Previously we appended a dot at the end of IP addresses and domain names in the
cURL security helper, but it causes issues with Google OAuth so this patch removes it.
Previously some of the unit tests were passing "by accident" becuase
we had the security helper letting through domains where the DNS lookup
failed. That behaviour has changed and now such domains are blocked.
Additionally tests for domains with multiple A records and weird Unicode
stuff have been added.
This patch also mocks the DNS resolution in the test, rather than actually
resolving the domain.
Freaky deaky Unicode/octal/hex domains can be resolved by cURL but are technically not valid.
This patch causes anything that Moodle does not consider to be a valid domain or IP to be blocked
by the cURL security helper.
The class dimmed_text would only dim the activity's title and not the icon.
The teacher has both, icon and text, dimmed. So I added the class dimmed
to the class dimmed_text, what dims both elements for the students.
Files that are oversized could have been uploaded by a user who
can ignore the file size limits. These files should not be deleted
in these situations.
Make sure we always checks for failed validation, before redirecting.
A positive return value does not signal that all settings were able
to be written, only that at least one was - errors still need to be
checked!
When an assignment submission is reverted to a draft, the timemodified on
the submission should not be modified. Changing the timemodified causes the
editpdf code to assume the pdf is stale, and forces all annotations to be removed.
* Improve test_choice_get_my_response() to verify the sorting of the
responses returned by choice_get_my_response().
* Fix correct usage of choice_get_my_response().
There is an edge case whereby redis will fail
to accept connections on the first try but
retrying the connection seems to make it work
Included in this commit:
* Retry functionality in the session init
If the file does not have Unix line endings then the regular expression
in oci_native_moodle_database::attempt_oci_package_install() does
not split it correctly.
This leads to an invalid package being created in Oracle.
The .gitattribute file changes for oci_native_moodle_package.sql
force it to have Unix style line endings when the branch is checked
out and the file does not already exist.
The file has been modified so that the Unix style line endings are
applied even if the file already exists, for example when pulling in
this change to an existing branch.
The core_completion_get_activities_completion_status was getting the
progress for all users on the course called, and then discarding all
the records but one.
This change ensures that only progress for the user we are interested in
is retrieved from the database.
This has a side benefit of removing a full table scan from the query
finding the users inside the get_progress_all() method.
The list of courses displayed at the user's dashboard - course overview
block, had the sorting hard-coded to order by fullname. This did not
respect the site setting "navsortmycoursessort" and led to inconsistent
behaviour with "My courses" list in the navigation.
Only course tools are backed up, site tools and registrations
can be matched by id if they are restored to the same site only.
For predefined course tools the secret is backed up encrypted
and can be restored on the same site only.
Before MDL-59854 it was possible to have duplicate forum subscriptions.
Trying to import backups created from back then, caused a DB exception
due to unqiue key constraints. Now only one of multiple identical forum
subscritions is restored.
- If 'coursename' is specified in the CSV it should match the course short name - thanks Yusuf Yılmaz for the patch
- If 'idnumber' is specified but 'groupidnumber' is not, idnumber should be used for matching the course idnumber only
- If 'groupingname' is not specified, there should be no notices (regression from MDL-42514)
- If 'coursename' or 'idnumber' column is present, it can contain empty values in some/all lines
The function groups_get_user_groups is called too often both before rendering the page and after the page is rendered (using ajax).
The function was executing a query joining 3 tables in each call. The plementation of the function has now modified to store the
query result in a request cache.
Fixed the functionality which ticks or unticks all checkboxes when
clicking the Select all or Deselect all elements when viewing the
responses.
Caused by deprecating checkall and checknone functions in
MDL-57490.
Sometimes the "theme" and "lang" fields in the user and course tables
in the database are set to incorrect values (uninstalled or
non-existent themes and language packs).
This makes Web Services functions to fail because the WS server
validate the returned data using the validate_param function that clean
parameters.
If the privacy option "Accept grades from the tool" is disabled, the
module should not appear in the gradebook when edited inline or when
recover grades is running during enrolment.
If the user decides to remove a repository all of the linked
files are now deleted along with file references. This was causing
problems such as the course page displaying an error with no recourse
to fix the problem.
Web Services from user and enrol components has been updated to change
the user preference name field type from PARAM_ALPHANUMEXT to
PARAM_RAW.
The old type was not matching the core functionality.
The google_oauth class extends oauth2client which was modified to send "Accept" headers.
The "Accept" headers break picasa and could break any other plugin that was using google_oauth.
The recordsets used for search indexing sometimes return results
which are invalid (e.g. cannot be found in database). When this
happens, the result in the iterator for the recordset will be
false. Due to a bug, the iterator used to stop when it encountered
a false value, which prevented indexing from getting past the
problematic record.
In addition, the iterator that skips future data resulted in the
current() function of its parent indicator being called twice per
entry, which meant that search indexing called get_document()
twice as many times.
If any of the access rules require the attempt to open in a new window, assume we
require javascript to attempt the quiz. This makes it harder to bypass the javascript
pseudo security restrictions.
The mtrace function is preferable for plain text logging/progress
output because it can be redirected if necessary. By convention it
is normally used in cron and can be used in CLI tasks if required.
