Fixes bug where the resource module loads metadata for all files while
building course modinfo, even though it only needs the first file.
(This causes problems if you have ~10k files.)
* Create template for the language import page.
* Apply Bootstrap classes to form elements.
* Use core notifications for displaying error/success messages.
The following pages are using the "mydashboard" page layout:
* User preferences > Badges > Manage badges
* User preferences > Badges > Backpack settings
* User preferences > Repositories > Manage instances
* Private files
However, the "mydashboard" page layout should only be used for the user's
dashboard page. Changing these to use the "standard" page layout.
When adding media via drag and drop, the notifyFilterContentUpdated
event should be called after the item is added to the DOM. This allows
things like videojs for example, to process the new content.
Previously there was a logic bug where by if some students were filtered
from the list, the label for another student could be attached to the
'filered' student.
This fix reworks the promises a bit so we render the student summary and
then build an row with the explict user id, rather than itterating through
the array later.
I also remove the storing of the initial promise in a varible because
this is an easy way to introduce a bug (not waiting for the .then()
chained promise)
If a course contains an ungraded quiz (max grade set to 0), and there
is a user account which can view the grader reports but does not have
permission to view hidden grades, they will get errors.
In getValidationScript function variable $element can be an array or object.
Function attempt get non-existing attributes.
To avoid this we should check before accessing.
The PARAM_TEXT has been misused in certain cases here. The 'action'
parameter seems to always be alphabetic, with values like
savesubmission, editsubmission and others as handled in assign::view().
Fixing the action handling fixes the reported XSS issue. While working
on it, I spotted two more places where PARAM_TEXT does not seem
appropriate. I include changes for them too, even if they are no
strictly related to the reported bug and there are no known ways to
abuse it.
* The 'plugin' looks like PARAM_PLUGIN and is even declared as such in
some other parts of the assignment code (such as feedback forms).
* The 'workflowstate' is one of the ASSIGN_MARKING_WORKFLOW_STATE
constants and is supposed to be alpha in external function input
parameters handling, too.
noreplyaddress should be a valid address, else
it will not be saved. For behat we don't send
email, so set it to noreply@example.com, to
avoid failing validation on localhost
