Compare commits

...

85 Commits

Author SHA1 Message Date
Eloy Lafuente (stronk7) 628d7c0f9b Moodle release 1.9.18 2012-05-12 03:19:00 +02:00
Eloy Lafuente (stronk7) e9771fda98 weekly release 1.9.17+ 2012-05-11 12:15:18 +02:00
Dan Poltawski a9375cc95d Merge branch 'MDL-18335b_m19' of git://github.com/rwijaya/moodle into MOODLE_19_STABLE 2012-05-07 15:32:53 +08:00
Eloy Lafuente (stronk7) be0f5bf384 weekly release 1.9.17+ 2012-05-04 13:14:11 +02:00
Rossiani Wijaya 4928e13799 MDL-18335 calendar event: fixed role capability checking to create new event 2012-04-30 17:07:15 +08:00
Eloy Lafuente (stronk7) ad964b8a7b weekly release 1.9.17+ 2012-04-27 12:51:26 +02:00
Dan Poltawski a2624c32c2 weekly release 1.9.17+ 2012-04-19 17:51:51 +08:00
Sam Hemelryk 96d8c696ce Merge branch 'm19_MDL-32388' of git://github.com/danmarsden/moodle into MOODLE_19_STABLE 2012-04-16 12:22:50 +12:00
Dan Poltawski 0bbd045329 weekly release 1.9.17+ 2012-04-12 13:22:59 +08:00
Dan Marsden 6db00e4208 MDL-32388 SCORM: Fix chrome pop-ups 2012-04-11 21:10:35 +12:00
Rajesh Taneja db52f45c68 MDL-31746 calendar: Fixed up validation inconsistencies when creating/editing an event 2012-04-10 17:50:58 +12:00
David Mudrak 516878be1e MDL-24403 Fixing the print_error() calls to use the existing string 2012-04-06 11:22:18 +02:00
Yevhenii Vlasenko cf81547d49 MDL-24403 Adding a missing error string 2012-04-06 11:21:40 +02:00
Aparup Banerjee 58be0534b2 weekly release 1.9.17+ 2012-04-05 16:51:44 +08:00
Eloy Lafuente (stronk7) 09f011a628 weekly release 1.9.17+ 2012-03-29 13:21:26 +02:00
Dan Poltawski a30670f7b1 Revert "MDL-31746 calendar: insufficient parameter cleaning"
This reverts commit b0b228f7b9.
2012-03-29 12:20:37 +08:00
Ciaran Irvine b0b228f7b9 MDL-31746 calendar: insufficient parameter cleaning 2012-03-28 14:48:16 +08:00
Dan Poltawski 2763a7d713 Revert "MDL-31746 calendar: insufficient parameter cleaning"
This reverts commit f253646408.
2012-03-28 14:46:42 +08:00
Ciaran Irvine f253646408 MDL-31746 calendar: insufficient parameter cleaning 2012-03-26 23:23:18 +08:00
Dan Poltawski 7d20a8a05c Revert "MDL-31746 calendar: insufficient parameter cleaning"
Potential SQL injection with this solution

This reverts commit 47013fc0bb.
2012-03-26 23:11:30 +08:00
Ciaran Irvine 47013fc0bb MDL-31746 calendar: insufficient parameter cleaning
Reviewed-by: Alastair Munro <alastair.munro@totaralms.com>
Signed-off-by: Dan Poltawski <dan@moodle.com>
2012-03-26 13:57:11 +08:00
Rajesh Taneja 038131c8b5 MDL-31745 blog: Fixed up encoding issue within blog 2012-03-26 11:54:01 +13:00
Sam Hemelryk 8925a12934 weekly release 1.9.17+ 2012-03-23 12:16:58 +13:00
Eloy Lafuente (stronk7) 83668c6efa weekly release 1.9.17+ 2012-03-15 11:50:41 +01:00
Eloy Lafuente (stronk7) 86e74d3eaf Moodle release 1.9.17 2012-03-11 15:55:59 +01:00
Eloy Lafuente (stronk7) 076b2ce86c weekly release 1.9.16+ 2012-03-09 11:16:53 +01:00
Eloy Lafuente (stronk7) b3391165f1 Merge branch 'wip-MDL-31248-MOODLE_19_STABLE-v3' of git://github.com/abgreeve/moodle into MOODLE_19_STABLE 2012-03-09 09:49:52 +01:00
Eloy Lafuente (stronk7) cf9b51f4f1 Revert "MDL-31248 - lib - Alteration to the rc4encrypt function to allow for old password use."
This reverts commit f8adbd6a02.
2012-03-09 09:40:40 +01:00
Eloy Lafuente (stronk7) f4f2b26ec5 Revert "MDL-31248 - lib - prevent moodle_strtolower() silent discard to lead to false-correct usernames"
This reverts commit c67bc65cbe.
2012-03-09 09:40:38 +01:00
Eloy Lafuente (stronk7) 281afcd067 Revert "MDL-31248 - lib - Gah, erroneus condition fixed."
This reverts commit e85a54d931.
2012-03-09 09:40:32 +01:00
Adrian Greeve b48d546c97 MDL-31248 - lib - Retaining the old password key and creating a new cookie prefix. 2012-03-09 13:35:22 +08:00
Eloy Lafuente (stronk7) e85a54d931 MDL-31248 - lib - Gah, erroneus condition fixed.
For sure that leaded to accept anything as valid username
for cookies in 19_STABLE. That explains why garbled username were
being transformed into "invented" usernames, instead of blank.
