When a user is entering a password which isn't returned back to them
then its not correct to use the unmask element - this element was
designed for places where we are storing shared secrets.
Fix to:
- Make sure we properly check both user and course contexts in
the load_for_user function in navigation lib and user the
user_can_view_profile function for same-course access checks.
- Use user_can_view_profile in the renderer's context_header to
properly decide whether a user can view another user's picture
and messaging options in the page header.
Fixes a bug in which a user's full name might be disclosed via the
nav tree. Nav generation now checks the current user's access to the
user before adding the node, else adds a dummy node.
In the core dml:
PostgreSQL connections now use advanced options to reduce connection overhead.
These options are not compatible with some connection poolers. The
dbhandlesoptions parameter has been added to allow the database to configure
the required defaults.
This item adds a setting to the logstore_database plugin to let you set the
same flag for your destination database - without it you won't be able to ship
logs to a postgresql database with a pgbouncer frontend.
Mustache templates containing {{#js}} blocks are not returned via the
fragments API. This is because the requirements manager is assigned when the renderer is created
and not updated by the call to start collecting page requirements.
Switch back to GCE build infrastructure for Travis Builds and move
databases to RAM Disk.
This also adds a software entropy generator (haveged) which is
recommended when using a RAMdisk for the database.
Also removed write_header() and write_footer(). The reason for this
is because in core we want to know if the format being used supports
multiple sheets. To do this, and ensure we do not break third-party
dataformat plugins, we are using method_exist(). If write_header()
and write_footer() remain in the base class then this will always
be true.
Remove unittest-specific callbacks for checking access and displaying
the calendar events on the dashboard.
This will allow plugin developers unittest the full behavior
of how their plugins add events to the dashboard.
Reset all static caches between unittests.
In the issue MDL-39319 (6ddf92c77), the ability to uninstall multiple
language packs at once was added. By a mistake, the PARAM_ALPHAEXT was
used as paramater type for the dash-separated list of language packs to
be uninstalled. Language packs with a number in the name (such as
en_us_k12) do not pass the ALPHAEXT cleaning.
This patch changes the parameter cleaning to PARAM_SAFEPATH which is
more appropriate for the given scenario as language code themselves must
be SAFEDIRs.
Default of $params = null leads to a problem in query_db().
There this value is used in array_merge, which can not handle null
values. If null is passed for one of the params the outcome will be null
independent of the value of the second param!
Repository instances are stored in the 'repository' table. Repositories
in the table are either 'Enabled and visible' or 'Enabled but hidden'.
Hidden repositories still serve their files, but are not visible in the
filepicker UI. Disabling a repository instance removes its record from
the table.
In the original implementation of the plugin manager (see b9934a17), the
method plugintype_repository::get_enabled_repositories() correctly
returned all records from the repository table. Then as a part of the
bigger refactoring in MDL-41437, the commit bde002b8 replaced the
original method with the new get_enabled_plugins() one which started to
return visible repositories only.
As a consequence, the admin tree stopped populating setting page nodes
for hidden repository instances. So attempting to visit their setting
page threw a section error. Credit goes to Ike Quigley for debugging and
tracing this down.
This patch fixes the way how the list of enabled repositories is
populated by the plugin manager so that both visible and hidden
repositories are returned again. This does not affect the filepicker
itself as it is using its own methods for obtaining the list.
There can be a different number of courses displayed in the
'Navigation' block and in the 'Flat' navigation. This patch
decides what courses we want to display on each, then
applies the 'navcourselimit' setting individually.
Add string "Side panel" to make the purpose of
trigram/hamburger icon at top left clearer, particularly
when using screen readers e.g. Jaws/NVDA.
Currently it reads out only "expand"
If we let videojs auto-init the video/audio tags present in the page - we cannot guarantee that the
youtube library will be loaded by the time video.js is processing the tag.
Video.js uses the presence of a data-setup attibute to signal that it should auto-init this tag, so
we have to rename our config attribute to something else.
