Since Chrome 142, public servers accessing resources on local networks
gets blocked by default. Users need to allow access for such requests
to proceed.
This patch introduces a new config setting `ltiallowlocalnetwork`.
This determines if the local-network-access flag should be added to LTI
iframes so that Chrome users get prompted when a local network access
is being made.
`\core\output\core_renderer::confirm()`'s `$displayoptions` parameter
now also accepts a `headinglevel` option that developers can use to
specify the heading level of the confirmation's heading. If not
specified, the confirmation heading will be rendered in an `h4` tag.
The update_overdue_attempts scheduled task iterated attempts from a recordset
and could act on stale attempt data if the web request finished an attempt
before cron processed it, causing duplicate submissions.
Change get_list_of_overdue_attempts() to return only attempt ids plus computed user
timeclose/timelimit, and refetch each attempt by id inside the task loop before
constructing quiz_attempt. This keeps quiz_attempt APIs unchanged and ensures cron
operates on current state
Starting in version 3.10, Moodle started to use a different format for
the $CFG->branch that has not been fixed here. This is to make sure that
we request the correct version of the plugin.
The Description field within the Subsection edit form has been deprecated since Moodle 5.2 onwards (see MDL-87279).
To ensure a smooth transition and avoid data loss for our users, the XD team have prepared a solution to notify them
of this upcoming change in stable versions.
When the course format switcher reloads the form, the `$returnto`
parameter is of type string: "0", rather of type integer per initial
load.
In this case the `empty(...)` check is verifying all of empty string,
0 (integer) and "0" (string). Hurrah for PHP type checking.
Fixes a bug where filtering questions by tag the 'NONE'
option was not being respected. Automated testing was also added
to cover tag filtering conditions in the question bank
scoreGiven was being passed as a string (e.g. "8.0"), which caused
validation errors in some LMS implementations such as Rustici Engine.
According to the LTI specification, scoreGiven must be numeric if
present.
Co-authored-by: Jake Dallimore <jake@moodle.com>
https://github.com/packbackbooks/lti-1-3-php-library/issues/169 blocks
us from using the new build.1edtech certification tooling. This issue
commits that fix as a library customisation/hack for stables, so the
suite can be used for annual/bi-annual re-certification.
* Add a slight delay for displaying the message content of the YUI
alert dialogue's ARIA live container to allow screen readers to
announce the alert message accordingly.
Since MDL-41924, because we are not always including the whole category
of each question being used in a backup, we have been missing some child
questions.
This expands the query selecting questions belonging to categories
where only annotated questions are being included, to also select any
children of those questions.
- If is a shared field check that shortname does not exist anywhere.
- If is an entity field check that the shortname does not exist
within the same entity fields or in the shared fields.
Restoring a whole course will now restore the backed-up questions to a
new qbank instance. This means the test to restore versions was not
restoring the deleted versions to the original question bank entires,
but to a new question bank entry in the new qbank.
Updating the test to just backup and restore the quiz resolves this.
When restoring a backup containing a question bank, we were always
trying to match questions to an existing category on the target course
if once existed. This meant that when duplicating a qbank on the same
course, or importing the same qbank to another course multiple times,
only one of the restored qbanks would end up with questions in it.
This adds a mechanism to record any activities in the backup which
support `FEATURE_PUBLISHES_QUESTIONS`. Then when we restore the
questions, we check if we will be restoring the original activity they
belong to, and skip trying to match them to an existing category. This
means a new copy of each question will be created, and moved to the new
copy of the qbank once it is created.
Adjusts the window size to accommodate wide tables.
This ensures that columns which were previously clipped
are now visible and accessible to the Behat driver.
This change ensures that the completion details page displays only the
activities that are visible to the user on the course home page.
Activities that are hidden, unavailable or located in hidden sections
are no longer shown in the completion details view.
Co-authored by: ewallah <info@ewallah.net>
Now that deleting a tagged question correctly deletes it tag instances,
the tag is no longer available for re-selection after all the tagged
questions are deleted.
