- created renderable object tabtree that represents the tree of tabs, extends tabobject
- created core_renderer::tabtree(), and supporting core_renderer::render_tabtree(), core_renderer::render_tabobject()
- change print_tabs() to use renderer function, deprecate supporting not needed functions
We need to keep these two separate as scripts which define AJAX_SCRIPT
before loading config.php will use a different default renderer and will
return appropriate exceptions which can be parsed by M.core.exception and
M.core.ajaxException correctly.
This also addresses an issue whereby a missing heading could break the
tooltip.
- If we want to check fields 'numsections' or 'hiddensections' call course_get_format()->get_format_options()
- We still use extended course object in course/edit.php, update_course(), create_course(), and inside course formats
- Fields added to format_legacy as default course format options;
- Upgrade script copies fields values from table course to course_format_options;
- Fields removed from table course;
- Fields removed from edit course form;
- Since front-page course has a 'numsections' setting, format_site defines it as it's option;
- Removed accessing those fields in core code unless we know that format supports them and in this
case instead of $course = $DB->get_record('course'); we use:
$course = course_get_format($courseorid)->get_course(); This way all format-specific options
are added to the $course object
Includes:
* constants refactoring
* reworked db table init
* support for $CFG->debug = -1
* functional DB tests
* fixed $DB->get_indexes() to not throw exceptions when table does not exist
* fix handling of user passwords in test db
* add debug info to exception messages
* removed unnecessary PHP debug errors from mathslib
* fixed @error suppression in get_string
* fixed PHPUnit error handler setup
* added timezone info to default install
This "feature" was used to partially eliminate XSS attacks on vulnerable code. Developers MUST use clean_text() on HTML text fragments only, it can not be used on random html tag attributes.
This change may simplify a bit exploiting of vulnerable code, but every XSS cheat sheet contains information how to work around this outdated anti-XSS measure.
Please note this change fixes many problems with valid uses of language= or onXXXXX= such as in urls, tex, code samples, etc.
incorrect PAGE init - it should be done at the very end; redirect() should not use OUTPUT before PAGE init; SITEID should be deprecated in favour of $SITE->id (this is going to cause troubles in tenant switching in CLI, cron and tests); missing "global $SITE"'; minor coding style issues; PHPDocs; it also helps with merging/testing of multitenant patch
