Previously we appended a dot at the end of IP addresses and domain names in the
cURL security helper, but it causes issues with Google OAuth so this patch removes it.
Previously some of the unit tests were passing "by accident" becuase
we had the security helper letting through domains where the DNS lookup
failed. That behaviour has changed and now such domains are blocked.
Additionally tests for domains with multiple A records and weird Unicode
stuff have been added.
This patch also mocks the DNS resolution in the test, rather than actually
resolving the domain.
Freaky deaky Unicode/octal/hex domains can be resolved by cURL but are technically not valid.
This patch causes anything that Moodle does not consider to be a valid domain or IP to be blocked
by the cURL security helper.
The class dimmed_text would only dim the activity's title and not the icon.
The teacher has both, icon and text, dimmed. So I added the class dimmed
to the class dimmed_text, what dims both elements for the students.
Files that are oversized could have been uploaded by a user who
can ignore the file size limits. These files should not be deleted
in these situations.
Make sure we always checks for failed validation, before redirecting.
A positive return value does not signal that all settings were able
to be written, only that at least one was - errors still need to be
checked!
When an assignment submission is reverted to a draft, the timemodified on
the submission should not be modified. Changing the timemodified causes the
editpdf code to assume the pdf is stale, and forces all annotations to be removed.
* Improve test_choice_get_my_response() to verify the sorting of the
responses returned by choice_get_my_response().
* Fix correct usage of choice_get_my_response().
There is an edge case whereby redis will fail
to accept connections on the first try but
retrying the connection seems to make it work
Included in this commit:
* Retry functionality in the session init
If the file does not have Unix line endings then the regular expression
in oci_native_moodle_database::attempt_oci_package_install() does
not split it correctly.
This leads to an invalid package being created in Oracle.
The .gitattribute file changes for oci_native_moodle_package.sql
force it to have Unix style line endings when the branch is checked
out and the file does not already exist.
The file has been modified so that the Unix style line endings are
applied even if the file already exists, for example when pulling in
this change to an existing branch.
The core_completion_get_activities_completion_status was getting the
progress for all users on the course called, and then discarding all
the records but one.
This change ensures that only progress for the user we are interested in
is retrieved from the database.
This has a side benefit of removing a full table scan from the query
finding the users inside the get_progress_all() method.
The list of courses displayed at the user's dashboard - course overview
block, had the sorting hard-coded to order by fullname. This did not
respect the site setting "navsortmycoursessort" and led to inconsistent
behaviour with "My courses" list in the navigation.
Only course tools are backed up, site tools and registrations
can be matched by id if they are restored to the same site only.
For predefined course tools the secret is backed up encrypted
and can be restored on the same site only.
Before MDL-59854 it was possible to have duplicate forum subscriptions.
Trying to import backups created from back then, caused a DB exception
due to unqiue key constraints. Now only one of multiple identical forum
subscritions is restored.
- If 'coursename' is specified in the CSV it should match the course short name - thanks Yusuf Yılmaz for the patch
- If 'idnumber' is specified but 'groupidnumber' is not, idnumber should be used for matching the course idnumber only
- If 'groupingname' is not specified, there should be no notices (regression from MDL-42514)
- If 'coursename' or 'idnumber' column is present, it can contain empty values in some/all lines
The function groups_get_user_groups is called too often both before rendering the page and after the page is rendered (using ajax).
The function was executing a query joining 3 tables in each call. The plementation of the function has now modified to store the
query result in a request cache.
Fixed the functionality which ticks or unticks all checkboxes when
clicking the Select all or Deselect all elements when viewing the
responses.
Caused by deprecating checkall and checknone functions in
MDL-57490.
Sometimes the "theme" and "lang" fields in the user and course tables
in the database are set to incorrect values (uninstalled or
non-existent themes and language packs).
This makes Web Services functions to fail because the WS server
validate the returned data using the validate_param function that clean
parameters.
If the privacy option "Accept grades from the tool" is disabled, the
module should not appear in the gradebook when edited inline or when
recover grades is running during enrolment.
If the user decides to remove a repository all of the linked
files are now deleted along with file references. This was causing
problems such as the course page displaying an error with no recourse
to fix the problem.
Web Services from user and enrol components has been updated to change
the user preference name field type from PARAM_ALPHANUMEXT to
PARAM_RAW.
The old type was not matching the core functionality.
The google_oauth class extends oauth2client which was modified to send "Accept" headers.
The "Accept" headers break picasa and could break any other plugin that was using google_oauth.
The recordsets used for search indexing sometimes return results
which are invalid (e.g. cannot be found in database). When this
happens, the result in the iterator for the recordset will be
false. Due to a bug, the iterator used to stop when it encountered
a false value, which prevented indexing from getting past the
problematic record.
In addition, the iterator that skips future data resulted in the
current() function of its parent indicator being called twice per
entry, which meant that search indexing called get_document()
twice as many times.
If any of the access rules require the attempt to open in a new window, assume we
require javascript to attempt the quiz. This makes it harder to bypass the javascript
pseudo security restrictions.
The mtrace function is preferable for plain text logging/progress
output because it can be redirected if necessary. By convention it
is normally used in cron and can be used in CLI tasks if required.
This change makes the text_progress_trace class use mtrace instead
of echo and then flush. (Default behaviour of mtrace is to do
exactly that, but it can be redirected too.)
Before this change, if anybody is relying on mtrace behaviour to
redirect logs of cron output, this will fail for some parts of the
search cron output (and some other places like auth plugins).
