Default value of the $flag argument changed in PHP 8.1 from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE
To ensure consistent behavior across different PHP version the second parameter is now required for the functions:
htmlspecialchars(), htmlentities(), htmlspecialchars_decode(), html_entity_decode() and get_html_translation_table()
It has been detected that there are various uses of the plugins
breaking the inter-communication principles, with core_webservice
implementing functionality plugin-dependent that should belong
to the plugins.
Because of that, https://tracker.moodle.org/browse/MDL-76078 has
been created and we have added some TODO/@todo comments in core
pointing to that issue, for further analysis and fixes there.
Normal removal procedure:
- Remove the plugin completely from core.
- Document it in the webservices upgrade.txt file.
- Add a core upgrade step to proceed to remove any configuration
if the plugin has not been re-installed manually.
Plus:
- Remove a few remaining uses in the hub/sites registration scripts,
that were moved from xmlrpc to hand.made rest calls by MDL-31436
(Moodle 3.4.1 and up) and never removed then.
- Remove the php-xmlrpc extension as a recommendation in composer.
- Remove "xmlrpc" from various comments, trivial cleanup.
Note:
- While working on this MDL-76078 has been created about to
fix a serious design problem detected (it does not affect
functionality). That's out from this issue scope.
Applied the following changes to various testcase classes:
- Namespaced with component[\level2-API]
- Moved to level2-API subdirectory when required.
- Fixed incorrect use statements with leading backslash.
- Remove file phpdoc block
- Remove MOODLE_INTERNAL if not needed.
- Changed code to point to global scope when needed.
- Fix some relative paths and comments here and there.
- All them passing individually.
- Complete runs passing too.
Special mention to:
- Moved to the level2 "privacy" namespace:
- \mod_assign\privacy\feedback_legacy_polyfill_test
- \mod_assign\privacy\submission_legacy_polyfill_test
- Moved to the level2 "task" namespace:
- \core_message\task\migrate_message_data_test
- \ltiservice_gradebookservices\task\cleanup_test
- \message_email\task\send_email_test
- \mod_lti\task\clean_access_tokens_test
- \mod_workshop\task\cron_task_test
- Moved to the level2 "event" namespace:
- \core_h5p\event\deleted_test
- \core_h5p\event\viewed_test
- Renamed to a better name:
- backup_forum_activity_task_test.php (missing "task")
All externallib_test, generator_test and filter_test classes:
- Namespaced with component[\level2-API]
- Moved to level2-API subdirectory when required.
- Fixed incorrect use statements with leading backslash.
- Changed code to point to global scope when needed.
- Fix some relative paths and comments here and there.
- All them passing individually.
- Complete runs passing too.
Special mention to tests under testing/tests:
1) The core_testing component doesn't exist.
2) But testing/tests are allowed because there is a suite pointing to it (phpunit.xml).
3) So, the only possible namespace for them is "core".
4) And to avoid problems with other core testcases (under lib/tests)
they have been renamed to have testing_xxxx as prefix.
Finally, also modified calendar/tests/events/events_test.php because it uses
some renamed (core_calendar_externallib_testcase => \core_calendar\externallib_test)
classes.
All events_test, external_test and search_test classes:
- Namespaced with component[\level2-API]
- Moved to level2-API subdirectory when required.
- Fixed incorrect use statements with leading backslash.
- Changed code to point to global scope when needed.
- Fix some relative paths and comments here and there.
- All them passing individually.
- Complete runs passing too.
Special mention to lib/external/tests/external_test.php:
- external is not a valid component
- hence, its only valid namespace is "core"
- also, it's testing lib/external/externallib.php
- hence, the file (and class) have been renamed to external_externallib_test.php
(to avoid conflicts with other external_test that may exist in core)
All lib_test and locallib_test classes:
- Namespaced with component (and API whenever makes sense).
- Fixed incorrect use statements with leading backslash.
- Changed code to point to global scope when needed or add new uses.
- All them passing individually.
- Complete runs passing too.
Special mention to tests under login/tests:
1) The core_login component doesn't exist.
2) But login/tests are allowed because there is a suite pointing to it (phpunit.xml).
3) So, the only possible namespace for them is "core".
