Fetching user tours used to fail on external_api::validate_context() and
require_login() calls if the user did not have the site policy agreed.
The patch introduces a check to see if the user is fully set up and
ready to use the site before attempting to load the tours.
moodle_read_slave_trait: when creating another handle, restore temptables
property that is clobbered by raw_connect().
Also a better condition for temptable related queries detection in
pgsql_native_moodle_database.
dml_pgsql_read_slave_test::test_temp_table(): use real db connection
if possible, otherwise skip the test.
It was a mistake to force filtering of SVG files in MDL-55243. It can
easily lead to corrupted SVG files.
The patch removes that forced filtering and clarifies the inline comment
of what and why we need to do.
Where there are no grade items with idnumbers for selection, then
nothing should be exported. Currently, this is being interpreted as
the user exporting all grade items.
Before, we had each redirect test duplicated: one for the native
redirects via native cURL, second for our emulated implementation. Now
all redirects are always emulated so there is no need to have them
tested twice.
The security problem here was that only the first and the last URL in
the redirect chain was checked by the security helper. This patch forces
the curl wrapper to always emulate cURL redirects and check every
redirect URL in the chain before actually visiting it.
The new parameter of curl_security_helper::url_is_blocked() introduced
in MDL-71916 became part of the API. Even if we reverted it quickly,
someone can use a released Moodle version that has that parameter in
place. For that reason and also to avoid potential troubles in the
future (e.g. when yet another argument would be added to this method),
we need to make it clear that the second parameter of this method should
never be used again.
Poor $maxredirects, you did not live long with us. Oh well.
This reverts the original fix introduced in MDL-71916. It introduced an
extra native cURL call inside curl_security_helper to check if the given
URL triggers a redirect to a blocked URL or not.
Shortly after the release, a couple of regressions were reported as a
result of the integrated solution. It was agreed to revert the fix and
progress with implementing an alternative approach.