2012-03-08 12:27:44 +01:00
Eloy Lafuente (stronk7) c67bc65cbe MDL-31248 - lib - prevent moodle_strtolower() silent discard to lead to false-correct usernames 2012-03-08 11:42:13 +01:00
Adrian Greeve f8adbd6a02 MDL-31248 - lib - Alteration to the rc4encrypt function to allow for old password use. 2012-03-08 08:15:45 +08:00
Eloy Lafuente (stronk7) 2c39e251b4 weekly release 1.9.16+ 2012-03-01 11:34:39 +01:00
Eloy Lafuente (stronk7) cd20b15196 weekly release 1.9.16+ 2012-02-23 11:41:24 +01:00
Eloy Lafuente (stronk7) a364ab036c weekly release 1.9.16+ 2012-02-17 01:53:52 +01:00
Eloy Lafuente (stronk7) 46d0e6fb17 MDL-25185 - data - whitespace fixes 2012-02-13 16:20:20 +01:00
Sam Hemelryk 7eb1327487 Merge branch 'wip-MDL-25185-MOODLE_19_STABLE' of git://github.com/abgreeve/moodle into MOODLE_19_STABLE 2012-02-13 17:34:09 +13:00
Eloy Lafuente (stronk7) f5dc0e4110 weekly release 1.9.16+ 2012-02-13 01:21:39 +01:00
Adrian Greeve 312ada2856 MDL-25185 - data - Allowing data from the database to be exported according to group roles. 2012-02-03 07:49:27 +08:00
Eloy Lafuente (stronk7) 4f87a0dccc weekly release 1.9.16+ 2012-02-02 12:16:03 +01:00
Eloy Lafuente (stronk7) 2726791626 weekly release 1.9.16+ 2012-01-27 02:24:07 +01:00
Eloy Lafuente (stronk7) 8db39dc10a weekly release 1.9.16+ 2012-01-19 13:31:02 +01:00
Eloy Lafuente (stronk7) ebd57374cb Merge branch 'w03_MDL-31213_m19_attributesmess' of git://github.com/skodak/moodle into MOODLE_19_STABLE 2012-01-17 12:38:56 +01:00
Petr Skoda c444939ec7 MDL-31213 fix incorrect modifications of quickforms attributes 2012-01-17 11:17:35 +01:00
Tim Gus bc6e8366a9 MDL-31055 backport disabledIf fix from 2.0. (MDL-27045) 2012-01-16 15:22:21 +08:00
Eloy Lafuente (stronk7) 09249fe5c9 weekly release 1.9.16+ 2012-01-12 11:29:47 +01:00
Eloy Lafuente (stronk7) 863b49bd9c Merge branch 'MDL-29294_19' of git://github.com/timhunt/moodle into MOODLE_19_STABLE 2012-01-08 22:59:52 +01:00
Eloy Lafuente (stronk7) 593a3e84c0 Moodle release 1.9.16 2012-01-07 17:09:21 +01:00
Eloy Lafuente (stronk7) fa6008c687 weekly release 1.9.15+ 2012-01-05 15:09:59 +01:00
Aparup Banerjee 15624257cb Merge branch 'wip-mdl-29844-m19' of git://github.com/rajeshtaneja/moodle into MOODLE_19_STABLE 2012-01-04 10:11:20 +08:00
Sam Hemelryk 5753b2da0b Merge branch 'w52_MDL-29917_m19_autocomplete' of git://github.com/skodak/moodle into MOODLE_19_STABLE 2012-01-04 10:57:58 +13:00
Rajesh Taneja 4ed1199524 MDL-29844 Administration: Added new config for users to login for viewing profile image 2012-01-03 13:48:24 +08:00
Petr Skoda f88a9ef3fb MDL-13572 do not send messages to invalid addresses 2012-01-02 23:25:38 +01:00
Petr Skoda 43625959f7 MDL-29917 prevent form autocompletion in most Moodle forms
The password autocompletion in case of Moodle makes sense only on the login page, the form autocompletion in general is most probably useful only on the user signup page.

This patch is compatible with html 5, unfortunately we have to ignore strict warnings in legacy xhtml 1.0 standard.
2011-12-30 14:57:36 +01:00
Tim Hunt 4d06e61a53 MDL-29294 qtype match restore problem on Oracle. 2011-12-28 11:44:51 +00:00
Eloy Lafuente (stronk7) ea5534f864 weekly release 1.9.15+ 2011-12-23 03:06:52 +01:00
Eloy Lafuente (stronk7) faecf14df6 Merge branch 'MDL-20198c_m19' of git://github.com/rwijaya/moodle into MOODLE_19_STABLE 2011-12-20 01:26:21 +01:00
Sam Hemelryk 8afed3b9fc Merge branch 'wip-MDL-28948-MOODLE_19_STABLE' of git://github.com/abgreeve/moodle into MOODLE_19_STABLE 2011-12-20 10:40:51 +13:00
adrian@moodle.com 75366c60ff MDL-28948 - lib - removed the hard coded key for the rc4encryt function. 2011-12-16 09:27:10 +08:00
Petr Skoda 65e18e9ea8 MDL-30610 new environment requirements for 2.3 2011-12-14 02:44:20 +01:00
Rossiani Wijaya 5d72721e5c MDL-20198: wiki module: extend Dong's patch to fixed grouping access to view/edit wiki.. 2011-12-13 13:37:40 +08:00
Rossiani Wijaya 4866f01b4a MDL-20198: wiki module: fixed grouping access in wiki. Credit goes to Dong Kim(kimx0794@umn.edu). 2011-12-13 13:34:47 +08:00
Petr Skoda 1501cc8cea MDL-30575 yet more mail header cleanup 2011-12-11 23:42:32 +01:00
Petr Skoda a9e3abe0b4 MDL-30575 more mail header cleanup 2011-12-10 18:21:35 +01:00
Eloy Lafuente (stronk7) 485cb391de weekly release 1.9.15+ 2011-12-09 16:30:03 +01:00
Petr Skoda c3056feed8 MDL-27364 use https for recaptcha when site runs via https
Based on solution by Rajesh Taneja.
2011-12-09 11:11:55 +08:00
Aparup Banerjee f844dbcace Merge branch 'wip-MDL-30336-MOODLE_19_STABLE' of git://github.com/abgreeve/moodle into MOODLE_19_STABLE 2011-12-08 16:24:00 +08:00
Aparup Banerjee cc4d45b916 Merge branch 'wip-MDL-30012-m19' of git://github.com/samhemelryk/moodle into MOODLE_19_STABLE 2011-12-08 14:46:40 +08:00
adrian@moodle.com 630fc6ee7e MDL-30336 - login - Added a setting in security that allows auto complete to be set to off in password fields. 2011-12-08 09:21:15 +08:00
Eloy Lafuente (stronk7) 54947d0dad MDL-19147 - forum - whitespace cleanup 2011-12-07 15:56:46 +01:00
Sam Hemelryk e114543f69 Merge branch 'wip-MDL-19147-MOODLE_19_STABLE' of git://github.com/abgreeve/moodle into MOODLE_19_STABLE 2011-12-07 14:19:45 +13:00
Sam Hemelryk 36b0ddeed4 MDL-30012 mod_forum: Fixed bug in forum user script 2011-12-06 16:05:49 +13:00
Eloy Lafuente (stronk7) 7fe52ca7d9 weekly release 1.9.15+ 2011-12-05 12:35:36 +01:00
adrian@moodle.com 24b048c2cf MDL-19147 - forum - Removed single discussions from the pull down menu for moving posts to single discussions. 2011-12-02 08:11:16 +08:00
Eloy Lafuente (stronk7) 6dc36a0101 weekly release 1.9.15+ 2011-12-01 19:21:21 +01:00
Eloy Lafuente (stronk7) dadac0b3b3 emergency release 1.9.15 2011-12-01 18:17:12 +01:00
Eloy Lafuente (stronk7) fdcc0f46cc Merge branch 'wip-MDL-20627-MOODLE_19_STABLE' of git://github.com/abgreeve/moodle into MOODLE_19_STABLE 2011-12-01 18:02:51 +01:00
Eloy Lafuente (stronk7) 51c6d453e1 Merge branch 'w48_MDL-30480_m19_dmlobjects' of git://github.com/skodak/moodle into MOODLE_19_STABLE 2011-11-29 15:33:18 +01:00
Petr Skoda 33314c72f3 MDL-30480 fix BC regression from MDL-29033
Improve insert_record() and update_record() handling of $dataobject parameter. Some developers expect they can use any class instance there. This is not officially supported, but in any case we should not break backwards compatibility so late in STABLE branch.