In the migration from old-style question banks to mod_qbank, if a
question had the same tag from multiple contexts, when it was moved to
its new question bank context, the migration tried to set multiple tag
instances for the same tag to the same context, which caused a unique
key violation.
This add some checking to the
`question_move_question_tags_to_new_context` function to identify any
tag instances to be moved that will trigger this key violation, and
delte any duplicates before the move so we end up with a single instance
of the tag in the new context. This is done in a transaction that will
only be committed once the remaining tags have been moved.
This required adding the `tiuserid` field to the data returned by
`core_tag_tag::get_items_tag` so we can assemble the unique key without
having to do additional queries.
This also extends the test coverage for the `transfer_questions` task
to ensure tags are moved to the new contexts, and tags on stale questions
are deleted.
When we deleted a question, we were including the userid of the user who
performed the delete when checking for question tags. This means that if
user A tagged the question, and user B deleted the question, it might
leave the tags behind.
This fixes the issue by deleting tags regardless of the user, and adds
an upgrade step to find and remove orphaned tag instances.
Students shouldn't receive overdue notifications if there is nothing to
submit in Moodle.
Students shouldn't receive due soon notifications if they a) already
have a grade or b) meet activity completion status.
Users who could not manage activities on a course, but did have
permission to access particular question banks, could not access the
Question banks page.
This modifies the permission checks on that page to allow access if the
user can either manage activities, or has access to at least one
activity that publishes questions. Some additional changes to the output
were required to prevent non-editing users adding banks.
It also modifies the navigation hook to add the Question banks
navigation node if the user can access any activitiy that publishes
questions on the course. This is all based on cached modinfo and
permissions data so should remain performant.
Prevents calls to action to create an AI provider instance from
being displayed to users when there are no AI provider plugins
installed in the instance.
Co-Authored-By: Yusuf Wibisono <yusuf.wibisono@moodle.com>
Improve upgrade execution by gathering block instance IDs upfront
and processing deletions of related records in context, block_positions, user_preferences, and block_instances tables in batches.
When checking if the original context exists during a restore, we need
to check that we're looking at the context on the same site, not one on
a different site that happens to have the same ID.
This adds a new "nextversion" field to `question_bank_entries` to track
which version number the next version of the question should have. This
ensures that version numbers are not re-used if the latest version is
deleted.
To use this field, you must call
`\core_question\versions::get_next_version()`. This will initialise the
field to the correct value if it is currently null.
If you create a new version using this value, you must then call
`\core_question\versions::increment_next_version()` to increment the
counter.
If the latest version of a question is deleted, and then a new one
created, the new one will currently re-use the version number of the
deleted version. If the original version was backed up before it was
deleted, then restored later, we end up with two questions in one
question bank entry that have the same version.
To resolve this, when restoring a question, we check if there is already
a version with the same version number, then bump it and any higher
versions up by 1. We also check for any references specifically using
these versions and bump those up by 1. Any references using "always
latest" will be fine, as the latest version will still be the latest.
Additionally, if deleting a version made it hidden, and the backup
contains the same version in "ready" state, restoring the backup will
restore it to "ready" state.
Prior to this change, tooltips would only load for elements in the
initial page DOM without considering those elements subsequently added
dynamically (e.g. via AJAX).
Co-authored-by: Sebastian Gundersen <sebastian@sgundersen.com>
Editing maxmarks in quiz slots was not respecting the decimal separator
from the set language's locale, meaning if your language formats numbers
like 1,10 editing didn't work correctly.
This sets the correct parameter to ensure the locale is respected.
Added checks to link non-suspended user accounts to OAuth2, when logging
in. Also added an additional check to prevent users from using OAuth2
to login if their account is suspended in Moodle.
* When testing using phpunit/sqlsrv the ids of sections and cm are colliding
so we need to make sure we separate them as a reference to a cm can be the
same as a reference to a section
This fixes the CSS rule that reveals the "as new child of" drop target
shown when dragging a category over another category which has no
children.
We can't behat test the actual drag-drop reordering behaviour with behat
as reactive DragDrop components aren't testable, but we can trigger the
CSS to add a regression test for the drop target's appearance.
