David Mudrák [Thu, 22 Jul 2021 21:28:23 +0000 (23:28 +0200)]
MDL-72203 curl: Check each URL in redirect chain to see if it is blocked
The security problem here was that only the first and the last URL in
the redirect chain was checked by the security helper. This patch forces
the curl wrapper to always emulate cURL redirects and check every
redirect URL in the chain before actually visiting it.
David Mudrák [Thu, 22 Jul 2021 21:20:14 +0000 (23:20 +0200)]
MDL-72203 curl: Warn if someone actually started to use $maxredirects
The new parameter of curl_security_helper::url_is_blocked() introduced
in MDL-71916 became part of the API. Even if we reverted it quickly,
someone can use a released Moodle version that has that parameter in
place. For that reason and also to avoid potential troubles in the
future (e.g. when yet another argument would be added to this method),
we need to make it clear that the second parameter of this method should
never be used again.
Poor $maxredirects, you did not live long with us. Oh well.
David Mudrák [Thu, 22 Jul 2021 21:10:11 +0000 (23:10 +0200)]
MDL-72203 curl: Revert original fix of redirects to blocked URLs
This reverts the original fix introduced in MDL-71916. It introduced an
extra native cURL call inside curl_security_helper to check if the given
URL triggers a redirect to a blocked URL or not.
Shortly after the release, a couple of regressions were reported as a
result of the integrated solution. It was agreed to revert the fix and
progress with implementing an alternative approach.
Ilya Tregubov [Fri, 23 Jul 2021 09:31:01 +0000 (11:31 +0200)]
weekly release 3.11.1+
Ilya Tregubov [Fri, 23 Jul 2021 09:30:59 +0000 (11:30 +0200)]
Merge branch 'install_311_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_311_STABLE
Andrew Nicols [Thu, 22 Jul 2021 03:22:56 +0000 (11:22 +0800)]
Merge branch 'MDL-70427-311' of git://github.com/paulholden/moodle into MOODLE_311_STABLE
AMOS bot [Thu, 22 Jul 2021 00:07:33 +0000 (00:07 +0000)]
Automatically generated installer lang files
Víctor Déniz [Wed, 21 Jul 2021 18:28:54 +0000 (19:28 +0100)]
Merge branch 'MDL-72108-311' of git://github.com/andrewnicols/moodle into MOODLE_311_STABLE
Ilya Tregubov [Mon, 19 Jul 2021 12:00:45 +0000 (14:00 +0200)]
Merge branch 'MDL-72125-311' of git://github.com/andrewnicols/moodle into MOODLE_311_STABLE
Andrew Nicols [Thu, 8 Jul 2021 05:05:57 +0000 (13:05 +0800)]
MDL-72125 mod_assign: Use assign submission data generators
Andrew Nicols [Thu, 8 Jul 2021 04:29:28 +0000 (12:29 +0800)]
MDL-72125 mod_assign: Add data generator for assign submissions
Andrew Nicols [Mon, 19 Jul 2021 08:42:21 +0000 (16:42 +0800)]
MDL-72125 testing: Make global $CFG available when including generators
This will remove the requirement to add the global $CFG call to the top
of generator scripts.
Andrew Nicols [Fri, 9 Jul 2021 01:27:03 +0000 (09:27 +0800)]
MDL-72125 behat: Add get_activity_id() behat generators helper
Andrew Nicols [Thu, 8 Jul 2021 03:50:17 +0000 (11:50 +0800)]
MDL-72125 testing: Set a default idnumber when creating activities
The activity generator currently requires an idnumber when creating
activities, but this is not a requirement when creating the same
activity through the UI. The requirement comes because we want to
provide a way to refer to activities in subsequent steps.
This commit modifies the behaviour such that the generator uses the name
of the activity as the default idnumber.
This has two main benefits:
1. it simplfies generation of activities; and
2. it makes the language used when writing behat tests much more natural.
With this change, steps will refer to the activity by its idnumber/title
in all cases, rather than sometimes by an idnumber which bears no
relevance to the title.
