Commit Graph

1355 Commits

Author SHA1 Message Date
Brendan Heywood e6e07e0960 MDL-67861 libraries: Refactor is_ip_in_subnet_list in ip_utils 2020-03-05 01:13:04 +01:00
Brendan Cox a624a36856 MDL-67175 session: set SameSite=None for Chrome 78 and above
Totara reference TL-22311 (original code by Brendan Cox and Sam Hemelryk)
https://github.com/moodle/moodle/commit/a3f4de2b7efe66de6617a67ce7c87f2862e76ac6
2020-02-04 12:37:15 +01:00
Ryan Wyllie 3cf2cce110 MDL-62284 output: prevent nested JS mustache handler calls
Prevent the JS mustache helper from being executed from within
the render call of another mustache helper because it can allow
users to inject JS into the page.
2019-09-04 11:24:34 +08:00
Ilya Tregubov ed13b5bff3 MDL-65249 Session: Throw exception if number of attempts exceeded. 2019-06-25 15:06:42 +10:00
Michael Hawkins e36f1c9896 MDL-61738 messageinbound: Fix quota checks & filesize for email uploads
Private files uploaded by email will now honour the file quota limit,
because the filesize is set correctly and checked against users'
remaining personal quota limit. Previously, attachment size was always
set to zero, and quota was checked against the draft area (this is
not valid for email uploads, because each file is moved out of the
draft area as it is processed, so multiple files totalling greater
than the remaining quota would still pass the check).
2019-05-08 17:51:45 +02:00
Adrian Greeve 531036848c Merge branch 'MDL-65104-35' of git://git.cameron1729.xyz/moodle into MOODLE_35_STABLE 2019-05-06 12:01:55 +08:00
Cameron Ball c55d75120a MDL-65104 registration: Ensure $registration is always null when no record exists 2019-03-21 16:12:31 +08:00
Shamim Rezaie 2e790a9741 MDL-65094 registration: don't encourage registration if on localhost 2019-03-26 17:26:35 +11:00
David Monllaó 5719590cb1 Merge branch 'MDL-64391_35' of git://github.com/vmdef/moodle into MOODLE_35_STABLE 2019-02-11 11:09:35 +01:00
Damyon Wiese 78bb834249 MDL-62680 output: Only hide icons with no label
For accessibility we don't want to read an icon with a label immediately next to the label,
but in this case it's clearer for the icon to have no alt text / title for both
screen readers and non-screen readers. Worse is not reading important information just
because it's displayed as an icon.
2019-02-07 10:12:47 +08:00
Mark Sharp cf1f48b322 MDL-64391 core_analytics: courseextendednamedisplay 2019-01-23 12:04:01 +00:00
Andrew Nicols 68da8600b7 Merge branch 'MDL-64400-35' of git://github.com/aanabit/moodle into MOODLE_35_STABLE 2019-01-08 08:32:16 +08:00
Amaia Anabitarte da73f1364d MDL-64400 core_messages: Allow cron to delete unread notifications too 2018-12-27 09:32:25 +01:00
Tomasz Muras 9d8470e4b8 MDL-52966 core: static cache fix for file types. 2018-12-17 15:40:54 +08:00
Frédéric Massart 7dcc1e721c MDL-60518 core_user: A user with ID 0 is never a real user 2018-12-14 10:27:41 +01:00
Mark Nelson d5901aa09c MDL-64206 core: updated FB logo URL 2018-12-03 12:26:28 +08:00
David Mudrák 8575b451c4 MDL-64205 users: Do not delete the actual records of unconfirmed users
There is an automatic data privacy request created to get rid of all the
personal data upon the user deletion. With the actual user record
absent, the data privacy requests page throws an error. Let's do here
same as we do in `delete_incomplete_users_task` and let us not delete
the actual user record.
2018-11-25 07:21:59 +01:00
Damyon Wiese b427ab4f70 MDL-63183 auth: Login protection
CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
2018-11-07 00:11:47 +01:00
Andrew Nicols 3cf54a0743 Merge branch 'MDL-63655_35' of git://github.com/stronk7/moodle into MOODLE_35_STABLE 2018-10-25 14:56:58 +08:00
Shamim Rezaie 63e4e0d69d MDL-63713 core: Support for removal of context users
This issue is part of the MDL-62560 Epic.
2018-10-23 13:05:36 +11:00
Eloy Lafuente (stronk7) f29fda6b3e MDL-63655 core: Fix miss-placed parenthesis 2018-10-15 01:02:51 +02:00
David Mudrák 4edb56a2a5 MDL-62891 core: Stop using var_export() to describe callables
Make use of the newly added function get_callable_name() when reporting
that an exception happened during shutdown.
