213 Commits

Author SHA1 Message Date
Paul Holden
a767e0a78c
MDL-78311 core: fix host parameter type cleaning by IPv4 address. 2024-01-25 23:36:06 +00:00
Andrew Nicols
d937e01550
MDL-80005 core: Move all param validation methods 2024-01-16 22:54:46 +08:00
Andrew Nicols
0d7d5d2e56
MDL-80005 core: Move clean_param and PARAM definitions
Move these into a new enum object which ensures that all content is
together.
2024-01-16 22:53:55 +08:00
Andrew Nicols
0efbc79e5f
MDL-79890 core: Add polyfill for array_keys with filter
This is a Moodle version of a proposed function `array_keys_filter`.

Since this method has not yet been created in upstream PHP, I have
elected to name it with a Moodle prefix as the signature is not known.

In the future, if and when this method is created, we can replace its
content with new method and deprecate it.
2023-11-15 09:14:40 +08:00
Stevani Andolo
dbf83c72c7 MDL-70371 core: Defined password length
1. Modified the password related forms
2. Added a new constant in moodlelib.php called MAX_PASSWORD_CHARACTERS
3. Added a new method in moodlelib.php called exeeds_password_length
4. Updated the upgrade.text
2023-09-07 12:29:10 +08:00
Matt Porritt
1560be7b7e MDL-67774 Authentication: Specify password peppers in config.php
Add a pepper to the users supplied password.
The pepper is stored in CFG and user to add extra security to
the password hash. By effectively breaking the information to
create the hashed password into two and storing it in more
than one place.
2023-09-06 13:47:51 +10:00
Jun Pataleta
2e7b5475a7
Merge branch 'MDL-79017' of https://github.com/paulholden/moodle 2023-08-31 20:32:17 +08:00
Andrew Nicols
fa05f66052
Merge branch 'MDL-74810-master' of https://github.com/junpataleta/moodle 2023-08-29 11:12:35 +08:00
Jun Pataleta
ec90b342da
MDL-74810 core: get_time_interval_string() improvements
* Add parameter to drop zero time units. So a time interval like
  "3d 0h 0s" will be returned as "3d" only.
* Add parameter to display full format for time units. E.g. Instead of
  "3d 2h", it will be returned as "3 days 2 hours"
* Deprecate unused dateintervaldayshoursmins langconfig string.
2023-08-28 16:40:36 +08:00
Matt Porritt
07af783b9a MDL-67390 Authentication: Update password hashing to SHA-512
Replace the bcrypt password hashing algorithm with SHA-512.
Existing bcrypt hashes will be updated to SHA-512 when a user
logs in next. Support for old md5 hashes has been removed.
Any reamining md5 hashes are replaced with SHA-512 hashes
from strong random passwords.
2023-08-25 11:53:54 +10:00
Paul Holden
ae57526ed0
MDL-79017 core: re-factor method to unserialize array.
We can use the existing helper for object unserialization as the
base for this method, rather than manual string parsing.
2023-08-21 20:29:36 +01:00
Ilya Tregubov
d7461c9eff
Merge branch 'master_MDL-78698' of https://github.com/mattporritt/moodle 2023-08-17 09:13:18 +02:00
raortegar
058b830b07
MDL-74289 lib: Improve the proxy bypass matching 2023-08-10 18:31:44 +07:00
Matt Porritt
2772b2b9dc MDL-78698 Libraries: Deprecate random_bytes_emulate function
Since PHP 7.0 the random_bytes() is nativley available and Moodle
LMS requires greater than PHP 7, the native PHP funciton can be
used exclusively. Deprecating random_bytes_emulate.
2023-08-08 12:35:00 +10:00
Petr Skoda
48df84a4a3 MDL-78525 core: fix word and character counting 2023-07-14 08:44:41 +02:00
Paul Holden
c88d6ad8c3
MDL-70187 user: final removal of deprecated 39/311 methods. 2023-06-09 12:02:45 +01:00
Andrew Nicols
ce6658d2c8
MDL-76838 core: Add unit test for invalid unicode sequences 2023-06-08 11:59:10 +08:00
Marina Glancy
8fc1486d36 MDL-77164 various: fix incorrect phpdocs 2023-04-13 11:35:06 +01:00
Andrew Nicols
1e1b1144c7 Merge branch 'master' of https://github.com/fcbsd/moodle 2023-03-09 10:28:22 +08:00
Mathew May
e5ca7766e7 MDL-52805 core: Remove legacy log calls 2023-03-07 13:08:46 +08:00
fcbsd
e2d138f250 MDL-77365 count_words: Make span> an inline tag 2023-03-06 10:59:44 +00:00
Meirza
b77041ff28 MDL-77207 core: PHP 8.2 makes exported class name fully qualified. 2023-02-11 16:12:37 +07:00
Paul Holden
652b2e496a MDL-76235 core: compare email diversion exceptions case-insensitively.
Co-authored-by: Jan Kristoffer Roth <roth@dhbw-mosbach.de>
2022-12-09 11:19:18 +00:00
Paul Holden
c4c823c20e MDL-75889 core: compare domain names in a case-insensitive manner.
As per https://www.rfc-editor.org/rfc/rfc1035#section-3.1
2022-11-07 22:37:15 +00:00
Andrew Nicols
346db7e294 MDL-75200 core: Whitespace fix 2022-09-28 12:44:57 +08:00
Andrew Nicols
461fb1b6f6 Merge branch 'MDL-75200-master' of https://github.com/marinaglancy/moodle 2022-09-28 12:35:42 +08:00
sam marshall
81b4f04fb3 MDL-74960 core\lock: Performance info - display lock performance
Show performance information about locks (time taken to acquire lock,
time lock is held for) in the 'perfinfo' display.