This change makes the text_progress_trace class use mtrace instead
of echo and then flush. (Default behaviour of mtrace is to do
exactly that, but it can be redirected too.)
Before this change, if anybody is relying on mtrace behaviour to
redirect logs of cron output, this will fail for some parts of the
search cron output (and some other places like auth plugins).
Previously, when a during backup/restore the "Schema"-stage is loaded,
some settings are fixed if they are LOCKED_BY_HIERARCHY. However, user
data fields of activities can be locked, when the section they are
contained in has user data set to false. When this setting is changed on
the same screen, the fixed setting of the activity can not be "unfixed"
by javascript.
This patch adds a settings-level to the call of is_changeable. With this
only those dependency_settings are considered, which belong to parent
settings, which are not changeable on the current stage.
The function is_locked was changed to determine only, if the
dependency_setting want's the dependent setting to be locked.
In the previous version, is_locked did not only check, if the
dependency_setting want's the setting to be locked, but also if the
setting was already locked. A recursive call to the status of the
dependent setting leaded to problems, when unlocking locked settings.
Also the PHPDOC of the is_locked was adjusted to coincide with the current
usage in backup_ui_settings->is_changeable() and
base_setting->set_status(). In both functions all dependency_settings of
a setting are iterated to check if this setting should be or is LOCKED_BY_HIERARCHY.
The actual state of the setting was therefore either checked beforehand
or is not interesting, since the question is, if it shall be changed.
This new test defines different combinations of global and local user
data settings during the restore process and tests that global defaults
can be overriden.
When the teacher is upgrading a previously entered grade, we re-display
exactly what they typed before if possible, rather than displaying with
a set number of decimal places.
I removed the additional tooltips because I think that they are just used
in the notifications and messages context and duplicate the all over used
title tag that gives the same information when hovering. So the whole system
stays more consistently.
Copy / adapt some styles from the bootstrap progress widget to match the DOM used for file upload progress.
Bootstrap changed this alot in the current beta so I opted to do a minimal change (affect the scss for boost only), rather
than adapt the HTML to something that will change again anyway when we upgrade to the release version of bootstrap 4.
This patch conbines valuable contributions from Kashmira Nagwekar and
Luca Bösch. Many thanks to them. However, the final form of the fix,
and hence the blame, falls to me -- Tim.
There were several issues here:
* The load_questions_usages_by_activity method in
question/engine/datalib.php was incorrectly treating the case
when no data was returned. (Looks like a historic copy-pase from
other methods that fetch one item by unique id, which therefore
must exist.)
* The report was not correctly handling the display when the 'Which
tries' was set to 'with, and without, attempts'.
* It was possible to select the 'All tries' option when also saying
'Users without attempts'. This combination makes not sense, so
a disabledIf rule was added to the form.
The following InnoDB file format configuration parameters were deprecated
in MySQL 5.7.7 and are now removed:
- innodb_file_format
- innodb_file_format_check
- innodb_file_format_max
- innodb_large_prefix
File format configuration parameters were necessary for creating tables
compatible with earlier versions of InnoDB in MySQL 5.1.
Now that MySQL 5.1 has reached the end of its product lifecycle,
the parameters are no longer required.
The FILE_FORMAT column was removed from the INNODB_SYS_TABLES and
INNODB_SYS_TABLESPACES Information Schema tables.
Ref: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-0.html
If you have Global Search set up on a site without file
indexing enabled, then at a later date you enable file indexing
files associated with existing objects are not added.
The only way to have files for existing objects indexed is to
run a reindex of all content.
This patches updates the file indexing language string in the
solr search settings of Global Search to make this clear
to the site administrator.
Triggering a fatal error in an adhoc task is bad. It will be retried indefinitely.
Even though we are not sure how to get a module instance without a course module record,
it is possible and should not kill the Moodle site.
Before this implementation, both resourcekey and password
were not being included in the backups, so old backups are
missing them. To keep upwards compatibility and avoid a PHP
Notice (undefined property), existence is checked via isset(),
that is the usual way all over the restore process.
The singlescobasic_missingorg.zip file includes a modified version of
the javascript which deliberately breaks content.
We need it to have different file names to not break other similar copies
of the file.
Significant string changes:
* errorretrievingkey in message_airnotifier - improved wording and
removing reference to Moodle.org
* enddate_help and courseduration_desc in core - clearer wording
explaining what the date actually does
* restore:viewautomatedfilearea in core_role - changing wording to match
the behaviour
* dropzones_help in qtype_ddmarker - improved wording
* autologinkeygenerationlockout in tool_mobile - updated error message
* configallowemailaddresses in core_admin - clearer description
* subscriptionmode_helpin mod_forum - removing misleading sentence about
subscription mode changes not affecting existing users
- Uses site generated (on backup) key.
- Can be applied potentially everywhere in the restore process.
- Covered with unit tests.
- Authentication / integrity aware so can be used between any 2 servers
(just requires matching key).
- Built using standard backup custom fields.
- Can be applied potentially everywhere.
- Automatically addded 'encrypted' attribute.
- Defaults to site generated key.
- Enforces key robutness / provides authentication (hmac integrity)
- Covered with unit tests.
SCORM 2004 uses the element 'cmi.completion_status' to store the
completion status of a SCO, not 'cmi.core.lesson_status'.
