Merge branch 'moodle:main' into MDL-76665

michaelkotlyar · Sep 3, 2024 · f4a1187 · f4a1187
2 parents 87f0b76 + 13c1275
commit f4a1187
Show file tree

Hide file tree

Showing 176 changed files with 3,711 additions and 2,483 deletions.
diff --git a/.upgradenotes/MDL-66151-2024090301594788.yml b/.upgradenotes/MDL-66151-2024090301594788.yml
@@ -0,0 +1,15 @@
+issueNumber: MDL-66151
+notes:
+  core_role:
+    - message: |
+        Move all session management to the \core\session\manager class.
+        This removes the dependancy to use the "sessions" table.
+        Session management plugins (like redis) now need to inherit
+        the base \core\session\handler class which implements
+        SessionHandlerInterface and override methods as required.
+        The following methods in \core\session\manager have been deprecated:
+        * kill_all_sessions use destroy_all instead
+        * kill_session use destroy instead
+        * kill_sessions_for_auth_plugin use destroy_by_auth_plugin instead
+        * kill_user_sessions use destroy_user_sessions instead
+      type: improved
diff --git a/.upgradenotes/MDL-75850-2024082809421816.yml b/.upgradenotes/MDL-75850-2024082809421816.yml
@@ -0,0 +1,13 @@
+issueNumber: MDL-75850
+notes:
+  core_files:
+    - message: |
+        The following are the changes made:
+        - New hook after_file_created
+        - In the \core_files\file_storage, new additional param $notify (default is true) added to:
+          - ::create_file_from_storedfile()
+          - ::create_file_from_pathname()
+          - ::create_file_from_string()
+          - ::create_file()
+          If true, it will trigger the after_file_created hook to re-create the image.
+      type: improved
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -427,6 +427,23 @@ The format of this change log follows the advice given at [Keep a CHANGELOG](htt
 
   For more information see [MDL-82857](https://tracker.moodle.org/browse/MDL-82857)
 
+### core_role
+
+#### Added
+
+- Move all session management to the \core\session\manager class.
+  This removes the dependancy to use the "sessions" table.
+  Session management plugins (like redis) now need to inherit
+  the base \core\session\handler class which implements
+  SessionHandlerInterface and override methods as required.
+  The following methods in \core\session\manager have been deprecated:
+  * kill_all_sessions use destroy_all instead
+  * kill_session use destroy instead
+  * kill_sessions_for_auth_plugin use destroy_by_auth_plugin instead
+  * kill_user_sessions use destroy_user_sessions instead
+
+  For more information see [MDL-66151](https://tracker.moodle.org/browse/MDL-66151)
+
 ### tool_oauth2
 
 #### Added
@@ -631,6 +648,21 @@ The format of this change log follows the advice given at [Keep a CHANGELOG](htt
 
   For more information see [MDL-75025](https://tracker.moodle.org/browse/MDL-75025)
 
+### core_files
+
+#### Added
+
+- The following are the changes made:
+  - New hook after_file_created
+  - In the \core_files\file_storage, new additional param $notify (default is true) added to:
+    - ::create_file_from_storedfile()
+    - ::create_file_from_pathname()
+    - ::create_file_from_string()
+    - ::create_file()
+    If true, it will trigger the after_file_created hook to re-create the image.
+
+  For more information see [MDL-75850](https://tracker.moodle.org/browse/MDL-75850)
+
 ### core_user
 
