For historical reasons repositories need to call add_file_to_pool
to sync file records. However now that a before_file_created hook
has been added additional information is needed by add_file_to_pool.
Ideally add_file_to_pool and friends will become private/protected,
so we need to remove all uses of it in core.
This patch adds some new methods to the file class to allow syncing
to be managed internally by the file and the file_storage class.
This introduces a new "controlled link" file type where the file is not
stored in Moodle - but Moodle will control the access permissions on the file.
Plugins can "freeze" a filearea which means Moodle will take ownership of all the remote
files of this type.
When accessing a file, if the "filebrowser" infomation indicates the current user can write to the file, they
will be granted temporary write access.
Part of MDL-58220
This change moves all operations which deal with the fetching/updating, or
setting of files from the file_storage class into a new file_system class.
A new file_system can be specified in the config.php and used to replace
all relevant methods in order to move the file system component to an
alternative solution.
Repositories can now override usespost() if they don't upload using POST
requests. This restores the ability of users with
moodle/course:ignorefilesizelimits to upload files of unlimited size
lost in MDL-44626.
Changing the error message that is displayed to users when they
upload a file that is greater than the maximum upload size. Does not
include all upload cases; focuses on those most used by students.
This patch moves existing scanning functionality to plugin level. It does
not add anything new, just refactors the existing functionality.
AMOS BEGIN
MOV [clamemailsubject,core],[emailsubject,antivirus]
MOV [clamfailed,core],[clamfailed,antivirus_clamav]
MOV [clamlost,core],[invalidpathtoclam,antivirus_clamav]
MOV [clamunknownerror,core],[unknownerror,antivirus_clamav]
MOV [virusfounduser,core],[virusfounduser,antivirus]
AMOS END
The repository API defaults has a function, prepare_file, which is
responsible for creating a unique file to be used during the current
request.
This is usually used in the repository's get_file() function to store the
file before it is used elsewhere in the API to save the file to the
filestorage API.
It is also sometimes used to temporarily store credentials for the lifetime
of the session.
In all cases, this file is only expected to exist for the duration of the
session.
Switching to use of a per-request directory using make_request_directory()
ensures that the tempdir does not grow without control.
This commit also adds an upgrade step to remove all old temp directories
created by any repository currently installed.
Function repository::get_moodle_file() should always be called on packed reference and not on the source received from user.
Also added phpdocs to some other methods that were confusing source and reference
Too many functions, too different parameters, unnecessary DB queries.
All repositories developed for Moodle 2.3-2.5 will continue to work.
Also get rid of DB field files_reference.lifetime, it is not used by
anybody except repository itself.
List of changes:
* New OOP API using PHP namespace \core\session\.
* All handlers now update the sessions table consistently.
* Experimental DB session support in Oracle.
* Full support for session file handler (filesystem locking required).
* New option for alternative session directory.
* Official memcached session handler support.
* Workaround for memcached version with non-functional gc.
* Improved security - forced session id regeneration.
* Improved compatibility with recent PHP releases.
* Fixed borked CSS during install in debug mode.
* Switched to file based sessions in new installs.
* DB session setting disappears if DB does not support sessions.
* DB session setting disappears if session handler specified in config.php.
* Fast purging of sessions used in request only.
* No legacy distinction - file, database and memcached support the same functionality.
* Session handler name included in performance info.
* Fixed user_loggedin and user_loggedout event triggering.
* Other minor bugfixing and improvements.
* Fixed database session segfault if MUC disposed before $DB.
Limitations:
* Session access time is now updated right after session start.
* Support for $CFG->sessionlockloggedinonly was removed.
* First request does not update userid in sessions table.
* The timeouts may break badly if server hosting forces PHP.ini session settings.
* The session GC is a lot slower, we do not rely on external session timeouts.
* There cannot be any hooks triggered at the session write time.
* File and memcached handlers do not support session lock acquire timeouts.
* Some low level PHP session functions can not be used directly in Moodle code.
Previously, even when a specific setting had to be returned, this method
would return an empty array. Now, the behaviour is the same whether
some options or none are set: if the requested setting is not found
null is returned.