Credit for discovery goes to Pascal Maury, thanks!
2011-11-29 15:20:23 +01:00
Sam Hemelryk 79cf3f0884 MDL-30273 whitespace cleanup 2011-11-29 16:48:10 +13:00
Sam Hemelryk 921383f789 Merge branch 'wip-MDL-30273-MOODLE_19_STABLE' of git://github.com/abgreeve/moodle into MOODLE_19_STABLE 2011-11-29 16:41:38 +13:00
adrian@moodle.com 8f83cfbe91 MDL-20627 user - Fixed viewing permission of email when sending group messages. 2011-11-21 08:30:57 +08:00
Charles Fulton 0f035ff23b MDL-30273 forum - prevent the creation of discussions in simple single forums 2011-11-18 15:48:59 +08:00
33 changed files with 424 additions and 134 deletions
+114
View File
@@ -556,4 +556,118 @@
</PHP_SETTING>
</PHP_SETTINGS>
</MOODLE>
<MOODLE version="2.3" requires="2.2">
<UNICODE level="required">
<FEEDBACK>
<ON_ERROR message="unicoderequired" />
</FEEDBACK>
</UNICODE>
<DATABASE level="required">
<VENDOR name="mysql" version="5.0.25">
<FEEDBACK>
<ON_ERROR message="mysql416required" />
</FEEDBACK>
</VENDOR>
<VENDOR name="postgres" version="8.3" />
<VENDOR name="mssql" version="9.0" />
<VENDOR name="odbc_mssql" version="9.0" />
<VENDOR name="mssql_n" version="9.0" />
<VENDOR name="oracle" version="10.2" />
<VENDOR name="sqlite" version="2.0" />
</DATABASE>
<PHP version="5.3.2" level="required">
</PHP>
<PHP_EXTENSIONS>
<PHP_EXTENSION name="iconv" level="required">
<FEEDBACK>
<ON_CHECK message="iconvrequired" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="mbstring" level="optional">
<FEEDBACK>
<ON_CHECK message="mbstringrecommended" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="curl" level="required">
<FEEDBACK>
<ON_CHECK message="curlrequired" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="openssl" level="optional">
<FEEDBACK>
<ON_CHECK message="opensslrecommended" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="tokenizer" level="optional">
<FEEDBACK>
<ON_CHECK message="tokenizerrecommended" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="xmlrpc" level="optional">
<FEEDBACK>
<ON_CHECK message="xmlrpcrecommended" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="soap" level="optional">
<FEEDBACK>
<ON_CHECK message="soaprecommended" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="ctype" level="required">
<FEEDBACK>
<ON_ERROR message="ctyperequired" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="zip" level="required">
<FEEDBACK>
<ON_ERROR message="ziprequired" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="gd" level="optional">
<FEEDBACK>
<ON_CHECK message="gdrecommended" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="simplexml" level="required">
<FEEDBACK>
<ON_CHECK message="simplexmlrequired" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="spl" level="required">
<FEEDBACK>
<ON_CHECK message="splrequired" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="pcre" level="required">
</PHP_EXTENSION>
<PHP_EXTENSION name="dom" level="required">
</PHP_EXTENSION>
<PHP_EXTENSION name="xml" level="required">
</PHP_EXTENSION>
<PHP_EXTENSION name="intl" level="optional">
<FEEDBACK>
<ON_CHECK message="intlrecommended" />
</FEEDBACK>
</PHP_EXTENSION>
<PHP_EXTENSION name="json" level="required">
</PHP_EXTENSION>
</PHP_EXTENSIONS>
<PHP_SETTINGS>
<PHP_SETTING name="memory_limit" value="40M" level="required">
<FEEDBACK>
<ON_ERROR message="settingmemorylimit" />
</FEEDBACK>
</PHP_SETTING>
<PHP_SETTING name="safe_mode" value="0" level="optional">
<FEEDBACK>
<ON_CHECK message="settingsafemode" />
</FEEDBACK>
</PHP_SETTING>
<PHP_SETTING name="file_uploads" value="1" level="optional">
<FEEDBACK>
<ON_CHECK message="settingfileuploads" />
</FEEDBACK>
</PHP_SETTING>
</PHP_SETTINGS>
</MOODLE>
</COMPATIBILITY_MATRIX>
+2
View File
@@ -8,6 +8,7 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
$temp->add(new admin_setting_configcheckbox('protectusernames', get_string('protectusernames', 'admin'), get_string('configprotectusernames', 'admin'), 1));
$temp->add(new admin_setting_configcheckbox('forcelogin', get_string('forcelogin', 'admin'), get_string('configforcelogin', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('forceloginforprofiles', get_string('forceloginforprofiles', 'admin'), get_string('configforceloginforprofiles', 'admin'), 1));
$temp->add(new admin_setting_configcheckbox('forceloginforprofileimage', get_string('forceloginforprofileimage', 'admin'), get_string('forceloginforprofileimage_help', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('opentogoogle', get_string('opentogoogle', 'admin'), get_string('configopentogoogle', 'admin'), 0));
$max_upload_choices = get_max_upload_sizes();
@@ -67,6 +68,7 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
$temp->add(new admin_setting_configcheckbox('cookiehttponly', get_string('cookiehttponly', 'admin'), get_string('configcookiehttponly', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('regenloginsession', get_string('regenloginsession', 'admin'), get_string('configregenloginsession', 'admin'), 1));
$temp->add(new admin_setting_configtext('excludeoldflashclients', get_string('excludeoldflashclients', 'admin'), get_string('configexcludeoldflashclients', 'admin'), '10.0.12', PARAM_TEXT));
$temp->add(new admin_setting_configcheckbox('loginpasswordautocomplete', get_string('loginpasswordautocomplete', 'admin'), get_string('loginpasswordautocomplete_help', 'admin'), 0));
$ADMIN->add('security', $temp);
+6 -1
View File
@@ -49,7 +49,12 @@ class block_login extends block_base {
$this->content->text .= '<input type="text" name="username" id="login_username" value="'.s($username).'" /></div>';
$this->content->text .= '<div class="c1 fld password"><label for="login_password">'.get_string('password').'</label>';
$this->content->text .= '<input type="password" name="password" id="login_password" value="" /></div>';
if (!empty($CFG->loginpasswordautocomplete)) {
$this->content->text .= '<input type="password" name="password" id="login_password" value="" autocomplete="off" /></div>';
} else {
$this->content->text .= '<input type="password" name="password" id="login_password" value="" /></div>';
}
$this->content->text .= '<div class="c1 btn"><input type="submit" value="'.get_string('login').'" /></div>';
+5 -6
View File
@@ -672,7 +672,7 @@
$querystring = '';
foreach($_GET as $var => $val) {
$var = clean_param($var, PARAM_ALPHANUM); // See MDL-22631
$val = clean_param($val, PARAM_CLEAN);
$val = urlencode(clean_param($val, PARAM_CLEAN));
if(!$first) {
$first = true;
if ($var != 'filterselect' && $var != 'filtertype') {
@@ -683,13 +683,13 @@
}
} else {
if ($var != 'filterselect' && $var != 'filtertype') {
$querystring .= '&amp;'.$var.'='.$val;
$querystring .= '&'.$var.'='.$val;
$hasparam = true;
}
}
}
if (isset($hasparam)) {
$querystring .= '&amp;';
$querystring .= '&';
} else {
$querystring = '?';
}
@@ -697,9 +697,8 @@
$querystring = '?';
}
return strip_querystring(qualified_me()) . $querystring. 'filtertype='.