The availability info text can be either a one line short text such as
"Hidden from students" but it can also be a long HTML formatted text
with the list of all restricted access conditions. For the latter, using
bootstrap labels was not appropriate.
This extends the template context data with some boolean flags that
allow to better distinguish the source and meaning of the availability
information and display it accordingly.
Credit goes to Marina Glancy for the solution idea.
Find any events records for assign group overrides having null priority
and sets their priority to the sortorder value from the corresponding
assign_overrides table entry.
Fixed a bug in which $fromform->sortorder wasn't set before passing
$formdata to assign_update_events, resulting in the existing event
priority being incorrectly nulled and breaking the effective override.
The previous behaviour was to only lock when in theme designer mode.
As a result, when generating the theme for after a reset, each new
client was starting the generation afresh and no locking was taking
place at all.
This version includes a fix[1] contributed by Frédéric Massart investigating
our compilation time issues, which significantly improves the speed of
processing font awesome.
Thanks, Fred!
[1] https://github.com/sabberworm/PHP-CSS-Parser/pull/120
Starting with npm version 5, npm install will generate a lockfile
(now named package-lock.json) or update the existing npm-shrinkwrap.json
To prevent changes being generated in the codebase when this happens, we
need to commit the version 5 generated shrinkwrap.
This is related to a general overhaul [1] of how npm manages things. But
for our purposes, we the lockfile should be BC to previous versions [2].
Going forward, we need to ensure we generate the lockfile on npm >=5 to
prevent differences from the previously un-versioned lockfile.
[1] http://blog.npmjs.org/post/161081169345/v500
[2] https://github.com/npm/npm/issues/16728#issuecomment-305104149
* Use the calendar_event::description property and format it using
format_text() on it in order to apply the appropriate filters.
* Then use html_to_text() on it to strip the tags and convert the
description to plain text while converting <br> and <p> tags to
line breaks.
When certainty-based marking is used, grades can 'exceed' the maximum grade
(because they are multiplied by factors). Therefore, in such cases, don't show
no warning.
There are situations where we need to sort events on a field called
"timesort", but sometimes it is not set. So we can fall back to
"timestart" in this case.
While ldap_get_entries_moodle() PHPdocs state that it returns "array
ldap-entries with lower-cased attributes as indexes.", this is not true. It
uses ldap_get_attributes() internally, which returns both numerically indexed
attribute names, and dictionary-like entries indexed by attribute names.
Current code lowercases the dictionary-like entries, but then uses the
numerically indexed entries for the attribute names used as keys in the
returned array. The numerically indexed names might or might not be lowercased,
depending on the LDAP server and PHP version) version. E.g., OpenLDAP 2.x,
Novell eDirectory 8.x and MS Active Directory return mixed-cased attribute
names, and PHP 5.x and PHP 7.x don't lowercase them inside ldap_get_entries().
This is probably why all calls to ldap_get_entries_moodle() are followed by
calls to array_change_key_case(), even if that shouldn't be necessary.
So make sure we always return lower-cased attributs as indexes and add some
unit tests to avoid regressions in the future.
Currently, the sorting being used for the grader report table
(asc/desc arrows) is just the grade_grades.finalgrade.
This adds grade_grades.userid in the sort to prevent duplicate
in records returned when using pages.
* Change the start date of the parent event to the current date
for tests that with events that recur forever.
* Limit query results to 100 for events that recur forever that can
generate more than 100 event records.
Previously when a repeating chat was updating the calendar
it would only update the timestart column. It needs to also
update the timesort column to display correctly on the new
overview.
When using $page->context it calls magic_get_context() in lib/pagelib.php.
This method sets the context to context_system::instance() if it is currently
null and returns that as the context. However, when installing a new site
context_system::instance() also returns null.
It shoudl be possible to link multiple OAuth2 sources which have the
same e-mail address to an account.
This patch makes the check for an existing linked account stricter so
that it only checks for linked account records which match the same
issuer, and which do not have expired confirmation tokens.