 #### Deprecated

diff --git a/admin/roles/UPGRADING.md b/admin/roles/UPGRADING.md
@@ -0,0 +1,19 @@
+# core_role (subsystem) Upgrade notes
+
+## 4.5dev+
+
+### Added
+
+- Move all session management to the \core\session\manager class.
+  This removes the dependancy to use the "sessions" table.
+  Session management plugins (like redis) now need to inherit
+  the base \core\session\handler class which implements
+  SessionHandlerInterface and override methods as required.
+  The following methods in \core\session\manager have been deprecated:
+  * kill_all_sessions use destroy_all instead
+  * kill_session use destroy instead
+  * kill_sessions_for_auth_plugin use destroy_by_auth_plugin instead
+  * kill_user_sessions use destroy_user_sessions instead
+
+  For more information see [MDL-66151](https://tracker.moodle.org/browse/MDL-66151)
+
diff --git a/admin/settings/fileredact.php b/admin/settings/fileredact.php
@@ -0,0 +1,43 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Configure the settings for fileredact.
+ *
+ * @package   core_admin
+ * @copyright Meirza <[email protected]>
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+if ($hassiteconfig) {
+    if (!$ADMIN->locate('fileredact')) {
+        $ADMIN->add('server', new admin_category('fileredact', get_string('fileredact', 'core_files')));
+    }
+    // Get settings from each service.
+    $servicesdir = "{$CFG->libdir}/classes/fileredact/services/";
+    $servicefiles = glob("{$servicesdir}*_service.php");
+    foreach ($servicefiles as $servicefile) {
+        $servicename = basename($servicefile, '_service.php');
+        $classname = "\\core\\fileredact\\services\\{$servicename}_service";
+        if (class_exists($classname)) {
+            $fileredactsettings = new admin_settingpage($servicename, new lang_string("fileredact:$servicename", 'core_files'));
+            call_user_func("{$classname}::add_settings", $fileredactsettings);
+            $ADMIN->add('fileredact', $fileredactsettings);
+        }
+    }
+}
diff --git a/admin/tool/mfa/factor/email/email.php b/admin/tool/mfa/factor/email/email.php
@@ -79,7 +79,7 @@
         $DB->set_field('tool_mfa', 'revoked', 1, ['userid' => $user->id, 'factor' => 'email']);
 
         // Remotely logout all sessions for user.
-        $manager = \core\session\manager::kill_user_sessions($instance->userid);
+        \core\session\manager::destroy_user_sessions($instance->userid);
 
         // Log event.
         $ip = $instance->createdfromip;

diff --git a/admin/tool/uploaduser/classes/process.php b/admin/tool/uploaduser/classes/process.php
@@ -931,7 +931,7 @@ public function process_line(array $line) {
             }
 
             if ($dologout) {
-                \core\session\manager::kill_user_sessions($existinguser->id);
+                \core\session\manager::destroy_user_sessions($existinguser->id);
             }
 
         } else {

diff --git a/admin/user.php b/admin/user.php
@@ -131,7 +131,7 @@
             if (!is_siteadmin($user) and $USER->id != $user->id and $user->suspended != 1) {
                 $user->suspended = 1;
                 // Force logout.
-                \core\session\manager::kill_user_sessions($user->id);
+                \core\session\manager::destroy_user_sessions($user->id);
                 user_update_user($user, false);
             }
         }

diff --git a/auth/cas/CAS/readme_moodle.txt b/auth/cas/CAS/readme_moodle.txt
@@ -4,23 +4,27 @@ Last release can be found at https://github.com/apereo/phpCAS/releases
 
 NOTICE:
  * Before running composer command, make sure you have the composer version updated.
- * Composer version 2.2.4 2022-01-08 12:30:42
+ * Composer version 2.7.7 2024-06-16 19:06:42
 
