Mahara 1.7.3

Milestone information

Project:
Mahara
Series:
1.7
Version:
1.7.3
Released:
2013-10-03  
Registrant:
Son Nguyen
Release registered:
2013-10-03
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
3 Aaron Wells, 2 Kristina Hoeppner, 3 Robert Lyon, 1 Ruslan Kabalin
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
19 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mahara-1.7.3.zip (md5, sig) release tarball 847
last downloaded 43 weeks ago
download icon mahara-1.7.3.tar.bz2 (md5, sig) release tarball 106
last downloaded 20 weeks ago
download icon mahara-1.7.3.tar.gz (md5, sig) release tarball 468
last downloaded 13 weeks ago
Total downloads: 1,421

Release notes 

Mahara 1.7.3 Release Notes

This is a stable release of Mahara 1.7. Stable releases are fit for
general use. If you find a bug, please report it to the tracker:

https://bugs.launchpad.net/mahara/+filebug

This release includes an upgrade path from 1.0. If you wish to
upgrade, we encourage you to make a copy of your website and test the
upgrade on it first, to minimise the effect of any potential
unforeseen problems.

Changes from 1.7.2:

Security issues:
 * Bug #1211758 Arbitrary image download
 * Bug #1175446 user supplied $_SERVER['HTTP_HOST'] can be used for injections
 * Bug #1233500 Not checking ownership of blocks before editing them

Other issues:
 * Bug #1158625 Make profile information not avaialble for public when not shared
 * Bug #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vi$
 * Bug #1218091 Pager in search in a block doesn't work
 * Bug #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page
 * Bug #1214647 When an auth instance is deleted, disable it as a parent authority
 * Bug #1215190 LDAP support for non-standard port LDAP Urls
 * Bug #1215702 Reduce false positives in syntax checker for unbracketed SQL tables
 * Bug #1218684 Alt tag in the artefact chooser panel only says "Preview"
 * Bug #1219499 Some RSS feed channel images are rendered too large in External feeds block
 * Bug #1222368 Missing lang string for group page with clean URL
 * Bug #1227372 Missing lang string for existing URL on allowed iframes
 * Bug #1095208 uploading a file - "Loading" message remains
 * Bug #1165592 "Cron is not running" not displayed in red anymous
 * Bug #1188001 Page view throws headdata warning, if group submissions enabled
 * Bug #1213908 Undefined variable $id in group/report.php
 * Bug #1072972 Internal search ignores 'KATAKANA-HIRAGANA PROLONGED SOUND MARK'

Changelog 

View the full changelog

Unset deleted institutions as parent authority to other institutions
For private profiles, hide all profile information from logged-out users
Bug 1211758 - Make sure user has permission to publish artefacts
Check if the block instance belongs to the view Bug#1233500
Add alt and title tag for blocks (Bug #1218684)
Add missing lang string for warning (Bug #1227372)
Fix permissions of group area (Bug #1034180)
Validate $_SERVER['HTTP_HOST'] before using it
Stop empty resume birthdate from auto-filling to Jan 1, 1970
LDAP support for LDAP URLs with non-standard ports
Missing lang string for group page with clean URL (Bug 1222368)
Rss images rendering too large in external feed block (Bug #1219499)
Fix for pagination when in edit blockinstance doing search (bug 1218091)
Fix display of the name of the sharing group on the Group Participation report
Reduce false positives in syntax checket for unbracketed SQL tables.
Correct Mahara 1.7 version number
New fix for the YouTube issue (bug #1207140)
admin/upgrade.php: Make installer jump to the bottom of the page when install is done
Returning red colour to the 'cron is not running' message Bug 1165592
Revert "Add protocol to Youtube iframe code (Bug #1207140)"
view/view.php: Squelch a "headdata already sent" warning
Fix "Loading" message issue. (bug #1095208)
Update PREG_CLASS_SEARCH_EXCLUDE to latest from Drupal 6
Add protocol to Youtube iframe code (Bug #1207140)

0 blueprints and 19 bugs targeted

Bug report Importance Assignee Status
1158625 #1158625 Make profile information not avaialble for public when not shared 3 High Aaron Wells  10 Fix Released
1207140 #1207140 The embedded iframe filter doesn't support scheme-relative URLs such as "//youtube.com" (now used in the YouTube and Vimeo embed code) 3 High Robert Lyon  10 Fix Released
1211758 #1211758 Arbitrary image download 3 High   10 Fix Released
1218091 #1218091 Pager in search in a block doesn't work 3 High Robert Lyon  10 Fix Released
1195489 #1195489 After installation, make the installer "jump" to the "Continue" link at the bottom of the page 4 Medium   10 Fix Released
1214647 #1214647 When an auth instance is deleted, disable it as a parent authority 4 Medium Aaron Wells  10 Fix Released
1215190 #1215190 LDAP support for non-standard port LDAP Urls 4 Medium   10 Fix Released
1215702 #1215702 Reduce false positives in syntax checker for unbracketed SQL tables 4 Medium   10 Fix Released
1218684 #1218684 Alt tag in the artefact chooser panel only says "Preview" 4 Medium Kristina Hoeppner  10 Fix Released
1219499 #1219499 Some RSS feed channel images are rendered too large in External feeds block 4 Medium Robert Lyon  10 Fix Released
1222368 #1222368 Missing lang string for group page with clean URL 4 Medium   10 Fix Released
1227372 #1227372 Missing lang string for existing URL on allowed iframes 4 Medium Kristina Hoeppner  10 Fix Released
1095208 #1095208 uploading a file - "Loading" message remains 5 Low Ruslan Kabalin  10 Fix Released
1165592 #1165592 "Cron is not running" not displayed in red anymore 5 Low   10 Fix Released
1175446 #1175446 user supplied $_SERVER['HTTP_HOST'] can be used for injections 5 Low Aaron Wells  10 Fix Released
1188001 #1188001 Page view throws headdata warning, if group submissions enabled 5 Low   10 Fix Released
1213908 #1213908 Undefined variable $id in group/report.php 5 Low   10 Fix Released
1072972 #1072972 Internal search ignores 'KATAKANA-HIRAGANA PROLONGED SOUND MARK' 1 Undecided   10 Fix Released
1233500 #1233500 Not checking ownership of blocks before editing them 1 Undecided   10 Fix Released
This milestone contains Public information
Everyone can see this information.