* Create template for the language import page.
* Apply Bootstrap classes to form elements.
* Use core notifications for displaying error/success messages.
The following pages are using the "mydashboard" page layout:
* User preferences > Badges > Manage badges
* User preferences > Badges > Backpack settings
* User preferences > Repositories > Manage instances
* Private files
However, the "mydashboard" page layout should only be used for the user's
dashboard page. Changing these to use the "standard" page layout.
When adding media via drag and drop, the notifyFilterContentUpdated
event should be called after the item is added to the DOM. This allows
things like videojs for example, to process the new content.
If a course contains an ungraded quiz (max grade set to 0), and there
is a user account which can view the grader reports but does not have
permission to view hidden grades, they will get errors.
In getValidationScript function variable $element can be an array or object.
Function attempt get non-existing attributes.
To avoid this we should check before accessing.
The PARAM_TEXT has been misused in certain cases here. The 'action'
parameter seems to always be alphabetic, with values like
savesubmission, editsubmission and others as handled in assign::view().
Fixing the action handling fixes the reported XSS issue. While working
on it, I spotted two more places where PARAM_TEXT does not seem
appropriate. I include changes for them too, even if they are no
strictly related to the reported bug and there are no known ways to
abuse it.
* The 'plugin' looks like PARAM_PLUGIN and is even declared as such in
some other parts of the assignment code (such as feedback forms).
* The 'workflowstate' is one of the ASSIGN_MARKING_WORKFLOW_STATE
constants and is supposed to be alpha in external function input
parameters handling, too.
noreplyaddress should be a valid address, else
it will not be saved. For behat we don't send
email, so set it to noreply@example.com, to
avoid failing validation on localhost
