Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,875 Commits 1 Branch 0 Tags
fb6f3ca56844aeb84efd9fb473fc111ff8843e2e
Commit Graph

35875 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Douglas Hall
fb6f3ca568 Upgrade xblock-lti-consumer to 1.0.4 to pull in bug fixes 2016-03-25 09:34:52 -04:00
Michael Katz
9ea37a642b Merge pull request #11888 from edx/mkatz/safetemplate 
safe template
 2016-03-25 06:48:31 -04:00
Douglas Hall
62ce357b81 Merge pull request #11905 from edx/douglashall/xss_bug_bash 
XSS Bug Bash
 2016-03-25 05:38:59 -04:00
Waheed Ahmed
402ca836ea Merge pull request #11827 from edx/waheed/ecom-2947-support-entire-password-reset-flow-in-logistration 
Fixed the other half of forgot password flow accourding to logistration.
 2016-03-25 13:35:25 +05:00
Waheed Ahmed
4399a5c7bd Fixed the other half of forgot password flow accourding to logistration. 
ECOM-2947
 2016-03-25 12:02:03 +05:00
Douglas Hall
f177cb6e3e Make templates safe 2016-03-24 20:52:07 -04:00
Akiva Leffert
91c0517b7a Merge pull request #11918 from edx/aleffert/remove-unit-coffee 
Remove unused empty file
 2016-03-24 17:01:10 -04:00
Dennis Jen
33bff3b244 Merge pull request #11897 from edx/dsjen/instructor-dash-enrollment-safe-temp 
Added safe templating to instructor_analytics.html.
 2016-03-24 15:36:39 -04:00
Toby Lawrence
beabe25a97 Merge pull request #11839 from edx/PERF-268 
Make CDNifying of course over image URLs only happen for relative URLs.
 2016-03-24 15:29:21 -04:00
Michael Frey
90da5cea68 Merge pull request #11942 from edx/release 
Hotfix 2016-03-24
 2016-03-24 15:22:56 -04:00
Ned Batchelder
8703affe59 Merge pull request #11940 from edx/ned/update-translations 
Update translations (autogenerated message)
 2016-03-24 15:06:35 -04:00
Michael Frey
c6112c35bd Merge pull request #11934 from edx/hotfix/2016-03-24 
[hotfix] Redirecting sidebar verification link to new checkout basket.
 2016-03-24 14:27:46 -04:00
Ned Batchelder
026ac6636f Update translations (autogenerated message) 2016-03-24 18:04:37 +00:00
Kevin Falcone
93dc905081 Merge pull request #11913 from edx/jibsheet/submission-history-time-zone 
This appears to actually be in UTC (not in the django TZ default).
 2016-03-24 14:01:24 -04:00
Douglas Hall
3acc6da98c Merge pull request #11859 from edx/douglashall/edx_proctoring_0_12_15 
Updated edx-proctoring requirement to 0.12.15
 2016-03-24 13:48:39 -04:00
vkaracic
1a0b2df6f8 Change EcommerceService's is_enabled to accept User instead of request 
. And change the verification link in the sidebar to redirect to new basket if the EcommerceService is enabled.
 2016-03-24 13:13:34 -04:00
Daniel Friedman
a0654f93a2 Merge pull request #11890 from edx/dan-f/make-cms-500-safe 
Make CMS 500 template safe by default
 2016-03-24 11:24:12 -04:00
Daniel Friedman
32f6bc0791 Merge pull request #11887 from edx/dan-f/make-cms-404-safe 
Make CMS 404 template safe by default
 2016-03-24 11:23:13 -04:00
Daniel Friedman
c210d918b2 Make CMS 404 template safe by default 2016-03-24 10:31:42 -04:00
sanfordstudent
5ec01207be Merge pull request #11924 from edx/sstudent/safe_video_template 
Sstudent/safe video template
 2016-03-24 10:10:30 -04:00
sanfordstudent
4a496e7db4 Merge pull request #11921 from edx/sstudent/safe_welcome_back 
making the welcome_back template safe
 2016-03-24 10:10:21 -04:00
Daniel Friedman
0fd137c271 Make CMS 500 template safe by default 2016-03-24 09:51:55 -04:00
Dennis Jen
3ff09dee9a Added safe templating to instructor_analytics.html. 2016-03-24 09:45:57 -04:00
Sanford Student
3d6fb38d69 making video template safe 2016-03-24 08:31:10 -04:00
Usman Khalid
78016db313 Merge pull request #11932 from edx/release 
Merge release to master
 2016-03-24 16:58:12 +05:00
Muddasser
bcb7fe3722 Merge pull request #11872 from edx/muddasser/bokchoy/test_mathjax_in_hint 
Extract hint from html instead of text
 2016-03-24 16:49:51 +05:00
Waheed Ahmed
6541ce3e81 Merge pull request #11834 from edx/waheed/ecom-2948-move-white-label-sites-to-logistration 
Moved white label sites to logistration.