Previously, when a during backup/restore the "Schema"-stage is loaded,
some settings are fixed if they are LOCKED_BY_HIERARCHY. However, user
data fields of activities can be locked, when the section they are
contained in has user data set to false. When this setting is changed on
the same screen, the fixed setting of the activity can not be "unfixed"
by javascript.
This patch adds a settings-level to the call of is_changeable. With this
only those dependency_settings are considered, which belong to parent
settings, which are not changeable on the current stage.
The function is_locked was changed to determine only, if the
dependency_setting want's the dependent setting to be locked.
In the previous version, is_locked did not only check, if the
dependency_setting want's the setting to be locked, but also if the
setting was already locked. A recursive call to the status of the
dependent setting leaded to problems, when unlocking locked settings.
Also the PHPDOC of the is_locked was adjusted to coincide with the current
usage in backup_ui_settings->is_changeable() and
base_setting->set_status(). In both functions all dependency_settings of
a setting are iterated to check if this setting should be or is LOCKED_BY_HIERARCHY.
The actual state of the setting was therefore either checked beforehand
or is not interesting, since the question is, if it shall be changed.
This new test defines different combinations of global and local user
data settings during the restore process and tests that global defaults
can be overriden.
When the teacher is upgrading a previously entered grade, we re-display
exactly what they typed before if possible, rather than displaying with
a set number of decimal places.
I removed the additional tooltips because I think that they are just used
in the notifications and messages context and duplicate the all over used
title tag that gives the same information when hovering. So the whole system
stays more consistently.
Copy / adapt some styles from the bootstrap progress widget to match the DOM used for file upload progress.
Bootstrap changed this alot in the current beta so I opted to do a minimal change (affect the scss for boost only), rather
than adapt the HTML to something that will change again anyway when we upgrade to the release version of bootstrap 4.
This patch conbines valuable contributions from Kashmira Nagwekar and
Luca Bösch. Many thanks to them. However, the final form of the fix,
and hence the blame, falls to me -- Tim.
There were several issues here:
* The load_questions_usages_by_activity method in
question/engine/datalib.php was incorrectly treating the case
when no data was returned. (Looks like a historic copy-pase from
other methods that fetch one item by unique id, which therefore
must exist.)
* The report was not correctly handling the display when the 'Which
tries' was set to 'with, and without, attempts'.
* It was possible to select the 'All tries' option when also saying
'Users without attempts'. This combination makes not sense, so
a disabledIf rule was added to the form.
The following InnoDB file format configuration parameters were deprecated
in MySQL 5.7.7 and are now removed:
- innodb_file_format
- innodb_file_format_check
- innodb_file_format_max
- innodb_large_prefix
File format configuration parameters were necessary for creating tables
compatible with earlier versions of InnoDB in MySQL 5.1.
Now that MySQL 5.1 has reached the end of its product lifecycle,
the parameters are no longer required.
The FILE_FORMAT column was removed from the INNODB_SYS_TABLES and
INNODB_SYS_TABLESPACES Information Schema tables.
Ref: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-0.html
If you have Global Search set up on a site without file
indexing enabled, then at a later date you enable file indexing
files associated with existing objects are not added.
The only way to have files for existing objects indexed is to
run a reindex of all content.
This patches updates the file indexing language string in the
solr search settings of Global Search to make this clear
to the site administrator.
Triggering a fatal error in an adhoc task is bad. It will be retried indefinitely.
Even though we are not sure how to get a module instance without a course module record,
it is possible and should not kill the Moodle site.
Before this implementation, both resourcekey and password
were not being included in the backups, so old backups are
missing them. To keep upwards compatibility and avoid a PHP
Notice (undefined property), existence is checked via isset(),
that is the usual way all over the restore process.
The singlescobasic_missingorg.zip file includes a modified version of
the javascript which deliberately breaks content.
We need it to have different file names to not break other similar copies
of the file.
Significant string changes:
* errorretrievingkey in message_airnotifier - improved wording and
removing reference to Moodle.org
* enddate_help and courseduration_desc in core - clearer wording
explaining what the date actually does
* restore:viewautomatedfilearea in core_role - changing wording to match
the behaviour
* dropzones_help in qtype_ddmarker - improved wording
* autologinkeygenerationlockout in tool_mobile - updated error message
* configallowemailaddresses in core_admin - clearer description
* subscriptionmode_helpin mod_forum - removing misleading sentence about
subscription mode changes not affecting existing users
- Uses site generated (on backup) key.
- Can be applied potentially everywhere in the restore process.
- Covered with unit tests.
- Authentication / integrity aware so can be used between any 2 servers
(just requires matching key).
- Built using standard backup custom fields.
- Can be applied potentially everywhere.
- Automatically addded 'encrypted' attribute.
- Defaults to site generated key.
- Enforces key robutness / provides authentication (hmac integrity)
- Covered with unit tests.
SCORM 2004 uses the element 'cmi.completion_status' to store the
completion status of a SCO, not 'cmi.core.lesson_status'.
This amends scorm_check_mode so that the right element is looked up.
When scorm_version_check returns false, SCORM 1.2 is assumed.
We were previously testing tha the parent is valid, which it was, and
then fetching the current record, before fetching data from it.
However, the way in which the recordset walk works, the valid function
checks whether the _record_ itself is valid, whilst the current allows
for a callback to be applied.
In this instance, the data-entry was failing because the count of
indexfields was < 2. The recordset data itself was valid, but the view
was not, and as a result, the current() function returned false.
