This patch removes the UI setting (cookiehttponly) for HTTP only
cookies. For new installs HTTP only cookies will default to on.
For existing sites teh behaviour will stay as set.
The behaviour can be overriden in config.php
The admin preset tool shouldn't export badge/calendar salt configuration
unless explicitely asked for as changing these values on another site
can be potentially destructive.
The sensiblesettings setting has been moved from tool_admin_presets
to adminpresets component where it belongs, in order for being able
to use it from the API to decide whether sensible settings should
be included when exporting them.
The new configuration flag $CFG->forceclean overrides the noclean
option when calling format_text() so that the text is always
and unconditionally cleaned.
- Define sitepolicy handler manager class, base class and the core handler
- Allow to set a plugin as sitepolicyhandler that implements the sitepolicy API
- Modify web services to return information from the 3rd party handler instead of core if needed
The patch introduces a new site setting 'sitepolicyhandler' that can be
either empty or contain a plugin component name. If it is empty, the
site policy feature keeps working as before and the core keeps the
control over it.
If a plugin is specified, it is expected to implement the callback
'site_policy_handler' in its lib.php file. The callback should return a
URL to a script where the user can accept the site policies. The plugin
itself is responsible for setting the 'policyagreed' flag in the users
table. The callback may return an empty value, in which case the user
can continue using the site without being redirected.
The patch adds support for a new pre-config flag NO_SITEPOLICY_CHECK.
This constant should be defined and set to true if we should not check
the user's policyagreed status during the require_login().
This is for pages where the user actually accepts the site policies and
helps to avoid the redirect loop.
Two new classes in lib/adminlib. One providing validation for a
newline-delimited textarea supporting domain names, domain wildcards,
IPv4/IPv6 addresses and IPv4/IPv6 ranges. The second providing
validation for a newline-delimited textarea of port numbers.
Non-standard means php.ini was set to something not in the default list (like 7MB),
then the config was saved to that specific value, and now the value in php.ini has been changed
again so 7MB does not appear in the list.
1. This used to use a complex legacy system which was buggy.
2. It now relies on a new mod/...:addinstance capability for each module.
3. All the legacy code has been stripped out.
4. Old restriction data is upgraded by creating the necessary permission
overrides. Similarly, when old backups are restored, the old settings
are converted to be overrides.
5. The required addinstance capabilities will be added as a separate
commit.
6. There is a developer debug warning about modules that are missing the
addinstance capability, unless they are MOD_ARCHETYPE_SYSTEM mods.