 STEPS:
- * Make sure you're using the lowest supported PHP version for the given release (e.g. PHP 7.4 for Moodle 4.1)
- * Create a temporary folder outside your Moodle installation
- * Execute 'composer require apereo/phpcas:VERSION'
+ * Make sure you're using the lowest supported PHP version for the given release (e.g. PHP 8.1 for Moodle 4.5)
+ * Create a temporary folder outside your Moodle installation e.g. /tmp/phpcas
+ * Create a composer.json file with the following content inside the temporary folder (you will need to replace X.YY to the proper version to be upgraded):
+{
+    "require": {
+        "apereo/phpcas": "X.YY"
+    },
+    "replace": {
+        "psr/log": "*"
+    }
+}
+ * Execute 'composer require apereo/phpcas' inside the temporary folder.
+ * Check to make sure the following directory hasn't been created
+   - vendor/psr/log
  * Check any new libraries that have been added and make sure they do not exist in Moodle already.
- * Remove the old 'vendor' directory in auth/cas/CAS/
- * Copy contents of 'vendor' directory
+ * Remove the 'vendor' directory in auth/cas/CAS/
+ * Copy the '/tmp/phpcas/vendor' directory into auth/cas/CAS/
  * Create a commit with only the library changes.
    - Note: Make sure to check the list of unversioned files and add any new files to the staging area.
  * Update auth/cas/thirdpartylibs.xml
- * Apply the modifications described in the CHANGES section
- * Create another commit with the previous two steps of changes
-
-CHANGES:
- * Remove all the hidden folders and files in vendor/apereo/phpcas/ (find . -name ".*"):
-  - .codecov.yml
-  - .gitattributes
-  - .github
+ * Create another commit with the previous change
diff --git a/auth/cas/CAS/vendor/apereo/phpcas/composer.json b/auth/cas/CAS/vendor/apereo/phpcas/composer.json
@@ -33,12 +33,12 @@
 		"phpstan/phpstan" : "^1.5"
 	},
 	"autoload" : {
+		"files": ["source/CAS.php"],
 		"classmap" : [
 			"source/"
 		]
 	},
 	"autoload-dev" : {
-		"files": ["source/CAS.php"],
 		"psr-4" : {
 			"PhpCas\\" : "test/CAS/"
 		}

diff --git a/auth/cas/CAS/vendor/apereo/phpcas/phpunit.xml.dist b/auth/cas/CAS/vendor/apereo/phpcas/phpunit.xml.dist
diff --git a/auth/cas/CAS/vendor/apereo/phpcas/source/CAS.php b/auth/cas/CAS/vendor/apereo/phpcas/source/CAS.php
@@ -57,7 +57,7 @@
 /**
  * phpCAS version. accessible for the user by phpCAS::getVersion().
  */
-define('PHPCAS_VERSION', '1.6.0');
+define('PHPCAS_VERSION', '1.6.1');
 
 /**
  * @addtogroup public

diff --git a/auth/cas/CAS/vendor/apereo/phpcas/source/CAS/Client.php b/auth/cas/CAS/vendor/apereo/phpcas/source/CAS/Client.php
@@ -973,11 +973,6 @@ public function __construct(
                 session_start();
                 phpCAS :: trace("Starting a new session " . session_id());
             }
-            // init phpCAS session array
-            if (!isset($_SESSION[static::PHPCAS_SESSION_PREFIX])
-                || !is_array($_SESSION[static::PHPCAS_SESSION_PREFIX])) {
-                $_SESSION[static::PHPCAS_SESSION_PREFIX] = array();
-            }
         }
 
         // Only for debug purposes
@@ -1198,9 +1193,21 @@ protected function setSessionValue($key, $value)
     {
         $this->validateSession($key);
 
+        $this->ensureSessionArray();
         $_SESSION[static::PHPCAS_SESSION_PREFIX][$key] = $value;
     }
 
+    /**
+     * Ensure that the session array is initialized before writing to it.
+     */
+    protected function ensureSessionArray() {
+      // init phpCAS session array
+      if (!isset($_SESSION[static::PHPCAS_SESSION_PREFIX])
+          || !is_array($_SESSION[static::PHPCAS_SESSION_PREFIX])) {
+          $_SESSION[static::PHPCAS_SESSION_PREFIX] = array();
+      }
+    }
+
     /**
      * Remove a session value with the given key.
      *

diff --git a/auth/cas/CAS/vendor/autoload.php b/auth/cas/CAS/vendor/autoload.php
@@ -22,4 +22,4 @@
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInit8c729390e3f26f25c6e8fe4b9504a4d9::getLoader();
+return ComposerAutoloaderInitf37716eaa137347b44822643660c1de5::getLoader();