This false was not previously handled.
I've changed the logic so that we handle this case, and have removed a
double-negative in the process.
Due to race conditions in the function subscribe_user
it was possible to create duplicate forum subscriptions.
This lead to error messages, when displaying the list of
all subscriptions.
This patch removes all existing duplicate entries and
creates a unique db key to prevent this from happening in
the future.
Without this change, Moodle fails to provide any data when requesting a
thumbnail for a non-image file as its looking to provide a SVG file that
doesn't exist.
* The styles ".course-content ul.topics li.section .right img.icon" and
".course-content ul.weeks li.section .right img.icon" are now kind of
irrelevant and are causing course section action menu items in
Bootstrapbase to be rendered without spacing between the action menu
icon and the label.
Add html files to the file types that Google can convert. This allows
the Google Drive converter to convert online submissions to pdf. This
fixes an issue where if online submissions is selected and the Google
Drive converter is used all conversions fail and produce a single
blank pdf. Credit to Peter Svec for the idea for this fix.
As reported in MOBILE-1511, Vimeo videos restricted by domain are not
working in the app.
The reason is simple: The restriction is done by the Referer HTTP
header, when a video is embedded via an iframe in the Moodle Site,
Vimeo checks the Referer to see if it matches the specified domain.
When the video is embedded in the mobile app, the Referer is the one
provided by the app Cordova container so Vimeo won't allow playing the
video.
The solution is to add an extra iframe on top of the Vimeo embedding
one (like a proxy), the app will display an iframe pointing to a page
in the site that will include the iframe pointing to vimeo so the
restriction check will work.
list_user_competencies_to_review() orders by shortname, but the test
creates 2 user competencies with the same short name, resulting in
unpredictable results. This patch fixes that.
The item field is defined as PARAM_TEXT (no HTML tags allowed except
for multilang).
Using the s that add quotes to HTML characters we avoid potential Web
Services invalid parameters errors.
The page admin/search.php is the default administration page in Boost
based themes. It should behave the same as admin/index.php or
my/index.php and check if the site needs upgrade.
When the wwwroot indicates https support and a page is accessed over http,
redirect to the wwwroot. This is a better experience than displaying an error.
Backport of MDL-58318.
When files are copied into the system account's drive, they are put into
folders respecting the structure of contexts. Folder names were based on
context names only and so were likely to collide (such as with users
with the same name).
The patch ads context instance identifiers to the name so that they can
be identified more reliably.
The values stored in these user preferences were valid for the old
flickr auth mechanism and are not usable any more. The new oauth1 based
version needs to store both the token (in the flickr_access_token
preference) and the token secret (flickr_access_token_secret). The new
version does not need to store the user's nsid.
The cryptic names of these legacy settings are a result of how dealing
with user preferences was originally implemented.
The patch makes the Flickr repository use the new oauth1 based client.
Beside that, other improvements include:
* Does not attempt to guess the photo URL any more. Instead uses
url_sq and url_o extras of the flickr.photos.search call.
* The photos.search does not return the information about the photo size
so we set it to null (previously was returned as 'unknown' which made
it be displayed as zero).
* Does not perform additional API request to obtain the manage URL, uses
https://www.flickr.com/photos/organize instead.
Provide a more meaningful error message and debuginfo allowing to
diagnose what is going on. In case of flickr, this is typically thrown
when flickr API responses with their "bad, bad panda" HTML page instead
of the expected reply.
As per the oauth1 spec, the oauth_callback is supposed to be passed only
when obtaining the initial request token. The client used to append it
automatically to all requests which broke the request signature.
Fixed to return both those roles in the profileroles site policy and
any roles which the current user can assign in the respective context,
meaning a user can see a link to any role they can assign.
My solution is to remove the padding that's added within scss/bootstrap/_navbar.scss (line 72)
for the case that a logo (has-logo) is uploaded and displayed within the navbar.
Removing this padding will center the image within the navbar.
Changes to the folder contents were not resulting in the
timemodied of the folder activity being set. This prevented
global search from picking up the changes.
If an indexed file has been modified or deleted the search index
will still reference the old file. Remove the file from search
results until the change has been indexed.
We can't really control the direct web access to directories in dirroot,
that is part of the server setup. So we at least warn admins as they may
not realize the risks of having directories like vendor or node_modules
exposed.
Credit goes to Petr Škoda for mentioning the PHPUnit issue CVE-2017-9841
to me.
Make sure to check that $user in enrolled in $course before checking
whether the current user has capabilities in that course, and make sure
that we don't check user context caps when handling a specific course.
The course object passed as parameter to extend_navigation_user
callback contained only a few parameters, some parameters like
showgrades or showreports were missing.
The callback should receive a full course object.
Error messages should be prominent to screen readers as well as visual users,
adding the role alert is recommended way to achieve it for screen readers and this is
also what we do for ->notification apis
* Removed the div with the class 'form-group' that's enclosing the
select element and friends. It's not needed since the urlselect template
is an inline form.
* Also, for completeness, I added the helpicon data for the template's
context.
Make indexing of user messages tolerant to user deletion.
When creating the search document for user messages,
add a check to see if the user has been deleted in the
system. If they have been deleted abort creating the search
document.
This is to avoid rasining an error when trying to get the
user context for a deleted user.
Instead of putting vertical-align: middle as indication for participants table
headers, none is set which leads to theme default, i.e. bottom in Clean and Boost.
If a malformed value was passed, it may be that we can still display it.
We should not assume that, if a string is not passed, that we are
dealing with a promise.
