lams-github / lams_central / conf

security

Clone Tools

Stats

Commits this week: 0
Total Committers: 5
Last Commit:
Commits this week: 0

Lines of code count not available

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Thursday 02 Jan 2020
8:39 pm

Ernie Ghiglione

LDEV-4932: Adding CSRF to forum and central

CSRF additions to:

- Forum authoring methods

- Adding outcomes to activities in tools (changes to tag and central methods)

Options
    • -0
    • +6
    ./Owasp.CsrfGuard.properties
  2. … 10 more files in changeset.
11:54 am

Ernie Ghiglione

LDEV-4932 Adding CSRF to central

Adding CSRF to:

- Lesson dependencies (add/remove)

- Set dates to finish lesson

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
8:49 am

Ernie Ghiglione

LDEV-4932 Adding CSRF to central and monitoring

Adding CSRF to:

- Grades on completion

- Enable/disable presence and IM

- Send emails

- Update users into lessons

- Send email notifications

- Delete email notifications

Options
    • -0
    • +8
    ./Owasp.CsrfGuard.properties
  2. … 10 more files in changeset.
Wednesday 01 Jan 2020
6:36 am

Ernie Ghiglione

LDEV-4932 Adding CSRF to Admin

Adding it to:

- User roles

- Create course

- Clone lessons

- assign roles in courses

- global roles

- change password for course

- change user pass

- delete all lessons

Options
    • -0
    • +14
    ./Owasp.CsrfGuard.properties
  2. … 23 more files in changeset.
2:35 am

Andrey Balan

LDEV-4932 Add CSRF to monitor and central

* Add CSRF protection to:

- Change lesson status (incl. remove)

- Remove lesson using main.jsp button

- Rename lesson

* Start using /common/taglibs.jsp in lams_central

Options
    • -0
    • +7
    ./Owasp.CsrfGuard.properties
  2. … 23 more files in changeset.
Tuesday 31 Dec 2019
11:25 am

Ernie Ghiglione

LDEV-4932 Add CSRF to central (outcomes)

Adding CSRF protection to:

- Delete outcomes

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 3 more files in changeset.
10:24 am

Ernie Ghiglione

LDEV-4932 Add CSRF for admin

- Adding CSRF to delete preview lessons

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 1 more file in changeset.
10:06 am

Ernie Ghiglione

LDEV-4932 Adding CSRF protection to admin

- Adding user add/edit/remove/disable

Options
    • -0
    • +5
    ./Owasp.CsrfGuard.properties
  2. … 5 more files in changeset.
6:51 am

Andrey Balan

LDEV-4932 Secure gradebook calls with CSRF Guard

* Secure the following gradebook calls in particular:

- Release marks

- Any change in marks

- Export

* Add taglibs.jsp to gradebook project

Options
    • -0
    • +7
    ./Owasp.CsrfGuard.properties
  2. … 14 more files in changeset.
5:14 am

Andrey Balan

LDEV-4932 Secure save tool authoring with CSRF Guard

Options
    • -39
    • +64
    ./Owasp.CsrfGuard.properties
  2. … 42 more files in changeset.
Monday 30 Dec 2019
10:44 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF admin

Adding CSRF to delete session management

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
8:30 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF to admin

Adding CSRF token:

- When adding/editing learning outcomes

- Adding/editing and removing themes

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
Sunday 29 Dec 2019
7:04 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF Admin

Fixing policy management toggle. Adding enable/disable toggle for tool management

Options
    • -0
    • +2
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
1:33 am

Ernie Ghiglione

LDEV-4931 Adding CSRF protection for LAMS Admin

Adding:

- Edit configuration

- Editing timezones

- Add/disable/enable/delete signup pages

- Add/disable/enable/delete integrated server

- Add/activate/deactivate policies

Options
    • -0
    • +17
    ./Owasp.CsrfGuard.properties
  2. … 16 more files in changeset.
Saturday 28 Dec 2019
4:49 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF to Assessment monitoring

Adding CSRF to:

- Change user marks

- Disclose correct answers

- Disclose group answers

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
11:04 am

Ernie Ghiglione

LDEV-4932 Add CSRF to Scratchie monitoring

Adding CSRF for:

- Changing group marks

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
10:08 am

Ernie Ghiglione

LDEV-4932 Add CSRF for Submit files monitoring

Adding:

- Update marks

- Release marks

- Download marks

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
8:35 am

Ernie Ghiglione

LDEV-4932 Adding CSRF protecting to change scratchie user in monitor

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
3:24 am

Ernie Ghiglione

LDEV-4932 Adding CSRF protection to hide/show toggle open text submission for voting

Options
    • -0
    • +2
    ./Owasp.CsrfGuard.properties
  2. … 1 more file in changeset.
2:45 am

Andrey Balan

Merge branch 'LDEV-4932' of https://github.com/lamsfoundation/lams into LDEV-4932

# Conflicts:

# lams_central/conf/security/Owasp.CsrfGuard.properties

# lams_tool_larsrc/web/WEB-INF/web.xml

# lams_tool_leader/web/WEB-INF/web.xml

Options
    • -1
    • +9
    ./Owasp.CsrfGuard.properties
  2. … 4 more files in changeset.
2:23 am

Andrey Balan

LDEV-4932 Secure edit in monitor with CSRF Guard

* In order to secure /definelater.do path, added definelater() method to

AuthoringController to the tools missing it

* Remove unnecessary forms from monitor in Vote, NB, QA tools

Options
    • -0
    • +45
    ./Owasp.CsrfGuard.properties
  2. … 109 more files in changeset.
2:11 am

Ernie Ghiglione

LDEV-4932 Adding CSRF to Task list

Adding CSRF protection to set verification for task list

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
Friday 27 Dec 2019
10:21 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF to Share resources

Adding CSRF prevention to hide/show toggle in monitor

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 6 more files in changeset.
10:01 pm

Ernie Ghiglione

LDEV-4932 Adding CSRF protection to Notebook

Prevents CSRF attacks for monitors adding comments to students' notebook entries.

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 1 more file in changeset.
9:38 pm

Ernie Ghiglione

LDEV-4932 Add CSRF to Leader selection

Prevent CSRF for changing leader selection in monitor

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 5 more files in changeset.
8:08 pm

Ernie Ghiglione

LDEV-4932 Add CSRF prevention for changing marks in MCQ

Add CSRF prevention for changing marks in MCQ

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
5:08 am

Ernie Ghiglione

LDEV-4932 Add CSRF prevention for monitor Image gallery

CSRF prevention for Monitor actions:

- toogle visibility

- add image

- edit image properties

Options
    • -0
    • +3
    ./Owasp.CsrfGuard.properties
  2. … 8 more files in changeset.
3:37 am

Ernie Ghiglione

LDEV-4932 Forum CSRF update marks in monitor

Add CSRF prevention on Forum update marks

Options
    • -1
    • +2
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
Wednesday 25 Dec 2019
6:28 am

Andrey Balan

LDEV-4932 Secure edit in monitor with CSRF Guard

Options
    • -0
    • +1
    ./Owasp.CsrfGuard.properties
  2. … 2 more files in changeset.
5:47 am

Andrey Balan

LDEV-4932 Secure setting submission deadline with CSRF Guard

Options
    • -0
    • +15
    ./Owasp.CsrfGuard.properties
  2. … 63 more files in changeset.