Adds new API support within search engines for optional methods to
delete data for courses and contexts, and implements this for the
two core search plugins (simpledb and solr).
The new API is automatically called when courses or contexts are
deleted. When a whole course is deleted, it only sends the course
delete rather than sending 1,000 separate context deletions as
each activity/block is deleted.
Returns a formatted string representation of the difference between two
timestamps, defaulting to 'Xd Xh Xm' format, but supporting custom
format strings containing any chars from:
https://www.php.net/manual/en/dateinterval.format.php.
Within a very large project, it was found that searching for a user with their username in the user table using a case insensitive
search was inefficient. Instead it is proposed that the username input is made to be lowercase prior to executing a database query
as the username for each user in the database must be lowercase. This allows for a case sensitive query to find the user data.
Essentially we are moving a case insensitive search for a user from SQL into PHP to increase performance.
Commit 637da99edb has introduced changes
for removing trailing zeroes from the output of function format_float.
Due to a small omission, the function causes a PHP warning when the
string decsep is set to a tilde character ('~'). This is rarely the
case.
The bug lies in using PHP function preg_replace with a string that
contains external input (in this case, including decsep), but without
escaping it for PCRE processing.
This commit fixes the function to also support a tilde character in
string decsep. It also adds tests for having tilde as decimal separator.
Thanks-To: Jake Dallimore <jake@moodle.com>
* Added email in the list of case-insensitive fields.
* New optional parameter $throwexception for \get_complete_user_data().
If true, an exception will be thrown when there's no matching record
found or when there are multiple records found for the given field
value. If false, it will simply return false.
Defaults to false when not set. This ensures that
get_complete_user_data() fetches the correct user data.
Turn on the forceclean config setting when a user is logged in as a
different user. This is a precautionary measure, which forces all
user submitted content to be cleaned of JavaScript before rendering
it to the logged in as user.
This commit is part of work on Custom fields API,
to minimize commit history in moodle core the work of a team of developers was split
into several commits with different authors but the authorship of individual
lines of code may be different from the commit author.
We were already caching these preferences when a user object is provided
to get_user_preferences, or when $USER is provided.
This changee swaps get_user_preferences to use the global USER object
when the USER->id matches the userid supplied to the function.
We should only call this function when a user actually views a course. It is not called
automatically when a course context is validated from a webservice. It is called directly
from the core_course_view_course webservice.
CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
