Le dimanche, 30 septembre 2012 15.45:03, Didier Raboud a écrit : > tags 687924 + patch > tags 687924 + pending > thanks > > Dear maintainer, > > I've prepared an NMU for moodle (versioned as 2.2.3.dfsg-2.3) and > uploaded it to DELAYED/1. Please feel free to tell me if I > should delay it longer.
… and to help reviewing, these are the patches, cherry-picked from upstream's branch if you want to comment. Cheers, OdyX
From ebf253af171efbc5ff3a0074538c85a5edcb2ee2 Mon Sep 17 00:00:00 2001 From: Rajesh Taneja <raj...@moodle.com> Date: Fri, 3 Aug 2012 11:44:20 +0800 Subject: [PATCH] MDL-30792 Files API: maxbytes will be set by get_max_upload_file_size if less then 0 or greater then max moodle limit --- repository/filepicker.php | 4 ++-- repository/repository_ajax.php | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/repository/filepicker.php b/repository/filepicker.php index 68aee10..610ef13 100644 --- a/repository/filepicker.php +++ b/repository/filepicker.php @@ -93,9 +93,9 @@ if ($repository = $DB->get_record_sql($sql, array($repo_id))) { } } -$moodle_maxbytes = get_max_upload_file_size(); +$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $course->maxbytes); // to prevent maxbytes greater than moodle maxbytes setting -if ($maxbytes == 0 || $maxbytes>=$moodle_maxbytes) { +if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) { $maxbytes = $moodle_maxbytes; } diff --git a/repository/repository_ajax.php b/repository/repository_ajax.php index b7793c8..b7f76d1 100644 --- a/repository/repository_ajax.php +++ b/repository/repository_ajax.php @@ -83,9 +83,13 @@ if (!$repository = $DB->get_record_sql($sql, array($repo_id))) { /// Check permissions repository::check_capability($contextid, $repository); -$moodle_maxbytes = get_max_upload_file_size(); +$coursemaxbytes = 0; +if (!empty($course)) { + $coursemaxbytes = $course->maxbytes; +} +$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes); // to prevent maxbytes greater than moodle maxbytes setting -if ($maxbytes == 0 || $maxbytes>=$moodle_maxbytes) { +if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) { $maxbytes = $moodle_maxbytes; } -- 1.7.10.4
From f7c9e3bb18e9e7fa06dff625042bf9572d709d45 Mon Sep 17 00:00:00 2001 From: Rajesh Taneja <raj...@moodle.com> Date: Fri, 3 Aug 2012 11:47:44 +0800 Subject: [PATCH] MDL-30792 Files API: Cleaner approach to get maxbytes size in filepicker --- lib/moodlelib.php | 6 +++--- repository/filepicker.php | 7 ++----- repository/repository_ajax.php | 7 ++----- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 465226a..08b34ee 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -5728,15 +5728,15 @@ function get_max_upload_file_size($sitebytes=0, $coursebytes=0, $modulebytes=0) } } - if ($sitebytes and $sitebytes < $minimumsize) { + if (($sitebytes > 0) and ($sitebytes < $minimumsize)) { $minimumsize = $sitebytes; } - if ($coursebytes and $coursebytes < $minimumsize) { + if (($coursebytes > 0) and ($coursebytes < $minimumsize)) { $minimumsize = $coursebytes; } - if ($modulebytes and $modulebytes < $minimumsize) { + if (($modulebytes > 0) and ($modulebytes < $minimumsize)) { $minimumsize = $modulebytes; } diff --git a/repository/filepicker.php b/repository/filepicker.php index 610ef13..fa759c5 100644 --- a/repository/filepicker.php +++ b/repository/filepicker.php @@ -93,11 +93,8 @@ if ($repository = $DB->get_record_sql($sql, array($repo_id))) { } } -$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $course->maxbytes); -// to prevent maxbytes greater than moodle maxbytes setting -if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) { - $maxbytes = $moodle_maxbytes; -} +// Make sure maxbytes passed is within site filesize limits. +$maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes, $maxbytes); $params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey()); $params['action'] = 'browse'; diff --git a/repository/repository_ajax.php b/repository/repository_ajax.php index b7f76d1..f8c9fe5 100644 --- a/repository/repository_ajax.php +++ b/repository/repository_ajax.php @@ -87,11 +87,8 @@ $coursemaxbytes = 0; if (!empty($course)) { $coursemaxbytes = $course->maxbytes; } -$moodle_maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes); -// to prevent maxbytes greater than moodle maxbytes setting -if (($maxbytes <= 0) || ($maxbytes >= $moodle_maxbytes)) { - $maxbytes = $moodle_maxbytes; -} +// Make sure maxbytes passed is within site filesize limits. +$maxbytes = get_max_upload_file_size($CFG->maxbytes, $coursemaxbytes, $maxbytes); /// Wait as long as it takes for this script to finish set_time_limit(0); -- 1.7.10.4