Also show existing information (that was already calculated but not
shown before) about the session lock, which is not a 'core\lock' type
lock, but the information is similarly useful.
2022-09-26 11:24:10 +01:00
Marina Glancy
c2e18d7912 MDL-75200 core: function clean_param should work with null - php 8.1 2022-09-16 13:30:21 +02:00
Eloy Lafuente (stronk7)
81f05b3239 MDL-75716 phpunit: Move tests to use correct names and ns (take#5)
Applied the following changes to various testcase classes:

- Namespaced with component[\level2-API]
- Moved to level2-API subdirectory when required.
- Fixed incorrect use statements with leading backslash.
- Remove file phpdoc block
- Remove MOODLE_INTERNAL if not needed.
- Changed code to point to global scope when needed.
- Fix some relative paths and comments here and there.
- All them passing individually.
- Complete runs passing too.

Special mention to:

- In lib/tests/blocklib_test.php 2 helper classes have been
  moved to tests/fixtures, because they needed to be namespace-free.
2022-09-12 19:29:34 +02:00
Petr Skoda
5ed64ce150 MDL-75237 core: Revert MDL-72029
This reverts commit d585f902fc2bc4f04ac2b097aa9bfde8a71f8fba.
2022-08-12 04:14:18 +02:00
Huong Nguyen
d585f902fc MDL-72029 lib: Prevent path traversal for clean_param with PARAM_SAFEPATH 2022-07-06 05:24:15 +02:00
Paul Holden
d91df53d63 MDL-74408 core: exclude empty patterns in divert email config. 2022-06-09 09:39:17 +01:00
Tim Hunt
d76a072636 MDL-74270 format_float: fix bug with $decimalpoints=0, $stripzeros=true 2022-03-18 22:12:38 +00:00
Sara Arjona
5349861e69 MDL-73233 admin: Add enabledashboard setting
The $CFG->enabledashboard setting has been added to Appearance >
Navigation, to let admins disable the "Dashboard" option from the
primary navigation.

This commit also changes the behaviour of get_home_page(), to take
into account this setting and adds a new method, get_default_home_page(),
to return the expected default home page (that wil be used when current
default page is not defined or valid).
2022-03-16 11:22:22 +01:00
Eloy Lafuente (stronk7)
43280530b6 MDL-73716 phpunit: remove old simpletest static members
And replace them by phpunit @covers annotations including
all the classes declared or extended in the removed members.

It's not awesome coverage, but better than nothing.
2022-02-07 10:42:17 +01:00
Paul Holden
e22fded5fe MDL-70823 core: safer alternative for unserializing objects. 2021-11-03 16:57:06 +01:00
sam marshall
e332d1849d MDL-72643 core: Improve display_size
Allows display_size to use a fixed unit for easy comparison of
multiple results, and fixed decimal places for the same reason.

Improves behaviour by using consistent decimal places and a
consistent space before the unit (the previous one only has a space
before 'bytes', not before 'KB').

