Commit Graph

2289 Commits

Author SHA1 Message Date
Mihail Geshoski f651fc4c8a MDL-67837 backup: Verify caps before unenrolling users on course restore 2020-10-30 13:51:25 +01:00
Charles Fulton 6805a7ae33 MDL-69074 admin: ensure consistent default for getremoteaddrconf 2020-07-15 19:06:30 +02:00
Brendan Heywood e6bd5804b9 MDL-68125 core: Fixed $CFG->reverseproxyignore install regression 2020-03-12 09:55:21 +11:00
Brendan Heywood 7251f154ef MDL-67861 core: Added $CFG->reverseproxyignore IP subnet list
If your server is behind multiple reverse proxies that append to the
X-Forwarded-For header then you will need to specify a comma separated
list of ip addresses or subnets of the reverse proxies to be ignored
in order to find the users correct IP address.
2020-03-05 01:13:12 +01:00
Brendan Heywood e6e07e0960 MDL-67861 libraries: Refactor is_ip_in_subnet_list in ip_utils 2020-03-05 01:13:04 +01:00
Brendan Heywood 67c44ebd2e MDL-67861 core: Use last ip in X-Forwarded-For list 2020-03-05 01:11:09 +01:00
Andrew Madden c7f46956d4 MDL-65926 moodlelib: Convert username to lowercase prior to SQL query
Within a very large project, it was found that searching for a user with their username in the user table using a case insensitive
search was inefficient. Instead it is proposed that the username input is made to be lowercase prior to executing a database query
as the username for each user in the database must be lowercase. This allows for a case sensitive query to find the user data.
Essentially we are moving a case insensitive search for a user from SQL into PHP to increase performance.
2019-07-10 20:04:23 +10:00
Dan Marsden 8c678d9aa9 MDL-60347 core: debugsmtp should be a developer only setting. 2019-07-01 12:17:12 +02:00
Andrew Nicols a4c878c734 Merge branch 'MDL-64394-accesslog-MOODLE_35_STABLE' of https://github.com/brendanheywood/moodle into MOODLE_35_STABLE 2019-05-03 08:54:29 +08:00
Jake Dallimore 31c96d5e7f Merge branch 'MDL-64439-MOODLE_35_STABLE' of https://github.com/ilya-catalyst/moodle into MOODLE_35_STABLE 2019-05-02 14:53:21 +08:00
Adrian Greeve a27c089b40 Merge branch 'MDL-65149-35' of git://github.com/damyon/moodle into MOODLE_35_STABLE 2019-05-01 15:00:34 +08:00
Adrian Greeve f1125775fe Merge branch 'MDL-29318-35' of git://github.com/junpataleta/moodle into MOODLE_35_STABLE 2019-04-18 13:51:36 +08:00
Brendan Heywood d6455734d8 MDL-64394 core: Fixed bug when using access log with pre_loginpage_hook 2019-04-02 11:41:00 +11:00
Ilya Tregubov c91c235fb6 MDL-64439 auth: Refresh $cm in require_login after pre_loginpage_hook. 2019-04-02 10:22:41 +11:00
Jun Pataleta bdca601d03 MDL-29318 core: Fixes for get_complete_user_data()
* Added email in the list of case-insensitive fields.
* New optional parameter $throwexception for \get_complete_user_data().
  If true, an exception will be thrown when there's no matching record
  found or when there are multiple records found for the given field
  value. If false, it will simply return false.
  Defaults to false when not set. This ensures that
  get_complete_user_data() fetches the correct user data.
2019-03-29 13:33:55 +08:00
Damyon Wiese d707892d0c MDL-65149 emoticons: Do not show all emoticons
Allow some emoticons to still work, but not be selectable from the text editor plugins.
2019-03-22 10:07:15 +08:00
Julien Boulen 849f7f40c8 MDL-46803 course: Prevent unenrol users with multiple roles during reset 2019-03-18 11:17:58 +01:00
Eloy Lafuente (stronk7) 7e7b71fbeb Merge branch 'MDL-65094-35' of git://github.com/rezaies/moodle into MOODLE_35_STABLE 2019-04-04 22:40:10 +02:00
Shamim Rezaie 2e790a9741 MDL-65094 registration: don't encourage registration if on localhost 2019-03-26 17:26:35 +11:00
Andrew Nicols e4a8e40912 Merge branch 'MDL-64950-35-2' of git://github.com/junpataleta/moodle into MOODLE_35_STABLE 2019-03-06 13:48:18 +08:00
Jun Pataleta b51a2ccba5 MDL-64950 core: Handle username in a case-insensitive fashion 2019-03-06 12:46:14 +08:00
Ryan Wyllie 070f24d006 MDL-63786 core: set $CFG->forceclean for logged in as sessions
Turn on the forceclean config setting when a user is logged in as a
different user. This is a precautionary measure, which forces all
user submitted content to be cleaned of JavaScript before rendering
it to the logged in as user.
2019-03-05 04:21:41 +01:00
Amaia Anabitarte 15c3d7e208 MDL-64385 user: Case insensitive comparison for email domains 2019-01-18 10:12:18 +01:00
Damyon Wiese a912d44652 MDL-64004 webservice: Do not update accesstime
Do not update the automatically update the course access time when a
course is accessed via a webservice or ajax.
2018-12-18 09:08:20 +08:00
Andrew Nicols 58c02975d1 MDL-64049 core: Cache prefs for current user
We were already caching these preferences when a user object is provided
to get_user_preferences, or when $USER is provided.

