Public bug reported:
Hi Again,
I have one more request for groups. It would be great if one could submit a
page or collection from one group to another group. For example, I am setting
up groups for departments. And these groups will act as a central repository
from which faculty can create
In order to avoid a username enumeration vulnerability on this, we
should make sure that the message you see when trying to access a
profile page you don't have access to, is the same as the message you
see when trying to access a profile page that doesn't exist. This is
especially true when clean
*** This bug is a security vulnerability ***
Public security bug reported:
A user enumeration vulnerability means that an attacker can get a list
of legal usernames and/or email addresses from the site. A bruteforce
user enumeration vulnerability means that if they have a list of
potential
As for solutions, here are a few possible ones:
A. Add a limit to the number of password reset attempts (or at least
unsuccessful password reset attempts) that can come from a particular IP
address every 5 minutes. (Much like the limit on login attempts per 5
minutes)
B. Add a Captcha mechanism
I'm considering this one a relatively low priority because:
1. It's bruteforce user enumeration, which means you already have to have some
idea of which ones are present.
2. There's already a much more direct user enumeration attack available in
Mahara:
Reviewed: https://reviews.mahara.org/2363
Committed:
http://gitorious.org/mahara/mahara/commit/e1c7c71abfb3ffba032b182f5edf3adbf45f52d6
Submitter: Aaron Wells (aar...@catalyst.net.nz)
Branch:1.7_STABLE
commit e1c7c71abfb3ffba032b182f5edf3adbf45f52d6
Author: Robert Lyon
Reviewed: https://reviews.mahara.org/2365
Committed:
http://gitorious.org/mahara/mahara/commit/2ed992d331c733ab0bc96fdce1931fe6c5f30e1c
Submitter: Aaron Wells (aar...@catalyst.net.nz)
Branch:1.5_STABLE
commit 2ed992d331c733ab0bc96fdce1931fe6c5f30e1c
Author: Robert Lyon
Reviewed: https://reviews.mahara.org/2364
Committed:
http://gitorious.org/mahara/mahara/commit/1b5babb00de1091568265797128b19aaf1a7c578
Submitter: Aaron Wells (aar...@catalyst.net.nz)
Branch:1.6_STABLE
commit 1b5babb00de1091568265797128b19aaf1a7c578
Author: Robert Lyon
** Changed in: mahara/1.5
Status: In Progress = Fix Committed
** Changed in: mahara/1.6
Status: In Progress = Fix Committed
** Changed in: mahara/1.7
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Mahara
Contributors,
Public bug reported:
some users unable to login and they have to click on forgot password for
many times if they want to login because the password that they input
never let them login even they make it correctly.
please help me what should i do to fix it
thanks
** Affects: mahara
Public bug reported:
Today I upgraded reviews.mahara.org to gerrit 2.6.1, in order to make
use of the several improvements in gerrit from 2.5 to 2.6.
However, it turns out there is one very visible, though purely cosmetic,
regression from 2.5 to 2.6. The OpenID login, which used to be a popup
It looks like the page is including our custom header and footer HTML
snippets, however. So, it's possible that we may be able to implement a
workaround by putting some CSS code into those.
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed
What $data was being passed in, that had count($data) 0, but
false===is_array($data) ?
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
Catching up on my code reviews, I noticed some problems in how the
database API was used in this patch. I've added a newer patch of my own
which corrects the problem: https://reviews.mahara.org/2366
** Changed in: mahara
Status: Fix Committed = In Progress
--
You received this bug
Public bug reported:
The length of characters displayed in a collection's navigation tabs
presently cuts of at 20 characters. This is often not sufficient to
display longer, more discriptive titles of pages.
Master, Ubuntu, Postgres, FF
** Affects: mahara
Importance: Undecided
15 matches
Mail list logo