This amends scorm_check_mode so that the right element is looked up.
When scorm_version_check returns false, SCORM 1.2 is assumed.
We were previously testing tha the parent is valid, which it was, and
then fetching the current record, before fetching data from it.
However, the way in which the recordset walk works, the valid function
checks whether the _record_ itself is valid, whilst the current allows
for a callback to be applied.
In this instance, the data-entry was failing because the count of
indexfields was < 2. The recordset data itself was valid, but the view
was not, and as a result, the current() function returned false.
This false was not previously handled.
I've changed the logic so that we handle this case, and have removed a
double-negative in the process.
Due to race conditions in the function subscribe_user
it was possible to create duplicate forum subscriptions.
This lead to error messages, when displaying the list of
all subscriptions.
This patch removes all existing duplicate entries and
creates a unique db key to prevent this from happening in
the future.
Without this change, Moodle fails to provide any data when requesting a
thumbnail for a non-image file as its looking to provide a SVG file that
doesn't exist.
* The styles ".course-content ul.topics li.section .right img.icon" and
".course-content ul.weeks li.section .right img.icon" are now kind of
irrelevant and are causing course section action menu items in
Bootstrapbase to be rendered without spacing between the action menu
icon and the label.
Add html files to the file types that Google can convert. This allows
the Google Drive converter to convert online submissions to pdf. This
fixes an issue where if online submissions is selected and the Google
Drive converter is used all conversions fail and produce a single
blank pdf. Credit to Peter Svec for the idea for this fix.
As reported in MOBILE-1511, Vimeo videos restricted by domain are not
working in the app.
The reason is simple: The restriction is done by the Referer HTTP
header, when a video is embedded via an iframe in the Moodle Site,
Vimeo checks the Referer to see if it matches the specified domain.
When the video is embedded in the mobile app, the Referer is the one
provided by the app Cordova container so Vimeo won't allow playing the
video.
The solution is to add an extra iframe on top of the Vimeo embedding
one (like a proxy), the app will display an iframe pointing to a page
in the site that will include the iframe pointing to vimeo so the
restriction check will work.
list_user_competencies_to_review() orders by shortname, but the test
creates 2 user competencies with the same short name, resulting in
unpredictable results. This patch fixes that.
The item field is defined as PARAM_TEXT (no HTML tags allowed except
for multilang).
Using the s that add quotes to HTML characters we avoid potential Web
Services invalid parameters errors.
The page admin/search.php is the default administration page in Boost
based themes. It should behave the same as admin/index.php or
my/index.php and check if the site needs upgrade.
When the wwwroot indicates https support and a page is accessed over http,
redirect to the wwwroot. This is a better experience than displaying an error.
Backport of MDL-58318.
When files are copied into the system account's drive, they are put into
folders respecting the structure of contexts. Folder names were based on
context names only and so were likely to collide (such as with users
with the same name).
The patch ads context instance identifiers to the name so that they can
be identified more reliably.
The values stored in these user preferences were valid for the old
flickr auth mechanism and are not usable any more. The new oauth1 based
version needs to store both the token (in the flickr_access_token
preference) and the token secret (flickr_access_token_secret). The new
version does not need to store the user's nsid.
The cryptic names of these legacy settings are a result of how dealing
with user preferences was originally implemented.
The patch makes the Flickr repository use the new oauth1 based client.
Beside that, other improvements include:
* Does not attempt to guess the photo URL any more. Instead uses
url_sq and url_o extras of the flickr.photos.search call.
* The photos.search does not return the information about the photo size
so we set it to null (previously was returned as 'unknown' which made
it be displayed as zero).
* Does not perform additional API request to obtain the manage URL, uses
https://www.flickr.com/photos/organize instead.
Provide a more meaningful error message and debuginfo allowing to
diagnose what is going on. In case of flickr, this is typically thrown
when flickr API responses with their "bad, bad panda" HTML page instead
of the expected reply.
As per the oauth1 spec, the oauth_callback is supposed to be passed only
when obtaining the initial request token. The client used to append it
automatically to all requests which broke the request signature.
Fixed to return both those roles in the profileroles site policy and
any roles which the current user can assign in the respective context,
meaning a user can see a link to any role they can assign.
My solution is to remove the padding that's added within scss/bootstrap/_navbar.scss (line 72)
for the case that a logo (has-logo) is uploaded and displayed within the navbar.
Removing this padding will center the image within the navbar.
Changes to the folder contents were not resulting in the
timemodied of the folder activity being set. This prevented
global search from picking up the changes.
If an indexed file has been modified or deleted the search index
will still reference the old file. Remove the file from search
results until the change has been indexed.
We can't really control the direct web access to directories in dirroot,
that is part of the server setup. So we at least warn admins as they may
not realize the risks of having directories like vendor or node_modules
exposed.
Credit goes to Petr Škoda for mentioning the PHPUnit issue CVE-2017-9841
to me.
Make sure to check that $user in enrolled in $course before checking
whether the current user has capabilities in that course, and make sure
that we don't check user context caps when handling a specific course.
The course object passed as parameter to extend_navigation_user
callback contained only a few parameters, some parameters like
showgrades or showreports were missing.