This changee swaps get_user_preferences to use the global USER object
when the USER->id matches the userid supplied to the function.
2018-11-20 00:34:58 +01:00
Damyon Wiese b427ab4f70 MDL-63183 auth: Login protection
CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
2018-11-07 00:11:47 +01:00
Amaia Anabitarte 8b32d682a5 MDL-62920 user: Uploading deleted user and adding to a cohort 2018-10-11 16:28:18 +02:00
Eloy Lafuente (stronk7) d19ca2c152 Merge branch 'MDL-62891-35-callable_name' of git://github.com/mudrd8mz/moodle into MOODLE_35_STABLE 2018-10-10 23:33:11 +02:00
Andrew Nicols cfb272d0ae MDL-63401 core: Do not delete the user context
As long as we have a user record, we should not delete the context which
relates to it.
2018-10-08 20:51:09 +08:00
David Mudrák 02459b6527 MDL-62891 core: Introduce new get_callable_name() function 2018-10-05 08:51:56 +02:00
Amaia Anabitarte 02f31bb65b MDL-62750 lang: Trim langlist setting values 2018-08-06 09:40:15 +01:00
Andrew Nicols 8450d9948a Merge branch 'MDL-59847-35' of https://github.com/snake/moodle into MOODLE_35_STABLE 2018-08-02 11:40:08 +08:00
David Mudrák ec92a0762d MDL-59847 core: Fix display of hidden identity fields in user lists
Places that display list of users (such as course participants page)
with additional identifier fields now respect the user's permission to
view other users' hidden profile fields.
2018-07-27 10:04:56 +02:00
Sara Arjona 2857ca0c9f MDL-41847 core_user: Add lang to login URL email for new user accounts 2018-07-27 09:07:22 +02:00
Marina Glancy ce3f804683 MDL-61996 core: when loggedin always check user is complete 2018-05-09 02:55:55 +02:00
Sara Arjona 7a3707797d MDL-62240 privacy: Avoid error when path is higher than allowed
A new method shorten_filenames has been added to moodlelib.
2018-05-03 09:16:13 +02:00
Andrew Nicols 76cb5a56ea MDL-62240 file: Add includehash to shorten_filename + unit tests 2018-05-03 08:27:12 +02:00
Bas Brands 03b06309e2 MDL-62023 theme: Add bootstrap 4 classes to performance info cards 2018-04-23 11:17:33 +02:00
Jake Dallimore da16e3e3dc Merge branch 'MDL-61255_master' of git://github.com/markn86/moodle 2018-04-11 09:53:14 +08:00
Mark Nelson 78348dfc4e MDL-61255 core_message: added helper function to detect legacy messages 2018-04-10 17:28:52 +08:00
Mark Nelson 41bc5aa587 MDL-61255 core_message: created task to handle migration of data 2018-04-10 15:17:01 +08:00
Sara Arjona 88cb8b781d MDL-61601 cohort: Add theme support for cohorts
If enabled $CFG->allowcohortthemes, then themes can be set at the cohort level.
This will affect all users with only one cohort or more than one but with the same theme.
The default theme order will be: course, category, session, user, cohort, site.
2018-04-06 08:28:01 +02:00
Eloy Lafuente (stronk7) 9c93f67328 Merge branch 'wip-MDL-61746-master' of https://github.com/RohithSrk/moodle 2018-04-05 00:42:11 +02:00
Eloy Lafuente (stronk7) 5b123ab8d3 Merge branch 'MDL-61724-master' of git://github.com/mihailges/moodle 2018-04-03 23:38:59 +02:00
Rohith 0ef25faa73 MDL-61746 PARAM_CLEANHTML: Fix documentation typos 2018-03-27 23:40:11 +05:30
Mihail Geshoski d609207c3e MDL-61724 resource: Unable to view or download file resource 2018-03-26 11:14:46 +08:00
Mark Nelson 883ce42127 MDL-36941 core: convert existing api to use new table structure
Also deprecated the following functions -

1. message_move_userfrom_unread2read - It is not necessary
   for us to mark a message as read on user deletion.
2. message_get_blocked_users - Horrible logic used to
   determine if a user is blocked via reference on some
   randomly chosen 'isblocked' variable.
3. message_get_contacts - The same as above. This can be
   done in a much nicer way.
4. message_mark_message_read - We want two functions to do
   this to avoid confusing messages and notifications.
5. message_can_delete_message - This assumed the variable
   $message contained the 'useridto' property, which
   was present in the old table structure. We do not want
   future usages where a query is done on the new table
   and is simply passed as this won't contain this property.
6. message_delete_message - Same as above.
2018-03-23 12:30:27 +08:00
Marina Glancy 1727c939ba MDL-61477 admin: sitepolicy handler API
- Define sitepolicy handler manager class, base class and the core handler
- Allow to set a plugin as sitepolicyhandler that implements the sitepolicy API
- Modify web services to return information from the 3rd party handler instead of core if needed
2018-03-15 11:32:55 +08:00
David Mudrák 0bdc578567 MDL-61477 admin: Allow plugins to act as alternate policy handlers
The patch introduces a new site setting 'sitepolicyhandler' that can be
either empty or contain a plugin component name. If it is empty, the
site policy feature keeps working as before and the core keeps the
control over it.

If a plugin is specified, it is expected to implement the callback
'site_policy_handler' in its lib.php file. The callback should return a
URL to a script where the user can accept the site policies. The plugin
itself is responsible for setting the 'policyagreed' flag in the users
table. The callback may return an empty value, in which case the user
can continue using the site without being redirected.

The patch adds support for a new pre-config flag NO_SITEPOLICY_CHECK.
This constant should be defined and set to true if we should not check
the user's policyagreed status during the require_login().

This is for pages where the user actually accepts the site policies and
helps to avoid the redirect loop.
2018-03-15 09:31:41 +08:00
Andrew Nicols d7ff2fc28b Merge branch 'MDL-60398-master' of git://github.com/mihailges/moodle 2018-03-14 10:33:03 +08:00