This is an old bit of UI inconsistency. For some reason it used to take
people to the list of all courses. Given modern Moodle usability
conventions, that does not really make sense any more.
Change to download_rewrite_pluginfile_urls() ensuring prefix isn't
added to file links when downloading with the downloadasfolders
user preference set to true. Links to files in onlinetext now work
when downloading as folders.
assign->download_submissions():
- groupname now only added to zip file name if not empty, fixing a
double hyphen bug in the file name.
assign->download_rewrite_pluginfile_urls():
- groupname is now correctly determined using get_submission_group()
instead of using groups_get_activity_group() which fails when there
is no active activity group set. Uses the same logic that
download_submission() uses to prefix file names. Fixes a bug where an
empty groupname prefix was generated, resulting in broken links.
This function used to check only those courses shared by both users
when it should have been checking all courses in which $user is
enrolled. Managers can view a user's course profile without necessarily
sharing the course (being enrolled in) with the $user.
* We have duplicate input event handlers for the autocomplete element
which are both firing when the input element's value is being set.
In case an AJAX handler is defined for the autocomplete suggestions,
this causes the autocomplete suggestions so show "No suggestions" first
and then load the results from the AJAX handler a little bit later.
There are times, such as when viewing a user profile within a course,
when user_can_view_profile() should be passed a course to force it to
restrict its capability checks to only the supplied course. This change
makes sure that core_renderer->context_header() calls this correctly.
This patch adds the missing 'escaping' option to all remaining
xmlrpc_encode_request() calls in the moodle core code.
Without this, the xmlrpc_decode_request() call on the server side may
lead to wrongly decoded non-ascii characters.
The unit test was creating four events, and then relying on them being
retrieved in the order in which they were created.
I've modified the test to:
* ensure timecreated are spaced apart; and
* add an order by timecreated when fetching them.
These tests are an abuse and should not have been accepted. Behat tests should use real pages.
Adding testing only entry points to Moodle is a bad security practice and is not the purpose of behat.
* Add student1 and student2 login/logout steps for the course
participants filtering scenario in order to have last access data
for students 1 and 2 since the participants table is sorted by last
access by default.
* Convert the two course participants scenario to a scenario outline.
The steps are basically the same. Only the view mode is different.
* Remove @javascript tags for the following scenario:
- Filter users on assignment submission page
- Filter users on view gradebook page
- Filter users on course participants page
JS is not really necessary in these scenario and we can get faster
execution time.
For pass/fail setting to work properly, activities must have 'Require grade' completion set,
just make sure we don't allow activities without this setting to be set
slightly refactor duplicate_module() code so it does not rebuild course cache
twice and also we do not need to move module if it is already the last module in a section
totalcount was incorrectly calculated for normal search.
For advanced search it was working as expected.
This was making searched entries pagination behave incorrectly.
When updating the mysql system to utf8mb4 not all tables are
converted to the row format of compressed or dynamic. If a new
index is created there is a possibility that the table could be
using compact or redundant and then an error will be shown saying
that the index size is too large. This fix handles this exception
and converts the table over to compressed.
Do not use custom pfofile field name as a field alias in DB query, use field id instead.
DML lowercases all column aliases and fields with uppercase letters no longer match.
Even when course module is not available the intro text can still be visible on the
course page. In this case the availability restriction is displayed to the student
but link to the activity is not available
The url, which was used for guessing the image, was queried with the
key 'discoveryurl', which is not defined in the context of an issuer.
The baseurl should be sufficient to retrieve the favicon.ico from a
server. That's why the key for was changed from 'discoveryurl' to
'baseurl'.
Since the refactoring towards using the filepicker for file and picture
fields there are several variables, which are set but never read. Thus,
I removed them.
When a file or picture field was added with existing records, these
records could not be saved, since the draft area was not created
properly.
Co-authored-by: Jérôme Mouneyrac <mouneyrac>
Due to Moodle 2.7 and Moodle 3.4 not having a common compatible php version
between them to upgrade from Moodle 3.4 from Moodle 2.7 you'll need to upgrade
to a higher version first or upgrade php at the same time as upgrade,
this encourages the former.
Removed the concat to generate the uniqueid field for the popup
notifications data. The concat can't be used directly in the SQL because
the syntax changes between databases. The sql_concat helper can't be
used because it assumes all values are database columns (which they
aren't in this case).
Instead I've just removed the uniqueid field because it isn't required
for the union all to work and the field isn't being used by anything.
This should fixed the compatibility issues between databases.
Based on work by Tim Lock <tim.lock@blackboard.com>
While upgrading to Moodle 2.8 or above it is possible for it to fail if
the site has multiple graded attempts for a user without an associated
submission record. This caused the upgrade to violate the databases
unique key rules.
This same issue could apply to a backup that was created of an
assignment that had this issue, when it is restored into Moodle 2.8 or
later.
This change adds the attempt number from the grade table into the query
that is inserting the new submission record (thanks to Tim). It also
moves the insert query before the latest flag is set on submission
records to ensure that only one has it, without this it is possible that
multiple submission records would be marked as the latest after an
upgrade or restore.
The OR clause in these queries used different sets of columns to select
userid which meant that the indexes that included user id could not be
used.
This change splits the query so that each individual part can use one of
the indexes that includes a userid which speeds them up considerably.
When a user is entering a password which isn't returned back to them
then its not correct to use the unmask element - this element was
designed for places where we are storing shared secrets.
