This patch removes the UI setting (cookiehttponly) for HTTP only
cookies. For new installs HTTP only cookies will default to on.
For existing sites teh behaviour will stay as set.
The behaviour can be overriden in config.php
Create a new subsystem for communication and create
associated experimental settings to safely use the
new subsystem.
Originally implemented as MDL-76699.
Co-Authored-By: Huong Nguyen <huongnv13@gmail.com>
Some extra options have been added to the activitychoosertabmode setting, to let
admins decide when to display the Recommended tab.
Apart from that, one of these values have be set as default value for this setting,
as suggested by the UX/PX teams. So the Starter and Full presets have been updated
too with the new values.
A new developer setting that adds comments in the page HTML specifying
which template is used to render each part of the page. It can be set
form the site admin development tab and it is stored
as $CFG->debugtemplateinfo.
I have opted not to go through any deprecation process for this as there
is not really much we can do about it anyway. There is no loss of
functionality - just a change of where things are served from.
The Yahoo! CDN was only used for http connections as it did not
officially support SSL, and it is not guaranteed to continue existing in
the future since YUI has been deprecated for a number of years now.
Default value of the $flag argument changed in PHP 8.1 from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE
To ensure consistent behavior across different PHP version the second parameter is now required for the functions:
htmlspecialchars(), htmlentities(), htmlspecialchars_decode(), html_entity_decode() and get_html_translation_table()
This partially reverts MDL-73270, where some useful environmental
checks and notifications in the admin UI were added to inform
about different parts of Moodle relying on the "unsupported"
php-xmlrpc extension.
Since then, some changes have happened in core, only available
for Moodle 4.1 and up (see the MDL-70889 mini-epic). Namely:
- MNet (SSO, roaming, auth, enrol and Mahara portfolio) are not
using the php-xmlrpc extension anymore, but a pure php library.
- The xmlrpc webservices protocol, has been move from core to
the plugins directory, although it continues using the php-xmlrpc
extension.
Because of that here we are removing all the checks and notifications
related with MNet (not using the extension anymore), but keeping the
webservice plugin ones (still using the extension). Surely if some day the
protocol stops using the extension, we'll be able to remove the
corresponding checks too. But that's future.
Note the associated lang strings have been also removed (not deprecated)
because they were highly specific and hardly reusable:
- xmlrpcmaharaenabled
- xmlrpcmnetauthenticationenabled
- xmlrpcmnetenabled
And very same applies, because MNet doesn't contain anything deprecated
or not supported anymore, hence, straight deletion, to the function:
- mnet_get_deprecation_notice()
Also, related tests using any of the removed stuff above have been deleted.
In the other side, the "check_xmlrpc_usage" continues existing and
being used both by environment checks and admin notifications but,
as commented above, now it only looks for the xmlrpc webservice
protocol now.
This allows admins to configure whether contact site support is
available to everyone, authenticated users, or nobody.
The behat testing checks linked and direct access for each setting,
as well as adding testing that the support page override works as
expected.
The admin preset tool shouldn't export badge/calendar salt configuration
unless explicitely asked for as changing these values on another site
can be potentially destructive.
The $CFG->enabledashboard setting has been added to Appearance >
Navigation, to let admins disable the "Dashboard" option from the
primary navigation.
This commit also changes the behaviour of get_home_page(), to take
into account this setting and adds a new method, get_default_home_page(),
to return the expected default home page (that wil be used when current
default page is not defined or valid).
