CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
Error messages should be prominent to screen readers as well as visual users,
adding the role alert is recommended way to achieve it for screen readers and this is
also what we do for ->notification apis
* Removed the div with the class 'form-group' that's enclosing the
select element and friends. It's not needed since the urlselect template
is an inline form.
* Also, for completeness, I added the helpicon data for the template's
context.
* Fix coalesce on postgres.
* The edit icon's alt shows the HTML entities causing
* enrol/tests/behat/add_to_group.feature Contains a '@doit' tag which I assume is there from testing.
* group/classes/output/user_groups_editable.php
** Missing MOODLE_INTERNAL check.
** Unused variables context_system and moodle_exception.
** The PHPDocs for the constructors are wrong.
** export_for_template() returns an array, not stdClass (according to parent docs).
** Change moodle_exception to coding_exception at the beginning.
* group/lib.php
** Missing docs for core_group_inplace_editable().
* user/classes/participants_table.php
** The docs for the class variables $groups, $course and $context need a '\' beforehand as they are in a namespace.
** I would prefer $this->context = $context; and $this->groups = ... to be done at the end of the constructor with the other class variable assignments.
** You could get rid of the class variable courseid if we are setting course and use $this->course->id instead.
** The function col_groups has @param \stdclass $row but it should be $data
* lib/amd/src/form-autocomplete.js and lib/amd/src/inplace_editable.js
** Some issues here CiBot has pointed out.
* lib/classes/output/inplace_editable.php
** @see should be on a new line.
The add/roles thing was only converted to bootstrap 2/4 markup and the yui left in place.
The modal for adding users to a course was unsavable so I rewrote it with an mform in a popup, still calling
the same (barely) modified ajax script.
The webservice for searching cohorts was taken from admin/tool/lp and moved into /cohort. I added a generic "cohort"
mform element at the same time.
The webservice for searching for users was taken from the original ajax script.
This is yukky but it works. Note: I had to duplicate the standard pix icon template
inside the font-awesome one because the way this is rendered does not support partials.
For font awesome icons I had only supported one of alt/title. This was because (subjectively) we have
done a terrible job of providing meaningful alt text for icons. This is not a good idea and not backwards
compatible so I have put it back again.
Fingers crossed I did not break 1000 behats.
