[Mahara-contributors] [Bug 1731043] A change has been merged
Reviewed: https://reviews.mahara.org/8266 Committed: https://git.mahara.org/mahara/mahara/commit/c1151cf3d1a091760794c9e1d083d48cb303e77d Submitter: Robert Lyon (robe...@catalyst.net.nz) Branch:16.10_STABLE commit c1151cf3d1a091760794c9e1d083d48cb303e77d Author: Robert Lyon Date: Thu Nov 9 09:26:10 2017 +1300 Bug 1731043: Remove backport mistake to 16.10 The blogpost delete form had $title variable in 16.10 but the changepoststatus form did not. So gives undefined variable warning on journal list page behatnotneeded Change-Id: I562a51687f95cb996a2da023ab52b846c26a1c8a Signed-off-by: Robert Lyon -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731043 Title: artefact/blog/lib.php Undefined variable: title in v16.10 Status in Mahara: Fix Committed Bug description: This was from a bad backport from Bug 1720034 / patch https://reviews.mahara.org/#/c/8222/1 To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731043/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731043] Re: artefact/blog/lib.php Undefined variable: title in v16.10
** Changed in: mahara Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731043 Title: artefact/blog/lib.php Undefined variable: title in v16.10 Status in Mahara: Fix Committed Bug description: This was from a bad backport from Bug 1720034 / patch https://reviews.mahara.org/#/c/8222/1 To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731043/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1660237] Re: Remove "Mobile access token" from account settings
URL: https://bugs.launchpad.net/mahara/+bug/1720237 Bug description: Adding default user name to use in registration Environment to be tested: Master Browser to be tested: Any browser Precondition: 1. An Institution admin user ‘Inst one’ should exist. 2. Make sure to allow emails by changing the config file to "$cfg->sendemail = true;" 3. Save the config file by making changes to "$cfg->sendallemailto = '';" Note: ‘Valid email’ here is your personal email address. Steps to reproduce: 1. Log in as ‘Inst one’. 2. Navigate to Administration menu > Institutions > Settings. 3. Click the ‘Settings’ button for ‘Institution one’. 4. Switch ‘Registration allowed’ to ‘Yes’. 5. Switch ‘Confirm registration’ to ‘No’. 6. Click the ‘Submit’ button. 7. Log out from the ‘Inst admin’ user. 8. Click the ‘Register’ link on the Mahara login screen. 9. Enter ‘First name’ & ‘Last name’ with the text ‘alert(1)’. 10. Enter the email that is used at the precondition 3 under ‘Email address’. 11. Click the ‘Register’ button. Expected result: Registration email with sign-up link should be sent. 12. Click the ‘Registration link’ that is sent to the email. Expected result: ‘New username’ field should fill with text as ‘user’ by default. 13. Enter the ‘New password’ & ‘Confirm password’. 14. Enter the ‘First name’ & ‘Last name’. 15. Click the ‘Submit’ button. Expected result: The user should log in successfully and the text ‘Your new password has been saved’ should be displayed on the screen. 16. Log out of the user. 17. Repeat steps 8 to 12 but make sure to use different email at step 10. Expected result: ‘New username’ field should fill with text as ‘user1’ by default. Note: By repeating steps 8 to 12 the default 'New username' should be incremented by one, for example user2, user3, and user4. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1660237 Title: Remove "Mobile access token" from account settings Status in Mahara: Fix Committed Bug description: With Mahara 16.10 we introduced Mahara Mobile, the new mobile app for Mahara and with it the "App" settings that are managed on /module/mobileapi/apps.php We still show the "Mobile access tokens" on /account/index.php though and on /admin/site/options.php when a site has been upgraded to 16.10. These settings should be removed as they are confusing. Both MaharaDroid and Portfolio Up are not in active development and do not necessarily work with modern devices. Mahara Mobile allows any user to connect, not just with internal accounts. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1660237/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1720237] Re: User registration username selection
URL: https://bugs.launchpad.net/mahara/+bug/1720237 Bug description: Adding default user name to use in registration Environment to be tested: Master Browser to be tested: Any browser Precondition: 1. An Institution admin user ‘Inst one’ should exist. 2. Make sure to allow emails by changing the config file to "$cfg->sendemail = true;" 3. Save the config file by making changes to "$cfg->sendallemailto = '';" Note: ‘Valid email’ here is your personal email address. Steps to reproduce: 1. Log in as ‘Inst one’. 2. Navigate to Administration menu > Institutions > Settings. 3. Click the ‘Settings’ button for ‘Institution one’. 4. Switch ‘Registration allowed’ to ‘Yes’. 5. Switch ‘Confirm registration’ to ‘No’. 6. Click the ‘Submit’ button. 7. Log out from the ‘Inst admin’ user. 8. Click the ‘Register’ link on the Mahara login screen. 9. Enter ‘First name’ & ‘Last name’ with the text ‘alert(1)’. 10. Enter the email that is used at the precondition 3 under ‘Email address’. 11. Click the ‘Register’ button. Expected result: Registration email with sign-up link should be sent. 12. Click the ‘Registration link’ that is sent to the email. Expected result: ‘New username’ field should fill with text as ‘user’ by default. 13. Enter the ‘New password’ & ‘Confirm password’. 14. Enter the ‘First name’ & ‘Last name’. 15. Click the ‘Submit’ button. Expected result: The user should log in successfully and the text ‘Your new password has been saved’ should be displayed on the screen. 16. Log out of the user. 17. Repeat steps 8 to 12 but make sure to use different email at step 10. Expected result: ‘New username’ field should fill with text as ‘user1’ by default. Note: By repeating steps 8 to 12 the default 'New username' should be incremented by one, for example user2, user3, and user4. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1720237 Title: User registration username selection Status in Mahara: In Progress Bug description: When we have user registration allowed for an institution and a new user is registered with empty "first name" and empty "last name", then the system generates a new "username" that is a number. See image attached. We need to change it to a word plus a number, like for example 'user1', 'user4', 'user56'. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1720237/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1262168] Re: page landing when navigating in a journal
