Generated tokens should only read once.
Therefore removing the token column at the table view of the manage tokens page and the user's page.
The token should not be able to search.
Default value of the $flag argument changed in PHP 8.1 from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE
To ensure consistent behavior across different PHP version the second parameter is now required for the functions:
htmlspecialchars(), htmlentities(), htmlspecialchars_decode(), html_entity_decode() and get_html_translation_table()
It has been detected that there are various uses of the plugins
breaking the inter-communication principles, with core_webservice
implementing functionality plugin-dependent that should belong
to the plugins.
Because of that, https://tracker.moodle.org/browse/MDL-76078 has
been created and we have added some TODO/@todo comments in core
pointing to that issue, for further analysis and fixes there.
This change removes references in code and comments to a few
deprecated functions that were accidentally missed in the larger
change.
The code changes only affect service_users.php. I made it support
custom user profile fields in this query, because it was easy
enough, rather than adding another TODO to fix later.
No need to have a dedicated admin_setting_managewebservicetokens admin
setting subclass, and yet do not use almost any of its features. So the
patch merges the list and the forms handling into a single external
page.
Similarly, it feels like overkill to have a renderer method for a
simple confirmation widget - especially given that the URLs were
hard-coded in it. So that one was dropped.
The patch improves the display of the missing capabilities on the Manage
tokens page and the Select authorised users page. The list of
capabilities is rendered in a collapsible area and does not occupy too
much space by default.
Additionally on the later page, the patch improves the display of the
list of existing authorised users so that it respects the configured
identity fields.
Some webservice functions need to be available without a login, e.g.
fetching strings and templates.
External functions must call validate_context if they require a valid login etc.
Added a new parameter to services.php: "loginrequired". Default is true.
This is a new script that can call any function in the built-in AJAX webservice. This is
a new system service that is added at install time (like the mobile webservice). It has no
protocols added to it, but it accessible by a new ajax script /lib/ajax/service.php.
Requests and responses to the script are required to be in json format, and multiple functions can
be called in a single request.
Also:
- We don't allow users to add deprecated functions to WS
- We show a debugging message when deprecated functions
are already being used in web services.
VALUE_REQUIRED - if the parameter is not supplied, there is an error
VALUE_OPTIONAL - if the parameter is not supplied, then the param has no value
VALUE_DEFAULT - if the parameter is not supplied, then the default value is used
(quick fix on default null value)
VALUE_REQUIRED - if the parameter is not supplied, there is an error
VALUE_OPTIONAL - if the parameter is not supplied, then the param has no value
VALUE_DEFAULT - if the parameter is not supplied, then the default value is used