$filtertype.'&amp;filterselect='.$filterselect.'&amp;';
return s(strip_querystring(qualified_me()) . $querystring. 'filtertype='.
$filtertype.'&filterselect='.$filterselect.'&', true);
}
/**
+73 -44
View File
@@ -103,6 +103,7 @@
}
$form = null;
$err = array();
switch($action) {
case 'delete':
@@ -129,23 +130,7 @@
}
if($form = data_submitted() and confirm_sesskey()) {
$form->name = clean_param(strip_tags($form->name,'<lang><span>'), PARAM_CLEAN);
$form->timestart = make_timestamp($form->startyr, $form->startmon, $form->startday, $form->starthr, $form->startmin);
if($form->duration == 1) {
$form->timeduration = make_timestamp($form->endyr, $form->endmon, $form->endday, $form->endhr, $form->endmin) - $form->timestart;
if($form->timeduration < 0) {
$form->timeduration = 0;
}
}
else if($form->duration == 2) {
$form->timeduration = $form->minutes * MINSECS;
}
else {
$form->timeduration = 0;
}
// validate form and set error if any.
validate_form($form, $err);
if (count($err) == 0) {
@@ -194,27 +179,13 @@
$title = get_string('newevent', 'calendar');
$form = data_submitted();
if(!empty($form) && !empty($form->name) && confirm_sesskey()) {
$form->name = clean_text(strip_tags($form->name, '<lang><span>'));
$form->timestart = make_timestamp($form->startyr, $form->startmon, $form->startday, $form->starthr, $form->startmin);
if($form->duration == 1) {
$form->timeduration = make_timestamp($form->endyr, $form->endmon, $form->endday, $form->endhr, $form->endmin) - $form->timestart;
if($form->timeduration < 0) {
$form->timeduration = 0;
}
}
else if ($form->duration == 2) {
$form->timeduration = $form->minutes * MINSECS;
}
else {
$form->timeduration = 0;
}
if(!calendar_add_event_allowed($form)) {
error('You are not authorized to do this');
}
// validate form and set error if any.
validate_form($form, $err);
if (count($err) == 0) {
if (!calendar_add_event_allowed($form)) {
error('You are not authorized to do this');
}
$form->timemodified = time();
/// Get the event id for the log record.
@@ -568,11 +539,44 @@
function validate_form(&$form, &$err) {
$cleanform = new stdClass();
//first clean the form values
$cleanform->name = clean_param(strip_tags(trim($form->name), '<lang><span>'),PARAM_CLEAN);
$cleanform->description = addslashes(clean_param($form->description, PARAM_CLEANHTML));
$cleanform->duration = clean_param($form->duration, PARAM_INT);
$cleanform->startmon = clean_param($form->startmon, PARAM_INT);
$cleanform->startday = clean_param($form->startday, PARAM_INT);
$cleanform->startyr = clean_param($form->startyr, PARAM_INT);
$cleanform->starthr = clean_param($form->starthr, PARAM_INT);
$cleanform->startmin = clean_param($form->startmin, PARAM_INT);
$cleanform->endmon = clean_param($form->endmon, PARAM_INT);
$cleanform->endday = clean_param($form->endday, PARAM_INT);
$cleanform->endyr = clean_param($form->endyr, PARAM_INT);
$cleanform->endhr = clean_param($form->endhr, PARAM_INT);
$cleanform->endmin = clean_param($form->endmin, PARAM_INT);
$cleanform->minutes = clean_param($form->minutes, PARAM_INT);
$cleanform->courseid = clean_param($form->courseid, PARAM_INT);
$cleanform->format = clean_param($form->format, PARAM_INT);
$cleanform->course = clean_param($form->course, PARAM_INT);
$cleanform->action = clean_param($form->action, PARAM_ALPHA);
$form->name = trim($form->name);
$form->description = trim($form->description);
// These values are only required for new event.
if ($cleanform->action === 'new') {
$cleanform->repeat = clean_param($form->repeat, PARAM_INT);
$cleanform->repeats = clean_param($form->repeats, PARAM_INT);
$cleanform->groupid = clean_param($form->groupid, PARAM_INT);
$cleanform->userid = clean_param($form->userid, PARAM_INT);
$cleanform->modulename = clean_param($form->modulename, PARAM_SAFEDIR);
$cleanform->eventtype = clean_param($form->eventtype, PARAM_ALPHA);
$cleanform->instance = clean_param($form->instance, PARAM_INT);
$cleanform->type = clean_param($form->type, PARAM_ALPHA);
} else {
$cleanform->id = clean_param($form->id, PARAM_INT);
}
// set form with clean and valid values only.
$form = $cleanform;
if(empty($form->name)) {
if (empty($form->name)) {
$err['name'] = get_string('errornoeventname', 'calendar');
}
/* Allow events without a description
@@ -580,28 +584,53 @@ function validate_form(&$form, &$err) {
$err['description'] = get_string('errornodescription', 'calendar');
}
*/
if(!checkdate($form->startmon, $form->startday, $form->startyr)) {
if (!checkdate($form->startmon, $form->startday, $form->startyr)) {
$err['timestart'] = get_string('errorinvaliddate', 'calendar');
}
if($form->duration == 2 and !checkdate($form->endmon, $form->endday, $form->endyr)) {
if ($form->duration == 1 and !checkdate($form->endmon, $form->endday, $form->endyr)) {
$err['timeduration'] = get_string('errorinvaliddate', 'calendar');
}
if($form->duration == 2 and !($form->minutes > 0 and $form->minutes < 1000)) {
if ($form->duration == 2 and !($form->minutes > 0 and $form->minutes < 1000)) {
$err['minutes'] = get_string('errorinvalidminutes', 'calendar');
}
if (!empty($form->repeat) and !($form->repeats > 1 and $form->repeats < 100)) {
$err['repeats'] = get_string('errorinvalidrepeats', 'calendar');
}
if(!empty($form->courseid)) {
// set start time and duration
$form->timestart = make_timestamp($form->startyr, $form->startmon, $form->startday, $form->starthr, $form->startmin);
if ($form->duration == 1) {
$form->timeduration = make_timestamp($form->endyr, $form->endmon, $form->endday, $form->endhr, $form->endmin) - $form->timestart;
// Duration should be set for time in future.
