lams-github

Clone Tools

Stats

Commits this week: 0
Total Committers: 50
Last Commit:
Commits this week: 0

Lines of code count not available

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Sunday 29 Dec 2019
7:04 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF Admin

Fixing policy management toggle. Adding enable/disable toggle for tool management

Options
    • -1
    • +2
    /lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/PolicyManagementController.java
    • -3
    • +3
    /lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ToolContentListController.java
    • -3
    • +3
    /lams_admin/web/policies/policies.jsp
    • -9
    • +8
    /lams_admin/web/toolcontent/toolcontentlist.jsp
    • -0
    • +2
    /lams_central/conf/security/Owasp.CsrfGuard.properties
1:33 am

Ernie Ghiglione

LDEV-4931 Adding CSRF protection for LAMS Admin

Adding:

- Edit configuration

- Editing timezones

- Add/disable/enable/delete signup pages

- Add/disable/enable/delete integrated server

- Add/activate/deactivate policies

Options
    • -3
    • +4
    /lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ExtServerManagementController.java
    • -2
    • +2
    /lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/LtiConsumerManagementController.java
    • -1
    • +2
    /lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SignupManagementController.java
    • -0
    • +70
    /lams_admin/web/WEB-INF/tlds/security/csrfguard.tld
    • -4
    • +19
    /lams_admin/web/WEB-INF/web.xml
    • -2
    • +2
    /lams_admin/web/config/editconfig.jsp
    • -2
    • +2
    /lams_admin/web/integration/ltiConsumer.jsp
    • -10
    • +4
    /lams_admin/web/integration/ltiConsumerList.jsp
    • -4
    • +5
    /lams_admin/web/integration/serverlist.jsp
    • -3
    • +3
    /lams_admin/web/integration/servermaintain.jsp
    • -2
    • +2
    /lams_admin/web/loginmaintain.jsp
    • -3
    • +3
    /lams_admin/web/policies/editPolicy.jsp
    • -2
    • +2
    /lams_admin/web/signupmanagement/add.jsp
    • -3
    • +4
    /lams_admin/web/signupmanagement/list.jsp
    • -0
    • +1
    /lams_admin/web/taglibs.jsp
    • -2
    • +2
    /lams_admin/web/timezoneManagement.jsp
    • -0
    • +17
    /lams_central/conf/security/Owasp.CsrfGuard.properties
Saturday 28 Dec 2019
11:44 pm

Marcin Cieslak

Merge branch 'LDEV-4935'

Options
11:42 pm

Marcin Cieslak

LDEV-4935 Secure Scribe websockets

User gets checked if he participates in the given activity.

Options
    • -4
    • +11
    /lams_tool_scribe/src/java/org/lamsfoundation/lams/tool/scribe/web/controller/LearningWebsocketServer.java
11:42 pm

Marcin Cieslak

LDEV-4935 Secure Mindmap websockets

User gets checked if he participates in the given activity.

Options
    • -1
    • +2
    /lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/service/IMindmapService.java
    • -16
    • +24
    /lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/service/MindmapService.java
    • -3
    • +10
    /lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/web/controller/LearningWebsocketServer.java
11:42 pm

Marcin Cieslak

LDEV-4935 Secure Scratchie websockets

User gets checked if he participates in the given activity.

Options
    • -3
    • +5
    /lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/dao/DAO.java
    • -25
    • +26
    /lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/service/IScratchieService.java
    • -19
    • +26
    /lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/service/ScratchieServiceImpl.java
    • -2
    • +10
    /lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/LearningWebsocketServer.java
11:27 pm

Marcin Cieslak

LDEV-4935 Secure Leader Selection websockets

User gets checked if he participates in the given activity.

Options
    • -9
    • +6
    /lams_tool_leader/src/java/org/lamsfoundation/lams/tool/leaderselection/service/ILeaderselectionService.java
    • -7
    • +14
    /lams_tool_leader/src/java/org/lamsfoundation/lams/tool/leaderselection/service/LeaderselectionService.java
    • -3
    • +11
    /lams_tool_leader/src/java/org/lamsfoundation/lams/tool/leaderselection/web/controller/LearningWebsocketServer.java
11:18 pm

Marcin Cieslak

LDEV-4935 Secure Dokumaran websockets

User gets checked if he participates in the given activity.