Fix to:
- Make sure we properly check both user and course contexts in
the load_for_user function in navigation lib and user the
user_can_view_profile function for same-course access checks.
- Use user_can_view_profile in the renderer's context_header to
properly decide whether a user can view another user's picture
and messaging options in the page header.
Fixes a bug in which a user's full name might be disclosed via the
nav tree. Nav generation now checks the current user's access to the
user before adding the node, else adds a dummy node.
In the core dml:
PostgreSQL connections now use advanced options to reduce connection overhead.
These options are not compatible with some connection poolers. The
dbhandlesoptions parameter has been added to allow the database to configure
the required defaults.
This item adds a setting to the logstore_database plugin to let you set the
same flag for your destination database - without it you won't be able to ship
logs to a postgresql database with a pgbouncer frontend.
Mustache templates containing {{#js}} blocks are not returned via the
fragments API. This is because the requirements manager is assigned when the renderer is created
and not updated by the call to start collecting page requirements.
Switch back to GCE build infrastructure for Travis Builds and move
databases to RAM Disk.
This also adds a software entropy generator (haveged) which is
recommended when using a RAMdisk for the database.
Also removed write_header() and write_footer(). The reason for this
is because in core we want to know if the format being used supports
multiple sheets. To do this, and ensure we do not break third-party
dataformat plugins, we are using method_exist(). If write_header()
and write_footer() remain in the base class then this will always
be true.
Remove unittest-specific callbacks for checking access and displaying
the calendar events on the dashboard.
This will allow plugin developers unittest the full behavior
of how their plugins add events to the dashboard.
Reset all static caches between unittests.
In the issue MDL-39319 (6ddf92c77), the ability to uninstall multiple
language packs at once was added. By a mistake, the PARAM_ALPHAEXT was
used as paramater type for the dash-separated list of language packs to
be uninstalled. Language packs with a number in the name (such as
en_us_k12) do not pass the ALPHAEXT cleaning.
This patch changes the parameter cleaning to PARAM_SAFEPATH which is
more appropriate for the given scenario as language code themselves must
be SAFEDIRs.
Default of $params = null leads to a problem in query_db().
There this value is used in array_merge, which can not handle null
values. If null is passed for one of the params the outcome will be null
independent of the value of the second param!
Repository instances are stored in the 'repository' table. Repositories
in the table are either 'Enabled and visible' or 'Enabled but hidden'.
Hidden repositories still serve their files, but are not visible in the
filepicker UI. Disabling a repository instance removes its record from
the table.
In the original implementation of the plugin manager (see b9934a17), the
method plugintype_repository::get_enabled_repositories() correctly
returned all records from the repository table. Then as a part of the
bigger refactoring in MDL-41437, the commit bde002b8 replaced the
original method with the new get_enabled_plugins() one which started to
return visible repositories only.
As a consequence, the admin tree stopped populating setting page nodes
for hidden repository instances. So attempting to visit their setting
page threw a section error. Credit goes to Ike Quigley for debugging and
tracing this down.
This patch fixes the way how the list of enabled repositories is
populated by the plugin manager so that both visible and hidden
repositories are returned again. This does not affect the filepicker
itself as it is using its own methods for obtaining the list.
There can be a different number of courses displayed in the
'Navigation' block and in the 'Flat' navigation. This patch
decides what courses we want to display on each, then
applies the 'navcourselimit' setting individually.
Add string "Side panel" to make the purpose of
trigram/hamburger icon at top left clearer, particularly
when using screen readers e.g. Jaws/NVDA.
Currently it reads out only "expand"
If we let videojs auto-init the video/audio tags present in the page - we cannot guarantee that the
youtube library will be loaded by the time video.js is processing the tag.
Video.js uses the presence of a data-setup attibute to signal that it should auto-init this tag, so
we have to rename our config attribute to something else.
The availability info text can be either a one line short text such as
"Hidden from students" but it can also be a long HTML formatted text
with the list of all restricted access conditions. For the latter, using
bootstrap labels was not appropriate.
This extends the template context data with some boolean flags that
allow to better distinguish the source and meaning of the availability
information and display it accordingly.
Credit goes to Marina Glancy for the solution idea.
Find any events records for assign group overrides having null priority
and sets their priority to the sortorder value from the corresponding
assign_overrides table entry.
Fixed a bug in which $fromform->sortorder wasn't set before passing
$formdata to assign_update_events, resulting in the existing event
priority being incorrectly nulled and breaking the effective override.
The previous behaviour was to only lock when in theme designer mode.
As a result, when generating the theme for after a reset, each new
client was starting the generation afresh and no locking was taking
place at all.
This version includes a fix[1] contributed by Frédéric Massart investigating
our compilation time issues, which significantly improves the speed of
processing font awesome.
Thanks, Fred!
[1] https://github.com/sabberworm/PHP-CSS-Parser/pull/120
Starting with npm version 5, npm install will generate a lockfile
(now named package-lock.json) or update the existing npm-shrinkwrap.json
To prevent changes being generated in the codebase when this happens, we
need to commit the version 5 generated shrinkwrap.
This is related to a general overhaul [1] of how npm manages things. But
for our purposes, we the lockfile should be BC to previous versions [2].
Going forward, we need to ensure we generate the lockfile on npm >=5 to
prevent differences from the previously un-versioned lockfile.
[1] http://blog.npmjs.org/post/161081169345/v500
[2] https://github.com/npm/npm/issues/16728#issuecomment-305104149
* Use the calendar_event::description property and format it using
format_text() on it in order to apply the appropriate filters.