Of existing uses, all the ones that displayed a 'maxbytes' type
configuration setting (which are likely to have an 'exact' size
and would be better shown as 512 KB rather than 512.0 KB) have been
changed to use 0 decimal places, to preserve previous behaviour.
All the uses which were showing an actual file or memory size have
been left as default (1 decimal place).
2021-09-27 16:52:33 +01:00
Andrew Nicols
053b0462fd MDL-70990 core: Ignore amd directory in plugin-like lists
The `get_list_of_plugins()` function is used to fetch plugin-like files
or directories from a specified directory. A number of standard
exclusions are included but this list is not the same as the list in
`core_component`.

The list has been updated to include the `amd` directory, which is
regularly used in both components, and plugins.
2021-05-24 08:47:09 +08:00
Marina Glancy
b46badb130 MDL-70926 core: getuserdate() shoud show debugging if null was passed
passing null to getdate() has different results in PHP7 and PHP8
2021-05-06 19:55:32 +02:00
Marina Glancy
263c39ba21 MDL-71389 various: changes to unittests due to php8 changes:
- some engine error messages changed
- some warning levels changed
- the carriage return symbol randomly appears
- one phpunit assertion fails and not really representative of anything
2021-04-21 12:38:46 +02:00
sam marshall
5e72715e4f MDL-71099 Lib: Move new user_fields class from core to core_user
This class would belong more appropriately within the 'user' API
(core_user) instead of within the 'core' API, since it is
directly related to user data.

Since the class has only just been added to Moodle, now is a good
time to move it.
2021-03-25 13:47:23 +00:00
Adrian Greeve
089afdfceb Merge branch 'MDL-71048' of https://github.com/paulholden/moodle 2021-03-18 11:11:46 +08:00
Eloy Lafuente (stronk7)
713722c3fb MDL-71036 phpunit: Coding style changes, 99% whitespace only
I've gone over a few of the mofified files (those
which were showing warnings and errors to CiBoT. Some of them
have been fixed completely, while others only have fixed
for the lines belonging to this issue (lib/tests/moodlelib_test.php)
for example.
2021-03-11 23:04:32 +01:00
Eloy Lafuente (stronk7)
5f755ac26e MDL-71036 phpunit: Deprecated expectException for notice/warning/error
In PHP 9.1, the use of expectException(PHPUnit\Framework\Error\*) has
been deprecated, that is, when a Notice/Warning/Error/Deprecated
problem is reported. Instead, these new assertions must be used:

- expectDeprecation() for E_DEPRECATED and E_USER_DEPRECATED
- expectNotice() for E_NOTICE, E_USER_NOTICE, and E_STRICT
- expectWarning() for E_WARNING and E_USER_WARNING
- expectError() for everything else

More info:

https://github.com/sebastianbergmann/phpunit/blob/9.0.0/ChangeLog-9.0.md
https://github.com/sebastianbergmann/phpunit/issues/3775

Regexp to find all them:

ag 'expectException.*(Notice|Warning|Error|Deprecated)
2021-03-11 19:22:24 +01:00
Eloy Lafuente (stronk7)
ba5b6089d5 MDL-71036 phpunit: Renamed various regexp-related assertions
In PHPUnit 9.1, the following regexp-related assertions
have been deprecated and there are new alternatives for
all them:
    - assertRegExp()     -> assertMatchesRegularExpression()
    - assertNotRegExp()  -> assertDoesNotMatchRegularExpression()

This is about to, simply, move all cases to the new alternatives.

Source: https://github.com/sebastianbergmann/phpunit/blob/9.1.0/ChangeLog-9.1.md

Regexp to find all them:

    ag 'assertRegExp|assertNotRegExp' -li
2021-03-11 19:22:24 +01:00
Eloy Lafuente (stronk7)
9c07520969 Merge branch 'MDL-70891-master' of git://github.com/marinaglancy/moodle 2021-03-10 23:39:44 +01:00
sam marshall
558cc1b85e MDL-45242 Lib: Replace calls to deprecated functions
In all cases changes have been kept to a minimum while not making
the code completely horrible. For example, there are many instances
where it would probably be better to rewrite a query entirely, but
I have not done that (in order to reduce the risk of changes).
2021-03-10 10:57:10 +00:00
sam marshall
60a1b159aa MDL-45242 Lib: Deprecate field-related library functions 2021-03-08 09:20:18 +00:00
Paul Holden
c21b4b7ff5 MDL-71048 lang: fix null equality check of lang string args. 2021-03-04 17:59:54 +00:00
Marina Glancy
9e89652461 MDL-70891 core: fix the lang_string::__set_state()
The function must be static and actually has to do what it is supposed to. It also breaks PHP 8.0
2021-02-21 22:07:18 +01:00