Options
    • -4
    • +5
    /lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/dao/DAO.java
    • -2
    • +10
    /lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/DokumaranService.java
    • -28
    • +33
    /lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/service/IDokumaranService.java
    • -3
    • +11
    /lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningWebsocketServer.java
11:03 pm

Marcin Cieslak

LDEV-4935 Secure Chat (tool) websockets

User gets checked if he participates in the given activity.

Options
    • -4
    • +10
    /lams_tool_chat/src/java/org/lamsfoundation/lams/tool/chat/web/controller/LearningWebsocketServer.java
10:54 pm

Marcin Cieslak

LDEV-4935 Secure lesson chat (presence) websockets

Nickname is taken from session, not from incoming parameters. User gets

checked if he participates in the given lesson.

Simplified code, clean up.

Options
    • -69
    • +104
    /lams_learning/src/java/org/lamsfoundation/lams/learning/presence/PresenceWebsocketServer.java
    • -3
    • +3
    /lams_learning/src/java/org/lamsfoundation/lams/learning/presence/dao/IPresenceChatDAO.java
    • -5
    • +1
    /lams_learning/web/includes/javascript/presence.js
    • -2
    • +1
    /lams_learning/web/presenceChat.jsp
4:49 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF to Assessment monitoring

Adding CSRF to:

- Change user marks

- Disclose correct answers

- Disclose group answers

Options
    • -0
    • +3
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -3
    • +3
    /lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java
    • -1
    • +1
    /lams_tool_assessment/web/pages/monitoring/parts/questionsummary.jsp
    • -1
    • +1
    /lams_tool_assessment/web/pages/monitoring/parts/usersummary.jsp
    • -5
    • +9
    /lams_tool_assessment/web/pages/monitoring/summary.jsp
11:04 am

Ernie Ghiglione

LDEV-4932 Add CSRF to Scratchie monitoring

Adding CSRF for:

- Changing group marks

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +1
    /lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/web/controller/MonitoringController.java
    • -1
    • +1
    /lams_tool_scratchie/web/pages/monitoring/summary.jsp
10:08 am

Ernie Ghiglione

LDEV-4932 Add CSRF for Submit files monitoring

Adding:

- Update marks

- Release marks

- Download marks

Options
    • -0
    • +3
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +2
    /lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/controller/MarkController.java
    • -3
    • +3
    /lams_tool_sbmt/src/java/org/lamsfoundation/lams/tool/sbmt/web/controller/MonitoringController.java
    • -3
    • +3
    /lams_tool_sbmt/web/monitoring/mark/updatemark.jsp
    • -2
    • +4
    /lams_tool_sbmt/web/monitoring/parts/summary.jsp
8:35 am

Ernie Ghiglione

LDEV-4932 Adding CSRF protecting to change scratchie user in monitor

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +2
    /lams_tool_scribe/src/java/org/lamsfoundation/lams/tool/scribe/web/controller/MonitoringController.java
    • -1
    • +2
    /lams_tool_scribe/web/pages/monitoring/summary.jsp
3:24 am

Ernie Ghiglione

LDEV-4932 Adding CSRF protection to hide/show toggle open text submission for voting

Options
    • -0
    • +2
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -15
    • +9
    /lams_tool_vote/web/monitoring/OtherTextNominationViewer.jsp
2:45 am

Andrey Balan

Merge branch 'LDEV-4932' of https://github.com/lamsfoundation/lams into LDEV-4932

# Conflicts:

# lams_central/conf/security/Owasp.CsrfGuard.properties

# lams_tool_larsrc/web/WEB-INF/web.xml

# lams_tool_leader/web/WEB-INF/web.xml

Options
    • -1
    • +9
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -3
    • +11
    /lams_tool_larsrc/web/WEB-INF/web.xml
    • -1
    • +2
    /lams_tool_larsrc/web/common/taglibs.jsp
    • -3
    • +11
    /lams_tool_leader/web/WEB-INF/web.xml
    • -1
    • +2
    /lams_tool_leader/web/common/taglibs.jsp
2:23 am