Refactor get_nearest_editable_subcategory to improve performance.
This refactor maintains functionality and signature of
get_nearest_editable_subcategory but improves perofrmance
for varied datasets. This makes rendering of the
my courses page.
* Set proper label via `aria-label`.
* Instead of changing the button's label to 'Show'/'Hide', set the
button's `aria-expanded` attribute accordingly.
* Remove unnecessary event handling for the toggle button when pressing
Enter or Space key. This is already natively supported and triggers
the click event.
* Adjust Behat tests accordingly.
Adjust tests to comply with updated PHPUnit lifecycle behaviour
- Initialise typed test properties (e.g. core_session memcached test) or make them nullable
- Add `isset()` checks to avoid accessing properties before initialisation
- Ensure resetAfterTest() is called before modifying DB or `$USER`
Avoids PHP warnings during Behat initialisation:
- file_put_contents(...): Failed to open stream: No such file or directory;
- rename(...): No such file or directory
Question banks were displaying in places they shouldn't, because
FEATURE_CAN_DISPLAY wasn't fully implemented. This broadens its
usage in the following areas:
- Availability info - Not relevant to qbank. However you could feasibly
have some module which isn't shown to students, but the teacher can
use
it to track completion, so dont display the link.
- Activities block - links to each activity's index page. We already
have
the Question banks page in the secondary nav. No need to have it here
too.
- Overview report - It doesn't make sense to display question banks
here,
as they're not an activity students can participate in, they wont have
dates etc.
- Externallib - Return with candisplay = false. The app needs to handle
this correctly.
- Visibility options, moodleform_mod, modvisible and visibility
selector.
Not relevant for qbank since it doesn't include the standard
coursemodule
options, but if an activity with without CAN_DISPLAY did display a
visibility setting, "Hidden" should be the only option.
- Activity names filter - we dont want automatic links to question
banks.
The idea is to prevent double escaping in s()
and mustache.escape() by using numeric html
entities to sanitise result of format_string(),
get_string() and similar.
Change the query used to check if a user has a capability but is
assigned a role that prohibits that capability. This is based on the
query added by Petr Skoda for MDL-57027.
If the `\core_shutdown_manager::initialize` method is called multiple
times, it should only succeed once.
Unfortunately whilst logging existed, the shutdown manager did not
actually exit.
Identified performance bottlenecks in clear_cached_data() from
mod/quiz/report/statistics/report.php. The delete_records() calls on
question_statistics, question_response_analysis, and quiz_statistics tables
use the hashcode column for filtering, which becomes inefficient with large
datasets.
* Check the accessibility of the questionnaire, especially when
there are dependent questions.
* Use generators for a more efficient and faster test execution.
Making a visual distinction for dependent questions compared to other
questions does not add much value in the perspective of users. We should
just stop adding the `.feedback_is_dependent` class for dependent
questions.
If we call `question_bank_helper::create_default_open_instance` with an
empty `$bankname` parameter, it will currently create a new instance
with no name. This leads to exceptions being thrown when we try to load
the course it belongs to.
This adds some validation to ensure the name being passed is not empty.
Once the issue is resolved, and the bank is created with a proper name,
the course will work as normal.
- The current context may be necessary when deleting a frontpage block displayed on every page with javascript disabled
- The current context may be necessary when a frontpage block is displayed on every page and the question bank is viewed
- Also handle a NULL currentcontext for question_page_type_list() correctly
AMOS BEGIN
CPY [ignorehiddencourses,enrol_database],[ignorehiddencourses,enrol_ldap]
CPY [ignorehiddencourses_desc,enrol_database],[ignorehiddencourses_desc,enrol_ldap]
AMOS END
When fixing categories with broken parents, if the resulting changes
would have led to categories with the same stamp or idnumber being in
the same context, the task failed due to violations of the unique keys
on contextid-stamp and contextid-idnumber.
This checks for violations before moving categories, and either
generates a new stamp or nulls the idnumber on the category being moved,
following the method used in MDL-85869.
