This allows for better caching capabilities on servers. If a
cache key is passed and the web service call does not require
the user to be logged in we will attempt to use GET for the
request. This allows for things like proxy caching on URLs.
The cache key must be changed if we do not want to retrieve
what has been cached and want to perform the request again.
dirname() is a slow function compared with __DIR__ and using
'/../'. Moodle has a large number of legacy files that are included
each time a page loads and is not able to use an autoloader as it is
functional code. This allows those required includes to perform as
best as possible in this situation.
This also clarified that developers can decide to force filters
to be ignored when using external_format_text, though they cannot
force filters to be turned on as the clients should be able to
opt-out from filtering should they want to.
Fix:
$PAGE->context must be reset when calling validate_context
Improve:
Provide wrapper for calling an external function
The wrapper correctly checks the function parameters and return type against
the description of the external function, and stores the PAGE and COURSE global
state variables, restoring them before the function returns.
Fix: buggy unit tests.
These tests are expecting debugging from a bug that was fixed, and calling web
service functions with no user or session.
Now the db/service.php array can contain these extra keys to provide information
on how a webservice may be called:
'ajax' => true (Default is false)
Replaces the xx_is_allowed_from_ajax callback.
'loginrequired' => false (Default is true)
Means that this webservice can be called through lib/ajax/service-nosession.php
which sets NO_MOODLE_COOKIES to true (faster). This is only safe for webservices returning
static public data (e.g. get_string).
Some webservice functions need to be available without a login, e.g.
fetching strings and templates.
External functions must call validate_context if they require a valid login etc.
Added a new parameter to services.php: "loginrequired". Default is true.
This needs to be done before we can expose any webservices that
change state, or return private info to ajax (to prevent CSRF).
Currently there are no webservices exposed to ajax that meet these
criteria - so this issue is to prevent future security issues.
This reverts commit 6601690202764d786a5ee4b7bbd9afb5b91dd0ec.
This commit was adding the 'returnurl' param unnecessarily to the
course links in the navigation block, causing a lot of long URLs
to be created.
This patch improves usability of enrolment page in case of course is not
enrollable. 'Continue' button now returns student to referring page instead of
main moodle page (as it used to be). To make this improvement, passing correct
returnurl parameter to enrol/index.php page was implemented for links that may
be accessible for not-enrolled students.
This is a new script that can call any function in the built-in AJAX webservice. This is
a new system service that is added at install time (like the mobile webservice). It has no
protocols added to it, but it accessible by a new ajax script /lib/ajax/service.php.
Requests and responses to the script are required to be in json format, and multiple functions can
be called in a single request.
We need to be able to capture output when including contributed code as it
may add additional content which makes makes the json we output invalid.
We only warn of these errors if the site is in debugdeveloper, otherwise
we silently drop them.
Previously, any inappropriate whitespace found whilst building the admin
tree caused a JSON error and for the site administration tree retrieval to
fail.
This change ensures that access to the site administration tree is unbroken
for non-developers, whilst still alerting developers that there is an
issue.
* core_useragent: Introduce is_vendor methods to improve readability
when we are just detecting if a browser is from a vendor, rather than
the exact version
* Remove uncessary browser version checks when we are just detecting
vendors - this makes the intention of our sniffing clearer.
* Remove sniffing for browsers which we do not support, grades/ajax/tinymce
all support modern browsers so there is no need to sniff for them.
This commit moves user agent related functionality out of several
core libraries and combines it into a more manageable class.
All core uses are converted and functions deprecated in favor
of the new class.
This reverts commit af62237d0e6e27df868d50848f7098f57c103f86.
This reverts commit 87a4194fdcd322d4aee5a6207b55a8da0864da94.
This reverts commit b2c66eb60c01805f26cc791966f05be52af7b406.
Conflicts:
version.php
This commit moves user agent related functionality out of several
core libraries and combines it into a more manageable class.
All core uses are converted and functions deprecated in favor
of the new class.
The central "content" region on My Home / user profile pages also needs to
be initialised in lib/ajax/blocks.php in order to allow blocks to be
dropped into that region successfully. Some tweaks were also necessary in
order to correct the "content" region's structure in order for drag-drop
to function on this region on these pages.
Non-standard block regions (including the central "content" region
used by My Home and user profile pages) were causing the temporary empty
block region used as a drop target to sometimes appear in the wrong place.
The call to init_requirements_data (which includes the block drag-drop JS)
happens at a late enough stage in page generation that we can simply
pass the context ID through to the JS, so that it can be sent as part of
the AJAX request. This prevents lib/ajax/blocks.php from having to try
to guess the context from the other bits of information it receives, so
block drag-drop should now work everywhere without issues.
Other than shifting the initialisation from course/lib.php to
lib/outputrequirementslib.php, some workarounds/tweaks were required
in order to make it work correctly on admin pages and My Home.