Andrew Nicols [Thu, 8 Jul 2021 04:20:50 +0000 (12:20 +0800)]
MDL-72125 testing: Add helper to run generators as a user
abgreeve [Fri, 16 Jul 2021 02:16:38 +0000 (10:16 +0800)]
weekly release 3.11.1+
abgreeve [Fri, 16 Jul 2021 02:16:37 +0000 (10:16 +0800)]
Merge branch 'install_311_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_311_STABLE
AMOS bot [Fri, 16 Jul 2021 00:07:29 +0000 (00:07 +0000)]
Automatically generated installer lang files
Jun Pataleta [Thu, 15 Jul 2021 03:46:55 +0000 (11:46 +0800)]
Merge branch 'MDL-63770-311' of /home/jun/moodles/stable_311/moodle into MOODLE_311_STABLE
Matteo Scaramuccia [Sun, 3 May 2020 21:46:18 +0000 (23:46 +0200)]
MDL-63770 core: 'port' should be an integer like in parse_url()
Plus trivial comment cleanup.
Dmitri Pisarev [Tue, 22 Jan 2019 08:09:26 +0000 (11:09 +0300)]
MDL-63770 core: Fix a false-positive in `reverseproxyabused` check
A `reverseproxyabused` error is wrongly triggered when external port number doesn't equal internal.
Eloy Lafuente (stronk7) [Wed, 14 Jul 2021 22:34:42 +0000 (00:34 +0200)]
Merge branch 'MDL-67338-311' of git://github.com/paulholden/moodle into MOODLE_311_STABLE
Paul Holden [Thu, 8 Apr 2021 21:37:53 +0000 (22:37 +0100)]
MDL-67338 message: re-implement block page type patterns.
The `page_type_list` method for the message component was deprecated
in
5b0769db as part of MDL-54744. However it is still required when
trying to configure blocks on any messaging pages.
Eloy Lafuente (stronk7) [Wed, 14 Jul 2021 11:59:58 +0000 (13:59 +0200)]
Merge branch 'MDL-72139-311' of git://github.com/cescobedo/moodle into MOODLE_311_STABLE
cescobedo [Tue, 13 Jul 2021 09:05:32 +0000 (11:05 +0200)]
MDL-72139 core_message: Fix encoding UTF-8 in prevent unclosed tags
Eloy Lafuente (stronk7) [Tue, 13 Jul 2021 18:38:10 +0000 (20:38 +0200)]
Merge branch 'MDL-71874-311' of git://github.com/andrewnicols/moodle into MOODLE_311_STABLE
Sara Arjona [Tue, 13 Jul 2021 14:44:40 +0000 (16:44 +0200)]
Merge branch 'MDL-71782_311' of https://github.com/stronk7/moodle into MOODLE_311_STABLE
Jun Pataleta [Tue, 13 Jul 2021 08:05:36 +0000 (16:05 +0800)]
Merge branch 'MDL-72036-311' of git://github.com/sarjona/moodle into MOODLE_311_STABLE
Sara Arjona [Fri, 2 Jul 2021 06:42:57 +0000 (08:42 +0200)]
MDL-72036 atto_h5p: Random error with external URL
After a major upgrade was done in h5p.com, some random errors appeared
in the "H5P options are ignored for H5P URLs" scenario.
They have been fixed replacing the URL for different (which should
load quicker). As we're checking external content, no other improvement
can be done on the Moodle site.
Paul Holden [Wed, 9 Jun 2021 22:53:22 +0000 (23:53 +0100)]
MDL-70427 task: correct missing component when queuing adhoc task.
If the task belongs to a component, and doesn't have it's own
component property set then we can lazy-load it based on class
namespace.
Paul Holden [Wed, 24 Mar 2021 21:18:34 +0000 (21:18 +0000)]
MDL-70427 admin: remove plugin adhoc tasks during uninstall.
AMOS bot [Sun, 11 Jul 2021 00:07:26 +0000 (00:07 +0000)]
Automatically generated installer lang files
Eloy Lafuente (stronk7) [Sat, 10 Jul 2021 16:56:04 +0000 (18:56 +0200)]
Moodle release 3.11.1
Eloy Lafuente (stronk7) [Fri, 9 Jul 2021 16:07:22 +0000 (18:07 +0200)]
MDL-71782 behat: Ensure page after saving changes is there
A similar approach was followed @ MDL-67935, although the
case doesn't seem to be the same.
In any case, it's curious that all local execution are
100% passing and only CIs fail so often. Just guessing if,
maybe, there is some Chrome version factor around (we
are running older, sticky, versions @ CIs.
