* The file file_remove_editor_orphaned_files should take into account URL that
have been embedded in a tag content instead of an attribute (like src attribute)
* This will fix issue with inserting H5P content in calendar events.
Add the DB type, count of courses with start or end dates set,
default site theme, and primary auth type statistics to those
collected as part of the site registration data.
Not critical to have, but better don't mention it. Note that all
the cases need to stay because there may be other environments
where the same problems are reproducible.
Only exception is the CURL_SSLVERSION_TLSv1_2 constant, that
can be safely removed because it's available since PHP 5.5.19.
These new settings are designed to enchance user privacy surrounding
groups. They allow groups to be configured so that users outside the
group cannot see the group, so that users in the group cannot see each
other, or so that users cannot see the group at all, even if they are in
it. This avoids issues where a group may be assigned based on sensitive
personal information (such as a person requiring special arrangements
due to a disability).
By default, groups are visible to all and available for participation in
activities, which maintains the current behaviour.
For performance, a new cache has been added to track the number of
groups on a course that are not visible to non-members. This allows us
to revert to the existing behaviour if the new features are not being
used at all on a course, and only apply the new visibility conditions if
they are.
Users who have the moodle/course:viewhiddengroups capability should be
concious of exposing hidden groups when showing their screen to other
users. The "Switch role to..." feature can be used to show a course page
on screen without exposing private availability conditions, for example.
The changes cover several specific areas:
* grouplib functions, which most code should use to get lists of groups
and members (this includes the participants page).
* Activities supporting group overrides will not allow overrides for
groups that are hidden from all users.
* Activities supporting separate/visible groups modes will only allow
groups with the new "participation" flag enabled to be selected.
* Group messaging will be disabled for groups where members cannot see
each other, or cannot see the group at all.
Simple JSON reader which takes an issuer and reads its metadata. The
class is aware of request-centric rules, such as:
- The position of the well known suffix in the URL (per RFC8414)
- The requirement to have HTTPS auth server issuer URL
- The validity of query strings, paths and fragments in the auth server
issuer URL
,but makes no attempt to validate the config JSON returned.
Some behat scenarios were using labels with links to access some
specific PHP files.
Now that labels are also displayed in the course index, the region
needs to be defined in the step to access to the expected link
(otherwise, the one in the course index will be used).
Due to missing `AND k.script = 'rss'` condition, the query did not make
use of the existing script-value compound index defined for the table.
So it had to perform the full sequential scan for all rows when
searching for the token. This had serious performance issues on sites
with many users, especially in case on non-existing token / key.