From 755dac1e2f3d82853ce12c91d36ee01f1b5501e2 Mon Sep 17 00:00:00 2001 From: Frederic Massart <f...@moodle.com> Date: Tue, 31 Jul 2012 14:10:05 +0800 Subject: [PATCH] MDL-28207 Course: Showing/hiding/marking a section respect capabilities --- course/format/topics/format.php | 46 +++++++++++++++++++++------------------ course/format/weeks/format.php | 34 ++++++++++++++++------------- course/rest.php | 5 +++-- course/view.php | 5 +++-- 4 files changed, 50 insertions(+), 40 deletions(-) diff --git a/course/format/topics/format.php b/course/format/topics/format.php index b8ce8f2..0c58c4d 100644 --- a/course/format/topics/format.php +++ b/course/format/topics/format.php @@ -186,29 +186,33 @@ while ($section <= $course->numsections) { '<img src="'.$OUTPUT->pix_url('i/one') . '" class="icon" alt="'.$strshowonlytopic.'" /></a><br />'; } - if ($PAGE->user_is_editing() && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) { - - if ($course->marker == $section) { // Show the "light globe" on/off - echo '<a href="view.php?id='.$course->id.'&marker=0&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkedthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marked') . '" alt="'.$strmarkedthistopic.'" class="icon"/></a><br />'; - } else { - echo '<a href="view.php?id='.$course->id.'&marker='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marker') . '" alt="'.$strmarkthistopic.'" class="icon"/></a><br />'; - } - - if ($thissection->visible) { // Show the hide/show eye - echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopichide.'">'. - '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strtopichide.'" /></a><br />'; - } else { - echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopicshow.'">'. - '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strtopicshow.'" /></a><br />'; + $coursecontext = context_course::instance($course->id); + if ($PAGE->user_is_editing()) { + if (has_capability('moodle/course:setcurrentsection', $coursecontext)) { + if ($course->marker == $section) { // Show the "light globe" on/off + echo '<a href="view.php?id='.$course->id.'&marker=0&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkedthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marked') . '" alt="'.$strmarkedthistopic.'" class="icon"/></a><br />'; + } else { + echo '<a href="view.php?id='.$course->id.'&marker='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strmarkthistopic.'">'.'<img src="'.$OUTPUT->pix_url('i/marker') . '" alt="'.$strmarkthistopic.'" class="icon"/></a><br />'; + } } - if ($section > 1) { // Add a arrow to move section up - echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'. - '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />'; + if (has_capability('moodle/course:sectionvisibility', $coursecontext)) { + if ($thissection->visible) { // Show the hide/show eye + echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopichide.'">'. + '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strtopichide.'" /></a><br />'; + } else { + echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strtopicshow.'">'. + '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strtopicshow.'" /></a><br />'; + } } - - if ($section < $course->numsections) { // Add a arrow to move section down - echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'. - '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />'; + if (has_capability('moodle/course:update', $coursecontext)) { + if ($section > 1) { // Add a arrow to move section up + echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'. + '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />'; + } + if ($section < $course->numsections) { // Add a arrow to move section down + echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'. + '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />'; + } } } echo '</div>'; diff --git a/course/format/weeks/format.php b/course/format/weeks/format.php index c5c78fa..9ae93f1 100644 --- a/course/format/weeks/format.php +++ b/course/format/weeks/format.php @@ -192,22 +192,26 @@ defined('MOODLE_INTERNAL') || die(); '<img src="'.