Commit Graph

2205 Commits

Author SHA1 Message Date
Dan Poltawski 8226afc20e MDL-58486 userprefs: clarifying comment 2017-04-17 12:17:57 +01:00
Tim Hunt 985b62f3a9 MDL-58486 user_prefs: always update $USER cache when applicable
set_user_preference and unset_user_preference let you pass the user to
set preferences for as an id. Previously, if you passed $USER->id there,
those methods did not update the Cache in $USER, which was surprising,
and not easy to debug.

Now, we always update the preference cache in $USER if the preference is
being changed for the current user.
2017-04-04 16:22:52 +01:00
Jake Dallimore 81636e4694 MDL-58121 email: ensure support user is defined in email_to_user 2017-03-17 09:13:17 +08:00
Marina Glancy ca3cbbc233 MDL-58010 user: allow to update only whitelisted user preferences 2017-03-10 18:07:54 +00:00
Eloy Lafuente (stronk7) e44ce23c9f Merge branch 'MDL-58071-32' of git://github.com/jleyva/moodle into MOODLE_32_STABLE 2017-02-28 23:00:42 +01:00
Juan Leyva b63524492f MDL-58071 user: Return usernotfullysetup exception in WS
If there is an empty required custom user profile field, Web Services
should return the usernotfullysetup exception instead ignoring it.
The mobile app already handles this exception for core fields
redirecting the user to web in order to fill the missing field.
2017-02-24 20:17:19 +01:00
Jake Dallimore 3e0fb6862e MDL-58038 email: make sure all allowedemaildomain entries are respected
Fixes a bug with exploding the config var, in which trailing carriage
returns were causing string matches to fail.
2017-02-24 08:07:59 +08:00
Rajesh Taneja de70bc556c MDL-56616 theme_boost: Fix style for performance info 2017-02-13 14:39:23 +08:00
Dan Poltawski 04d4796089 Merge branch 'MDL-57531-32-phpmailer' of git://github.com/mudrd8mz/moodle into MOODLE_32_STABLE 2017-01-04 13:28:39 +00:00
David Mudrák e889aee562 MDL-57531 mail: Validate the sender's email address
The patch adds validation for the noreplyaddress setting variable, for
the explicit $replyto parameter and for the sender's email. In case of
misconfigured noreplyaddress setting, it falls back to the default
noreply address value. In case of invalid email in the user's record,
the email is not sent.

The patch also adds unit test for the value returned by the function
generate_email_processing_address() so that it can be considered as a
valid email, too.

This is supposed to significantly minimise the risk of exploiting the
vulnerability in PHPMailer's Sender field.
2017-01-04 12:37:36 +01:00
Michael Aherne e0006399ff MDL-57080 completion: Update completion expected date on reset 2016-12-22 11:43:39 +00:00
Dan Poltawski cd7ca81fdd MDL-57293 lang/email: Improve emailvia string
* Strip the https? part of url for existing strings
* Switch the string to (via shortname)
2016-12-15 09:54:34 +00:00
John Okely c1c3f50965 MDL-57278 signup: Fix double encoding of confirmation links 2016-12-08 10:17:50 +08:00
David Monllao 9ecf0674ff Merge branch 'MDL-56870-master-v2' of https://github.com/snake/moodle 2016-11-17 12:18:26 +08:00
Jake Dallimore a428cf4ac8 MDL-56870 lib: block access to deleted module in require_login 2016-11-17 10:57:13 +08:00
David Monllao 1c70e86b5e Merge branch 'MDL-56942-master' of git://github.com/jleyva/moodle 2016-11-16 08:09:54 +08:00
Juan Leyva 449e15f092 MDL-56942 login: Add missing required lib in complete_user_login 2016-11-14 12:07:54 +00:00
Andrew Nicols ea10a0319b MDL-56602 core: Lock themerev during upgrade
This also changes install to use a fixed themerev.
2016-11-11 14:15:00 +08:00
Juan Leyva d6a25bc49a MDL-56739 auth: Support custom confirmation URL 2016-11-10 09:35:21 +00:00
Andrew Nicols 9d75a519f3 MDL-56602 themes: Use version number as base themerev 2016-11-10 08:02:31 +08:00
Andrew Nicols bc378b50ec Merge branch 'wip-MDL-44467-master' of git://github.com/abgreeve/moodle 2016-11-03 14:08:21 +08:00
Adrian Greeve 159c2c91be MDL-55927 auth_radius: Move to third party plugin. 2016-10-28 14:35:54 +08:00
Adrian Greeve 9715f61a26 MDL-44467 lib: Fix return path to noreply.
Added code to show emails from users on controlled domains.
Moved admin settings from message_email to admin.
2016-10-28 13:27:00 +08:00
Simey Lameze 253ae23058 MDL-44467 core: always send email from noreplyaddress 2016-10-28 13:04:09 +08:00
Damyon Wiese 8387614051 MDL-55074 theme_boost: Undefined variable in perf footer 2016-10-24 10:03:04 +08:00
Damyon Wiese c6d9d29da1 MDL-55074 theme_boost: Improve the display of the menus in the footer 2016-10-21 12:40:06 +08:00
Juan Leyva 80e0f0b85b MDL-56159 webservice: Improve not fully setup and missing pwd checks
Removing the check in login/token.php is secure since the
auth_forcepasswordchange is checked in require_login that is called via
validate_context.
The user must be able to get a token even if that setting is on. With
that token we’ll redirect the user to the site or we’ll change the
password when a new WS for that is available.
2016-10-18 09:44:09 +01:00
Juan Leyva 961c95499e MDL-45639 tool_mobile: Support auto-login from the app to the site
We din't call it SSO because:
- SSO usually requires a 3rd party for authentication
- SSO term is already used in tool_mobile when supporting using auth methods like CAS or Shibboleth
2016-10-14 12:32:37 +01:00
Dan Poltawski c8303131be Merge branch 'MDL-54682_master' of git://github.com/markn86/moodle 2016-10-11 12:53:11 +01:00
David Monllao 97f1af7575 Merge branch 'MDL-56050-master' of git://github.com/lameze/moodle 2016-10-10 23:14:43 +08:00
David Monllao 886207f70e Merge branch 'MDL-55923-master' of git://github.com/jleyva/moodle 2016-10-10 22:57:34 +08:00
David Monllao e8cd446ecd Merge branch 'MDL-45388-master' of git://github.com/danpoltawski/moodle 2016-10-10 16:59:06 +08:00
Ryan Wyllie 607454d6f3 MDL-54708 message: change popover processor to nav bar notification 2016-10-07 16:26:40 +08:00
Dan Poltawski 586cf92909 MDL-45388 admin: warn of themedesignermode in /admin/ and perf footer
This is:
a) To help avoid devs going on a wild goose chase to find a perf issue
when it's caused by css building
b) To make it clearer that this should never be enabled on production
sites (we already have a warning in the performance report, but who
looks at that)

