In some places we prevented cache poisoning, in others we did not. We
also did not place any restriction on the minimum value for a revision.
This change introduces a new set of functions for configonly endpoints
which validates the revision numbers passed in. If the revision is
either too old, or too new, it is rejected and the file content is not
cached. The content is still served, but caching headers are not sent,
and any local storage caching is prevented.
The current time is used as the maximum version, with 60 seconds added
to allow for any clock skew between cluster nodes. Previously some
locations used one hour, but there should never be such a large clock
skew on a correctly configured system.
Co-authored-by: Andrew Nicols <andrew@nicols.co.uk>
The short name of the cc licenses are trailed with a suffix containing
the version number (current 3.0 and 4.0). The old cc* licenses become
the new cc-*-3.0 licenses and are disables, because the new cc*-4.0
licenses are the current ones.
This is a backport of MDL-43195.
This covers the 2 new functions with unit tests:
- xhprof_topo_sort()
- reduce_run_data()
Note that the example graph used in the provider is the
one shown in the issue to explain the reduction procedure.
The external test file URL concerns itself only with HTTP_USER_AGENT
matching, not sending response headers, which can differ according to
HTTP protocol in use by the endpoint (1.1 vs 2).
Given the returned response code itself is irrelevant to the testcase,
there's not much benefit to asserting it and risking random failures.
The above syntax is defined as supported by the class, for example the
format '5/10' means:
"At every 10th <unit> from 5 through <max>."
It is analogous to '5-<max>/10'.
Instead of doing an exact checking of the page title in
\behat_hooks::before_step(), do a more lenient check by checking that
the page title contains the acceptance test's site name.
Read-only forms do not belong to a <form> element, so we can't refer
to that. Instead find the `.mform` element (which exists for regular
and read-only forms).
By using a more explicit selector for matching containers we avoid
previous problems such as incorrect count, and collapsing of elements
that had the same class name.
The problem is that HTML Purifier is not compatible with Markdown,
that means we cannot sanitise Markdown texts before editing.
Luckily Markdown has to use plain text editor which does not have
XSS problems.
The only tiny downside is that Markdown cannot be allowed
in "trust text" areas any more.
This commit also does other things such as:
- Replace manual steps to setup gradebook by data generators
- Added support for outcomes and scales page resolvers
- Behat clean up
The current I am on course homepage with editing mode loads twice the
course page. This patch prevents this from happening by going directly
to editmode.php.
Add a new method for activity_header that determines the heading level
depending on whether the theme displays a heading for the activity
header (usually a h2 heading with the activity name).
E.g. in Boost, the activity name is already being displayed in a
heading. So page headings can be rendered as h2. However, on Classic,
the activity name is being displayed as a h2 heading. So headings need
to be adjusted for the activity pages.