The callback should receive a full course object.
Error messages should be prominent to screen readers as well as visual users,
adding the role alert is recommended way to achieve it for screen readers and this is
also what we do for ->notification apis
* Removed the div with the class 'form-group' that's enclosing the
select element and friends. It's not needed since the urlselect template
is an inline form.
* Also, for completeness, I added the helpicon data for the template's
context.
Make indexing of user messages tolerant to user deletion.
When creating the search document for user messages,
add a check to see if the user has been deleted in the
system. If they have been deleted abort creating the search
document.
This is to avoid rasining an error when trying to get the
user context for a deleted user.
Instead of putting vertical-align: middle as indication for participants table
headers, none is set which leads to theme default, i.e. bottom in Clean and Boost.
If a malformed value was passed, it may be that we can still display it.
We should not assume that, if a string is not passed, that we are
dealing with a promise.
This is an old bit of UI inconsistency. For some reason it used to take
people to the list of all courses. Given modern Moodle usability
conventions, that does not really make sense any more.
Change to download_rewrite_pluginfile_urls() ensuring prefix isn't
added to file links when downloading with the downloadasfolders
user preference set to true. Links to files in onlinetext now work
when downloading as folders.
assign->download_submissions():
- groupname now only added to zip file name if not empty, fixing a
double hyphen bug in the file name.
assign->download_rewrite_pluginfile_urls():
- groupname is now correctly determined using get_submission_group()
instead of using groups_get_activity_group() which fails when there
is no active activity group set. Uses the same logic that
download_submission() uses to prefix file names. Fixes a bug where an
empty groupname prefix was generated, resulting in broken links.
This function used to check only those courses shared by both users
when it should have been checking all courses in which $user is
enrolled. Managers can view a user's course profile without necessarily
sharing the course (being enrolled in) with the $user.
* We have duplicate input event handlers for the autocomplete element
which are both firing when the input element's value is being set.
In case an AJAX handler is defined for the autocomplete suggestions,
this causes the autocomplete suggestions so show "No suggestions" first
and then load the results from the AJAX handler a little bit later.
There are times, such as when viewing a user profile within a course,
when user_can_view_profile() should be passed a course to force it to
restrict its capability checks to only the supplied course. This change
makes sure that core_renderer->context_header() calls this correctly.
This patch adds the missing 'escaping' option to all remaining
xmlrpc_encode_request() calls in the moodle core code.
Without this, the xmlrpc_decode_request() call on the server side may
lead to wrongly decoded non-ascii characters.
The unit test was creating four events, and then relying on them being
retrieved in the order in which they were created.
I've modified the test to:
* ensure timecreated are spaced apart; and
* add an order by timecreated when fetching them.
These tests are an abuse and should not have been accepted. Behat tests should use real pages.
Adding testing only entry points to Moodle is a bad security practice and is not the purpose of behat.
* Add student1 and student2 login/logout steps for the course
participants filtering scenario in order to have last access data
for students 1 and 2 since the participants table is sorted by last
access by default.
* Convert the two course participants scenario to a scenario outline.
The steps are basically the same. Only the view mode is different.
* Remove @javascript tags for the following scenario:
- Filter users on assignment submission page
- Filter users on view gradebook page
- Filter users on course participants page
JS is not really necessary in these scenario and we can get faster
execution time.
For pass/fail setting to work properly, activities must have 'Require grade' completion set,
just make sure we don't allow activities without this setting to be set
slightly refactor duplicate_module() code so it does not rebuild course cache
twice and also we do not need to move module if it is already the last module in a section
totalcount was incorrectly calculated for normal search.
For advanced search it was working as expected.
This was making searched entries pagination behave incorrectly.
When updating the mysql system to utf8mb4 not all tables are
converted to the row format of compressed or dynamic. If a new
index is created there is a possibility that the table could be
using compact or redundant and then an error will be shown saying
that the index size is too large. This fix handles this exception
and converts the table over to compressed.
Do not use custom pfofile field name as a field alias in DB query, use field id instead.
DML lowercases all column aliases and fields with uppercase letters no longer match.
Even when course module is not available the intro text can still be visible on the
course page. In this case the availability restriction is displayed to the student
but link to the activity is not available
The url, which was used for guessing the image, was queried with the
key 'discoveryurl', which is not defined in the context of an issuer.
The baseurl should be sufficient to retrieve the favicon.ico from a
server. That's why the key for was changed from 'discoveryurl' to
'baseurl'.
Since the refactoring towards using the filepicker for file and picture
fields there are several variables, which are set but never read. Thus,
I removed them.
When a file or picture field was added with existing records, these
records could not be saved, since the draft area was not created
properly.
Co-authored-by: Jérôme Mouneyrac <mouneyrac>
Due to Moodle 2.7 and Moodle 3.4 not having a common compatible php version
between them to upgrade from Moodle 3.4 from Moodle 2.7 you'll need to upgrade
to a higher version first or upgrade php at the same time as upgrade,
this encourages the former.
Removed the concat to generate the uniqueid field for the popup
notifications data. The concat can't be used directly in the SQL because
the syntax changes between databases. The sql_concat helper can't be
used because it assumes all values are database columns (which they
aren't in this case).