AMOS bot [Fri, 9 Jul 2021 00:07:33 +0000 (00:07 +0000)]
Automatically generated installer lang files
Eloy Lafuente (stronk7) [Thu, 8 Jul 2021 21:44:06 +0000 (23:44 +0200)]
weekly release 3.11+
Jun Pataleta [Thu, 8 Jul 2021 08:36:07 +0000 (16:36 +0800)]
Merge branch 'MDL-71919-311-fix' of https://github.com/cescobedo/moodle into MOODLE_311_STABLE
Jun Pataleta [Thu, 8 Jul 2021 04:14:20 +0000 (12:14 +0800)]
Merge branch 'MDL-70594_311' of https://github.com/stronk7/moodle into MOODLE_311_STABLE
cescobedo [Thu, 8 Jul 2021 07:53:55 +0000 (09:53 +0200)]
MDL-71919 core_message: Fix tests in message_send
Huong Nguyen [Mon, 5 Jul 2021 10:25:09 +0000 (17:25 +0700)]
MDL-71922 file: Enhance endless recursion requests protection
cescobedo [Mon, 5 Jul 2021 13:57:23 +0000 (15:57 +0200)]
MDL-71919 core_message: Fix unclosed html tags in email notification
Paul Holden [Mon, 21 Jun 2021 08:29:07 +0000 (09:29 +0100)]
MDL-71957 auth_shibboleth: safer session retrieval during logout.
Eloy Lafuente (stronk7) [Wed, 7 Jul 2021 11:23:05 +0000 (13:23 +0200)]
MDL-70335 behat: Ensure the scenario passes under all themes
Also, get rid of not needed @javascript tag
Dongsheng Cai [Tue, 6 Jul 2021 06:55:21 +0000 (16:55 +1000)]
MDL-71978 core_calendar: only allow owner to edit user subscriptions
Adrian Greeve [Wed, 7 Jul 2021 06:38:06 +0000 (14:38 +0800)]
Merge branch 'MDL-71887-311' of https://github.com/snake/moodle into MOODLE_311_STABLE
Paul Holden [Wed, 26 May 2021 17:12:43 +0000 (18:12 +0100)]
MDL-71760 admin: escape identity fields in token management table.
Paul Holden [Thu, 10 Jun 2021 20:37:53 +0000 (21:37 +0100)]
MDL-71898 mod_quiz: escape user identity fields on override pages.
Mihail Geshoski [Thu, 20 May 2021 01:09:22 +0000 (09:09 +0800)]
MDL-58393 core: Remove firstname argument from emailconfirmation string
Sujith Haridasan [Mon, 10 May 2021 11:50:05 +0000 (17:20 +0530)]
MDL-71241 course: Validate and sanitize sort arguments
Signed-off-by: Sujith Haridasan <sujith@moodle.com>
Mihail Geshoski [Thu, 13 May 2021 06:42:40 +0000 (14:42 +0800)]
MDL-71242 core_course: Test the validation of the sort value
Adds new unit test, test_course_get_recent_courses_sort_validation(),
which is reponsible for testing the validation of the sort value in
course_get_recent_courses().
Mihail Geshoski [Thu, 13 May 2021 06:10:19 +0000 (14:10 +0800)]
MDL-71242 core_course: Update test_course_get_recent_courses() unit test
Adds additional assertions in test_course_get_recent_courses() test to
ensure that the sort funcionality works as expected.
Mihail Geshoski [Wed, 12 May 2021 09:46:31 +0000 (17:46 +0800)]
MDL-71242 core_course: Validate the value of the sort argument
This change validates the value of the sort argument in
course_get_recent_courses().
Andrew Nicols [Thu, 8 Jul 2021 02:33:31 +0000 (10:33 +0800)]
MDL-72108 js: Fix incorrect jsdoc examples for core/ajax
Claude Vervoort [Tue, 22 Jun 2021 21:31:04 +0000 (17:31 -0400)]
MDL-71887 mod_lti: repost when no cookie due to crosssite request
Michael Hawkins [Fri, 2 Jul 2021 09:13:52 +0000 (17:13 +0800)]
MDL-71916 lib: Check cURL redirects for blocked URLs before following
Eloy Lafuente (stronk7) [Tue, 6 Jul 2021 18:21:25 +0000 (20:21 +0200)]
Merge branch 'MDL-70638-311' of git://github.com/paulholden/moodle into MOODLE_311_STABLE
Eloy Lafuente (stronk7) [Tue, 6 Jul 2021 18:18:33 +0000 (20:18 +0200)]
Merge branch 'MDL-70335-311' of https://github.com/juancs/moodle into MOODLE_311_STABLE
Eloy Lafuente (stronk7) [Tue, 6 Jul 2021 18:16:28 +0000 (20:16 +0200)]
Merge branch 'MDL-71537-311' of https://github.com/NashTechOpenUniversity/moodle into MOODLE_311_STABLE
Paul Holden [Thu, 10 Jun 2021 22:29:44 +0000 (23:29 +0100)]
MDL-70638 user: correct access checks when serving profile files.