$OUTPUT->pix_url('i/one') . '" class="icon wkone" alt="'.$strshowonlyweek.'" /></a><br />'; } - if ($PAGE->user_is_editing() && has_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id))) { - if ($thissection->visible) { // Show the hide/show eye - echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekhide.'">'. - '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strweekhide.'" /></a><br />'; - } else { - echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekshow.'">'. - '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strweekshow.'" /></a><br />'; - } - if ($section > 1) { // Add a arrow to move section up - echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'. - '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />'; + $coursecontext = context_course::instance($course->id); + if ($PAGE->user_is_editing()) { + if (has_capability('moodle/course:sectionvisibility', $coursecontext)) { + if ($thissection->visible) { // Show the hide/show eye + echo '<a href="view.php?id='.$course->id.'&hide='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekhide.'">'. + '<img src="'.$OUTPUT->pix_url('i/hide') . '" class="icon hide" alt="'.$strweekhide.'" /></a><br />'; + } else { + echo '<a href="view.php?id='.$course->id.'&show='.$section.'&sesskey='.sesskey().'#section-'.$section.'" title="'.$strweekshow.'">'. + '<img src="'.$OUTPUT->pix_url('i/show') . '" class="icon hide" alt="'.$strweekshow.'" /></a><br />'; + } } - - if ($section < $course->numsections) { // Add a arrow to move section down - echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'. - '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />'; + if (has_capability('moodle/course:update', $coursecontext)) { + if ($section > 1) { // Add a arrow to move section up + echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=-1&sesskey='.sesskey().'#section-'.($section-1).'" title="'.$strmoveup.'">'. + '<img src="'.$OUTPUT->pix_url('t/up') . '" class="icon up" alt="'.$strmoveup.'" /></a><br />'; + } + if ($section < $course->numsections) { // Add a arrow to move section down + echo '<a href="view.php?id='.$course->id.'&random='.rand(1,10000).'&section='.$section.'&move=1&sesskey='.sesskey().'#section-'.($section+1).'" title="'.$strmovedown.'">'. + '<img src="'.$OUTPUT->pix_url('t/down') . '" class="icon down" alt="'.$strmovedown.'" /></a><br />'; + } } } echo '</div>'; diff --git a/course/rest.php b/course/rest.php index 5125ffb..3f996a7 100644 --- a/course/rest.php +++ b/course/rest.php @@ -78,7 +78,6 @@ switch($requestmethod) { case 'section': require_login($course); $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); - require_capability('moodle/course:update', $coursecontext); if (!$DB->record_exists('course_sections', array('course'=>$course->id, 'section'=>$id))) { error_log('AJAX commands.php: Bad Section ID '.$id); @@ -87,10 +86,12 @@ switch($requestmethod) { switch ($field) { case 'visible': + require_capability('moodle/course:sectionvisibility', $coursecontext); set_section_visible($course->id, $id, $value); break; case 'move': + require_capability('moodle/course:update', $coursecontext); move_section_to($course, $id, $value); break; } @@ -158,7 +159,7 @@ switch($requestmethod) { case 'marker': require_login($course); $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); - require_capability('moodle/course:update', $coursecontext); + require_capability('moodle/course:setcurrentsection', $coursecontext); course_set_marker($course->id, $value); break; } diff --git a/course/view.php b/course/view.php index 8b2621f..816265e 100644 --- a/course/view.php +++ b/course/view.php @@ -127,15 +127,16 @@ } } - if (has_capability('moodle/course:update', $context)) { + if (has_capability('moodle/course:sectionvisibility', $context)) { if ($hide && confirm_sesskey()) { set_section_visible($course->id, $hide, '0'); } - if ($show && confirm_sesskey()) { set_section_visible($course->id, $show, '1'); } + } + if (has_capability('moodle/course:update', $context)) { if (!empty($section)) { if (!empty($move) and confirm_sesskey()) { if (move_section($course, $section, $move)) { -- 1.7.10.4
