Curl has the option CURLOPT_UNRESTRICTED_AUTH. If true, curl will send
the credentials to a different host. If false, they will not be sent.
CURLOPT_UNRESTRICTED_AUTH can only work if the CURLOPT_FOLLOWLOCATION
option is true. The filelib forces the CURLOPT_FOLLOWLOCATION option
to be false, because all redirects are emulated at the PHP level. So,
in this case, the CURLOPT_UNRESTRICTED_AUTH option is only being used
in our logic and will not work as you might expect it to.
This patch works almost the same as CURLOPT_UNRESTRICTED_AUTH in ideal
conditions. It will check whether the host is different. If so, the
system will check what value CURLOPT_UNRESTRICTED_AUTH has. If it is
not specified, then by default, it will be false. If false, then
credentials will not be sent.
A more reliable way of obtaining room power levels is now used in the
new trait get_room_power_levels_v3. This makes
get_room_powerlevels_from_sync_v3 less needed, but not necessarily
redundant. The names of the containing methods have been adjusted to
make better sense of which trait they belong to.
On Postgres, at least, get_recordset_sql performs signficantly worse
if you don't pass a limit. So, we add a limit to the query, but one
that in enormously too large, so it should never have an effect.
(And, there is code to check we never hit the limit, to avoid subtle bugs.)
This tests several variations of SEB config files, to ensure Moodle
is able to parse them and generate a config key hash that matches
what SEB expects.
Additional values have been added to the unencrypted_win_233.seb
config file to cover the existence of floating point values,
ensuring they are serialized correctly. The config hash value
has been updated in real_ck_hash_provider to reflect the change.
Also added coverage information to the test case class docblock.
The Open ID Connect plugin uses null for the password,
which makes the internal password update fail to proceed.
Allowing null resolved the problem.
As a note, there is a potential issue if the authentication method has
a false return for the prevent_local_password because it will trigger
the hash_internal_user_password() where the $password can not be null.
Since this only addresses the oauth2 issue, we should ignore it.
This was added in MDL-78916 in 4.3 but makes configuring a generic
launch to the default tool URL impossible, since a content item must be
selected. This fix:
- Makes this element optional again, which allows teachers to choose
whether a given instance launches into selected content, or launches
the default tool URL.
- Changes the style to btn-secondary, given it's now optional again
Filename is no longer required (since 83db25c330), given it never
did anything so can be removed. Requiring the "Private files" block
also isn't necessary since original switch to generator methods.
