1. 08 Mar, 2016 3 commits
    • Travis Noll's avatar
      MDL-52378 Singleview: Exclude Grade Attribute Permissions · 5208032b
      Travis Noll authored and Eloy Lafuente's avatar Eloy Lafuente committed
      Singleview users must have Manage Grade permission to modify the
      Exclude grade attribute.
      5208032b
    • Juan Leyva's avatar
      MDL-52808 calendar: Do not return events for hidden activities · 854e7b8e
      Juan Leyva authored and Eloy Lafuente's avatar Eloy Lafuente committed
      854e7b8e
    • David Mudrák's avatar
      MDL-52727 mod_data: Improve output of the form fields values · ead2dd9c
      David Mudrák authored and Eloy Lafuente's avatar Eloy Lafuente committed
      This issue mostly affects the search form fields. Submitted values for
      these fields are typically obtained via optional_param() with
      PARAM_NOTAGS specified as the parameter type - see parse_search_field()
      methods. Such values themselves are not safe enough to be printed back
      directly into the HTML as they might contain malicious code.
      
      While working on the patch, some other places with weak protection were
      detected and fixed.
      
      In case of the itemid parameters, explicit clean_param() is added to
      make sure we cast the value as an integer. That should make the s()
      unnecessary but it was added anyway as an extra protection (just in case
      the code flow changes or the parts of the code are re-used elsewhere).
      ead2dd9c
  2. 07 Mar, 2016 1 commit
  3. 04 Mar, 2016 2 commits
  4. 03 Mar, 2016 4 commits
  5. 02 Mar, 2016 6 commits
  6. 01 Mar, 2016 8 commits
  7. 29 Feb, 2016 7 commits
  8. 28 Feb, 2016 1 commit
  9. 26 Feb, 2016 2 commits
  10. 25 Feb, 2016 6 commits