Instead I've just removed the uniqueid field because it isn't required
for the union all to work and the field isn't being used by anything.
This should fixed the compatibility issues between databases.
Based on work by Tim Lock <tim.lock@blackboard.com>
While upgrading to Moodle 2.8 or above it is possible for it to fail if
the site has multiple graded attempts for a user without an associated
submission record. This caused the upgrade to violate the databases
unique key rules.
This same issue could apply to a backup that was created of an
assignment that had this issue, when it is restored into Moodle 2.8 or
later.
This change adds the attempt number from the grade table into the query
that is inserting the new submission record (thanks to Tim). It also
moves the insert query before the latest flag is set on submission
records to ensure that only one has it, without this it is possible that
multiple submission records would be marked as the latest after an
upgrade or restore.
The OR clause in these queries used different sets of columns to select
userid which meant that the indexes that included user id could not be
used.
This change splits the query so that each individual part can use one of
the indexes that includes a userid which speeds them up considerably.
When a user is entering a password which isn't returned back to them
then its not correct to use the unmask element - this element was
designed for places where we are storing shared secrets.
Fix to:
- Make sure we properly check both user and course contexts in
the load_for_user function in navigation lib and user the
user_can_view_profile function for same-course access checks.
- Use user_can_view_profile in the renderer's context_header to
properly decide whether a user can view another user's picture
and messaging options in the page header.
Fixes a bug in which a user's full name might be disclosed via the
nav tree. Nav generation now checks the current user's access to the
user before adding the node, else adds a dummy node.
In the core dml:
PostgreSQL connections now use advanced options to reduce connection overhead.
These options are not compatible with some connection poolers. The
dbhandlesoptions parameter has been added to allow the database to configure
the required defaults.
This item adds a setting to the logstore_database plugin to let you set the
same flag for your destination database - without it you won't be able to ship
logs to a postgresql database with a pgbouncer frontend.
Mustache templates containing {{#js}} blocks are not returned via the
fragments API. This is because the requirements manager is assigned when the renderer is created
and not updated by the call to start collecting page requirements.
Switch back to GCE build infrastructure for Travis Builds and move
databases to RAM Disk.
This also adds a software entropy generator (haveged) which is
recommended when using a RAMdisk for the database.
Also removed write_header() and write_footer(). The reason for this
is because in core we want to know if the format being used supports
multiple sheets. To do this, and ensure we do not break third-party
dataformat plugins, we are using method_exist(). If write_header()
and write_footer() remain in the base class then this will always
be true.
Remove unittest-specific callbacks for checking access and displaying
the calendar events on the dashboard.
This will allow plugin developers unittest the full behavior
of how their plugins add events to the dashboard.
Reset all static caches between unittests.
In the issue MDL-39319 (6ddf92c77), the ability to uninstall multiple
language packs at once was added. By a mistake, the PARAM_ALPHAEXT was
used as paramater type for the dash-separated list of language packs to
be uninstalled. Language packs with a number in the name (such as
en_us_k12) do not pass the ALPHAEXT cleaning.
This patch changes the parameter cleaning to PARAM_SAFEPATH which is
more appropriate for the given scenario as language code themselves must
be SAFEDIRs.
Default of $params = null leads to a problem in query_db().
There this value is used in array_merge, which can not handle null
values. If null is passed for one of the params the outcome will be null
independent of the value of the second param!
Repository instances are stored in the 'repository' table. Repositories
in the table are either 'Enabled and visible' or 'Enabled but hidden'.
Hidden repositories still serve their files, but are not visible in the
filepicker UI. Disabling a repository instance removes its record from
the table.
In the original implementation of the plugin manager (see b9934a17), the
method plugintype_repository::get_enabled_repositories() correctly
returned all records from the repository table. Then as a part of the
bigger refactoring in MDL-41437, the commit bde002b8 replaced the
original method with the new get_enabled_plugins() one which started to
return visible repositories only.
As a consequence, the admin tree stopped populating setting page nodes
for hidden repository instances. So attempting to visit their setting
page threw a section error. Credit goes to Ike Quigley for debugging and
tracing this down.
This patch fixes the way how the list of enabled repositories is
populated by the plugin manager so that both visible and hidden
repositories are returned again. This does not affect the filepicker
itself as it is using its own methods for obtaining the list.
There can be a different number of courses displayed in the
'Navigation' block and in the 'Flat' navigation. This patch
decides what courses we want to display on each, then
applies the 'navcourselimit' setting individually.
Add string "Side panel" to make the purpose of
trigram/hamburger icon at top left clearer, particularly
when using screen readers e.g. Jaws/NVDA.
Currently it reads out only "expand"
If we let videojs auto-init the video/audio tags present in the page - we cannot guarantee that the
youtube library will be loaded by the time video.js is processing the tag.
Video.js uses the presence of a data-setup attibute to signal that it should auto-init this tag, so
we have to rename our config attribute to something else.
The availability info text can be either a one line short text such as
"Hidden from students" but it can also be a long HTML formatted text
with the list of all restricted access conditions. For the latter, using
bootstrap labels was not appropriate.
This extends the template context data with some boolean flags that
allow to better distinguish the source and meaning of the availability
information and display it accordingly.