if ($form->timeduration <= 0) {
$err['timeduration'] = get_string('errorinvaliddate', 'calendar');
$form->timeduration = 0;
}
}
else if ($form->duration == 2) {
$form->timeduration = $form->minutes * MINSECS;
}
else {
$form->timeduration = 0;
}
if (!empty($form->courseid)) {
// Timestamps must be >= course startdate
$course = get_record('course', 'id', $form->courseid);
if($course === false) {
if ($course === false) {
error('Event belongs to invalid course');
}
else if($form->timestart < $course->startdate) {
$err['timestart'] = get_string('errorbeforecoursestart', 'calendar');
}
}
if (!empty($form->modulename)) {
// Check that passed modulename actually exists (possible SQL Injection route)
$module = get_record('modules', 'name', $form->modulename);
if ($module === false) {
error('Invalid module name');
}
}
}
function calendar_add_event_allowed($event) {
+1
View File
@@ -1582,6 +1582,7 @@ function calendar_get_allowed_types(&$allowed) {
if(!empty($SESSION->cal_course_referer) && $SESSION->cal_course_referer != SITEID) {
$course = get_record('course', 'id', $SESSION->cal_course_referer);
$coursecontext = get_context_instance(CONTEXT_COURSE, $SESSION->cal_course_referer);
$allowed->user = has_capability('moodle/calendar:manageownentries', $coursecontext);
if(has_capability('moodle/calendar:manageentries', $coursecontext)) {
$allowed->courses = array($course->id => 1);
+1 -1
View File
@@ -539,7 +539,7 @@
$file = basename($file);
if (!unzip_file("$basedir$wdir/$file")) {
print_error("unzipfileserror","error");
print_error("cannotunzipfile", "error");
}
echo "<div style=\"text-align:center\"><form action=\"index.php\" method=\"get\">";
+4
View File
@@ -396,6 +396,8 @@ $string['filtersettings'] = 'Manage filters';
$string['filtersettingsgeneral'] = 'General filter settings';
$string['filteruploadedfiles'] = 'Filter uploaded files';
$string['forcelogin'] = 'Force users to login';
$string['forceloginforprofileimage'] = 'Force users to login to view user pictures';
$string['forceloginforprofileimage_help'] = 'If enabled, users must login in order to view user profile pictures and the default user picture will be used in all notification emails.';
$string['forceloginforprofiles'] = 'Force users to login for profiles';
$string['forcetimezone'] = 'Force default timezone';
$string['framename'] = 'Frame name';
@@ -493,6 +495,8 @@ $string['location'] = 'Location';
$string['locationsettings'] = 'Location settings';
$string['log'] = 'Logs';
$string['loginhttps'] = 'Use HTTPS for logins';
$string['loginpasswordautocomplete'] = 'Prevent password autocompletion on login form.';
$string['loginpasswordautocomplete_help'] = 'Having this off will let users save their account password in their browser. Switching this setting on will result in your site no longer following XHTML strict validation rules.';
$string['loglifetime'] = 'Keep logs for';
$string['longtimenosee'] = 'Unsubscribe users from courses after';
$string['longtimewarning'] = '<b>Please note that this process can take a long time.</b>';
+1
View File
@@ -139,5 +139,6 @@ $string['wrongdestpath'] = 'Wrong destination path';
$string['wrongsourcebase'] = 'Wrong source URL base';
$string['wrongzipfilename'] = 'Wrong ZIP file name';
$string['youcannotdeletecategory'] = 'You cannot delete category \'$a\' because you can neither delete the contents, nor move them elsewhere.';
$string['zipfileserror'] = 'Cannot create zip file';
?>
+1
View File
@@ -503,6 +503,7 @@ $string['emaildisable'] = 'This email address is disabled';
$string['emaildisableclick'] = 'Click here to disable all email from being sent to this address';
$string['emaildisplay'] = 'Email display';
$string['emaildisplaycourse'] = 'Allow only other course members to see my email address';
$string['emaildisplayhidden'] = 'Email hidden';
$string['emaildisplayno'] = 'Hide my email address from everyone';
$string['emaildisplayyes'] = 'Allow everyone to see my email address';
$string['emailenable'] = 'This email address is enabled';
+16
View File
@@ -1448,6 +1448,14 @@ function insert_record($table, $dataobject, $returnid=true, $primarykey='id') {
if (is_array($dataobject)) {
debugging('Warning. Wrong call to insert_record(). $dataobject must be an object. array found instead', DEBUG_DEVELOPER);
$dataobject = (object)$dataobject;
} else if (is_object($dataobject)) {
// make sure there are no properties or private methods because we cast to array later,
// at the same time this undos the object references so that PHP 5 works the same as PHP 4,
// the main reason for this is BC after the dirty magic hack introduction
if ($properties = get_object_vars($dataobject)) {
$dataobject = (object)$properties;
}
unset($properties);
}
/// Temporary hack as part of phasing out all access to obsolete user tables XXX
@@ -1643,6 +1651,14 @@ function update_record($table, $dataobject) {
if (is_array($dataobject)) {
debugging('Warning. Wrong call to update_record(). $dataobject must be an object. array found instead', DEBUG_DEVELOPER);
$dataobject = (object)$dataobject;
} else if (is_object($dataobject)) {
// make sure there are no properties or private methods because we cast to array later,
// at the same time this undos the object references so that PHP 5 works the same as PHP 4,
// the main reason for this is BC after the dirty magic hack introduction
if ($properties = get_object_vars($dataobject)) {
$dataobject = (object)$properties;
}
unset($properties);
}
/// Extra protection against SQL injections
+1 -1
View File
@@ -495,7 +495,7 @@
$file = basename($file);
if (!unzip_file("$basedir/$wdir/$file")) {
print_error("unzipfileserror","error");
print_error("cannotunzipfile", "error");
}
echo "<center><form action=\"coursefiles.php\" method=\"get\">\n";
+16 -1
View File
@@ -15,6 +15,21 @@ class MoodleQuickForm_password extends HTML_QuickForm_password{
*/
var $_helpbutton='';
function MoodleQuickForm_password($elementName=null, $elementLabel=null, $attributes=null) {
global $CFG;
if (empty($CFG->xmlstrictheaders)) {
// no standard mform in moodle should allow autocomplete of passwords