I can't find a list where changing a page in pagination takes you to the top. In journals, inbox and my groups for example, they all stay at the bottom when changing to the next or any pagination link. I couldn't even see it in 16.10 Portfolio->Pages ** Changed in: mahara Status: In Progress => Opinion -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1262168 Title: page landing when navigating in a journal Status in Mahara: Opinion Bug description: In a journal, when navigating through articles page by page, when your click a pagination number at the bottom to change page, you stay at the bottom of the page instead of going back up on the first article of the new page. .../artefact/blog/view/index.php?id=XXX&offset=YYY should go back to the top of the page. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1262168/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1729423] Re: Can't choose which comment to make public
URL: https://bugs.launchpad.net/mahara/+bug/1729423 Bug description: Can't choose which comment to make public Environment to be tested: Master Browser to be tested: Any browser Precondition: 1. Normal users ‘User one’ and ‘User two’ should exist. 2. 'User one' created page 'Page 03' and shared it with 'User two'. 3. 'User one' created collection 'Collection' that contains pages 'Page 01' and 'Page 02' and shared it with 'User two'. Steps to reproduce: 1. Log in as a ‘User two’. 2. On the dashboard under ‘Latest changes I can view’ click on the ‘Page 03’. 3. Enter ‘This is Comment 1’ in the ‘Add comment’ edit box. 4. Switch ‘Make comment public’ to ‘No’. 5. Click the ‘Comment’ button. Expected result: The comment should display the text ‘This comment is private’ and a link ‘Make comment public’. 6. Similarly set up 12 more private comments. Expected result: Comments pagination should be displayed and all comments are private. 7. Click the ‘Make comment Public’ link for the second comment. Expected result: The second comment should display as a public comment and the first comment ‘This is comment 1’ should remain private. 8. Click on the second page of the comments. 9. Click the ‘Make comment Public’ link for the second comment on the second paginated page. Expected result: The second comment on the second paginated page should display as a public comment. All comments but this one and the second comment on the first page should still be private. 10. Click the ‘Make comment Public’ button for the first comment on the second paginated page. Expected result: The first comment on the second paginated page should display as a public comment. Comments 2 on the first and second page should also still be public, and the rest of the comments should remain private. 11. Log out as 'User two' and log in as 'User one'. 12. Navigate to Main menu > Portfolio > Pages and collections. 13. Click the ‘Collection one’. 14. Select ‘Page 02’ from ‘Navigate to page’ drop down. 15. Set up 3 private comments. 16. Click the ‘Make comment public’ link for the second comment. Expected result: The second comment should display as a public comment and the first and third comments should remain private. 17. Click the ‘Make comment public’ link for the first comment. Expected result: The first and second comments should display as a public comment and the third comment should remain private. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1729423 Title: Can't choose which comment to make public Status in Mahara: In Progress Status in Mahara 17.04 series: Confirmed Status in Mahara 17.10 series: Confirmed Status in Mahara 18.04 series: In Progress Bug description: I'm on 17.04.4 There is multiple private comments on the same item(page or collections). Whenever i click on "make comment public" other than the first one, the first comment available on the page to be made public is made public or a request is sent if you're not allowed to. The "make comment public" appearing on each comment doesn't refer to the comment it is attached to but to the first comment with the link. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1729423/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731082] A patch has been submitted for review
Patch for "master" branch: https://reviews.mahara.org/8268 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731082 Title: internal media style.css missing from old_raw Status in Mahara: In Progress Status in Mahara 17.04 series: New Status in Mahara 17.10 series: New Status in Mahara 18.04 series: In Progress Bug description: For 17.04, 17.10 and master need to place htdocs/theme/raw/plugintype/artefact/file/blocktype/internalmedia/style/style.css in sass directory for raw and raw_old To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731082/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731082] Re: internal media style.css missing from old_raw