In the calendar API, `raw_event_retrieval_strategy` accepts a list of
courses to return events for. If one or more users are also specified,
it will find the courses the are enrolled in, then call
`calendar_set_filters()` to return a sorted list of those courses, and
any groups within those courses that they can see events for. The list
of courses in then filtered to those passed to
`raw_event_retrieval_strategy`.
If the user is enrolled on lots of courses, but is only viewing the
caledar for one course, this results in a lot of redundant work to fetch
group data for their courses which is then not used. This either
involves a lot of extra complex queries, or results in an unncessary
cache hit for each course.
This change re-orders the code so that the list of enrolled courses is
filtered to just those courses being viewed, before it is passed to
`calendar_set_filters()`. This means we are only fetching group data for
those courses we will be showing events for.
This is similar to change in ec89abc5 which updated the icon state
if the corresponding checkbox was unchecked. Here we're doing the
same if the entire date/time element itself is disabled.
* Fix missing labels for the checkboxes that enable notification plugins
* Add an accessible name for the Default notification preferences table
* Fix missing table header for the preference column of the Default
notification preferences table.
* Accessibility Behat test coverage for the Notification settings
admin page
* Remove the unnecessary title attributes for the visually hidden labels
* Fix missing column heading for the preference column
* Fix incorrect label for the toggle controls
* Make the preference name a table heading with a row scope so that the
toggle controls will be programmatically associated to it.
* Apply a col scope for the processor column headings to
programmatically associate the toggle controls to their respective
columns.
Evidence recorded against course module competencies was not deleted
with the course module. This led to errors when attempting to view the
competency record on a learning plan.
This change will delete associated evidence records with the cm, and
will clean up any existing orphaned records on upgrade.
Co-Authored-By: Mark Johnson <mark.johnson@catalyst-eu.net>
Whilst `register_shutdown_function` works as a queue, `pcntl_signal`
does not.
To preserve the behaviour of existing signal handlers, as are typically
found in CLI wrappers like PHPUnit and Behat, we should store any
existing handler
Include the category and field names for accessible names of the delete
and action buttons to help assistive technology users better understand
the buttons' purpose.
* Use native HTML buttons for the edit and delete buttons. This provides
default button behaviours which helps keyboard users activate the
buttons using either the Space or Enter key.
* Move the accessible label out of the pix icon and to the action button
itself.
* Style buttons to ensure that they have a minimum clickable size of
24x24 pixels to sufficiently meet WCAG 2.2 SC 2.5.8 - Target Size
(Minimum) (Level AA).
Course urls may be null when navigation is set to true.
The return value from course_get_url being null was not being handled before
this change, which could lead to an exception causing the page not to load.
It also handles null urls in the course index in Boost so that they are
not a link to what ever the current page is.
If either the first or last section in a format did not a
return a url under the Classic theme there would still be
a link displayed with a link to the current page the user
is on.
After this change no link would be displayed in this case.
Backing up quizzes containing random questions from multiple different
categories was only including one of the categories in the backup.
This was due to doing $array + $array instead of array_merge(), meaning
items in the second array with keys that were already present in the
first did not get added to the result.
* Fix empty column heading in admin settings page
* Add accessible labels for the move buttons
* Fix drag and drop Behat test
* Add accessibility Behat coverage
When the login form is not shown but $CFG->loginautofocus is turned on,
we need to verify first that the username and password fields exist
before we move the focus. Otherwise, the JS will break.
Visually hidden links on login error/info disrupt tab order. We must
remove them.
Instead, announce the div containing the login error/info messages on
page reload.
The visually hidden signup link has also been removed.
And while doing so, fix $notices parameters that ought to be call-by-
reference to collect notices produced during calls to
process_submit_other_for_grading() and process_submit_for_grading().
If the page scrolls while the backdrop is displayed, it looks
incorrect because the backdrop does not scroll with page content.
To avoid this, don't show the backdrop until scrolling has finished.
unset_excluded_fields() was using isset() to determine if the field
targeted for removal is present in the provided data structure. However,
isset() returns false if the field exists, but contains null. This means
the field will not be unset when it should be.