Requests for files from a users profile file area should follow
the same access checks as for the profile itself.
cescobedo [Fri, 2 Jul 2021 05:10:01 +0000 (07:10 +0200)]
MDL-71917 core_message: Use $USER in WS delete_message_for_all_users
Thach Le Huy [Wed, 16 Jun 2021 06:49:41 +0000 (13:49 +0700)]
MDL-71537 User tours: Minor display errors on mobile
Paul Holden [Fri, 18 Jun 2021 11:26:18 +0000 (12:26 +0100)]
MDL-71981 user: escape identity fields if writer supports HTML.
Paul Holden [Fri, 18 Jun 2021 09:15:27 +0000 (10:15 +0100)]
MDL-71981 dataformat: indicate HTML support in writer callback.
Ilya Tregubov [Mon, 5 Jul 2021 10:35:35 +0000 (12:35 +0200)]
Merge branch 'MDL-71796-311' of git://github.com/lameze/moodle into MOODLE_311_STABLE
Simey Lameze [Wed, 16 Jun 2021 09:57:48 +0000 (17:57 +0800)]
MDL-71796 mod_scorm: fix custom completion logic
Eloy Lafuente (stronk7) [Sun, 4 Jul 2021 09:02:27 +0000 (11:02 +0200)]
Merge branch 'MDL-72063-311-en_fix' of git://github.com/mudrd8mz/moodle into MOODLE_311_STABLE
Juan Segarra Montesinos [Sat, 3 Jul 2021 07:49:36 +0000 (09:49 +0200)]
MDL-70335 mod_forum: Subscribe users from Forced to Auto mode
When a teacher changes the subscription mode from forced
subscription to auto subscription using the "cog" icon in the
forum page, users are not seen in the Show/edit current
subscribers" page.
This does not happens when done from the Edit settings page.
Eloy Lafuente (stronk7) [Thu, 1 Jul 2021 20:40:01 +0000 (22:40 +0200)]
MDL-70594 environment: Apply agreed changes
- PostgreSQL 10 required.
- Exif PHP extension recommended.
Eloy Lafuente (stronk7) [Thu, 1 Jul 2021 20:36:05 +0000 (22:36 +0200)]
MDL-70594 environment: 4.0 base information
This is a direct copy of the 3.11 branch to have
the changes under control in next commits.
David Mudrák [Thu, 1 Jul 2021 12:14:01 +0000 (14:14 +0200)]
MDL-72063 lang: Use fixed strings in tests, too
Helen Foster [Thu, 1 Jul 2021 17:14:53 +0000 (19:14 +0200)]
MDL-72063 lang: Import fixed English strings (en_fix)
Ilya Tregubov [Thu, 1 Jul 2021 14:42:03 +0000 (16:42 +0200)]
weekly release 3.11+
Bas Brands [Thu, 3 Jun 2021 09:08:27 +0000 (11:08 +0200)]
MDL-71366 core_question: prevent question options overflow
Bas Brands [Mon, 26 Apr 2021 13:57:49 +0000 (15:57 +0200)]
MDL-71366 core_question: prevent shrinking of input radio
Andrew Nicols [Thu, 1 Jul 2021 03:11:06 +0000 (11:11 +0800)]
Merge branch 'MDL-72010_311' of https://github.com/timhunt/moodle into MOODLE_311_STABLE
Paul Holden [Thu, 24 Jun 2021 18:02:59 +0000 (19:02 +0100)]
MDL-71314 course: add category record snapshot to deletion event.