Andrey Balan

LDEV-4932 Secure edit in monitor with CSRF Guard

* In order to secure /definelater.do path, added definelater() method to

AuthoringController to the tools missing it

* Remove unnecessary forms from monitor in Vote, NB, QA tools

Options
    • -0
    • +45
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +2
    /lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/AuthoringController.java
    • -13
    • +26
    /lams_tool_chat/src/java/org/lamsfoundation/lams/tool/chat/web/controller/AuthoringController.java
    • -5
    • +0
    /lams_tool_chat/src/java/org/lamsfoundation/lams/tool/chat/web/controller/MonitoringController.java
    • -7
    • +7
    /lams_tool_chat/web/pages/monitoring/editActivity.jsp
    • -1
    • +1
    /lams_tool_daco/src/java/org/lamsfoundation/lams/tool/daco/web/controller/AuthoringController.java
    • -0
    • +70
    /lams_tool_daco/web/WEB-INF/tlds/security/csrfguard.tld
    • -0
    • +15
    /lams_tool_daco/web/WEB-INF/web.xml
    • -0
    • +1
    /lams_tool_daco/web/common/taglibs.jsp
    • -5
    • +7
    /lams_tool_daco/web/pages/monitoring/editactivity.jsp
    • -1
    • +2
    /lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/AuthoringController.java
    • -0
    • +70
    /lams_tool_doku/web/WEB-INF/tlds/security/csrfguard.tld
    • -0
    • +15
    /lams_tool_doku/web/WEB-INF/web.xml
    • -0
    • +1
    /lams_tool_doku/web/common/taglibs.jsp
    • -5
    • +7
    /lams_tool_doku/web/pages/monitoring/editactivity.jsp
  16. … 95 more files in changeset.
2:11 am

Ernie Ghiglione

LDEV-4932 Adding CSRF to Task list

Adding CSRF protection to set verification for task list

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +1
    /lams_tool_task/src/java/org/lamsfoundation/lams/tool/taskList/web/controller/MonitoringController.java
    • -2
    • +2
    /lams_tool_task/web/pages/monitoring/summary.jsp
2:02 am

Ernie Ghiglione

LDEV-4932 deleting accidentally committed file

Options
    • binary
    /lams_tool_larsrc/web/pages/monitoring/.summary.jsp.swp
Friday 27 Dec 2019
10:21 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF to Share resources

Adding CSRF prevention to hide/show toggle in monitor

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +2
    /lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/controller/MonitoringController.java
    • -0
    • +70
    /lams_tool_larsrc/web/WEB-INF/tlds/security/csrfguard.tld
    • -4
    • +19
    /lams_tool_larsrc/web/WEB-INF/web.xml
    • -1
    • +2
    /lams_tool_larsrc/web/common/taglibs.jsp
    • binary
    /lams_tool_larsrc/web/pages/monitoring/.summary.jsp.swp
    • -1
    • +1
    /lams_tool_larsrc/web/pages/monitoring/summary.jsp
10:01 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF protection to Notebook

Prevents CSRF attacks for monitors adding comments to students' notebook entries.

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -2
    • +2
    /lams_tool_notebook/web/pages/monitoring/summary.jsp
9:38 pm

Ernie Ghiglione

LDEV-4932 Add CSRF to Leader selection

Prevent CSRF for changing leader selection in monitor

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +2
    /lams_tool_leader/src/java/org/lamsfoundation/lams/tool/leaderselection/web/controller/MonitoringController.java
    • -0
    • +70
    /lams_tool_leader/web/WEB-INF/tlds/security/csrfguard.tld
    • -4
    • +19
    /lams_tool_leader/web/WEB-INF/web.xml
    • -1
    • +2
    /lams_tool_leader/web/common/taglibs.jsp
    • -2
    • +3
    /lams_tool_leader/web/pages/monitoring/manageLeaders.jsp
8:08 pm

Ernie Ghiglione

LDEV-4932 Add CSRF prevention for changing marks in MCQ

Add CSRF prevention for changing marks in MCQ

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +1
    /lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java
    • -1
    • +1
    /lams_tool_lamc/web/monitoring/SummaryContent.jsp
5:08 am

Ernie Ghiglione

LDEV-4932 Add CSRF prevention for monitor Image gallery

CSRF prevention for Monitor actions:

