Commit Graph

555 Commits

Author SHA1 Message Date
Huong Nguyen 88b6baa6af Merge branch 'mdl85075-50' of https://github.com/matthewhilton/moodle into MOODLE_500_STABLE 2025-10-29 09:31:20 +07:00
Matthew Hilton bd500af20e MDL-85075 files: Use core security helper first 2025-10-23 12:21:17 +10:00
Julien Boulen 95d763d24f MDL-77137 filelib: Honour proxybypass option for multiple Curl queries 2025-10-12 22:16:58 +02:00
Matt Rice 5b5b3367bb MDL-72582 core_files: Update readfile_accel error handling
Correct the error handling in readfile_accel to properly log errors when
working on a stored_file, rather than hiding the true error behind the
incorrect "Object of class stored_file could not be converted to
string."

Co-authored-by: Simey Lameze <simey@moodle.com>
Co-authored-by: Trisha Milan <trishamilan@catalyst-au.net>
2025-07-07 18:56:39 +10:00
Michael Hawkins a98bb76076 MDL-83762 core_files: Bind resolve IPs and ports to cURL calls 2025-06-05 12:09:36 +07:00
meirzamoodle 7725baa9db MDL-83350 files: Avoid cacheing user and file repo files
Set the lifetime to zero for files referenced in
the local/internal repository (private files and file system),
because they should not be cached.

Add `no-store` to the cache-control to ensure resources are
never cached, always fetching the latest version.
2025-05-13 09:37:40 +07:00
Paul Holden 20fb7a4f1a MDL-84480 files: correct text formatting params when filtering files. 2025-04-24 07:31:17 +02:00
Stefan Hanauska 66c8a02f21 MDL-72050 filelib: Add function for deleting draftarea 2025-03-13 08:17:10 +01:00
Katie Ransom d0e707920c MDL-83807 files: Make file_get_all_files_in_draftarea return zip files 2024-12-11 11:22:42 +00:00
meirzamoodle 3229dda3d6 MDL-83332 core: Revert the slashargument removal on MDL-62640
Removing the option causes issues on MacOS.
2024-10-02 18:36:14 +07:00
meirzamoodle 4d2ad0bff7 MDL-62640 core: Adjust code for slashargument removal 2024-09-25 08:30:18 +07:00
Jun Pataleta 99f7cb0a8a Merge branch 'MDL-82532-main' of https://github.com/sammarshallou/moodle 2024-08-20 11:04:11 +08:00
Huong Nguyen dca18ebca3 Merge branch 'MDL-81634-main' of https://github.com/andrewnicols/moodle 2024-08-20 09:30:44 +07:00
sam marshall 525b635cfc MDL-82532 Profile: Capability to allow/prevent view of profile images
Introduces a new capability moodle/user:viewprofilepics, granted by
default to 'user' and 'guest'. If the 'forcelogin' option or
'forceloginforprofileimage' option is enabled, then users must have
this capability in order to see profile pictures (except their own).
2024-08-19 15:42:16 +01:00
meirzamoodle 7a6e504b02 MDL-82136 curl: Send credentials to redirect URL if allowed
Curl has the option CURLOPT_UNRESTRICTED_AUTH. If true, curl will send
the credentials to a different host. If false, they will not be sent.

CURLOPT_UNRESTRICTED_AUTH can only work if the CURLOPT_FOLLOWLOCATION
option is true. The filelib forces the CURLOPT_FOLLOWLOCATION option
to be false, because all redirects are emulated at the PHP level. So,
in this case, the CURLOPT_UNRESTRICTED_AUTH option is only being used
in our logic and will not work as you might expect it to.