Andrew Nicols [Thu, 1 Jul 2021 01:53:53 +0000 (09:53 +0800)]
Merge branch 'MDL-68003_311' of https://github.com/timhunt/moodle into MOODLE_311_STABLE
Sara Arjona [Wed, 30 Jun 2021 14:55:38 +0000 (16:55 +0200)]
Merge branch 'MDL-67208-311' of git://github.com/lameze/moodle into MOODLE_311_STABLE
Simey Lameze [Tue, 22 Jun 2021 23:07:47 +0000 (07:07 +0800)]
MDL-71789 calendar: fix subscription url validation
Sara Arjona [Wed, 30 Jun 2021 14:16:12 +0000 (16:16 +0200)]
Merge branch 'MDL-71971-311' of git://github.com/lucaboesch/moodle into MOODLE_311_STABLE
Sara Arjona [Wed, 30 Jun 2021 14:09:35 +0000 (16:09 +0200)]
Merge branch 'MDL-71991_311' of https://github.com/timhunt/moodle into MOODLE_311_STABLE
Tim Hunt [Mon, 28 Jun 2021 20:25:07 +0000 (21:25 +0100)]
MDL-68003 session timeout warning: don't show in iframes
Eloy Lafuente (stronk7) [Tue, 29 Jun 2021 09:39:34 +0000 (11:39 +0200)]
Merge branch 'MDL-71947-311' of https://github.com/bmbrands/moodle into MOODLE_311_STABLE
Sara Arjona [Mon, 28 Jun 2021 09:33:25 +0000 (11:33 +0200)]
Merge branch 'MDL-71777-311' of https://github.com/appalachianstate/moodle into MOODLE_311_STABLE
Fred Woolard [Sun, 30 May 2021 22:32:37 +0000 (18:32 -0400)]
MDL-71777 antivirus: Use hash_from_path (sha1_file)
Luca Bösch [Fri, 18 Jun 2021 11:57:02 +0000 (13:57 +0200)]
MDL-71971 mod_quiz: separate "Repaginate" and "Select multiple items"
Eloy Lafuente (stronk7) [Thu, 24 Jun 2021 21:03:13 +0000 (23:03 +0200)]
weekly release 3.11+
Eloy Lafuente (stronk7) [Thu, 24 Jun 2021 21:03:09 +0000 (23:03 +0200)]
NOBUG: Fixed SVG browser compatibility
Eloy Lafuente (stronk7) [Thu, 24 Jun 2021 21:03:08 +0000 (23:03 +0200)]
Merge branch 'install_311_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_311_STABLE
Tim Hunt [Thu, 24 Jun 2021 10:42:33 +0000 (11:42 +0100)]
MDL-72010 quiz: prevent session timeouts during attempts
Bas Brands [Thu, 24 Jun 2021 10:31:13 +0000 (12:31 +0200)]
MDL-71947 core_quiz: vertical forms for access rule popups
Bas Brands [Thu, 24 Jun 2021 10:16:48 +0000 (12:16 +0200)]
MDL-71947 theme_boost: fix styles for vertical forms
Simey Lameze [Mon, 14 Jun 2021 02:49:37 +0000 (10:49 +0800)]
MDL-67208 calendar: fix manage subscription redirection
This patch fix the subcription page only adding the course parameter
only when viewing the calendar on course context. It also passes the
url to the form instance, so we have the course parameter on the
form action attribute.
Tony Butler [Tue, 15 Jun 2021 17:21:44 +0000 (18:21 +0100)]
MDL-71694 assignfeedback_comments: Behat test for feedback preservation
Including efficiency improvements from https://github.com/davosmith
Tony Butler [Fri, 28 May 2021 09:21:01 +0000 (10:21 +0100)]
MDL-71694 assignfeedback_comments: Fill latest submitted comment data
Otherwise if grading validation fails, any new/updated comments are
lost and replaced with previously saved data (or an empty editor).
Andrew Nicols [Thu, 24 Jun 2021 02:59:57 +0000 (10:59 +0800)]
Merge branch 'MDL-71837-311' of git://github.com/paulholden/moodle into MOODLE_311_STABLE
Andrew Nicols [Thu, 24 Jun 2021 02:56:11 +0000 (10:56 +0800)]
Merge branch 'MDL-55243-311' of git://github.com/HuongNV13/moodle into MOODLE_311_STABLE
Huong Nguyen [Tue, 1 Jun 2021 01:51:40 +0000 (08:51 +0700)]
MDL-55243 files: Make is_valid_image support SVG files
Eloy Lafuente (stronk7) [Wed, 23 Jun 2021 21:35:15 +0000 (23:35 +0200)]
Merge branch 'MDL-71593-311' of git://github.com/ilyatregubov/moodle into MOODLE_311_STABLE
Andrew Nicols [Wed, 23 Jun 2021 06:48:33 +0000 (14:48 +0800)]
MDL-71669 editor_atto: Rebuild editor_atto/events