* Then use html_to_text() on it to strip the tags and convert the
description to plain text while converting <br> and <p> tags to
line breaks.
When certainty-based marking is used, grades can 'exceed' the maximum grade
(because they are multiplied by factors). Therefore, in such cases, don't show
no warning.
There are situations where we need to sort events on a field called
"timesort", but sometimes it is not set. So we can fall back to
"timestart" in this case.
While ldap_get_entries_moodle() PHPdocs state that it returns "array
ldap-entries with lower-cased attributes as indexes.", this is not true. It
uses ldap_get_attributes() internally, which returns both numerically indexed
attribute names, and dictionary-like entries indexed by attribute names.
Current code lowercases the dictionary-like entries, but then uses the
numerically indexed entries for the attribute names used as keys in the
returned array. The numerically indexed names might or might not be lowercased,
depending on the LDAP server and PHP version) version. E.g., OpenLDAP 2.x,
Novell eDirectory 8.x and MS Active Directory return mixed-cased attribute
names, and PHP 5.x and PHP 7.x don't lowercase them inside ldap_get_entries().
This is probably why all calls to ldap_get_entries_moodle() are followed by
calls to array_change_key_case(), even if that shouldn't be necessary.
So make sure we always return lower-cased attributs as indexes and add some
unit tests to avoid regressions in the future.
Currently, the sorting being used for the grader report table
(asc/desc arrows) is just the grade_grades.finalgrade.
This adds grade_grades.userid in the sort to prevent duplicate
in records returned when using pages.
* Change the start date of the parent event to the current date
for tests that with events that recur forever.
* Limit query results to 100 for events that recur forever that can
generate more than 100 event records.
Previously when a repeating chat was updating the calendar
it would only update the timestart column. It needs to also
update the timesort column to display correctly on the new
overview.
When using $page->context it calls magic_get_context() in lib/pagelib.php.
This method sets the context to context_system::instance() if it is currently
null and returns that as the context. However, when installing a new site
context_system::instance() also returns null.
2017-05-15 12:40:29 +08:00
2485 changed files with 66179 additions and 161512 deletions
define(["jquery","core/str","core/log","core/notification","core/modal_factory","core/modal_events"],function(a,b,c,d,e,f){varg={clear:{title:{key:"clearpredictions",component:"tool_analytics"},body:{key:"clearmodelpredictions",component:"tool_analytics"}}},h=function(b){returna(b.closest("tr")[0]).find("span.target-name").text()};return{confirmAction:function(i,j){a('[data-action-id="'+i+'"]').on("click",function(i){i.preventDefault();vark=a(i.currentTarget);if("undefined"==typeofg[j])returnvoidc.error('Action "'+j+'" is not allowed.');varl=[g[j].title,g[j].body];l[1].param=h(k);varm=b.get_strings(l),n=e.create({type:e.types.SAVE_CANCEL});a.when(m,n).then(function(a,b){returnb.setTitle(a[0]),b.setBody(a[1]),b.setSaveButtonText(a[0]),b.getRoot().on(f.save,function(){window.location.href=k.attr("href")}),b.show(),b}).fail(d.exception)})}}});
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Strings for tool_analytics.
*
* @package tool_analytics
* @copyright 2016 David Monllao {@link http://www.davidmonllao.com}
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['accuracy']='Accuracy';
$string['allpredictions']='All predictions';
$string['analysingsitedata']='Analysing the site';
$string['analyticmodels']='Analytics models';
$string['bettercli']='Evaluating models and generating predictions may involve heavy processing. It is recommended to run these actions from the command line.';
$string['cantguessstartdate']='Can\'t guess the start date';
$string['cantguessenddate']='Can\'t guess the end date';
$string['clearpredictions']='Clear predictions';
$string['clearmodelpredictions']='Are you sure you want to clear all "{$a}" predictions?';
$string['clienablemodel']='You can enable the model by selecting a time-splitting method by its ID. Note that you can also enable it later using the web interface (\'none\' to exit).';
$string['clievaluationandpredictions']='A scheduled task iterates through enabled models and gets predictions. Models evaluation via the web interface is disabled. You can allow these processes to be executed manually via the web interface by disabling the <a href="{$a}">\'onlycli\'</a> analytics setting.';
$string['editmodel']='Edit "{$a}" model';
$string['edittrainedwarning']='This model has already been trained. Note that changing its indicators or its time-splitting method will delete its previous predictions and start generating new predictions.';
$string['enabled']='Enabled';
$string['errorcantenablenotimesplitting']='You need to select a time-splitting method before enabling the model';
$string['errornoenabledandtrainedmodels']='There are no enabled and trained models to predict.';
$string['errornoenabledmodels']='There are no enabled models to train.';
$string['errornoexport']='Only trained models can be exported';
$string['errornostaticedit']='Models based on assumptions cannot be edited.';
$string['errornostaticevaluated']='Models based on assumptions cannot be evaluated. They are always 100% correct according to how they were defined.';
$string['errornostaticlog']='Models based on assumptions cannot be evaluated because there is no performance log.';
$string['erroronlycli']='Execution only allowed via command line';
$string['errortrainingdataexport']='The model training data could not be exported';
$string['evaluate']='Evaluate';
$string['evaluatemodel']='Evaluate model';
$string['evaluationinbatches']='The site contents are calculated and stored in batches. The evaluation process may be stopped at any time. The next time it is run, it will continue from the point when it was stopped.';