** Description changed: - For 17.04 + For 17.04, 17.10 and master need to place htdocs/theme/raw/plugintype/artefact/file/blocktype/internalmedia/style/style.css - in raw_old directory too. + in sass directory for raw and raw_old ** Changed in: mahara Milestone: 17.04.5 => None ** Also affects: mahara/18.04 Importance: High Assignee: Cecilia Vela Gurovic (ceciliavg) Status: In Progress ** Also affects: mahara/17.04 Importance: Undecided Status: New ** Also affects: mahara/17.10 Importance: Undecided Status: New -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731082 Title: internal media style.css missing from old_raw Status in Mahara: In Progress Status in Mahara 17.04 series: New Status in Mahara 17.10 series: New Status in Mahara 18.04 series: In Progress Bug description: For 17.04, 17.10 and master need to place htdocs/theme/raw/plugintype/artefact/file/blocktype/internalmedia/style/style.css in sass directory for raw and raw_old To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731082/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731082] [NEW] internal media style.css missing from old_raw
Public bug reported: For 17.04 need to place htdocs/theme/raw/plugintype/artefact/file/blocktype/internalmedia/style/style.css in raw_old directory too. ** Affects: mahara Importance: High Assignee: Cecilia Vela Gurovic (ceciliavg) Status: In Progress ** Description changed: - need to place + For 17.04 + + need to place htdocs/theme/raw/plugintype/artefact/file/blocktype/internalmedia/style/style.css in raw_old directory too. ** Changed in: mahara Assignee: (unassigned) => Cecilia Vela Gurovic (ceciliavg) ** Changed in: mahara Importance: Undecided => High ** Changed in: mahara Status: New => In Progress ** Changed in: mahara Milestone: None => 17.04.5 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731082 Title: internal media style.css missing from old_raw Status in Mahara: In Progress Bug description: For 17.04 need to place htdocs/theme/raw/plugintype/artefact/file/blocktype/internalmedia/style/style.css in raw_old directory too. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731082/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731082] A patch has been submitted for review
Patch for "17.04_STABLE" branch: https://reviews.mahara.org/8267 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731082 Title: internal media style.css missing from old_raw Status in Mahara: In Progress Bug description: For 17.04 need to place htdocs/theme/raw/plugintype/artefact/file/blocktype/internalmedia/style/style.css in raw_old directory too. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731082/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731067] [NEW] Some cron jobs cause elasticsearch queue to populate when it doesn't need to
Public bug reported: We only record certain information in elasticsearch but we queue things even if unrecorded information changes because we use triggers/procedures on the tables Example, when the recalculate_quota cron runs it works out what the user quota should be and then updates all the users in usr table that need fixing. This table has a trigger on it so all users needing updating are added to queue to be indexed. On a big site that can mean thousands of users being indexed. But we don't record quota in elasticsearch so we don't need to index this change. It would be good to be able to drop/add elasticsearch triggers during cron process for certain cron jobs like we do in upgrade.php script eg: drop_elasticsearch_triggers(); ... do cron job ... create_elasticsearch_triggers(); ** Affects: mahara Importance: High Status: Confirmed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731067 Title: Some cron jobs cause elasticsearch queue to populate when it doesn't need to Status in Mahara: Confirmed Bug description: We only record certain information in elasticsearch but we queue things even if unrecorded information changes because we use triggers/procedures on the tables Example, when the recalculate_quota cron runs it works out what the user quota should be and then updates all the users in usr table that need fixing. This table has a trigger on it so all users needing updating are added to queue to be indexed. On a big site that can mean thousands of users being indexed. But we don't record quota in elasticsearch so we don't need to index this change. It would be good to be able to drop/add elasticsearch triggers during cron process for certain cron jobs like we do in upgrade.php script eg: drop_elasticsearch_triggers(); ... do cron job ... create_elasticsearch_triggers(); To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731067/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1262168] Re: page landing when navigating in a journal
** Changed in: mahara Assignee: (unassigned) => Cecilia Vela Gurovic (ceciliavg) ** Changed in: mahara Status: Confirmed => In Progress -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1262168 Title: page landing when navigating in a journal Status in Mahara: In Progress Bug description: In a journal, when navigating through articles page by page, when your click a pagination number at the bottom to change page, you stay at the bottom of the page instead of going back up on the first article of the new page. .../artefact/blog/view/index.php?id=XXX&offset=YYY should go back to the top of the page. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1262168/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731043] A patch has been submitted for review
Patch for "16.10_STABLE" branch: https://reviews.mahara.org/8266 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731043 Title: artefact/blog/lib.php Undefined variable: title in v16.10 Status in Mahara: In Progress Bug description: This was from a bad backport from Bug 1720034 / patch https://reviews.mahara.org/#/c/8222/1 To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731043/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1731043] [NEW] artefact/blog/lib.php Undefined variable: title in v16.10