Credit goes to Marina Glancy for the solution idea.
Find any events records for assign group overrides having null priority
and sets their priority to the sortorder value from the corresponding
assign_overrides table entry.
Fixed a bug in which $fromform->sortorder wasn't set before passing
$formdata to assign_update_events, resulting in the existing event
priority being incorrectly nulled and breaking the effective override.
The previous behaviour was to only lock when in theme designer mode.
As a result, when generating the theme for after a reset, each new
client was starting the generation afresh and no locking was taking
place at all.
This version includes a fix[1] contributed by Frédéric Massart investigating
our compilation time issues, which significantly improves the speed of
processing font awesome.
Thanks, Fred!
[1] https://github.com/sabberworm/PHP-CSS-Parser/pull/120
Starting with npm version 5, npm install will generate a lockfile
(now named package-lock.json) or update the existing npm-shrinkwrap.json
To prevent changes being generated in the codebase when this happens, we
need to commit the version 5 generated shrinkwrap.
This is related to a general overhaul [1] of how npm manages things. But
for our purposes, we the lockfile should be BC to previous versions [2].
Going forward, we need to ensure we generate the lockfile on npm >=5 to
prevent differences from the previously un-versioned lockfile.
[1] http://blog.npmjs.org/post/161081169345/v500
[2] https://github.com/npm/npm/issues/16728#issuecomment-305104149
* Use the calendar_event::description property and format it using
format_text() on it in order to apply the appropriate filters.
* Then use html_to_text() on it to strip the tags and convert the
description to plain text while converting <br> and <p> tags to
line breaks.
When certainty-based marking is used, grades can 'exceed' the maximum grade
(because they are multiplied by factors). Therefore, in such cases, don't show
no warning.
There are situations where we need to sort events on a field called
"timesort", but sometimes it is not set. So we can fall back to
"timestart" in this case.
While ldap_get_entries_moodle() PHPdocs state that it returns "array
ldap-entries with lower-cased attributes as indexes.", this is not true. It
uses ldap_get_attributes() internally, which returns both numerically indexed
attribute names, and dictionary-like entries indexed by attribute names.
Current code lowercases the dictionary-like entries, but then uses the
numerically indexed entries for the attribute names used as keys in the
returned array. The numerically indexed names might or might not be lowercased,
depending on the LDAP server and PHP version) version. E.g., OpenLDAP 2.x,
Novell eDirectory 8.x and MS Active Directory return mixed-cased attribute
names, and PHP 5.x and PHP 7.x don't lowercase them inside ldap_get_entries().
This is probably why all calls to ldap_get_entries_moodle() are followed by
calls to array_change_key_case(), even if that shouldn't be necessary.
So make sure we always return lower-cased attributs as indexes and add some
unit tests to avoid regressions in the future.
Currently, the sorting being used for the grader report table
(asc/desc arrows) is just the grade_grades.finalgrade.
This adds grade_grades.userid in the sort to prevent duplicate
in records returned when using pages.
* Change the start date of the parent event to the current date
for tests that with events that recur forever.
* Limit query results to 100 for events that recur forever that can
generate more than 100 event records.
Previously when a repeating chat was updating the calendar
it would only update the timestart column. It needs to also
update the timesort column to display correctly on the new
overview.
When using $page->context it calls magic_get_context() in lib/pagelib.php.
This method sets the context to context_system::instance() if it is currently
null and returns that as the context. However, when installing a new site
context_system::instance() also returns null.
@@ -31,7 +31,7 @@ $string['delete_confirmation'] = 'Are you absolutely sure you want to remove <st
$string['deletea']='Delete {$a}';
$string['deletefiletypes']='Delete a file type';
$string['description']='Custom description';
$string['description_help']='Simple file type description, e.g. ‘Kindle ebook’. If your site supports multiple languages and uses the multi-language filter, you can enter multi-language tags in this field to supply a description in different languages.';
$string['description_help']='Simple file type description, e.g. \'Kindle ebook\'. If your site supports multiple languages and uses the multi-language filter, you can enter multi-language tags in this field to supply a description in different languages.';
$string['descriptiontype']='Description type';
$string['descriptiontype_help']='There are three possible ways to specify a description.
@@ -49,15 +49,15 @@ $string['error_defaulticon'] = 'Another file extension with the same MIME type i
$string['error_extension']='The file type extension <strong>{$a}</strong> already exists or is invalid. File extensions must be unique and must not contain special characters.';
$string['error_notfound']='The file type with extension {$a} cannot be found.';
$string['extension']='Extension';
$string['extension_help']='File name extension without the dot, e.g. ‘mobi’';
$string['extension_help']='File name extension without the dot, e.g. \'mobi\'';
$string['groups']='Type groups';
$string['groups_help']='Optional list of file type groups that this type belongs to. These are generic categories such as ‘document’ and ‘image’.';
$string['groups_help']='Optional list of file type groups that this type belongs to. These are generic categories such as \'document\' and \'image\'.';
$string['icon']='File icon';
$string['icon_help']='Icon filename.