This patch works almost the same as CURLOPT_UNRESTRICTED_AUTH in ideal
conditions. It will check whether the host is different. If so, the
system will check what value CURLOPT_UNRESTRICTED_AUTH has. If it is
not specified, then by default, it will be false. If false, then
credentials will not be sent.
2024-08-07 04:12:45 +00:00
Andrew Nicols 024e36be17 MDL-81634 core: Fix all implicitly defined nullables
Note: This does not impact third-party libraries.
2024-08-02 14:11:12 +08:00
Jun Pataleta 814df623b5 Merge branch 'MDL-78198-main' of https://github.com/andrewnicols/moodle 2024-06-06 22:02:34 +08:00
Cameron Ball 03cb18d6ff MDL-81774 curl: Strip auth headers when redirecting to different host 2024-06-05 02:34:19 +00:00
Andrew Nicols f5c2bb717e MDL-78198 file: Stop sending the Accept-Charset header in curl
See notes on:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Charset

Warning: Do not use this header. Browsers omit this header and servers
should ignore it.

The Accept-Charset request HTTP header was a header that advertised a
client's supported character encodings. It is no longer widely used.

UTF-8 is well-supported and the overwhelmingly preferred choice for
character encoding. To guarantee better privacy through less
configuration-based entropy, all browsers omit the Accept-Charset
header.
2024-05-23 22:16:46 +08:00
Marina Glancy 42c76b711a MDL-80820 lib/pear: phpdoc corrections 2024-04-08 10:13:39 +01:00
Marina Glancy ef1759da74 MDL-80820 various: fix incorrect phpdocs 2024-04-08 10:13:10 +01:00
Eloy Lafuente (stronk7) ba1f804ffa MDL-65292 style: Fix all function declarations white space
This has been generated running the following Sniffs, all
them part of the Moodle's CodeSniffer standard:
- PSR12.Functions.ReturnTypeDeclaration
- PSR12.Functions.NullableTypeDeclaration
- moodle.Methods.MethodDeclarationSpacing
- Squiz.Whitespace.ScopeKeywordSpacing

All them are, exclusively, about correct spacing, so the changes
are, all them, only white space changes.

Only exceptions to the above are 3 changes what were setting the
return type in a new line, and, when that happens, the closing
parenthesis (bracket) has to go to the same line than the colon.
2024-02-28 23:33:26 +01:00
Michael Aherne ec7a03985a MDL-80030 filelib: Fix info type. 2023-11-08 08:51:26 +00:00
Huong Nguyen 95b0ea16f0 Merge branch 'MDL-69187' of https://github.com/paulholden/moodle 2023-08-24 10:38:13 +07:00
Sara Arjona 026f377993 MDL-78884 theme: Update references to $icon.png
The *.png files in pix/f folder have been removed, so their references
need to be updated to use the proper SVG file or a different icon, as
happened with logo_uri for oauth2 services.
2023-08-23 07:33:58 +02:00
Sara Arjona 7430208d56 MDL-78884 files: Deprecate size parameter for icons
The parameter $size of the following functions has been deprecated and is not used any more:
  - file_extension_icon
  - file_file_icon
  - file_folder_icon
  - file_mimetype_icon
  - mimeinfo_from_type
  - url_guess_icon

That way, the sized icons (xxxxxxx-yyy.png) can be removed and replaced by SVG, to make it easier
to keep them updated because once they are replaced, there will only be one single file for each
MIME icon.
2023-08-23 07:30:16 +02:00
Paul Holden e66f04e61d MDL-69187 files: normalize retrieval of mimetypes from groups array.
Ensure that the following both return consistently, so that filepicker
form elements behave the same for each when defining "accepted_types":

    '.html, .txt'
    ['.html', '.txt']
2023-08-22 09:56:06 +01:00
Petr Skoda 989636b0de MDL-78505 core: stop mangling existing Mardown in text editors
The problem is that HTML Purifier is not compatible with Markdown,
that means we cannot sanitise Markdown texts before editing.

Luckily Markdown has to use plain text editor which does not have
XSS problems.

