This was always bad, but since we only used it to verify the existence
of the param, and let library code take $_REQUEST for the real
validation, it was ok. Now, since we're redirecting to self during
necessary cookie checks added by MDL-80835, we lose the real value
originally stored in $_REQUEST. This patch just fixes the param type,
setting it to raw, which is what it should have used originally. The
raw value won't be cast from a string to an int as part of the
require_param call, so the value won't be lost any more.
To be integrated as part of MDL-81266
When running PHPUnit 9.6 we get the following deprecation warnings:
"assertObjectNotHasAttribute() is deprecated and will be removed in PHPUnit
10. Refactor your test to use assertObjectNotHasProperty() instead."
So we replace all instances of assertObjectNotHasAttribute with
assertObjectNotHasProperty.
PHPUnit justifies the change with:
> PHPUnit currently refers to "fields" (see above) as "attributes". This
> is (or will become) confusing considering the introduction of
> attributes in PHP 8 and their support in PHPUnit. PHPUnit will be
> changed to use the term "property" instead of "attribute" where "field"
> is meant.
Signed-off-by: Daniel Ziegenberg <daniel@ziegenberg.at>
Adds the property that is required by Chrome to opt-in to its 3rd party
cookie partitioning solution, CHIPS. This specific change ensures the
'state' cookie, used in the OIDC handshake, has partitioning support.
This cookie can be partitioned unconditionally, since it's a cookie
controlled by the library and one we don't expect to be set without
partitioning elsewhere.
Adds the property that is required by Chrome to opt-in to its 3rd party
cookie partitioning solution, CHIPS. This specific change deals with the
cookie that is set when the user is not yet auth'd with the site and is
necessary to facilitate OIDC nonce retrieval and validation.
The default implementation, previously included with the library, is no
longer shipped there. Clients must provide their own implementation of
the ICookie interface instead.
This has been generated running the following Sniffs, all
them part of the Moodle's CodeSniffer standard:
- PSR12.Functions.ReturnTypeDeclaration
- PSR12.Functions.NullableTypeDeclaration
- moodle.Methods.MethodDeclarationSpacing
- Squiz.Whitespace.ScopeKeywordSpacing
All them are, exclusively, about correct spacing, so the changes
are, all them, only white space changes.
Only exceptions to the above are 3 changes what were setting the
return type in a new line, and, when that happens, the closing
parenthesis (bracket) has to go to the same line than the colon.
The $CFG->svgicons setting was introduced in Moodle 2.4 due to incomplete
SVG support in certain web browsers.
The landscape has evolved significantly since then, and all modern browsers
now handle SVG files correctly.
The $CFG->svgicons settings has been removed and the supports_svg() method
has been updated with currently supported browsers (IE support was removed
in Moodle 3.10).
This covers the case where a course is published and the launch data
doesn't include the 'lineitem' property of the ags claim, meaning the
tool can manage its own line items.
This handles things like site policies, which store the current URL,
redirect to the policy agreement, then redirect back the current URL
afterwards. In such cases, we want to redirect back with 'launchid' set
so that we can fetch the id_token from the session cache. This is the
same thing we already do during account binding, so the patch only
makes sure the PAGE->url is properly set before calling require_login.
If an activity, like workshop or forum, has multiple grade items,
declarative binding of the grade item (line item) isn't supported.
Instead of throwing an exception, handle the case more elegantly
and just omit the 'add to gradebook' option for these activities.
Only call user_update_user when the relevant user data has changed,
preventing unnecessary user_updated events. This also removes the
line setting timemodified on the user since user_update_user already
handles this.
In PHP 8.2 and later, setting a value to an undeclared class property is
deprecated and emits a deprecation notice.
So we need to add missing class properties that still need to be declared.
If the enrolment instance (the 'published resource') has been upgraded
from LTI 1.1/2.0 to LTI 1.3 (i.e. a new instance was not created),
prevent legacy launches which may occur from old resource links. Only
LTI Advantage launches should be permitted through the method.
If the enrolment method is updated from an LTI 1.1/2.0 tool to an LTI
1.3 tool, it may have associated enrol_lti_users records not having
ltideploymentid values. These are legacy users and must not be returned
by the repository, which deals only with LTI 1.3 LTI users.