$string['export']='Export';
$string['exporttrainingdata']='Export training data';
$string['getpredictionsresultscli']='Results using {$a->name} (id: {$a->id}) course duration splitting';
$string['getpredictionsresults']='Results using {$a->name} course duration splitting';
$string['extrainfo']='Info';
$string['generalerror']='Evaluation error. Status code {$a}';
$string['getpredictions']='Get predictions';
$string['goodmodel']='This is a good model for using to obtain predictions. Enable it to start obtaining predictions.';
$string['indicators']='Indicators';
$string['info']='Info';
$string['insights']='Insights';
$string['invalidanalysables']='Invalid site elements';
$string['invalidanalysablesinfo']='This pages lists this site analysable elements that can not be used by this prediction model. The listed elements can not be used neither to train the prediction model nor the prediction model can get predictions for them.';
$string['invalidanalysablestable']='Invalid site analysable elements table';
$string['invalidprediction']='Invalid to get predictions';
$string['invalidtraining']='Invalid to train the model';
$string['loginfo']='Log extra info';
$string['modelinvalidanalysables']='Invalid analysable elements for "{$a}" model';
$string['modelresults']='{$a} results';
$string['modeltimesplitting']='Time splitting';
$string['nextpage']='Next page';
$string['nodatatoevaluate']='There is no data to evaluate the model';
$string['nodatatopredict']='No new elements to get predictions for';
$string['nodatatotrain']='There is no new data that can be used for training';
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Strings for component 'tool_httpsreplace'
*
* @package tool_httpsreplace
* @copyright Copyright (c) 2016 Blackboard Inc. (http://www.blackboard.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['complete']='Completed';
$string['count']='Number of embedded content items';
$string['disclaimer']='I understand the risks of this operation';
$string['doclink']='HTTPS conversion tool';
$string['doit']='Perform conversion';
$string['domain']='Problematic domain';
$string['domainexplain']='When a site is moved from HTTP to HTTPS, all embeded HTTP content will stop working. This tool allows you to automatically convert HTTP content to HTTPS.
Before performing the conversion, content will be scanned to find any URLs which may not work after conversion. You may want to check each one has HTTPS available, or find alternative resources.';
$string['domainexplainhelp']='These domains are found in your content, but do not appear to support HTTPS content. After switching to HTTPS, the content included from these sites will no longer display within Moodle for users with secure modern browsers. It is possible that these sites are temporarily or permanently unavailable and will not work with either security setting. Proceed only after reviewing these results and determining if this externally-hosted content is non-essential. Note: This content would no longer work upon switching to HTTPS anyway.';
$string['httpwarning']='This instance is still running on HTTP. You can still run this tool and external content will be changed to HTTPS, but internal content will remain on HTTP. You will need to run this script again after switching to HTTPS to convert internal content.';
$string['notimplemented']='Sorry, this feature is not implemented in your database driver.';
$string['oktoprocede']='The scan finds no issues with your content. You can proceed to upgrade any HTTP content to use HTTPS.';
$string['pageheader']='Upgrade externally-hosted content URLs to HTTPS';
$string['pluginname']='HTTPS conversion tool';
$string['replacing']='Replacing HTTP content with HTTPS...';
$string['searching']='Searching {$a}';
$string['takeabackupwarning']='Warning: After running this tool, changes cannot be reverted. It is recommended that a site backup is made before proceeding, as there is a small risk of wrong content being replaced.';
$string['toolintro']='If you are planning on converting your site to HTTPS, you can use the <a href="{$a}">HTTPS conversion tool</a> to convert your embedded content to HTTPS.';
define(["jquery","core/ajax","core/notification"],function(a,b,c){return{list:function(c,d){vare={context:{contextid:c}};returna.extend(e,"undefined"==typeofd?{}:d),b.call([{methodname:"core_competency_list_competency_frameworks",args:e}])[0]},processResults:function(b,c){vard=[];returna.each(c,function(a,b){d.push({value:b.id,label:b.shortname+" "+b.idnumber})}),d},transport:function(b,d,e){varf=a(b),g=f.data("contextid"),h=f.data("onlyvisible");if(!g)thrownewError("The attribute data-contextid is required on "+b);this.list(g,{query:d,onlyvisible:h}).then(e)["catch"](c.exception)}}});
define(["jquery","core/ajax","core/notification"],function(a,b,c){return{list:function(d,e){varf,g={context:{contextid:d}};returna.extend(g,"undefined"==typeofe?{}:e),f=b.call([{methodname:"core_competency_list_competency_frameworks",args:g}])[0],f.fail(c.exception)},processResults:function(b,c){vard=[];returna.each(c,function(a,b){d.push({value:b.id,label:b.shortname+" "+b.idnumber})}),d},transport:function(b,c,d){vare=a(b),f=e.data("contextid"),g=e.data("onlyvisible");if(!f)thrownewError("The attribute data-contextid is required on "+b);this.list(f,{query:c,onlyvisible:g}).then(d)}}});
