The problem with the previous implementation was that the table's
$this->prefs can contain valid non-empty value in its default state -
the default column to sort by. On resetting, we must not throw away
these default prefs.
This patch simplifies the TABLE_VAR_RESET interpretation. If such an
HTTP parameter is passed via the request, the table simply behaves as if
there were no previously stored preferences (does not matter if coming
from the current session, or from the persistent cross-session storage).
The logic that decides on whether or not the reset widget should be
displayed is put into a new method can_be_reset() with unit tests
attached.
Finally, the previously private method render_reset_button() is now
protected and the reset widget is given a new semantic CSS class.
This patch fixes a XSS vulnerability with surveys where a student user
could inject arbitrary HTML in a comment on the survey. The fix is to
escape the comment before displaying it to the teacher.
This commit add a new session key hidden field on the lesson password form
and confirm if the session key is valid on related pages to prevent CSRF on
password protected lessons.
The hideIfOutside function was being too restrictive with the
selector for checking if the event occurred within a menu child
(anchor tag) rather than the menu itself.
When students are given the appropriate permissions
to view ratings, in the situation where there are
separate groups. The students can view the ratings
of an entry that is in the all participants group.
Keyboard navigation (ctrl+up/down/left/right) with AJAX enabled ceased
functioning with editing mode enabled after MDL-36606, as it was looking
for cells with a "clickable" class - but was only applying that class when
editing mode is NOT enabled. This patch uses a new "gbnavigable" class to
control keyboard navigation, whether editing mode is on or not. It also
addresses some browser compatibility and minor behavioural issues.
Comment question window closes after 2 sec.
which crashes win-FF as it's slow to check for
"Changes saved" text. As after switching it is
checked the changes are saved, this step can be
avoided to ensure robustness of the scenario