There were 4 instances of the calendar refresh events task being
queued, which is redundant as we now have the "one true task" to
fix the events table, and it needs to be run for everybody.
This upgrade step was setting the priority field for assign events
in the events table. This is redundant since we queue a task to
refresh all events.
This patch also removes a redundant refresh_events task that is
queued from assign.
The assign update events code depends on the "old" events in the
DB being returned in the same order as they were originally made,
however there was no guarantee that this would be the case.
There were also situations where the priority would not be explicitly
set (e.g., when creating the "original" event).
The lesson update events code depends on the "old" events in the
DB being returned in the same order as they were originally made,
however there was no guarantee that this would be the case.
There were also situations where the priority would not be explicitly
set (e.g., when creating the "original" event).
The quiz update events code depends on the "old" events in the
DB being returned in the same order as they were originally made,
however there was no guarantee that this would be the case.
There were also situations where the priority would not be explicitly
set (e.g., when creating the "original" event).
Previously we did not require the lib.php files for each module
in this ad-hoc task, which meant that the *_refresh_events functions
would only be called if some lucky sequence of events led to the
lib.php file for the module being required.
Instead we should use the component_callback function which can handle
that stuff automagically.
As a result of fixing the auth plugins config storage in MDL-12689, many
settings would be falsely reported as new ones by
admin/upgradesettings.php. We do not want to confuse admins so we try to
reduce the bewilderment by pre-populating the config_plugins table with
default values. This should be done only for disabled auth methods. The
enabled methods have their settings already stored, so reporting actual
new settings for them is valid.
It has never been guaranteed that settings.php would always be included
from inside the core\plugininfo\auth::load_settings() scope only.
Alternative fix would be to use $plugininfo->name but I think it is
better to be explicit here (same as we are explicit with setting names,
strings etc).
Auth plugins with custom signup forms may not be using renderables / renderers - or
even if they are they may return a renderable that can only be rendered with the renderer from the auth
plugin.
This change checks if the signup form is a renderable - if so try the plugin renderer or fall back on the general renderer.
Otherwise call display() from the mform which is the previous way of rendering an mform.
Um - this code is regexing for exact strings generated from the rendering of icons. I'm not going to rewrite anything
to do with tinymce - for now we just make the regexes far less specific.
The existing search is too broad, and the text being searched exists
a number of times in the block, all them hidden, but one (the one
where we want to really check for the existence of the text).
So this patch only changes the search from block to the target
tab, doing it by css element id. Ideally we should be able to
search in tabs more naturally, but we don't have support for that right
now.
We cannot use redirect() because is not compatible with
webservice/pluginfile.php
This script is defined as an AJAX_SCRIPT so redirections are not
allowed by redirect() function.
@@ -31,7 +31,7 @@ $string['delete_confirmation'] = 'Are you absolutely sure you want to remove <st
$string['deletea']='Delete {$a}';
$string['deletefiletypes']='Delete a file type';
$string['description']='Custom description';
$string['description_help']='Simple file type description, e.g. ‘Kindle ebook’. If your site supports multiple languages and uses the multi-language filter, you can enter multi-language tags in this field to supply a description in different languages.';
$string['description_help']='Simple file type description, e.g. \'Kindle ebook\'. If your site supports multiple languages and uses the multi-language filter, you can enter multi-language tags in this field to supply a description in different languages.';
$string['descriptiontype']='Description type';
$string['descriptiontype_help']='There are three possible ways to specify a description.
@@ -49,15 +49,15 @@ $string['error_defaulticon'] = 'Another file extension with the same MIME type i
$string['error_extension']='The file type extension <strong>{$a}</strong> already exists or is invalid. File extensions must be unique and must not contain special characters.';
$string['error_notfound']='The file type with extension {$a} cannot be found.';
$string['extension']='Extension';
$string['extension_help']='File name extension without the dot, e.g. ‘mobi’';
$string['extension_help']='File name extension without the dot, e.g. \'mobi\'';
$string['groups']='Type groups';
$string['groups_help']='Optional list of file type groups that this type belongs to. These are generic categories such as ‘document’ and ‘image’.';
$string['groups_help']='Optional list of file type groups that this type belongs to. These are generic categories such as \'document\' and \'image\'.';
$string['icon']='File icon';
$string['icon_help']='Icon filename.
