2016-03-22 10:16:30 -04:00
Eric Fischer
be00a96129 Get environment variable for bok-choy-custom runs 2016-03-22 10:16:30 -04:00
cahrens
0c9937889b Enabling XSS vulnerability flag for bok choy tests 2016-03-22 10:16:27 -04:00
Eric Fischer
b95dadcf29 Merge pull request #11874 from edx/efischer/mark_flaky 
Mark test as flaky TNL-4272
 2016-03-22 10:01:52 -04:00
Eric Fischer
9e71e3f311 Mark test as flaky TNL-4272 2016-03-22 09:56:37 -04:00
Simon Chen
8f8ed776a8 Merge pull request #11853 from edx/rc/2016-03-22 
Release Candidate rc/2016-03-22
 2016-03-22 08:52:55 -04:00
Eric Fischer
e2c4131a5d Merge pull request #11797 from edx/christina/fix-improper-escaping 
Fix improper escaping.
 2016-03-22 08:49:20 -04:00
Awais Qureshi
4f5589e356 Merge pull request #11759 from edx/awais786/ECOM-2931-update-credit-eligible-email 
Add the providers information in the email.
 2016-03-22 16:03:14 +05:00
Awais
a154e7f1c3 Adding the ecom api functionality for the credentials. 
ECOM-2931
 2016-03-22 14:01:54 +05:00
Robert Raposa
52efa68b8b Change to output as you go 2016-03-21 22:51:15 -04:00
Robert Raposa
0538dea994 Fix review comments 
Changes include:
- Fix code review comments
- Add comments
- Rename variables and files
 2016-03-21 22:31:57 -04:00
Ben Patterson
66cf6ffb0a Fix flaky condition that's showing up in firefox 42. 2016-03-21 16:45:06 -04:00
cahrens
358ed2559a Fix improper escaping. 2016-03-21 16:01:04 -04:00
Ben Patterson
7c5a9da7fc Merge pull request #11855 from edx/benp/smarter-lms-sharding 
Builds: empty xunit file as a function.
 2016-03-21 15:32:59 -04:00
Christina Roberts
4626746678 Merge pull request #11844 from edx/christina/delete-carousel 
Delete face_upload and responsive-carousel.
 2016-03-21 13:26:04 -04:00
Eric Fischer
15205898ce Merge pull request #11862 from edx/efischer/master_replay 
Escape full names
 2016-03-21 12:19:36 -04:00
Renzo Lucioni
a5b10ca0fe Merge pull request #11805 from edx/renzo/self-paced-modulestore-wrapper 
Override field data within the XBlock runtime
 2016-03-21 12:14:22 -04:00
Eric Fischer
6c6542aea5 Merge pull request #11861 from edx/efischer/escape_names 
Escape full names
 2016-03-21 11:55:46 -04:00
Ayub-khan
90a72ddba6 Properly escaping fullname 
To prevent XSS attacks, we now properly escape any string containing
the user's fullname. Enumerated by searching webview.py for "fullname",
and "git grep"-ing any occurrences. This also exposed some unused strings,
which I deleted for clarity.
 2016-03-21 11:07:00 -04:00