This resolves this by changing the isset() to a property_exists() check
for objects, and array_key_exists() check for arrays. It also expands
the function to properly handle arrays of arrays, or arrays of values,
which was not fully covered before and is used by some third-party
question types.
Move previous validation from the data controller, added in 89dbe63d,
into the persistent class itself so that it can internally validate
itself rather than relying on callers.
This resolves problems with empty/null numeric fields contained within
course backups (e.g. during course copy).
To provide visual feedback and prevent multiple clicks
on no-submit buttons, all submit buttons within a modal
form will be disabled once any of them is clicked.
The title attribute with value "View profile" on profile links is
not necessary as the user's name on the link itself is sufficient
to convey the purpose of the link.
Ensure we don't confuse the expression parser when supplied "Allowed
source" contains coincidental control characters in the URL, e.g. '/'
and '#'.
Note that `preg_quote(...)` isn't appropriate here, because the given
URL may indeed contain genuine control characters already.
Standard after a POST submission is to redirect back to where user came
from (in this case), to avoid awkward page reload behaviour. Also fix
bug where deleting an attempt for a user, where the attempt didn't exist
would delete all attempts for that user.
groups_print_activity_menu() and groups_get_activity_group() now include
an additional $participationonly parameter,
which is true by default. This can be set false when we want the user to
be able to select a non-participation group within
an activity, for example if a teacher wants to filter assignment
submissions by non-participation groups. It should never be
used when the menu is displayed to students, as this may allow them to
participate using non-participation groups.
groups_sort_menu_options() now has a $splitparticipation parameter,
which will split non-participation groups out into their own optgroup at
the end of the menu.
When course format is displayed as single section per page, the inplace editable
in the section page heading was incorrectly displaye, and the instructions panel
was not displayed.
Adding some specific styles to fix that behaviour.
When a form is validated, all validation buttons are automatically
locked to prevent them from being sent twice by mistake. When the form
returns a file instead of redirecting to a new HTML page, a mechanism
(\core_form\util::form_download_complete()) must be called to
reactivate the form's validation buttons.
This mechanism is called for CSV files (file lib/csvlib.class.php), but
not when downloading xls files. The mechanism is only called when
downloading grades in Excel format (file
grade/export/xls/grade_export_xls.php).
The patch proposes to call this mechanism globally for all Excel file
downloads (file lib/excellib.class.php), and not just for grade
downloads (file grade/export/xls/grade_export_xls.php).
Changes made in c530e4c4 left some stray elements in the templates,
which manifested themselves as displaying misplaced pipe characters
depending on unrelated site config (`$CFG->courselistshortnames`).
* Show category drag handles when there are 2 or more categories
* Show custom field drag handles when there are a total of 2 or more
fields on the page.
@@ -6,6 +6,112 @@ More detailed information on key changes can be found in the [Developer update n
The format of this change log follows the advice given at [Keep a CHANGELOG](https://keepachangelog.com).
## 5.1.2
### core
#### Added
- There is a new Behat `toast_message` named selector to more easily assert the presence of Toast messages on the page
For more information see [MDL-87443](https://tracker.moodle.org/browse/MDL-87443)
#### Changed
-`\core\output\core_renderer::confirm()`'s `$displayoptions` parameter now also accepts a `headinglevel` option that developers can use to specify the heading level of the confirmation's heading. If not specified, the confirmation heading will be rendered in an `h4` tag.
For more information see [MDL-87694](https://tracker.moodle.org/browse/MDL-87694)
### core_customfield
#### Added
- Added new `\core_customfield\api::is_shortname_unique(...)` method to determine whether a shortname is available for use inside a given handler
For more information see [MDL-87059](https://tracker.moodle.org/browse/MDL-87059)
### core_question
#### Fixed
- In order to prevent re-use of question version numbers after a version is deleted, the `nextversion` column was added to `question_bank_entries`. This serves as a counter incremented each time a version is created.
Do not query this field directly. Instead use `core_question\versions::get_next_version()` to read the value, which will initialise it based on the existing versions if it is not set yet. By default, it will increment the version number automatically, unless you pass `increment: false`. Because of this, it is advisable to call it inside a transaction, that is only committed after the version number is used in a `question_versions` record.
