In some places we prevented cache poisoning, in others we did not. We
also did not place any restriction on the minimum value for a revision.
This change introduces a new set of functions for configonly endpoints
which validates the revision numbers passed in. If the revision is
either too old, or too new, it is rejected and the file content is not
cached. The content is still served, but caching headers are not sent,
and any local storage caching is prevented.
The current time is used as the maximum version, with 60 seconds added
to allow for any clock skew between cluster nodes. Previously some
locations used one hour, but there should never be such a large clock
skew on a correctly configured system.
Co-authored-by: Andrew Nicols <andrew@nicols.co.uk>
The selection gets lost while opening the modal dialogue to update an
embedded media. Caching the current selection allows us to update the
previously selected node instead of updating the first embedded media.
Signed-off-by: Gregor Eichelberger <gregor.eichelberger@tuwien.ac.at>
The `contextid` argument of the `tiny_equation_filter` AJAX call is
hardcoded to 1, which causes trouble if the context table does not start
with id 1.
Signed-off-by: Gregor Eichelberger <gregor.eichelberger@tuwien.ac.at>
TinyMCE has a default entity_encoding 'named',
which causes text with diacritic symbols to be converted to HTML entities,
e.g. pâté will be convert to pâté
That will be a problem with the Glossary auto-linking filter if a course has a text concept like pâté,
then the filter will likely fail to get the text concept.
Changing the TinyMCE entity_encoding to 'raw' will resolve the problem.
This is in keeping with other Editors such as Atto and resolves an issue
where DOM Purification incorrectly identifies HTML-like string content
as an HTML tag with a JS variable.
Moodle already performs XSS sanitisation using HTML Purifier in PHP.
The boost theme makes the TinyMCE editor rendered in a scrollable container,
scrolling the editor’s container will cause TinyMCE UI elements to be detached from the anchor.
Therefore, to keep the tinyMCE menu in the correct position,
adjustments must be made on the page drawers style.
When using TinyMCE editor in Safari browsers, a problem may occur where the dialogue
windows (such as modal dialogs) overlap with page drawers due to a specific behavior
in Safari's rendering. This function addresses the issue by adjusting the CSS overflow
property of the page drawers, ensuring they do not obscure the dialogue windows.
From my experimentation I have discovered that Safari does not properly
respect the standard MediaRecorder mimetype. Instead of using `codecs=`
it uses `codecs:`.
This change copies the codec array to have the list of possible codecs
include both codecs= and codecs: whilst remaining in order.
If the content in Atto is wrapped by an element with only a background color, without text color,
the accessibility checker will use the parent text-color as the foreground color, which is owned by form-control,
it becomes a problem if the wrapped element background using #34274f and the parent text-color is #495057 then
the low contrast as a result.
To avoid such a situation, the patch will only calculate color contrast if only the element has text,
so it will give results per element if the accessibility checker is unsatisfied.
If the content in Tiny is wrapped by an element with only a background color, without text color,
the accessibility checker will use the parent text-color as the foreground color, which is owned by form-control,
it becomes a problem if the wrapped element background using #34274f and the parent text-color is #495057 then
the low contrast as a result.
To avoid such a situation, the patch will only calculate color contrast if only the element has text,
so it will give results per element if the accessibility checker is unsatisfied.
The patch also changes the selected element from 'body > *' to 'body *',
so it will return all elements (parents and children) in the content instead of parents only.
And minor modifications on the warning_content.mustache to fix the numbering format.