// this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0
if (empty($attributes)) {
$attributes = array('autocomplete'=>'off');
} else if (is_array($attributes)) {
$attributes['autocomplete'] = 'off';
} else {
if (strpos($attributes, 'autocomplete') === false) {
$attributes .= ' autocomplete="off" ';
}
}
}
parent::HTML_QuickForm_password($elementName, $elementLabel, $attributes);
}
/**
@@ -48,4 +63,4 @@ class MoodleQuickForm_password extends HTML_QuickForm_password{
return $this->_helpbutton;
}
}
?>
?>
+15
View File
@@ -15,6 +15,21 @@ require_once($CFG->libdir.'/form/password.php');
class MoodleQuickForm_passwordunmask extends MoodleQuickForm_password {
function MoodleQuickForm_passwordunmask($elementName=null, $elementLabel=null, $attributes=null) {
global $CFG;
if (empty($CFG->xmlstrictheaders)) {
// no standard mform in moodle should allow autocomplete of passwords
// this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0
if (empty($attributes)) {
$attributes = array('autocomplete'=>'off');
} else if (is_array($attributes)) {
$attributes['autocomplete'] = 'off';
} else {
if (strpos($attributes, 'autocomplete') === false) {
$attributes .= ' autocomplete="off" ';
}
}
}
parent::MoodleQuickForm_password($elementName, $elementLabel, $attributes);
}
+5 -2
View File
@@ -33,10 +33,13 @@ class MoodleQuickForm_recaptcha extends HTML_QuickForm_input {
* </code>
*/
function MoodleQuickForm_recaptcha($elementName = null, $elementLabel = null, $attributes = null) {
global $CFG;
parent::HTML_QuickForm_input($elementName, $elementLabel, $attributes);
$this->_type = 'recaptcha';
if (!empty($attributes['https'])) {
$this->_https = $attributes['https'];
if (!empty($attributes['https']) or strpos($CFG->httpswwwroot, 'https:') === 0) {
$this->_https = true;
} else {
$this->_https = false;
}
}
+16 -1
View File
@@ -106,6 +106,21 @@ class moodleform {
* @return moodleform
*/
function moodleform($action=null, $customdata=null, $method='post', $target='', $attributes=null, $editable=true) {
global $CFG;
if (empty($CFG->xmlstrictheaders)) {
// no standard mform in moodle should allow autocomplete with the exception of user signup
// this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0
if (empty($attributes)) {
$attributes = array('autocomplete'=>'off');
} else if (is_array($attributes)) {
$attributes['autocomplete'] = 'off';
} else {
if (strpos($attributes, 'autocomplete') === false) {
$attributes .= ' autocomplete="off" ';
}
}
}
if (empty($action)){
$action = strip_querystring(qualified_me());
}
@@ -1486,7 +1501,7 @@ function validate_' . $this->_formName . '(frm) {
} else if (is_a($element, 'HTML_QuickForm_hidden')) {
return array();
} else if (method_exists($element, 'getPrivateName')) {
} else if (method_exists($element, 'getPrivateName') && !($element instanceof HTML_QuickForm_advcheckbox)) {
return array($element->getPrivateName());
} else {
+3 -2
View File
@@ -427,13 +427,14 @@ function unmaskPassword(id) {
try {
// first try IE way - it can not set name attribute later
if (chb.checked) {
var newpw = document.createElement('<input type="text" name="'+pw.name+'">');
var newpw = document.createElement('<input type="text" autocomplete="off" name="'+pw.name+'">');
} else {
var newpw = document.createElement('<input type="password" name="'+pw.name+'">');
var newpw = document.createElement('<input type="password" autocomplete="off" name="'+pw.name+'">');
}
newpw.attributes['class'].nodeValue = pw.attributes['class'].nodeValue;
} catch (e) {
var newpw = document.createElement('input');
newpw.setAttribute('autocomplete', 'off');
newpw.setAttribute('name', pw.name);
if (chb.checked) {
newpw.setAttribute('type', 'text');
+24 -16
View File
@@ -2741,13 +2741,13 @@ function set_moodle_cookie($thing) {
return;
}
$cookiename = 'MOODLEID_'.$CFG->sessioncookie;
$cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
$days = 60;
$seconds = DAYSECS*$days;
setCookie($cookiename, '', time() - HOURSECS, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
setCookie($cookiename, rc4encrypt($thing), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
setCookie($cookiename, rc4encrypt($thing, true), time()+$seconds, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure);
}
/**
@@ -2759,12 +2759,12 @@ function set_moodle_cookie($thing) {
function get_moodle_cookie() {
global $CFG;
$cookiename = 'MOODLEID_'.$CFG->sessioncookie;
$cookiename = 'MOODLEID1_'.$CFG->sessioncookie;
if (empty($_COOKIE[$cookiename])) {
return '';
} else {
$thing = rc4decrypt($_COOKIE[$cookiename]);
$thing = rc4decrypt($_COOKIE[$cookiename], true);
return ($thing == 'guest') ? '': $thing; // Ignore guest account
}
}
@@ -6024,25 +6024,33 @@ function get_list_of_currencies() {
/**
* rc4encrypt
*
* @param string $data ?
* @return string
* @todo Finish documenting this function
* @param string $data Data to encrypt.
* @param bool $usesecurekey Lets us know if we are using the old or new password.
* @return string The now encrypted data.
*/
function rc4encrypt($data) {
$password = 'nfgjeingjk';
return endecrypt($password, $data, '');
function rc4encrypt($data, $usesecurekey = false) {
if (!$usesecurekey) {
$passwordkey = 'nfgjeingjk';
} else {
$passwordkey = get_site_identifier();
}
return endecrypt($passwordkey, $data, '');
}
/**
* rc4decrypt
*
* @param string $data ?
* @return string
* @todo Finish documenting this function
* @param string $data Data to decrypt.
* @param bool $usesecurekey Lets us know if we are using the old or new password.
* @return string The now decrypted data.
*/
function rc4decrypt($data) {
$password = 'nfgjeingjk';
return endecrypt($password, $data, 'de');
function rc4decrypt($data, $usesecurekey = false) {
if (!$usesecurekey) {
$passwordkey = 'nfgjeingjk';
} else {
$passwordkey = get_site_identifier();
}
return endecrypt($passwordkey, $data, 'de');
}
/**
+9 -6
View File
@@ -653,11 +653,11 @@ class PHPMailer
*/
function AddrFormat($addr) {
if(empty($addr[1]))
$formatted = $addr[0];
$formatted = preg_replace('/[\r\n]+/', '', $addr[0]); // Moodle modification
else
{
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" .