Public bug reported: This was from a bad backport from Bug 1720034 / patch https://reviews.mahara.org/#/c/8222/1 ** Affects: mahara Importance: High Status: In Progress ** Tags: regression -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1731043 Title: artefact/blog/lib.php Undefined variable: title in v16.10 Status in Mahara: In Progress Bug description: This was from a bad backport from Bug 1720034 / patch https://reviews.mahara.org/#/c/8222/1 To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1731043/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1727524] A change has been merged
Reviewed: https://reviews.mahara.org/8260 Committed: https://git.mahara.org/mahara/mahara/commit/0213229c0c91432eba38a146b6b436ac30da6c6e Submitter: Robert Lyon (robe...@catalyst.net.nz) Branch:16.10_STABLE commit 0213229c0c91432eba38a146b6b436ac30da6c6e Author: Robert Lyon Date: Thu Oct 26 09:41:53 2017 +1300 Bug 1727524: Updating SimpleSAMLphp to latest release behatnotneeded Change-Id: I2dde01166da1a001edfee3b2cc97badfe6ceb2a4 Signed-off-by: Robert Lyon -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1727524 Title: Update simplesamlphp to 1.14.17 for security fix Status in Mahara: Fix Released Status in Mahara 16.10 series: Fix Committed Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Released Bug description: A security issue was fixed so we need to use the newer version To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1727524/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1727524] Re: Update simplesamlphp to 1.14.17 for security fix
** Changed in: mahara/16.10 Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1727524 Title: Update simplesamlphp to 1.14.17 for security fix Status in Mahara: Fix Released Status in Mahara 16.10 series: Fix Committed Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Released Bug description: A security issue was fixed so we need to use the newer version To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1727524/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1363873] Re: Session Management Issue- Session is not invalidating after password change
Hi Abhishek, There is nothing to do for you. The CVE has been published as we released a fix for the bug already. Please see https://mahara.org/interaction/forum/topic.php?id=7166 It was just now that we received the CVE assignment and I updated the bug report with the reference. Cheers Kristina -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1363873 Title: Session Management Issue- Session is not invalidating after password change Status in Mahara: Fix Released Status in Mahara 1.10 series: Fix Released Status in Mahara 1.8 series: Fix Released Status in Mahara 1.9 series: Fix Released Status in Mahara 15.04 series: Fix Released Bug description: Hi Security Team, I have discovered the session management issue on the domain https://mahara.org/ Description of the issue- The application does not invalidate the previous session once the password is changed by the legitimate user. How to reproduce?- 1. Login in the application using https://mahara.org/ and login into the application. 2. Lets assume application user's account is compromised so he wants to change his password, he will navigate to forgot password page and will change his password. 3. Application user is able to change his password but it was observed that still the previous session was not invalidated and i was actually able to browse the application from both the sessions. Impact- If the application user's account is compromised, he will simply change his password but if the previous session is not invalidated there is no use of changing the password. Please let me know if you need video PoC for this. Remediation- Invalidate the previous session once the password has been changed and enforce the application user to relogin in the application. Thanks and Regards, Abhishek Dashora To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1363873/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1422492] Re: Mahara doesn't ask you for your password before deleting your account or changing your username
** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000141 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1422492 Title: Mahara doesn't ask you for your password before deleting your account or changing your username Status in Mahara: Confirmed Bug description: These, especially the first, seem like dangerous operations. Expected behavior is that Mahara would prompt for my current password to prevent someone deleting my user account if I left my account logged in. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1422492/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1720237] Re: User registration username selection
It wouldn't have been an empty first name or last name as you do need to enter something but rather when the first name and last name are stripped of potential XSS. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1720237 Title: User registration username selection Status in Mahara: In Progress Bug description: When we have user registration allowed for an institution and a new user is registered with empty "first name" and empty "last name", then the system generates a new "username" that is a number. See image attached. We need to change it to a word plus a number, like for example 'user1', 'user4', 'user56'. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1720237/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
[Mahara-contributors] [Bug 1720237] Re: User registration username selection
** Changed in: mahara Milestone: None => 18.04.0 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1720237 Title: User registration username selection Status in Mahara: In Progress Bug description: When we have user registration allowed for an institution and a new user is registered with empty "first name" and empty "last name", then the system generates a new "username" that is a number. See image attached. We need to change it to a word plus a number, like for example 'user1', 'user4', 'user56'. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1720237/+subscriptions ___ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp