Returns a formatted string representation of the difference between two
timestamps, defaulting to 'Xd Xh Xm' format, but supporting custom
format strings containing any chars from:
https://www.php.net/manual/en/dateinterval.format.php.
Within a very large project, it was found that searching for a user with their username in the user table using a case insensitive
search was inefficient. Instead it is proposed that the username input is made to be lowercase prior to executing a database query
as the username for each user in the database must be lowercase. This allows for a case sensitive query to find the user data.
Essentially we are moving a case insensitive search for a user from SQL into PHP to increase performance.
Commit 637da99edb has introduced changes
for removing trailing zeroes from the output of function format_float.
Due to a small omission, the function causes a PHP warning when the
string decsep is set to a tilde character ('~'). This is rarely the
case.
The bug lies in using PHP function preg_replace with a string that
contains external input (in this case, including decsep), but without
escaping it for PCRE processing.
This commit fixes the function to also support a tilde character in
string decsep. It also adds tests for having tilde as decimal separator.
Thanks-To: Jake Dallimore <jake@moodle.com>
* Added email in the list of case-insensitive fields.
* New optional parameter $throwexception for \get_complete_user_data().
If true, an exception will be thrown when there's no matching record
found or when there are multiple records found for the given field
value. If false, it will simply return false.
Defaults to false when not set. This ensures that
get_complete_user_data() fetches the correct user data.
Turn on the forceclean config setting when a user is logged in as a
different user. This is a precautionary measure, which forces all
user submitted content to be cleaned of JavaScript before rendering
it to the logged in as user.
This commit is part of work on Custom fields API,
to minimize commit history in moodle core the work of a team of developers was split
into several commits with different authors but the authorship of individual
lines of code may be different from the commit author.
We were already caching these preferences when a user object is provided
to get_user_preferences, or when $USER is provided.
This changee swaps get_user_preferences to use the global USER object
when the USER->id matches the userid supplied to the function.
We should only call this function when a user actually views a course. It is not called
automatically when a course context is validated from a webservice. It is called directly
from the core_course_view_course webservice.
CSRF protection for the login form. The authenticate_user_login function was
extended to validate the token (in \core\session\manager) but by default it
does not perform the extra validation. Existing uses of this function from
auth plugins and features like "change password" will continue to work without
changes. New config value $CFG->disablelogintoken can bypass this check.
Improve the format of the HTML representing a forum post.
1. Use <article> tag to mark it correctly.
2. Use <time> tag to include the real datetime information.
3. Use <address> tag to specify who and when the post came from.
4. Use heading level tags to mark the subject of each post.
5. Properly nest reply posts within their parent <article>
6. Use a header tab for each article to split the metadata from the content.
7. Use CSS to separate links, not text content.
Because posts are now nested properly, the heading for each one refers to it's own article
and we don't need to generate arbitrary heading level tags depending on how deep the post
is nested.
Whenever the role_capabilities table is changed, we need to remember
to clear the cache for the role(s) being modified. This is far simpler
when all of those changes happen in a single file, i.e. accesslib.php,
allowing other parts of the application to use the public functions
without requiring knowledge of the cache internals.
Thanks to MDL-49398, we can separate the combined user session and role
definition cache clearing function into two separate functions. At the
same time, we want to identify and remove mark_dirty() calls that were
added for role definition changes but were incorrectly left behind.
Change highlights:
- Remove unnecessary mark_dirty() calls performed after
assign_capability(), unassign_capability(), delete_role(),
deleted contexts, brand new contexts
- Move role definition cache clear from the user-centric
accesslib_clear_all_caches() to the newly created,
role-dedicated accesslib_reset_role_cache()