The list of icons is taken from the /pix/f directory inside your Moodle installation. You can add custom icons to this folder if required.';
$string['mimetype']='MIME type';
$string['mimetype_help']='MIME type associated with this file type, e.g. ‘application/x-mobipocket-ebook’';
$string['mimetype_help']='MIME type associated with this file type, e.g. \'application/x-mobipocket-ebook\'';
$string['pluginname']='File types';
$string['revert']='Restore {$a} to Moodle defaults';
$string['revert_confirmation']='Are you sure you want to restore <strong>.{$a}</strong> to Moodle defaults, discarding your changes?';
$string['databasehandlesoptions_help']='Does the remote database handle its own options.';
$string['databasetable']='Database table';
$string['databasetable_help']='Name of the table where logs will be stored. This table should have a structure identical to the one used by logstore_standard (mdl_logstore_standard_log).';
$string['includeactions']='Include actions of these types';
$string['issuerloginparams']='Additional parameters included in a login request.';
$string['issuerloginparams_help']='Some systems require additional parameters for a login request in order to read the user\'s basic profile.';
$string['issuerloginparamsoffline']='Additional parameters included in a login request for offline access.';
$string['issuerloginparamsoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Google requires the additional params: "access_type=offline&prompt=consent" these parameters should be in url query parameter format.';
$string['issuerloginscopes_help']='Some systems require additional scopes for a login request in order to read the users basic profile. The standard scopes for an OpenID Connect compliant system are "openid profile email".';
$string['issuerloginscopesoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Microsoft requires an additional scope "offline_access"';
$string['issuerloginparamsoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Google requires the additional params: "access_type=offline&prompt=consent". These parameters should be in URL query parameter format.';
$string['issuerloginscopes_help']='Some systems require additional scopes for a login request in order to read the user\'s basic profile. The standard scopes for an OpenID Connect compliant system are "openid profile email".';
$string['issuerloginscopesoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Microsoft requires an additional scope "offline_access".';
$string['issuerloginscopesoffline']='Scopes included in a login request for offline access.';
$string['issuerloginscopes']='Scopes included in a login request.';
$string['issuername_help']='Name of the identity issuer. May be displayed on login page.';
$string['issuername']='Name';
$string['issuershowonloginpage_help']='If the OpenID Connect Authentication plugin is enabled, this login issuer will be listed on the login page to allow users to log in with accounts from this issuer.';
$string['issuershowonloginpage']='Show on login page.';
$string['issuershowonloginpage_help']='If the OAuth 2 authentication plugin is enabled, this login issuer will be listed on the login page to allow users to log in with accounts from this issuer.';
$string['issuershowonloginpage']='Show on login page';
$string['enablerunnow']='Allow ‘Run now’ for scheduled tasks';
$string['enablerunnow']='Allow \'Run now\' for scheduled tasks';
$string['enablerunnow_desc']='Allows administrators to run a single scheduled task immediately, rather than waiting for it to run as scheduled. The task runs on the web server, so some sites may wish to disable this feature to avoid potential performance issues.';
$string['resettasktodefaults']='Reset task schedule to defaults';
$string['resettasktodefaults_help']='This will discard any local changes and revert the schedule for this task back to its original settings.';
$string['runnow']='Run now';
$string['runnow_confirm']='Are you sure you want to run this task ‘{$a}’ now? The task will run on the web server and may take some time to complete.';
$string['runnow_confirm']='Are you sure you want to run this task \'{$a}\' now? The task will run on the web server and may take some time to complete.';
$string['scheduledtasks']='Scheduled tasks';
$string['scheduledtaskchangesdisabled']='Modifications to the list of scheduled tasks have been prevented in Moodle configuration';
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.