Add a help text explaining that the URL resource's name field will be
used for the link text. Also add basic guidelines about naming links for
the benefit of screen reader users.
LTI 1.1 uses OAuth 1.0, which requires 'hostname', among other things,
as part of signature verification. When Moodle is run behind a reverse
proxy, $_SERVER['SERVER_NAME'] is an unreliable way to fetch hostname.
It isn't always equal to the external hostname but instead can contain
the local host, meaning the signature verification will fail. This
change replaces the use of $_SERVER vars with $FULLME - which already
takes this into account - to fix the signature verification.
Co-authored-by: Berengar W. Lehr <Berengar.Lehr@uni-jena.de>
It turns out that there are plugins which don't (currently)
clean up their question attempts when a context is deleted.
Therefore, we need to make Moodle core robust to that.
This covers the case where a course is published and the launch data
doesn't include the 'lineitem' property of the ags claim, meaning the
tool can manage its own line items.
With courselistshortnames enabled Moodle 3.11 and earlier showed
"Category | Short name" on the first line of course cards (for example
in block_myoverview). From Moodle 4.0 the category is moved to the last
line making the first line "Short name |". This change removes that
stray "|".
* Process markdown and other allowed formats (see FORMAT_XXX) in get_label_name
so it does not display it as a litteral string in the course index menu.
This handles things like site policies, which store the current URL,
redirect to the policy agreement, then redirect back the current URL
afterwards. In such cases, we want to redirect back with 'launchid' set
so that we can fetch the id_token from the session cache. This is the
same thing we already do during account binding, so the patch only
makes sure the PAGE->url is properly set before calling require_login.
This is a backport from MDL-77842.
In MDL-77086 some extra information was added when a badge can't be
sent to a backpack. However, as the Badgr is not following the
specification, it's still hard to debug it when it fails (as
raised in MDL-75552, Badgr is not working because, in some cases,
it's returning the "Method Not Allowed / Request method 'POST'
not supported" error.