- toogle visibility

- add image

- edit image properties

Options
    • -0
    • +3
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +2
    /lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/LearningController.java
    • -2
    • +3
    /lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/MonitoringController.java
    • -0
    • +70
    /lams_tool_images/web/WEB-INF/tlds/security/csrfguard.tld
    • -5
    • +18
    /lams_tool_images/web/WEB-INF/web.xml
    • -0
    • +1
    /lams_tool_images/web/common/taglibs.jsp
    • -3
    • +4
    /lams_tool_images/web/pages/authoring/parts/addimage.jsp
    • -2
    • +2
    /lams_tool_images/web/pages/monitoring/imagesummary.jsp
    • -1
    • +1
    /lams_tool_images/web/pages/monitoring/monitoring.jsp
3:37 am

Ernie Ghiglione

LDEV-4932 Forum CSRF update marks in monitor

Add CSRF prevention on Forum update marks

Options
    • -1
    • +2
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -1
    • +1
    /lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/MonitoringController.java
    • -1
    • +2
    /lams_tool_forum/web/jsps/monitoring/updatemarks.jsp
Wednesday 25 Dec 2019
6:28 am

Andrey Balan

LDEV-4932 Secure edit in monitor with CSRF Guard

Options
    • -0
    • +1
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -2
    • +7
    /lams_central/web/includes/javascript/common.js
    • -5
    • +7
    /lams_tool_assessment/web/pages/monitoring/editactivity.jsp
5:47 am

Andrey Balan

LDEV-4932 Secure setting submission deadline with CSRF Guard

Options
    • -0
    • +15
    /lams_central/conf/security/Owasp.CsrfGuard.properties
    • -16
    • +15
    /lams_central/web/includes/javascript/monitorToolSummaryAdvanced.js
    • -6
    • +5
    /lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/web/controller/MonitoringController.java
    • -0
    • +70
    /lams_tool_assessment/web/WEB-INF/tlds/security/csrfguard.tld
    • -0
    • +15
    /lams_tool_assessment/web/WEB-INF/web.xml
    • -0
    • +1
    /lams_tool_assessment/web/common/taglibs.jsp
    • -1
    • +1
    /lams_tool_assessment/web/pages/monitoring/monitoring.jsp
    • -21
    • +3
    /lams_tool_chat/src/java/org/lamsfoundation/lams/tool/chat/web/controller/MonitoringController.java
    • -0
    • +70
    /lams_tool_chat/web/WEB-INF/tlds/security/csrfguard.tld
    • -0
    • +15
    /lams_tool_chat/web/WEB-INF/web.xml
    • -2
    • +2
    /lams_tool_chat/web/common/taglibs.jsp
    • -1
    • +1
    /lams_tool_chat/web/pages/monitoring/summary.jsp
    • -3
    • +3
    /lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/MonitoringController.java
    • -1
    • +1
    /lams_tool_forum/web/jsps/monitoring/summary.jsp
    • -2
    • +3
    /lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java
  16. … 49 more files in changeset.
Monday 23 Dec 2019
8:59 pm

Ernie Ghiglione

LDEV-4745 LDEV-4875 Adding/updating labels

Adding and updating labels for QB and VSAs for LAMS v4.0

Options
    • -86
    • +91
    /lams_central/conf/language/lams/ApplicationResources.properties
    • -95
    • +92
    /lams_central/conf/language/lams/ApplicationResources_en_AU.properties
    • -2
    • +7
    /lams_tool_assessment/conf/language/lams/ApplicationResources.properties
    • -2
    • +7
    /lams_tool_assessment/conf/language/lams/ApplicationResources_en_AU.properties
    • -4
    • +20
    /lams_tool_scratchie/conf/language/lams/ApplicationResources.properties
    • -4
    • +20
    /lams_tool_scratchie/conf/language/lams/ApplicationResources_en_AU.properties
8:25 pm

Andrey Balan

Merge branch 'develop' into LDEV-4745

# Conflicts:

# lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/service/AssessmentServiceImpl.java

Options
    • -5
    • +7
    /lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/service/GradebookService.java
    • -5
    • +9
    /lams_tool_assessment/src/java/org/lamsfoundation/lams/tool/assessment/service/AssessmentServiceImpl.java
8:20 pm

Andrey Balan

Merge branch 'master' into develop

Options