Now that boost is the default theme and builds css itself, it's more
critical.
2016-10-06 11:49:17 +01:00
Juan Leyva 6a09295857 MDL-55923 webservice: Add global setting for forcing token deletion 2016-10-05 20:34:01 +01:00
Eloy Lafuente (stronk7) adc77f07c5 Merge branch 'MDL-22078_master' of https://github.com/dmonllao/moodle 2016-10-05 12:22:07 +02:00
David Monllao 8643c576c7 MDL-22078 course: Complete proposed patch
- New site setting to define the default course duration (used to set
  the default end date for some course formats)
- End date setting out of restore
- Fix tool_uploadcourse
- Other fixes here and there
2016-10-05 12:31:05 +08:00
Simey Lameze a4ea86f65a MDL-56050 core: set missing context to maintenance mode 2016-10-05 11:23:38 +08:00
Juan Leyva 3e8145a37a MDL-56126 user: New WS core_user_agree_site_policy
This commit includes a change in moodlelib to throw the
sitepolicynotagreed exception in a way that can be captured and
identified by external systems.
2016-10-04 10:20:59 +01:00
Eloy Lafuente (stronk7) 4dbddd0874 Merge branch 'MDL-46946-master-reqcusfield' of git://github.com/mudrd8mz/moodle 2016-09-28 02:12:59 +02:00
Frederic Massart 8a40bc36a6 MDL-51948 admin: Guess RTL compatibility of settings using PARAM_ types
Part of MDL-55071
2016-09-23 10:57:35 +01:00
David Mudrák 8df850ad6f MDL-46946 user: Make missing required custom fields trigger profile edit
If there is a required custom field that the user can fill by editing
their profile, and that field is missing, the user should be considered
as not fully set up. Instead, we want to redirect them to edit their
profile first.

There are some exceptions when we want to fall back to the previous
behaviour and check just the name and email fields. These exceptional
cases include checking remote user data in incoming MNet request (no
user id, no custom fields supported) and calls to require_login() with
redirecting disabled (typically ajax filepicker requests on profile
editing page itself).

Additional plugins that call the function user_not_fully_set_up()
themselves, should perform the strict check in most/typical cases. So
the strict mode is enabled by default even if it changes the behaviour
slightly. In improbable case of additional plugins relying on the
previous behaviour of the function, they can use the $strict parameter
and keep performing the lax check. However, I am sure the correct fix in
that case will likely be to stop abusing this function.

Note that custom fields are not currently transferred during the MNet
roaming. So having custom fields configured as required on MNet service
provider site (where users can't edit their profiles) is expected to
display an error (as the site is considered as misconfigured).
2016-09-21 17:46:30 +02:00
Dan Poltawski 054da30ba9 MDL-48766 moodlelib: introduce ip_is_public()
For determining if an IP is publicly addressable
2016-09-15 14:53:14 +01:00
Dan Poltawski 3ec4a8085c Merge branch 'MDL-55791_master' of https://github.com/Syxton/moodle 2016-09-13 09:40:33 +01:00
Matt Davidson 59c66f926f MDL-55791 admin: maintenance mode access capability
Add capability to allow certain non-admin users through maintenance
mode.
2016-09-12 10:37:25 -04:00
Dan Poltawski 4bbe995c89 Merge branch 'wip-mdl-55610' of https://github.com/rajeshtaneja/moodle 2016-09-12 10:18:18 +01:00
Juan Leyva 753504fbe0 MDL-49026 webservice: Remove tokens on password change 2016-09-07 09:07:29 +08:00
Rajesh Taneja 54ced30d03 MDL-55610 behat: Clear static file cache
php file cache might be out-of-sync
to ensure full directory is deleted
clear php file cache
2016-09-05 10:18:19 +08:00
Andrew Nicols 9d8a3055c0 Merge branch 'MDL-55272' of https://github.com/mr-russ/moodle 2016-08-16 14:55:49 +08:00
Russell Smith 6a3acc84de MDL-55272 lib: Improve test course create performance
Use core functions that are faster for test file creation.
To support large requests for hashes, the core hash function
must support large hashes without recursion.  PHP has a default
recursion depth of 100 and long hashes don't support this.

Remove transactions as they create performance problems for larger
courses and doesn't introduce significant benefit for developers.

Performance changes meant the times were much faster, a reasonable
guess was taken on performance of an average machine.
2016-08-16 12:00:21 +10:00