From af6df710114918fbdf51486bbcca8049a2e72cba Mon Sep 17 00:00:00 2001 From: Nathan Mares <nat...@catalyst-au.net> Date: Tue, 17 Jul 2012 19:11:57 +1000 Subject: [PATCH] MDL-34368: Fix broken query in so tokens are correctly checked against the linked service --- webservice/lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webservice/lib.php b/webservice/lib.php index 1861513..998edd9 100644 --- a/webservice/lib.php +++ b/webservice/lib.php @@ -979,7 +979,7 @@ abstract class webservice_zend_server extends webservice_server { FROM {external_services} s JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 1) JOIN {external_services_users} su ON (su.externalserviceid = s.id AND su.userid = :userid) - WHERE s.enabled = 1 AND su.validuntil IS NULL OR su.validuntil < :now $wscond2"; + WHERE s.enabled = 1 AND (su.validuntil IS NULL OR su.validuntil < :now) $wscond2"; $params = array_merge($params, array('userid'=>$USER->id, 'now'=>time())); -- 1.7.10.4
From 43bfb68de9bb2b3f849a1ebded1c2b8e7f738edc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20S=CC=8Ckoda?= <comm...@skodak.org> Date: Tue, 31 Jul 2012 16:02:54 +0200 Subject: [PATCH] MDL-34585 fix broken blog file access control --- lib/filelib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/filelib.php b/lib/filelib.php index 92565f9..ca20cd2 100644 --- a/lib/filelib.php +++ b/lib/filelib.php @@ -3230,15 +3230,15 @@ function file_pluginfile($relativepath, $forcedownload) { } } - if ('publishstate' === 'public') { + if ($entry->publishstate === 'public') { if ($CFG->forcelogin) { require_login(); } - } else if ('publishstate' === 'site') { + } else if ($entry->publishstate === 'site') { require_login(); //ok - } else if ('publishstate' === 'draft') { + } else if ($entry->publishstate === 'draft') { require_login(); if ($USER->id != $entry->userid) { send_file_not_found(); -- 1.7.10.4
From f4ab33b25ff2013d8334303a06fde1800cd8cce0 Mon Sep 17 00:00:00 2001 From: Rex Lorenzo <r...@oid.ucla.edu> Date: Tue, 24 Jul 2012 12:01:11 -0700 Subject: [PATCH] MDL-34519 - Course reset not protected by proper capability --- course/reset.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/course/reset.php b/course/reset.php index cd0a66b..088c203 100644 --- a/course/reset.php +++ b/course/reset.php @@ -39,7 +39,7 @@ if (!$course = $DB->get_record('course', array('id'=>$id))) { $PAGE->set_url('/course/reset.php', array('id'=>$id)); require_login($course); -require_capability('moodle/course:update', get_context_instance(CONTEXT_COURSE, $course->id)); +require_capability('moodle/course:reset', get_context_instance(CONTEXT_COURSE, $course->id)); $strreset = get_string('reset'); $strresetcourse = get_string('resetcourse'); -- 1.7.10.4
From 5678fd4794179522f30ba3993736f827eed5c656 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20S=CC=8Ckoda?= <comm...@skodak.org> Date: Wed, 1 Aug 2012 08:30:28 +0200 Subject: [PATCH] MDL-34368 fix another validuntil condition --- webservice/lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webservice/lib.php b/webservice/lib.php index 998edd9..4c475da 100644 --- a/webservice/lib.php +++ b/webservice/lib.php @@ -1458,7 +1458,7 @@ abstract class webservice_base_server extends webservice_server { FROM {external_services} s JOIN {external_services_functions} sf ON (sf.externalserviceid = s.id AND s.restrictedusers = 1 AND sf.functionname = :name2) JOIN {external_services_users} su ON (su.externalserviceid = s.id AND su.userid = :userid) - WHERE s.enabled = 1 AND su.validuntil IS NULL OR su.validuntil < :now $wscond2"; + WHERE s.enabled = 1 AND (su.validuntil IS NULL OR su.validuntil < :now) $wscond2"; $params = array_merge($params, array('userid'=>$USER->id, 'name1'=>$function->name, 'name2'=>$function->name, 'now'=>time())); $rs = $DB->get_recordset_sql($sql, $params); -- 1.7.10.4
signature.asc
Description: This is a digitally signed message part.