lams-github / lams_central / conf

security

Clone Tools

Stats

Commits this week: 0
Total Committers: 5
Last Commit:
Commits this week: 0

Lines of code count not available

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Saturday 28 Dec 2019
4:49 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF to Assessment monitoring

Adding CSRF to:

- Change user marks

- Disclose correct answers

- Disclose group answers

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
11:04 am

Ernie Ghiglione

LDEV-4932 Add CSRF to Scratchie monitoring

Adding CSRF for:

- Changing group marks

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
10:08 am

Ernie Ghiglione

LDEV-4932 Add CSRF for Submit files monitoring

Adding:

- Update marks

- Release marks

- Download marks

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
8:35 am

Ernie Ghiglione

LDEV-4932 Adding CSRF protecting to change scratchie user in monitor

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
3:24 am

Ernie Ghiglione

LDEV-4932 Adding CSRF protection to hide/show toggle open text submission for voting

Options
    • -0
    • +2
    ./Owasp.CsrfGuard.properties
  2. … 1 more file in changeset.
2:45 am

Andrey Balan

Merge branch 'LDEV-4932' of https://github.com/lamsfoundation/lams into LDEV-4932

# Conflicts:

# lams_central/conf/security/Owasp.CsrfGuard.properties

# lams_tool_larsrc/web/WEB-INF/web.xml

# lams_tool_leader/web/WEB-INF/web.xml

Options
    • -1
    • +9
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
2:23 am

Andrey Balan

LDEV-4932 Secure edit in monitor with CSRF Guard

* In order to secure /definelater.do path, added definelater() method to

AuthoringController to the tools missing it

* Remove unnecessary forms from monitor in Vote, NB, QA tools

Options
    • -0
    • +45
    ./Owasp.CsrfGuard.properties
  2. … 109 more files in changeset.
2:11 am

Ernie Ghiglione

LDEV-4932 Adding CSRF to Task list

Adding CSRF protection to set verification for task list

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
Friday 27 Dec 2019
10:21 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF to Share resources

Adding CSRF prevention to hide/show toggle in monitor

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 6 more files in changeset.
10:01 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF protection to Notebook

Prevents CSRF attacks for monitors adding comments to students' notebook entries.

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 1 more file in changeset.
9:38 pm

Ernie Ghiglione

LDEV-4932 Add CSRF to Leader selection

Prevent CSRF for changing leader selection in monitor

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 5 more files in changeset.
8:08 pm

Ernie Ghiglione

LDEV-4932 Add CSRF prevention for changing marks in MCQ

Add CSRF prevention for changing marks in MCQ

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
5:08 am

Ernie Ghiglione

LDEV-4932 Add CSRF prevention for monitor Image gallery

CSRF prevention for Monitor actions:

- toogle visibility

- add image

- edit image properties

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 8 more files in changeset.
3:37 am

Ernie Ghiglione

LDEV-4932 Forum CSRF update marks in monitor

Add CSRF prevention on Forum update marks

Options
    • -1
    • +2
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
Wednesday 25 Dec 2019
6:28 am

Andrey Balan

LDEV-4932 Secure edit in monitor with CSRF Guard

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
5:47 am

Andrey Balan

LDEV-4932 Secure setting submission deadline with CSRF Guard

Options
    • -0
    • +15
    ./Owasp.CsrfGuard.properties
  2. … 63 more files in changeset.
Friday 20 Dec 2019
10:53 pm

Marcin Cieslak

LDEV-4932 Introduce CSRF Guard to Forum. Secure authoring.

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 5 more files in changeset.
9:20 pm

Marcin Cieslak

LDEV-4932 CSRF Guard configuration is needed only in one place

Options
    • -2
    • +4
    ./Owasp.CsrfGuard.properties
  2. … 1 more file in changeset.
8:38 pm

Marcin Cieslak

LDEV-4932 List actions to protect instead of checking everything

Options
    • -1
    • +9
    ./Owasp.CsrfGuard.properties
  2. … 1 more file in changeset.
Thursday 19 Dec 2019
11:01 pm

Marcin Cieslak

Revert "LDEV-4932 Initial integration of CSRF Guard"

This reverts commit c5a709e4cb42d0729ad3fbd814714fb27dd844df.

It should have been in a separate branch.

Options
    • -3
    • +0
    ./Owasp.CsrfGuard.properties
  2. … 9 more files in changeset.
11:00 pm

Marcin Cieslak

LDEV-4932 Initial integration of CSRF Guard

Add library and configuration file. Only Edit Profile form has a token

injected into form. Other POSTed forms will be stopped by the Guard,

with an error logged.

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 9 more files in changeset.
11:00 pm

Marcin Cieslak

LDEV-4932 Initial integration of CSRF Guard

Add library and configuration file. Only Edit Profile form has a token

injected into form. Other POSTed forms will be stopped by the Guard,

with an error logged.

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 9 more files in changeset.