- If we want to check fields 'numsections' or 'hiddensections' call course_get_format()->get_format_options()
- We still use extended course object in course/edit.php, update_course(), create_course(), and inside course formats
- Fields added to format_legacy as default course format options;
- Upgrade script copies fields values from table course to course_format_options;
- Fields removed from table course;
- Fields removed from edit course form;
- Since front-page course has a 'numsections' setting, format_site defines it as it's option;
- Removed accessing those fields in core code unless we know that format supports them and in this
case instead of $course = $DB->get_record('course'); we use:
$course = course_get_format($courseorid)->get_course(); This way all format-specific options
are added to the $course object
Includes:
* constants refactoring
* reworked db table init
* support for $CFG->debug = -1
* functional DB tests
* fixed $DB->get_indexes() to not throw exceptions when table does not exist
* fix handling of user passwords in test db
* add debug info to exception messages
* removed unnecessary PHP debug errors from mathslib
* fixed @error suppression in get_string
* fixed PHPUnit error handler setup
* added timezone info to default install
This "feature" was used to partially eliminate XSS attacks on vulnerable code. Developers MUST use clean_text() on HTML text fragments only, it can not be used on random html tag attributes.
This change may simplify a bit exploiting of vulnerable code, but every XSS cheat sheet contains information how to work around this outdated anti-XSS measure.
Please note this change fixes many problems with valid uses of language= or onXXXXX= such as in urls, tex, code samples, etc.
incorrect PAGE init - it should be done at the very end; redirect() should not use OUTPUT before PAGE init; SITEID should be deprecated in favour of $SITE->id (this is going to cause troubles in tenant switching in CLI, cron and tests); missing "global $SITE"'; minor coding style issues; PHPDocs; it also helps with merging/testing of multitenant patch
The new HTMLPurifier finally caches the schema properly eliminating both extra CPU cycles and disk writes. The repeated dir exists tests might cause problems on NFS shares.
