Removing the check in login/token.php is secure since the
auth_forcepasswordchange is checked in require_login that is called via
validate_context.
The user must be able to get a token even if that setting is on. With
that token we’ll redirect the user to the site or we’ll change the
password when a new WS for that is available.
- New site setting to define the default course duration (used to set
the default end date for some course formats)
- End date setting out of restore
- Fix tool_uploadcourse
- Other fixes here and there
This commit includes a change in moodlelib to throw the
sitepolicynotagreed exception in a way that can be captured and
identified by external systems.
Changing the error message that is displayed to users when they
upload a file that is greater than the maximum upload size. Does not
include all upload cases; focuses on those most used by students.
Without it, transactions are executed in standard READ_COMMITED
mode, without snapshoting/row versioning, leading to update conflicts
under high concurrency.
A new packer for .tar.gz files (MIME type application/x-gzip) has been
implemented, including unit tests.
This packer is intended for use during backup/restore only and is not
otherwise exposed in the user interface at present. However, it is
supposed to follow the (ancient) POSIX .tar standard; files created
with this packer will open in GNU tar.
There are restrictions in support corresponding to the POSIX standard:
- Non-ASCII filenames are not supported.
- Very long file/path names are not supported.
- Individual files within the .tar may not be more than 8GB.
Some of these limitations might need to be addressed in future changes
if the packer were to be used in areas other than backup/restore.
* Fixed typo breaking drag and drop of courses.
* Fixed the ' ' title for the create new button plus two other icons I found as well.
* Adding padding to items displayed in the action menu drop down. base + bootstrapbase.
* Padding adjusted to the same as on the course page. base + bootstrapbase.
* Removed hover icon from categories. base only.
* Fixed categroy typo
* Removed min-width that was being applied to coursename making its clickable area larger than normal.
* The category tree is now presented using aria attributes as per http://www.w3.org/WAI/GL/wiki/Using_ARIA_trees
* Bulk action selectors now use aria-labelledby
* Category course count now given access hidden label.
* Pagination links now have better titles.
* The course action icons now present with role=button
* I can rebase this for you/the integrator before it goes in for sure no probs :)
* Fixed double phpdoc block of course_change_visibility
* Moved permission checks out of course_move_after_course and into helper function.
* Reviewed setType calls for editcategory_form.php.
* Reviewed all uses of can_resort and added more specific methods.
* Fixed method mentioned in exception for resort methods.
* Converted calls to fetch courses to call get_course.
* Exceptions now thrown when trying to move courses and problems arise.
* Fixed unnecessary namespace hinting in core_course_management_renderer.
* Abstracted common logic of can_resort_any and can_change_parent_any.
* Removed check for system level capability from has_manage_capability_on_any.
* Reviewed debugging calls I've introduced.
* Implemented a new course and category management page.
* Deprecated the old management interface.
* Unit tests to cover the new API and core functions.
* Behat tests to cover the new interface.
List of changes:
* New OOP API using PHP namespace \core\session\.
* All handlers now update the sessions table consistently.
* Experimental DB session support in Oracle.
* Full support for session file handler (filesystem locking required).
* New option for alternative session directory.
* Official memcached session handler support.
* Workaround for memcached version with non-functional gc.
* Improved security - forced session id regeneration.
* Improved compatibility with recent PHP releases.
* Fixed borked CSS during install in debug mode.
* Switched to file based sessions in new installs.
* DB session setting disappears if DB does not support sessions.
* DB session setting disappears if session handler specified in config.php.
* Fast purging of sessions used in request only.
* No legacy distinction - file, database and memcached support the same functionality.
* Session handler name included in performance info.
* Fixed user_loggedin and user_loggedout event triggering.
* Other minor bugfixing and improvements.
* Fixed database session segfault if MUC disposed before $DB.
Limitations:
* Session access time is now updated right after session start.
* Support for $CFG->sessionlockloggedinonly was removed.
* First request does not update userid in sessions table.
* The timeouts may break badly if server hosting forces PHP.ini session settings.
* The session GC is a lot slower, we do not rely on external session timeouts.
* There cannot be any hooks triggered at the session write time.
* File and memcached handlers do not support session lock acquire timeouts.
* Some low level PHP session functions can not be used directly in Moodle code.
This patch includes refreshing of borked files in file pool and basic prevention of race conditions. It also helps with diagnosing of file pool permission problems, detects coding errors and some other type of problems including sha1 collision jackpot.
- Core upgrade MUST NOT call rebuild_course_cache() at all - update DB directly instead
- Plugins MUST call rebuild_course_cache(.., TRUE) for clearing the course cache and can not update DB directly
- Plugins MUST NOT call rebuild_course_cache() unless for clearing the cache
- Created function upgrade_ensure_not_running() to be included in other functions that can not be used during upgrade
