ECOM-2972

There's no need to use a string literal in setattr, delattr, or the
two-argument form of getattr.

https://docs.djangoproject.com/en/1.8/howto/custom-management-commands/
You need to declare and do proper argument parsing.  --commit is also
more natural than a bare 'commit' on the end of a command.

Switch from calling handle() directly to call_command().
call_command() simulates using the management command so is a better
test of the command line interface.

With the 1.8 upgrade, we stopped using 'manage.py cms command commit'
and switched to --commit because we no longer directly access args[]
https://docs.djangoproject.com/en/1.8/howto/custom-management-commands/

When this command was updated, it was switched to --commit=commit, but
using store_true allows a much more natural --commit syntax.

Please note that this is a squshed commit and the work of:
Symbolist, macdiesel, nedbat, doctoryes, muzaffaryousaf and muhammad-ammar

changing default value instead of setting it via fields

fixed broken test

fixed quality violation

following another approach

TNL-3627

Make escaping for json simpler and more consistent in Mako templates
- add escape_json_dumps to escape and json.dumps
- add escape_js_str to escape javascript string
- refactor Studio to use escape_json_dumps in Mako templates

TNL-2646: Escape json.dumps

Removing this particular call to json.dumps was done by removing
the complete method subsection_handler which is no longer
used.  The template edit_subsection.html had already been removed.

TNL-2646 Escape json

Instructor-led is changed to instructor-paced. Adds a label to the
course outline page to show the course pacing.

ECOM-2794
ECOM-2800

- Resolve SEC-27 by escaping course name in advanced settings
- Add escape_json_dumps to simplify escaping json in Mako templates

SEC-27: XSS/JS Error in Advanced Settings with invalid course name

TNL-3643

Applying a security patch from last week that has made its way through
the disclosure period already. FYI @robrap

May improve performance.
TNL-3538

Except for the Discussion Tab.
TNL-3693, TNL-3365

Also adds improved styling for course pacing settings, and unit tests
around query counts for self-paced courses.

ECOM-2650

Currently unstyled.

ECOM-2462

ECOM-2489

ECOM-2443

* The LMS now also monkey-patches
  xmodule.x_module.descriptor_global_handler_url and
  xmodule.x_module.descriptor_global_local_resource_url so that we can
  get LMS XBlock URLs from the DescriptorSystem. That functionality is
  needed in the block transforms collect() phase for certain XModules
  like Video. For instance, say we want to generate the transcripts
  URLs. The collect phase is run asynchronously, without a user context.

* The URL handler monkey-patching is now done in the startup.py files
  for LMS and Studio. Studio used to do this in the import of
  cms/djangoapps/contentstore/views/item.py. This was mostly just
  because it seemed like a sane and consistent place to put it.

* LmsHandlerUrls was removed, its handler_url and local_resource_url
  methods were moved to be top level functions. The only reason that
  class existed seems to be to give a place to store course_id state,
  and that can now be derived from the block location.

* To avoid the Module -> Descriptor ProxyAttribute magic that we do
  (which explodes with an UndefinedContext error because there is no
  user involved), when examining the block's handler method in
  handler_url, I made a few changes:

** Check the .__class__ to see if the handler was defined, instead of the
   block itself.

** The above required me to relax the check for _is_xblock_handler on the
   function, since that will no longer be defined.

90% of this goes away when we kill XModules and do the refactoring we've
wanted to do for a while.

team not automatically enrolled in course