The list of icons is taken from the /pix/f directory inside your Moodle installation. You can add custom icons to this folder if required.';
$string['mimetype']='MIME type';
$string['mimetype_help']='MIME type associated with this file type, e.g. ‘application/x-mobipocket-ebook’';
$string['mimetype_help']='MIME type associated with this file type, e.g. \'application/x-mobipocket-ebook\'';
$string['pluginname']='File types';
$string['revert']='Restore {$a} to Moodle defaults';
$string['revert_confirmation']='Are you sure you want to restore <strong>.{$a}</strong> to Moodle defaults, discarding your changes?';
$string['databasehandlesoptions_help']='Does the remote database handle its own options.';
$string['databasetable']='Database table';
$string['databasetable_help']='Name of the table where logs will be stored. This table should have a structure identical to the one used by logstore_standard (mdl_logstore_standard_log).';
$string['includeactions']='Include actions of these types';
$string['androidappid_desc']='This setting may be left as default unless you have a custom Android app.';
$string['autologinkeygenerationlockout']='Auto-login key generation is blocked because of too many requests within an hour.';
$string['autologinkeygenerationlockout']='Auto-login key generation is blocked. You need to wait 6 minutes between requests.';
$string['autologinnotallowedtoadmins']='Auto-login is not allowed for site admins.';
$string['cachedef_plugininfo']='This stores the list of plugins with mobile addons';
$string['clickheretolaunchtheapp']='Click here if the app does not open automatically.';
@@ -37,18 +37,20 @@ mm.user.student|Aprendiz|es
</pre>
For a complete list of string identifiers, see the documentation.';
$string['custommenuitems']='Custom menu items';
$string['custommenuitems_desc']='Additional items can be added to the app\'s main menu by specifying them here. Enter each custom menu item on a new line with format: item text, link URL, link-opening method (inappbrowser, browser or embedded) and language code (optional, for displaying the item to users of the specified language only), separated by pipe characters. For example:
$string['custommenuitems_desc']='Additional items can be added to the app\'s main menu by specifying them here. Enter each custom menu item on a new line with format: item text, link URL, link-opening method and language code (optional, for displaying the item to users of the specified language only), separated by pipe characters.
Link-opening methods are: app (for linking to an activity supported by the app), inappbrowser (for opening a link in a browser without leaving the app), browser (for opening the link in the device default browser outside the app) and embedded (for displaying the link in an iframe in a new page in the app).
For example:
<pre>
App\'s help | https://someurl.xyz/help | inappbrowser | en
Visit our SIS | https://someurl.xyz | browser | en
My grades | https://someurl.xyz/local/mygrades/index.php | embedded | en
Mis calificaciones | https://someurl.xyz/local/mygrades/index.php | embedded | es
</pre>
Use inappbrowser when you want to open the link in a browser without leaving the app, use browser for opening the link in the device default browser and embedded if you want to display the link embedded in a new page in the app.';
App help|https://someurl.xyz/help|inappbrowser
My grades|https://someurl.xyz/local/mygrades/index.php|embedded|en
Mis calificaciones|https://someurl.xyz/local/mygrades/index.php|embedded|es
</pre>';
$string['disabledfeatures']='Disabled features';
$string['disabledfeatures_desc']='Select here the features you want to disable in the Mobile app for your site. Please note that some features listed here could be already disabled via other site settings. You will have to log out and log in again in the app to see the changes.';
$string['enablesmartappbanners_desc']='This will display a banner promoting the Moodle Mobile app when visiting the site in a Mobile browser.';
$string['enablesmartappbanners_desc']='If enabled, a banner promoting the mobile app will be displayed when accessing the site using a mobile browser.';
$string['forcedurlscheme']='If you want to allow only your custom branded app to be opened via a browser window, then specify its URL scheme here; otherwise leave the field empty.';
$string['issuerloginparams']='Additional parameters included in a login request.';
$string['issuerloginparams_help']='Some systems require additional parameters for a login request in order to read the user\'s basic profile.';
$string['issuerloginparamsoffline']='Additional parameters included in a login request for offline access.';
$string['issuerloginparamsoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Google requires the additional params: "access_type=offline&prompt=consent" these parameters should be in url query parameter format.';
$string['issuerloginscopes_help']='Some systems require additional scopes for a login request in order to read the users basic profile. The standard scopes for an OpenID Connect compliant system are "openid profile email".';
$string['issuerloginscopesoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Microsoft requires an additional scope "offline_access"';
$string['issuerloginparamsoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Google requires the additional params: "access_type=offline&prompt=consent". These parameters should be in URL query parameter format.';
$string['issuerloginscopes_help']='Some systems require additional scopes for a login request in order to read the user\'s basic profile. The standard scopes for an OpenID Connect compliant system are "openid profile email".';
$string['issuerloginscopesoffline_help']='Each OAuth system defines a different way to request offline access. E.g. Microsoft requires an additional scope "offline_access".';
$string['issuerloginscopesoffline']='Scopes included in a login request for offline access.';
$string['issuerloginscopes']='Scopes included in a login request.';
$string['issuername_help']='Name of the identity issuer. May be displayed on login page.';
