The patch introduces a new site setting 'sitepolicyhandler' that can be
either empty or contain a plugin component name. If it is empty, the
site policy feature keeps working as before and the core keeps the
control over it.
If a plugin is specified, it is expected to implement the callback
'site_policy_handler' in its lib.php file. The callback should return a
URL to a script where the user can accept the site policies. The plugin
itself is responsible for setting the 'policyagreed' flag in the users
table. The callback may return an empty value, in which case the user
can continue using the site without being redirected.
The patch adds support for a new pre-config flag NO_SITEPOLICY_CHECK.
This constant should be defined and set to true if we should not check
the user's policyagreed status during the require_login().
This is for pages where the user actually accepts the site policies and
helps to avoid the redirect loop.
Significant string changes:
* multiple strings in core_hub - 'Publish' changed to 'Share' plus other
wording improvements to avoid misunderstandings
* errorretrievingkey in message_airnotifier - improved wording and
removing reference to Moodle.org
* enddate_help and courseduration_desc in core - clearer wording
explaining what the date actually does
* restore:viewautomatedfilearea in core_role - changing wording to match
the behaviour
* dropzones_help in qtype_ddmarker - improved wording
* autologinkeygenerationlockout in tool_mobile - updated error message
* configallowemailaddresses in core_admin - clearer description
* subscriptionmode_helpin mod_forum - removing misleading sentence about
subscription mode changes not affecting existing users
We can't really control the direct web access to directories in dirroot,
that is part of the server setup. So we at least warn admins as they may
not realize the risks of having directories like vendor or node_modules
exposed.
Credit goes to Petr Škoda for mentioning the PHPUnit issue CVE-2017-9841
to me.
Significant string changes:
* errorinvalidbyhour,core_calendar - correcting number from 59 to 23
* cron_help,core_admin - updated recommendation to run cron every minute
* tour1_content_end, tour1_content_welcome, tour2_content_end,
tour2_content_welcome all in tool_usertours - removing reference to
3.2
* invalidsesskey,core_error and invalidsesskey,mod_wiki - more
understandable error message
* pluginname_help and pluginnamesummary in qtype_essay - explaining that
the question type can be used for file uploads
* formatnoinline, mustattach and mustrequire in qtype_essay - changing
the word 'inline' to 'online'