$addr[0] . ">";
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" .
preg_replace('/[\r\n]+/', '', $addr[0]) . ">"; // Moodle modification
}
return $formatted;
@@ -780,9 +780,9 @@ class PHPMailer
$result .= $this->HeaderLine("Date", $this->RFCDate());
if($this->Sender == "")
$result .= $this->HeaderLine("Return-Path", trim($this->From));
$result .= $this->HeaderLine("Return-Path", trim(preg_replace('/[\r\n]+/', '', $this->From))); // Moodle modification
else
$result .= $this->HeaderLine("Return-Path", trim($this->Sender));
$result .= $this->HeaderLine("Return-Path", trim(preg_replace('/[\r\n]+/', '', $this->Sender))); // Moodle modification
// To be created automatically by mail()
if($this->Mailer != "mail")
@@ -1190,7 +1190,10 @@ class PHPMailer
*/
function EncodeHeader ($str, $position = 'text') {
/// Start Moodle Hack - do our own multibyte-safe header encoding
/// Start Moodle Hack - do our own multibyte-safe header encoding and cleanup
$str = str_replace("\r", '', $str);
$str = str_replace("\n", '', $str);
$textlib = textlib_get_instance();
$encoded = $textlib->encode_mimeheader($str, $this->CharSet);
if ($encoded !== false) {
+1 -1
View File
@@ -35,7 +35,7 @@ if ($show_instructions) {
<div class="clearer"><!-- --></div>
<div class="form-label"><label for="password"><?php print_string("password") ?></label></div>
<div class="form-input">
<input type="password" name="password" id="password" size="15" value="" />
<input type="password" name="password" id="password" size="15" value="" <?php if (!empty($CFG->loginpasswordautocomplete)) {echo 'autocomplete="off"';} ?> />
<input type="submit" value="<?php print_string("login") ?>" />
<input type="hidden" name="testcookies" value="1" />
</div>
+1 -1
View File
@@ -26,7 +26,7 @@
//HTTPS is potentially required in this page
httpsrequired();
$mform_signup = new login_signup_form();
$mform_signup = new login_signup_form(null, null, 'post', '', array('autocomplete'=>'on'));
if ($mform_signup->is_cancelled()) {
redirect($CFG->httpswwwroot.'/login/index.php');
+1 -1
View File
@@ -996,7 +996,7 @@ function message_post_message($userfrom, $userto, $message, $format, $messagetyp
$messagehtml = NULL;
}
if (!empty($preference->message_emailaddress)) {
if (!empty($preference->message_emailaddress) and validate_email($preference->message_emailaddress)) {
$userto->email = $preference->message_emailaddress; // Use custom messaging address
}
+14 -1
View File
@@ -60,6 +60,7 @@ if($mform->is_cancelled()) {
print_header_simple($data->name, '', $nav,
'', '', true, update_module_button($cm->id, $course->id, get_string('modulename', 'data')),
navmenu($course, $cm), '', '');
groups_print_activity_menu($cm, "$CFG->wwwroot/mod/data/export.php?d=$d");
print_heading(format_string($data->name));
// these are for the tab display
@@ -83,13 +84,25 @@ foreach($fields as $key => $field) {
$exportdata[0][] = $field->field->name;
}
}
$groupid = groups_get_activity_group($cm);
$datarecords = get_records('data_records', 'dataid', $data->id);
ksort($datarecords);
$line = 1;
foreach($datarecords as $record) {
// get content indexed by fieldid
if( $content = get_records('data_content', 'recordid', $record->id, 'fieldid', 'fieldid, content, content1, content2, content3, content4') ) {
if($groupid) {
$select = "SELECT c.fieldid, c.content, c.content1, c.content2, c.content3, c.content4
FROM {$CFG->prefix}data_content c, {$CFG->prefix}data_records r
WHERE c.recordid = $record->id
AND r.id = c.recordid
AND r.groupid = $groupid";
} else {
$select = "SELECT fieldid, content, content1, content2, content3, content4
FROM {$CFG->prefix}data_content
WHERE recordid = $record->id";
}
if( $content = get_records_sql($select) ) {
foreach($fields as $field) {
$contents = '';
if(isset($content[$field->field->id])) {
+9 -1
View File
@@ -62,6 +62,10 @@
error('You can\'t move to that forum - it doesn\'t exist!', $return);
}
if ($forumto->type == 'single') {
error('Cannot move discussion to a simple single discussion forum.', $return);
}
if (!$cmto = get_coursemodule_from_instance('forum', $forumto->id, $course->id)) {
error('Target forum not found in this course.', $return);
}
@@ -187,6 +191,8 @@
}
$section = -1;
$forummenu = array();
// Check forum types and eliminate simple discussions.
$forumcheck = get_records('forum', 'course', $course->id, '', 'id, type');
foreach ($modinfo->instances['forum'] as $forumcm) {
if (!$forumcm->uservisible || !has_capability('mod/forum:startdiscussion',
get_context_instance(CONTEXT_MODULE,$forumcm->id))) {
@@ -197,7 +203,9 @@
$forummenu[] = "-------------- $strsection $forumcm->sectionnum --------------";
}
$section = $forumcm->sectionnum;
if ($forumcm->instance != $forum->id) {
$forumidcompare = $forumcm->instance != $forum->id;
$forumtypecheck = $forumcheck[$forumcm->instance]->type !== 'single';
if ($forumidcompare and $forumtypecheck) {
$url = "discuss.php?d=$discussion->id&amp;move=$forumcm->instance&amp;sesskey=".sesskey();
$forummenu[$url] = format_string($forumcm->name);
}
+4
View File
@@ -4484,6 +4484,10 @@ function forum_user_can_post_discussion($forum, $currentgroup=null, $unused=-1,
return false;
}
if ($forum->type == 'single') {
return false;
}
if ($forum->type == 'eachuser') {
if (forum_user_has_posted_discussion($forum->id, $USER->id)) {
return false;
+45 -27
View File
@@ -40,6 +40,50 @@
die;
}
switch ($mode) {
case 'posts' :
$searchterms = array('userid:'.$user->id);
$extrasql = '';
break;
default:
$searchterms = array('userid:'.$user->id);
$extrasql = 'AND p.parent = 0';
break;
}
if ($course->id == SITEID) {
if (empty($CFG->forceloginforprofiles) || isloggedin()) {
// Search throughout the whole site.
$searchcourse = 0;
} else {
$searchcourse = SITEID;
}
} else {
// Search only for posts the user made in this course.
$searchcourse = $course->id;
}
$posts = forum_search_posts($searchterms, $searchcourse, $page*$perpage, $perpage, $totalcount, $extrasql);
$hasposts = !empty($posts);
$iscurrentuser = $user->id == $USER->id;
$specificcourseprovided = !empty($searchcourse) && $searchcourse != SITEID;
if (!$hasposts && !$iscurrentuser && !$specificcourseprovided) {
$mustlogin = (!isloggedin() && $CFG->forceloginforprofiles);
$canviewtheuser = (isloggedin() && has_capability('moodle/user:viewdetails', $usercontext));
if ($mustlogin || (!isteacherinanycourse() && !isteacherinanycourse($user->id) && !$canviewtheuser)) {
// Best to assume that the current user cannot view the requested user
// so we are careful not to give out any information.
print_header();
print_heading(get_string('noposts', 'forum'));
print_footer();
exit;
} else {
// Nothing to check here. If a course has been specified then require_course_login
// has been called OR the current user is a parent of the requested user.