 2016-03-24 14:58:59 +05:00
Waheed Ahmed
b8a447c132 Moved white label sites to logistration. 
ECOM-2948
 2016-03-24 14:09:11 +05:00
attiyaIshaque
40dcb51084 Merge pull request #11850 from edx/ai/tnl3964-forum-vote-button 
Fix styling of vote button in forums responses.
 2016-03-24 11:26:28 +05:00
Ned Batchelder
69339390c7 Merge pull request #11910 from edx/ned/safe-templates-1 
Safe templates for static_templates
 2016-03-23 20:36:43 -04:00
Usman Khalid
11b709af72 Merge pull request #11930 from edx/private/release 
Merge private/release into release
 2016-03-24 04:06:27 +05:00
Usman Khalid
59b452a4b3 Quality fixes. 2016-03-24 02:46:54 +05:00
Renzo Lucioni
40ef82d513 Merge pull request #11911 from edx/renzo/safe-templates 
Secure templates used to inject Segment and Optimizely
 2016-03-23 17:15:11 -04:00
Ned Batchelder
e53e5d9d03 Safe templates for static_templates 2016-03-23 17:04:40 -04:00
Akiva Leffert
f0d8d48a02 Merge pull request #11914 from edx/aleffert/sidebar-template 
Mark register-sidebar template safe by default
 2016-03-23 16:32:08 -04:00
Simon Chen
d871447207 Merge pull request #11894 from edx/schen/xss-fix-dashboard-course-upsell 
Escape properly the elements on the dashboard xseries upsell template
 2016-03-23 16:24:08 -04:00
Simon Chen
97590928ad Merge branch 'master' into schen/xss-fix-dashboard-course-upsell 2016-03-23 16:24:01 -04:00
Sanford Student
d64b6d35ef making the welcome_back template safe 2016-03-23 16:19:09 -04:00
Eric Fischer
41c1c30f2b Merge pull request #11917 from edx/efischer/fix_safe_linter 
Safe template linter should use DOTALL
 2016-03-23 16:11:19 -04:00
Akiva Leffert
2876076677 Remove unused empty file 2016-03-23 16:05:08 -04:00
Eric Fischer
7cfa0fa111 Safe template linter should use DOTALL 
MULTILINE has to do with how '^' and '$' behave, DOTALL will make the
'.' match newlines as well. This catches several failures that were
previously missed.
 2016-03-23 15:59:29 -04:00
Daniel Friedman
08ddeca426 Merge pull request #11912 from edx/dan-f/fix-accidental-extra-escaping 
Fix accidental extra escaping
 2016-03-23 15:55:18 -04:00
Simon Chen
79783800b4 Escape properly the elements on the dashboard xseries upsell template 2016-03-23 15:41:30 -04:00
Akiva Leffert
d44b4d28ce Mark register-sidebar template safe by default 2016-03-23 15:10:07 -04:00
Daniel Friedman
56b1196246 Fix accidental extra escaping 2016-03-23 14:46:35 -04:00
Renzo Lucioni
a104d82e70 Secure templates used to inject Segment and Optimizely 2016-03-23 14:40:24 -04:00
Kevin Falcone
06f5e49978 This appears to actually be in UTC (not in the django TZ default). 
You can see the times are marked +00:00 for the ISO 8601 format date and
I see no code in the backend that tries to convert.
 2016-03-23 14:38:18 -04:00
Daniel Friedman
679cdc3775 Merge pull request #11893 from edx/dan-f/make-cms-activation_invalid-safe 
Make CMS activation_invalid template safe by default
 2016-03-23 13:55:51 -04:00
Daniel Friedman
0b6faee467 Merge pull request #11891 from edx/dan-f/make-cms-activation_complete-safe 
Make CMS activation_complete template safe by default
 2016-03-23 13:55:11 -04:00
Jesse Zoldak
1b1f39527b Merge pull request #11902 from edx/zoldak/html-escape-mako-without-variables 
Add h filter page directive to cms mako templates without variables
 2016-03-23 13:30:46 -04:00