$string['issuername']='Name';
$string['issuershowonloginpage_help']='If the OpenID Connect Authentication plugin is enabled, this login issuer will be listed on the login page to allow users to log in with accounts from this issuer.';
$string['issuershowonloginpage']='Show on login page.';
$string['issuershowonloginpage_help']='If the OAuth 2 authentication plugin is enabled, this login issuer will be listed on the login page to allow users to log in with accounts from this issuer.';
$string['issuershowonloginpage']='Show on login page';
$string['issuers']='Issuers';
$string['loginissuer']='Allow login';
$string['notconfigured']='Not configured';
@@ -93,6 +93,8 @@ $string['systemaccountconnected_help'] = 'System accounts are used to provide ad
$string['usebasicauth']='Authenticate token requests via HTTP headers';
$string['usebasicauth_help']='Utilise the HTTP Basic authentication scheme when sending client ID and password with a refresh token request. Recommended by the OAuth 2 standard, but may not be available with some issuers.';
$string['userfieldexternalfield']='External field name';
$string['userfieldexternalfield_help']='Name of the field provided by the external OAuth system.';
$string['userfieldinternalfield_help']='Name of the Moodle user field that should be mapped from the external field.';
$string['enablerunnow']='Allow ‘Run now’ for scheduled tasks';
$string['enablerunnow']='Allow \'Run now\' for scheduled tasks';
$string['enablerunnow_desc']='Allows administrators to run a single scheduled task immediately, rather than waiting for it to run as scheduled. The task runs on the web server, so some sites may wish to disable this feature to avoid potential performance issues.';
$string['resettasktodefaults']='Reset task schedule to defaults';
$string['resettasktodefaults_help']='This will discard any local changes and revert the schedule for this task back to its original settings.';
$string['runnow']='Run now';
$string['runnow_confirm']='Are you sure you want to run this task ‘{$a}’ now? The task will run on the web server and may take some time to complete.';
$string['runnow_confirm']='Are you sure you want to run this task \'{$a}\' now? The task will run on the web server and may take some time to complete.';
$string['scheduledtasks']='Scheduled tasks';
$string['scheduledtaskchangesdisabled']='Modifications to the list of scheduled tasks have been prevented in Moodle configuration';
@@ -45,7 +45,7 @@ $string['auth_dbname'] = 'Name of the database itself. Leave empty if using an O
$string['auth_dbname_key']='DB name';
$string['auth_dbpass']='Password matching the above username';
$string['auth_dbpass_key']='Password';
$string['auth_dbpasstype']='<p>Specify the format that the password field is using. MD5 hashing is useful for connecting to other common web applications like PostNuke.</p> <p>Use \'internal\' if you want the external database to manage usernames and email addresses, but Moodle to manage passwords. If you use \'internal\', you <i>must</i> provide a populated email address field in the external database, and you must execute both admin/cron.php and auth/db/cli/sync_users.php regularly. Moodle will send an email to new users with a temporary password.</p>';
$string['auth_dbpasstype']='<p>Specify the format that the password field is using.</p> <p>Use \'internal\' if you want the external database to manage usernames and email addresses, but Moodle to manage passwords. If you use \'internal\', you <i>must</i> provide a populated email address field in the external database, and you must execute both admin/cron.php and auth/db/cli/sync_users.php regularly. Moodle will send an email to new users with a temporary password.</p>';
$string['auth_dbpasstype_key']='Password format';
$string['auth_dbreviveduser']='Revived user {$a->name} id {$a->id}';
$string['auth_dbrevivedusererror']='Error reviving user {$a}';
$string['auth_ldap_expiration_desc']='Select \'{$a->no}\' to disable expired password checking or \'{$a->ldapserver}\' to read the passwordexpiry time directly from the LDAP server.';
$string['auth_ldap_expiration_key']='Expiry';
$string['auth_ldap_expiration_warning_desc']='Number of days before password expiry warning is issued.';
$string['auth_ldapextrafields']='These fields are optional. You can choose to pre-fill some Moodle user fields with information from the <b>LDAP fields</b> that you specify here. <p>If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead.</p><p>In either case, the user will be able to edit all of these fields after they log in.</p>';
$string['auth_ldap_user_type']='Select how users are stored in LDAP. This setting also specifies how login expiration, grace logins and user creation will work.';
$string['auth_ldap_user_type']='Select how users are stored in LDAP. This setting also specifies how login expiry, grace logins and user creation will work.';
$string['auth_ldap_user_type_key']='User type';
$string['auth_ldap_usertypeundefined']='config.user_type not defined or function ldap_expirationtime2unix does not support selected type!';
$string['auth_ldap_usertypeundefined2']='config.user_type not defined or function ldap_unixi2expirationtime does not support selected type!';
@@ -121,7 +121,7 @@ $string['didntgetusersfromldap'] = "Did not get any users from LDAP -- error? --
$string['gotcountrecordsfromldap']="Got {\$a} records from LDAP\n";
$string['ldapnotconfigured']='The LDAP host url is currently not configured';
$string['morethanoneuser']='Strange! More than one user record found in ldap. Only using the first one.';
$string['needbcmath']='You need the BCMath extension to use grace logins with Active Directory';
$string['needbcmath']='You need the BCMath extension to use expired password checking with Active Directory.';
$string['needmbstring']='You need the mbstring extension to change passwords in Active Directory';
$string['nodnforusername']='Error in user_update_password(). No DN for: {$a->username}';
$string['noemail']='Tried to send you an email but failed!';
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.