4) And to avoid problems with other core testcases (under lib/tests)
they have been renamed to have login_xxxx as prefix.
As far as now all them have correct privacy level2 namespace:
- Move them to "privacy" subdir.
- Rename the files to "provider_test.php", this includes old
privacy_test.php and privacy_provider_test.php files
- Rename the testcase to provider_test too (to match file name)
Also, change some relative paths and comments to point to new
locations.
All privacy_test and privacy_provider_test classes:
- Namespaced with component\privacy.
- Fixed incorrect use statements with leading backslash.
- Changed code to point to global scope when needed.
- Renamed a few files to make all be privacy_test or privacy_provider_test.php
- All them passing individually.
- Complete runs passing too.
Differences can be checked with git diff --ignore-all-space and
that will show that the only non-whitespace change is in a test
in the git lib/tests/html2text_test.php file. In that case the
whitespace has been replaced by a quoted string (of whitespaces)
keeping the test 100% equivalent and workarrounding the whitespace.
It seems that the new phpcs3 checker is now controlling those
line comments that previously were ignored.
This commit just looks for all the cases and bulk-add
them when needed. The bash script (mac) used to add all them is:
while read -r line; do
arr=(${line//:/ })
if [[ -n ${arr[0]} ]] && [[ -n ${arr[1]} ]]; then
echo " file ${arr[0]}, line ${arr[1]}"
sed -i "${arr[1]}s/\$/\./" ${arr[0]}
fi
done < <(find . -name version.php | xargs ag --nomultiline '>(version|requires) *=.*//.*[^;\.]$')
This change removes references in code and comments to a few
deprecated functions that were accidentally missed in the larger
change.
The code changes only affect service_users.php. I made it support
custom user profile fields in this query, because it was easy
enough, rather than adding another TODO to fix later.
This class would belong more appropriately within the 'user' API
(core_user) instead of within the 'core' API, since it is
directly related to user data.
Since the class has only just been added to Moodle, now is a good
time to move it.
We used to display capabilities like "Manage any calendar entries",
"Delete evidence", "Manage competency frameworks", "View hidden courses"
and others as "Missing capabilities" for the mobile app service tokens.
This gave dangerous impression that the app will not work for students
without these capabilities granted. There are known cases of admins who
started to grant all these caps to the Authenticated user role because
they were afraid the app would not work for them.
The problem here is that the official mobile app service includes some
functions that have these capabilities declared as required. But they
are not really required to use the app. Either the app makes its own
clever checks of capabilities before calling the functions, or sometimes
the capabilities are not even correctly declared.
It is safer for everybody to display this information for custom
services only where the risk of the falsely missing caps is lower and
the information is more accurate.
Also, the help text has been improved so it does not suggest that these
capabilities must be always added. We do not know why the service has
them declared. In some cases, a service has capabilities declared just
because it makes use of them in the if-then fashion.
Additionally, the patch also displays the service short name because it
is actually needed to know.
The patch adds ability to filter the list of token by the token value,
the user and the service. Also the button to create a new token is made
more prominent and easier to spot.
No need to have a dedicated admin_setting_managewebservicetokens admin
setting subclass, and yet do not use almost any of its features. So the
patch merges the list and the forms handling into a single external
page.
Similarly, it feels like overkill to have a renderer method for a
simple confirmation widget - especially given that the URLs were
hard-coded in it. So that one was dropped.
The patch improves the display of the missing capabilities on the Manage
tokens page and the Select authorised users page. The list of
capabilities is rendered in a collapsible area and does not occupy too
much space by default.
Additionally on the later page, the patch improves the display of the
list of existing authorised users so that it respects the configured
identity fields.
The previous implementation falsely reported all implicit capabilities
inherited from the authenticated user archetype. That caused a lot of
capabilities reported as missing, even if they were correctly granted.
This new implementation uses a different logic. Instead of seeking for
explicitly assigned capabilities, it searches for capabilities that are
not assigned to any of the user's role across the system.
Please refer to the inline documentation. This should be still used for
informative reports only, not for actual permissions evaluation. The
context has been ignored here, as well as all the overrides etc. This
patch just makes it a lesser evil.