The only tiny downside is that Markdown cannot be allowed
in "trust text" areas any more.
2023-08-15 14:26:59 +02:00
Mathew May 9bb91ce870 MDL-77991 filelib: Allow groups to generate svgs 2023-08-03 09:07:18 +08:00
Meirza 97ff68fd6b MDL-78159 lib: Added missing properties for core libraries
In PHP 8.2 and later, setting a value to an undeclared class property is
deprecated and emits a deprecation notice.
So we need to add missing class properties that still need to be declared.
2023-06-21 15:39:53 +07:00
Srdjan 5813741877 MDL-75372 core: url_blocked event
Triggered with check_securityhelper_blocklist(). The event is
also emitting a debugging() message.
2023-05-09 14:11:50 +10:00
Marina Glancy 8fc1486d36 MDL-77164 various: fix incorrect phpdocs 2023-04-13 11:35:06 +01:00
Laurent David 4281b6e859 MDL-70976 core_files: Allow for draft files url inserted in content
* The file file_remove_editor_orphaned_files should take into account URL that
have been embedded in a tag content instead of an attribute (like src attribute)
* This will fix issue with inserting H5P content in calendar events.
2023-03-29 09:09:56 +02:00
Juan Leyva 27be439eb7 MDL-73708 course: Return geo pattern generated course images via WS 2023-03-22 17:39:07 -03:00
Paul Holden 21bd0c3430 Merge branch 'MDL-76370-publicpaths-proxying' of https://github.com/jaydn/moodle 2023-02-06 11:02:41 +00:00
Marina Glancy b0a83aa7bd MDL-76362 various: Avoid passing nulls to functions that don't allow nulls
PHP 8.1 is more strict on the parameter type. Functions such as trim(), strlen(), str_replace(), etc
show notice when null is passed as an argument
2023-01-23 09:15:54 +08:00
Jaydn Cunningham 6ad6b28a34 MDL-76370 curl: suppress CONNECT header when using HTTP proxy 2023-01-20 14:26:30 +10:30
Mathew May fbe1ac8e13 MDL-71920 core: update filelib opt name definition 2022-11-11 12:53:24 +08:00
Daniel Neis Araujo 3f83f35a5c MDL-73119 contentbank: Add pluginfile callback to content type plugins 2022-08-16 14:23:33 -03:00
Christina Thee Roperto de07d85f23 MDL-72349 filelib: update strip_double_headers function 2022-07-19 19:19:46 +10:00
Sujith Haridasan 73d604369d MDL-71062 core: Step 1 deprecation of print_error function 2022-07-13 08:20:54 +05:30
Brendan Heywood 9fa26ed911 MDL-72486 core: Add unsafe log and fix options to proxy settings 2022-06-20 11:18:42 +10:00
Andrew Nicols 5aae67880d MDL-73013 filelib: Fix code lint 2022-06-10 13:12:35 +02:00
Andrew Nicols 0b305d9330 MDL-73013 filelib: Address coding style violations 2022-06-10 13:12:35 +02:00
Paul Holden 5215a02444 MDL-73013 calendar: fix serving of files added to category events. 2022-05-12 16:12:15 +01:00
Brendan Heywood 34efb9a19e MDL-59681 file: Stop recursive file serving 2022-03-21 17:50:20 +11:00
Eloy Lafuente (stronk7) d66a5316ae MDL-73826 phpunit: Allow curl mock responses to handle empty strings
Before this commit, is_empty() was being applied before returning
the mock response. But we want to be able to mock the empty response
for some tests, hence moving the condition to null/isset, that is
the value that array_pop() returns where there aren't more elements
in the array.

With that change performed, we can test lti_load_cartridge() with
empty responses, hence adding a new test for that.
2022-02-11 23:50:05 +01:00
Frode Petterson 080105c6d3 MDL-73588 curl: Fix expected CURLOPT_FILE behavior
After cbf9dfb the CURLOPT_FILE no longer behaves as expected. All
redirect responses are appended to the same stream resource.  This fix
reverts back to the old behavior by setting the stream pointer back to
the beginning for each subsequent redirect.
2022-01-24 17:08:25 +01:00
Michael Hawkins 2a2ece647a MDL-72316 filelib: Add ability for modules to directly load SVG images
This also implements the functionality for SCORM packages, which may
have SVG images embedded within their content which require loading
directly (and are only created by users with appropriate risk flag).
2021-10-28 12:56:52 +08:00
Eloy Lafuente (stronk7) 5307bd2930 Merge branch 'MDL-72242-master-svgforcedfilter' of git://github.com/mudrd8mz/moodle 2021-08-11 11:39:52 +02:00