For more information see [MDL-86798](https://tracker.moodle.org/browse/MDL-86798)
### customfield_number
#### Changed
- In order to fully support shared custom field categories, additional component/area/itemid parameters have been added to the following:
* The `customfield_number_recalculate_value` external method
* The abstract `\customfield_number\provider_base::recalculate()` method
* The `\customfield_number\task\recalculate` helpers for queueing task instances
For more information see [MDL-87714](https://tracker.moodle.org/browse/MDL-87714)
## 5.1.1
### core
#### Added
- Added clean_string() that prevents double escaping in Mustache templates
For more information see [MDL-87066](https://tracker.moodle.org/browse/MDL-87066)
#### Changed
- The Hook Manager now uses localcache instead of caching via MUC.
For more information see [MDL-87107](https://tracker.moodle.org/browse/MDL-87107)
#### Fixed
-`restore_qtype_plugin::unset_excluded_fields` now returns the modified questiondata structure,
in order to support structures that contain arrays.
If your qtype plugin overrides `restore_qtype_plugin::remove_excluded_question_data` without
calling the parent method, you may need to modify your overridden method to use the returned
value.
For more information see [MDL-85975](https://tracker.moodle.org/browse/MDL-85975)
- When responding to pcntl signals, call existing signal handlers.
For more information see [MDL-87079](https://tracker.moodle.org/browse/MDL-87079)
### core_completion
#### Changed
- The `completion_info::clear_criteria` method takes an optional `$removetypecriteria` to determine whether to remove course type criteria from other courses that refer to the current course
For more information see [MDL-86332](https://tracker.moodle.org/browse/MDL-86332)
### core_course
#### Added
- The external function `core_course_get_course_contents` now includes the `candisplay` property for each returned module. If this is false, the module should not be displayed on the course page (for example, for question banks).
For more information see [MDL-85405](https://tracker.moodle.org/browse/MDL-85405)
### core_group
#### Added
-`groups_print_activity_menu()` and `groups_get_activity_group()` now include an additional `$participationonly` parameter, which is true by default. This can be set false when we want the user to be able to select a non-participation group within an activity, for example if a teacher wants to filter assignment submissions by non-participation groups. It should never be used when the menu is displayed to students, as this may allow them to participate using non-participation groups. Non-participation groups are labeled as such.
For more information see [MDL-81514](https://tracker.moodle.org/browse/MDL-81514)
### mod_glossary
#### Added
- Function mod_glossary_rating_can_see_item_ratings is now implemented for checking permissions to view ratings.
For more information see [MDL-86960](https://tracker.moodle.org/browse/MDL-86960)
$string['settings:goodauth_help']='Select all authentication types to use as a factor for MFA. Any types not selected will not be treated as a FAIL in MFA.';
$string['settings:goodauth_help']='Select all authentication types that will gain the points from this factor. Other authentication types will not be treated as a fail in MFA, but will not gain this factor\'s weight points.';
$string['settings:shortdescription']='Allow users to bypass extra authentication steps based on their authentication type.';
$string['summarycondition']='has an authentication type of {$a}';
$string['defaultmoodlenetname_desc']='The name of the MoodleNet instance available via the activity chooser.';
$string['removalwarning_feature']='If you need to continue using MoodleNet, contact your site administrator about setting up a self-hosted MoodleNet instance.';
$string['removalwarning_service']='After the date, you will no longer be able to browse or add content from MoodleNet Central.';
$string['removalwarning_title']='The MoodleNet service will be shut down on 20 April 2026.';
$string['enablemoodlenet_desc']='If enabled, a user with the capability to create and manage activities can browse MoodleNet via the activity chooser and import MoodleNet resources into their course. In addition, a user with the capability to restore backups can select a backup file on MoodleNet and restore it into Moodle.';
$string['errorduringdownload']='An error occurred while downloading the file: {$a}';
// Left here on purpose, as a quick way to fix problems. To be
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.