2018-10-05 08:51:56 +02:00
Jake Dallimore 5e26c462d3 Merge branch 'MDL-63050-35' of git://github.com/andrewnicols/moodle into MOODLE_35_STABLE 2018-08-15 10:59:54 +08:00
Andrew Nicols 6d2fedaa47 Merge branch 'wip-MDL-61424-35' of git://github.com/marinaglancy/moodle into MOODLE_35_STABLE 2018-08-07 09:29:41 +08:00
Andrew Nicols 1974156194 MDL-63050 redis: Make session check compatible with Redis 4.0 2018-08-02 11:00:27 +08:00
Marina Glancy 72bb7ac302 MDL-61424 admin: reset registration if token is rejected 2018-07-30 16:12:39 +02:00
Jake Dallimore 5b531aabee MDL-59595 admin: Make sure $ADMIN is properly unset when changing users 2018-07-24 08:31:22 +08:00
Tim Schroeder 2542cb94e4 MDL-61351 core: added \core\session\manager\get_handler_class()
* This is needed e.g. by the shibboleth logout handler to check which
type of sessions are used.
2018-07-17 16:46:26 +08:00
Marina Glancy 5c33665a74 MDL-62526 admin: ask privacy policy agreement for moodle.net 2018-06-28 11:44:38 +08:00
Victor Deniz 2c643bb988 MDL-62320 mimetypes: Add JSON to the default mime types list 2018-06-15 13:12:31 +01:00
Jun Pataleta b02f319b78 Merge branch 'MDL-61826-35' of git://github.com/junpataleta/moodle into MOODLE_35_STABLE 2018-06-06 11:22:31 +02:00
Jun Pataleta 4fc3adb35b Merge branch 'MDL-61778-35' of git://github.com/mickhawkins/moodle into MOODLE_35_STABLE 2018-06-06 11:22:08 +02:00
Jun Pataleta 93e51e74b4 MDL-61826 auth: Make Facebook endpoints more maintainable 2018-06-06 12:44:43 +08:00
Łukasz Szeremeta 148ef43015 MDL-61826 auth: Facebook OAuth2 - getting a better-quality profile photo
Get 200x200 px instead of 50x50 px user profile picture from Facebook OAuth2.
2018-06-06 12:44:43 +08:00
Michael Hawkins 1ebd063f4e MDL-61778 message: Renamed online status icon and replaced Boost icon 2018-06-05 16:36:42 +08:00
Leon Stringer 6d7093e370 MDL-62316 OAuth 2: Only guess image if base URL set.
If you added an OAuth 2 service with no base URL guess_image() would try to
parse this empty value looking for a favicon.ico.  We now check if the base
URL is empty beforehand and skip this if so.
2018-05-22 19:45:04 +01:00
Marina Glancy d1620c57f9 MDL-62147 privacy: corrections to tables, temporary tables 2018-05-16 12:57:19 +08:00
David Monllao 05dcf35796 Merge branch 'MDL-62425-master' of git://github.com/andrewnicols/moodle 2018-05-14 10:57:14 +02:00
David Monllao 3558897fc3 Merge branch 'MDL-62365-master' of git://github.com/bmbrands/moodle 2018-05-14 10:39:41 +02:00
Andrew Nicols ef0f37ca16 MDL-62425 core: Add privacy implementation 2018-05-14 15:41:36 +08:00
Bas Brands 04b1bea112 MDL-62365 Theme Boost: default navigation item to empty
- use fa-fw as default navigation item (empty)
    - change indentation for 2nd level dropdown items
2018-05-14 09:08:42 +02:00
Eloy Lafuente (stronk7) 28ec28e026 Merge branch 'MDL-62251-master' of git://github.com/rezaies/moodle 2018-05-13 20:10:44 +02:00
Shamim Rezaie da3c76158e MDL-62251 task: Fix file_temp_cleanup_task::execute() bug in Windows
$CFG->tempdir might contain both / and \ in Windows. Therefore, we need to
call realpatch() to be able to compare that with another patch.
2018-05-10 18:39:49 +10:00
Andrew Nicols dfa16c06a6 Merge branch 'MDL-61973-master' of git://github.com/mickhawkins/moodle 2018-05-10 09:47:10 +08:00
Mark Nelson b6b7c2636f MDL-62364 core: allow null for 'courseid' in notification_sent event
It's possible the '\core\message\message' object has a null value
for the 'courseid' which is used in \core\message\manager::send_message().
Make sure we compensate for this.
2018-05-09 17:27:00 +08:00
Michael Hawkins 910b62a3d0 MDL-61973 editor_atto: refactoring media icons 2018-05-07 11:21:40 +08:00
David Monllao 97b0a6cbfc MDL-62218 analytics: Privacy API implementation 2018-05-03 15:28:22 +02:00
Andrew Nicols 39b17e9933 Merge branch 'wip-MDL-62138-master' of git://github.com/marinaglancy/moodle 2018-05-01 11:46:27 +08:00
sam marshall acaeb5ec41 MDL-61028 core_search: Fix SELECT bug affecting Oracle 2018-04-24 15:48:40 +02:00
Eloy Lafuente (stronk7) 5e488f8c22 MDL-61657 block_myoverview: whitespace and css-style fixes 2018-04-23 23:35:17 +02:00