define(["jquery","core/templates","core/ajax","core/notification","core/str","tool_lp/menubar","tool_lp/event_base"],function(a,b,c,d,e,f,g){varh=function(){g.prototype.constructor.apply(this,[])};returnh.prototype=Object.create(g.prototype),h.prototype._nodeSelector='[data-node="user-competency"]',h.prototype._cancelReviewRequest=function(a){varb={methodname:"core_competency_user_competency_cancel_review_request",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-request-cancelled",a),this._trigger("status-changed",a)}.bind(this))["catch"](function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.cancelReviewRequest=function(a){this._cancelReviewRequest(a)},h.prototype._cancelReviewRequestHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.cancelReviewRequest(c)},h.prototype._requestReview=function(a){varb={methodname:"core_competency_user_competency_request_review",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-requested",a),this._trigger("status-changed",a)}.bind(this))["catch"](function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.requestReview=function(a){this._requestReview(a)},h.prototype._requestReviewHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.requestReview(c)},h.prototype._startReview=function(a){varb={methodname:"core_competency_user_competency_start_review",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-started",a),this._trigger("status-changed",a)}.bind(this))["catch"](function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.startReview=function(a){this._startReview(a)},h.prototype._startReviewHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.startReview(c)},h.prototype._stopReview=function(a){varb={methodname:"core_competency_user_competency_stop_review",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-stopped",a),this._trigger("status-changed",a)}.bind(this))["catch"](function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.stopReview=function(a){this._stopReview(a)},h.prototype._stopReviewHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.stopReview(c)},h.prototype.enhanceMenubar=function(a){f.enhance(a,{'[data-action="request-review"]':this._requestReviewHandler.bind(this),'[data-action="cancel-review-request"]':this._cancelReviewRequestHandler.bind(this)})},h.prototype._findUserCompetencyData=function(a){varb,c=a.parents(this._nodeSelector);if(1!=c.length)thrownewError("The evidence node was not located.");if(b=c.data(),"undefined"==typeofb||"undefined"==typeofb.userid||"undefined"==typeofb.competencyid)thrownewError("User competency data could not be found.");returnb},h.prototype.enhanceMenubar=function(a){f.enhance(a,{'[data-action="request-review"]':this._requestReviewHandler.bind(this),'[data-action="cancel-review-request"]':this._cancelReviewRequestHandler.bind(this),'[data-action="start-review"]':this._startReviewHandler.bind(this),'[data-action="stop-review"]':this._stopReviewHandler.bind(this)})},h.prototype.registerEvents=function(b){varc=a(b);c.find('[data-action="request-review"]').click(this._requestReviewHandler.bind(this)),c.find('[data-action="cancel-review-request"]').click(this._cancelReviewRequestHandler.bind(this)),c.find('[data-action="start-review"]').click(this._startReviewHandler.bind(this)),c.find('[data-action="stop-review"]').click(this._stopReviewHandler.bind(this))},h});
define(["jquery","core/templates","core/ajax","core/notification","core/str","tool_lp/menubar","tool_lp/event_base"],function(a,b,c,d,e,f,g){varh=function(){g.prototype.constructor.apply(this,[])};returnh.prototype=Object.create(g.prototype),h.prototype._nodeSelector='[data-node="user-competency"]',h.prototype._cancelReviewRequest=function(a){varb={methodname:"core_competency_user_competency_cancel_review_request",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-request-cancelled",a),this._trigger("status-changed",a)}.bind(this),function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.cancelReviewRequest=function(a){this._cancelReviewRequest(a)},h.prototype._cancelReviewRequestHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.cancelReviewRequest(c)},h.prototype._requestReview=function(a){varb={methodname:"core_competency_user_competency_request_review",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-requested",a),this._trigger("status-changed",a)}.bind(this),function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.requestReview=function(a){this._requestReview(a)},h.prototype._requestReviewHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.requestReview(c)},h.prototype._startReview=function(a){varb={methodname:"core_competency_user_competency_start_review",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-started",a),this._trigger("status-changed",a)}.bind(this),function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.startReview=function(a){this._startReview(a)},h.prototype._startReviewHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.startReview(c)},h.prototype._stopReview=function(a){varb={methodname:"core_competency_user_competency_stop_review",args:{userid:a.userid,competencyid:a.competencyid}};c.call([b])[0].then(function(){this._trigger("review-stopped",a),this._trigger("status-changed",a)}.bind(this),function(){this._trigger("error-occured",a)}.bind(this))},h.prototype.stopReview=function(a){this._stopReview(a)},h.prototype._stopReviewHandler=function(b){b.preventDefault();varc=this._findUserCompetencyData(a(b.target));this.stopReview(c)},h.prototype.enhanceMenubar=function(a){f.enhance(a,{'[data-action="request-review"]':this._requestReviewHandler.bind(this),'[data-action="cancel-review-request"]':this._cancelReviewRequestHandler.bind(this)})},h.prototype._findUserCompetencyData=function(a){varb,c=a.parents(this._nodeSelector);if(1!=c.length)thrownewError("The evidence node was not located.");if(b=c.data(),"undefined"==typeofb||"undefined"==typeofb.userid||"undefined"==typeofb.competencyid)thrownewError("User competency data could not be found.");returnb},h.prototype.enhanceMenubar=function(a){f.enhance(a,{'[data-action="request-review"]':this._requestReviewHandler.bind(this),'[data-action="cancel-review-request"]':this._cancelReviewRequestHandler.bind(this),'[data-action="start-review"]':this._startReviewHandler.bind(this),'[data-action="stop-review"]':this._stopReviewHandler.bind(this)})},h.prototype.registerEvents=function(b){varc=a(b);c.find('[data-action="request-review"]').click(this._requestReviewHandler.bind(this)),c.find('[data-action="cancel-review-request"]').click(this._cancelReviewRequestHandler.bind(this)),c.find('[data-action="start-review"]').click(this._startReviewHandler.bind(this)),c.find('[data-action="stop-review"]').click(this._stopReviewHandler.bind(this))},h});
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.