}
}
add_to_log($course->id, "forum", "user report",
"user.php?course=$course->id&amp;id=$user->id&amp;mode=$mode", "$user->id");
@@ -65,36 +109,10 @@
$showroles = 1;
include($CFG->dirroot.'/user/tabs.php'); /// Prints out tabs as part of user page
switch ($mode) {
case 'posts' :
$searchterms = array('userid:'.$user->id);
$extrasql = '';
break;
default:
$searchterms = array('userid:'.$user->id);
$extrasql = 'AND p.parent = 0';
break;
}
echo '<div class="user-content">';
if ($course->id == SITEID) {
if (empty($CFG->forceloginforprofiles) || isloggedin()) {
// Search throughout the whole site.
$searchcourse = 0;
} else {
$searchcourse = SITEID;
}
} else {
// Search only for posts the user made in this course.
$searchcourse = $course->id;
}
// Get the posts.
if ($posts = forum_search_posts($searchterms, $searchcourse, $page*$perpage, $perpage,
$totalcount, $extrasql)) {
if ($posts) {
print_paging_bar($totalcount, $page, $perpage,
"user.php?id=$user->id&amp;course=$course->id&amp;mode=$mode&amp;perpage=$perpage&amp;");
+7 -7
View File
@@ -297,19 +297,19 @@
//<![CDATA[
scorm_resize(<?php echo $scorm->width.", ". $scorm->height; ?>);
function openpopup(url,name,options,width,height) {
fullurl = "<?php echo $CFG->wwwroot.'/mod/scorm/' ?>" + url;
windowobj = window.open(fullurl,name,options);
if ((width==100) && (height==100)) {
// Fullscreen
windowobj.moveTo(0,0);
}
if (width<=100) {
width = Math.round(screen.availWidth * width / 100);
}
if (height<=100) {
height = Math.round(screen.availHeight * height / 100);
}
windowobj.resizeTo(width,height);
options += ",width="+width+",height="+height;
fullurl = "<?php echo $CFG->wwwroot.'/mod/scorm/' ?>" + url;
windowobj = window.open(fullurl,name,options);
if ((width==100) && (height==100)) {
// Fullscreen
windowobj.moveTo(0,0);
}
windowobj.focus();
return windowobj;
}
+13 -6
View File
@@ -397,14 +397,16 @@ function wiki_get_default_entry(&$wiki, &$course, $userid=0, $groupid=0) {
global $USER;
/// If there is a groupmode, get the user's group id.
$groupmode = groups_get_activity_groupmode($wiki);
// if groups mode is in use and no group supplied, use the first one found
if ($groupmode && !$groupid) {
if(($mygroupids=mygroupid($course->id)) && count($mygroupids)>0) {
// Use first group. They ought to be able to change later
$groupid=$mygroupids[0];
// Get a group of wiki that user has access to in the course with groupingid.
$groups = groups_get_all_groups($course->id, $USER->id, $wiki->groupingid);
if ($groups && count($groups) > 0) {
// Select the first element in the array. Set the groupid to the id of the first element.
$group = current($groups);
$groupid = $group->id;
} else {
// Whatever groups are in the course, pick one
$coursegroups = groups_get_all_groups($course->id);
$coursegroups = groups_get_all_groups($course->id, 0, $wiki->groupingid);
if(!$coursegroups || count($coursegroups)==0) {
error("Can't access wiki in group mode when no groups are configured for the course");
}
@@ -1088,7 +1090,12 @@ function wiki_user_can_access_group_wiki(&$wiki, $groupid, &$course) {
/// Get the groupmode. It's been added to the wiki object.
$groupmode = groups_get_activity_groupmode($wiki);
$usersgroup = mygroupid($course->id);
if ($usersgroup = groups_get_all_groups($course->id, $USER->id, $wiki->groupingid)) {
$usersgroup = array_keys($usersgroup);
} else {
$usersgroup = array();
}
$isteacher = wiki_is_teacher($wiki, $USER->id);
/// A user can access a group wiki, if:
+3 -3
View File
@@ -571,9 +571,9 @@ class question_match_qtype extends default_questiontype {
//mappings in backup_ids to use them later where restoring states (user level).
//Get the match_sub from DB (by question, questiontext and answertext)
$db_match_sub = get_record ("question_match_sub","question",$new_question_id,
"questiontext",$match_sub->questiontext,
"answertext",$match_sub->answertext);
$db_match_sub = get_record('question_match_sub', 'question', $new_question_id,
sql_compare_text('questiontext', 255), $match_sub->questiontext,
'answertext', $match_sub->answertext);
//Do some output
if (($i+1) % 50 == 0) {
if (!defined('RESTORE_SILENTLY')) {
+7 -1
View File
@@ -56,7 +56,13 @@
$course->teacher = get_string('defaultcourseteacher');
}
foreach ($SESSION->emailto[$id] as $user) {
echo '<tr><td>'.fullname($user,true).'</td><td>'.$user->email.'</td><td>';
echo '<tr><td>'.fullname($user,true).'</td>';
// Check to see if we should be showing the email address.
if ($user->maildisplay == 0 ) { // 0 = don't display my email to anyone.
echo '<td>' . get_string('emaildisplayhidden') . '</td><td>';
} else {
echo '<td>'.$user->email.'</td><td>';
}
if ($user->teacher) {
echo '<img src="'.$CFG->pixpath.'/t/user.gif" alt="'.$course->teacher.'" title="'.$course->teacher.'"/>';
}
+1 -1
View File
@@ -46,7 +46,7 @@
foreach ($_POST as $k => $v) {
if (preg_match('/^(user|teacher)(\d+)$/',$k,$m)) {
if (!array_key_exists($m[2],$SESSION->emailto[$id])) {
if ($user = get_record_select('user','id = '.$m[2],'id,firstname,lastname,idnumber,email,emailstop,mailformat,lastaccess')) {
if ($user = get_record_select('user','id = '.$m[2],'id,firstname,lastname,idnumber,email,emailstop,mailformat,lastaccess,maildisplay')) {
$SESSION->emailto[$id][$m[2]] = $user;
$SESSION->emailto[$id][$m[2]]->teacher = ($m[1] == 'teacher');
$count++;
+3 -1
View File
@@ -6,8 +6,10 @@
require_once('../config.php');
require_once($CFG->libdir.'/filelib.php');
if (!empty($CFG->forcelogin) and !isloggedin()) {
if ((!empty($CFG->forcelogin) and !isloggedin()) ||
(!empty($CFG->forceloginforprofileimage) && (!isloggedin() || isguestuser()))) {
// protect images if login required and not logged in;
// also if login is required for profile images and is not logged in or guest
// do not use require_login() because it is expensive and not suitable here anyway
redirect($CFG->pixpath.'/u/f1.png');
}
+2 -2
View File
@@ -6,10 +6,10 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
$version = 2007101591.07; // YYYYMMDD = date of the 1.9 branch (don't change)
$version = 2007101591.16; // YYYYMMDD = date of the 1.9 branch (don't change)
// X = release number 1.9.[0,1,2,3,4,5...]
// Y.YY = micro-increments between releases
$release = '1.9.15 (Build: 20111128)'; // Human-friendly version name
$release = '1.9.18 (Build: 20120514)'; // Human-friendly version name
?>