Hello everyone,
The following versions of Totara have now been released:
2.9.1
2.7.9
2.6.26
2.5.33
2.4.36
2.2.43
These versions do contain security fixes and for this reason we strongly recommend upgrading.
Each release also includes bug fixes and improvements.
Thanks to Eugene Venter from Catalyst NZ for his contribution.
Release 2.9.1 (16th November 2015):
Security issues:
TL-7829 Removed reliance on url parameter for choosing table
The script for getting the positions and organisations to assign to a
program relied on a url parameter to choose which table to access. The
table is now chosen according to the type of hierarchy that the query is
for.
TL-7886 Fixed access checks for the position assignment AJAX script
New features:
TL-7850 Merged Moodle 2.9.3
Security related issues:
* MDL-51861 enrol: Don't get all parts in get_enrolled_users with groups
* MDL-51684 badges: Make sure 'moodle/badges:viewbadges' is respected
* MDL-51569 mod_choice: validate user actions and availability
* MDL-51091 core_registration: session key check in registration.
* MDL-51000 editor_atto: No autosave for guests
* MDL-50837 mod_scorm: Fix availability checks
* MDL-50426 messaging: Fix permissions checks when sending messages
* MDL-49940 mod_survey: Fix XSS
* MDL-48109 mod_lesson: prevent CSRF on password protected lesson
Improvements:
TL-6282 Improved handling and displaying of the user's name in Core dialogs
TL-6529 Added the manager's email as a selectable column for reports that include user's position fields
TL-6657 Added actual due dates to program Assignments and audience Enrolled Learning tabs
The Assignments tab in programs and certifications and the Enrolled
Learning tab in audiences now include a column "Actual due date". This new
column shows the due date that the user will see. For group assignments
(such as audiences or organisations), clicking the "View dates" link will
show a popup with a list of all assigned users relating to that group
assignment. The help popup for the "Actual due date" column explains why
assignment due dates may be different from the actual due dates. After
upgrading, the "Actual due date" field can be manually added to the
"Audience: Enrolled Learning" embedded report, or you can reset it to the
default to have it automatically added.
TL-7183 Trigger updates to program user assignments when changing assignments via the audience Enrolled Learning tab
When you make a change in an audience's Enrolled Learning tab, it will
immediately trigger an update of program and certification user
assignments. If there are less than 200 total users involved in the program
then the users will be processed immediately, otherwise the update will be
deferred. By default, deferred program user assignments are processed the
next time cron runs. This patch makes the behaviour consistent with making
changes in a program's Assignments tab.
TL-7256 Mark programs for deferred user assignment update when assignment membership changes
This patch includes several improvements which cause program and
certification memberships to be updated sooner:
* When audience membership changes, either by a user manually editing an
audience or when a dynamic audience's membership is automatically updated,
related programs and certifications will be marked as having user
assignment changes deferred.
* When a user's assigned position, organisation or manager change, programs
and certifications related to the old and new positions, organisations and
management hierarchy are marked as having user assignment changes
deferred.
With this change in place, all changes to program membership should now be
detected as they occur and are either processed immediately or by the
"Deferred program assignments changes" scheduled task. As such, we
recommend setting the related tasks to their default schedules: "Deferred
program assignments changes" can be run every time cron runs, while
"Program user assignments" only needs to be run once per day.
TL-7575 Removed Totara menu from the print layout
TL-7741 Removed HTML table behind the Weekend Days setting
TL-7745 Added labels to settings on Site administration > Front page > Front page settings
TL-7748 Improved Accessibility when editing the Site administration > Plugins > Activity modules > Quiz Settings
TL-7750 Improved layout of "User Fullname (with links to learning components)" Report builder column
TL-7792 Added settings to enforce https access and prevent embedding of content in external Flash and PDF files
TL-7813 Reduced events triggered when program user assignments are updated
Some events were being triggered unnecessarily when updating program and
certification user assignments. They will now only be triggered if it is
certain that there are changes that need to be signalled.
Please remember that user_assignments_task by default is scheduled to
execute just once per day, whereas assignments_deferred_task is designed to
be run every time cron runs.
TL-7824 Moved program user assignment deferred flag reset to start of functon
If changes are made to a program's assignments while the function is
running in cron, those changes will be processed the next time cron runs,
rather than having to wait until the nightly cron or another change is
made.
TL-7878 Added a page title when adding and removing Feedback360 requests with javascript turned off
Bug fixes:
TL-6936 Face-to-face direct enrolment plugin allows users to signup to more then one Face-to-face.
Users can now sign up to one session per Face-to-face in the course via the
Face-to-face direct enrolment plugin. If at least one of the session
signups was successful then user will be enrolled to the course.
If all successful signups require managers approval then course enrolment
will be pending. T&Cs when enabled are required and will be checked before
any signups or enrolments are processed.
TL-6957 Display correct due date value in the upcoming certifications block
TL-6981 Reaggregate course completion when activity completion criteria are unlocked without deletion
Previously, course completion status was only reaggregated if "unlock with
delete" was used. If "unlock without delete" was used, it was possible that
users who meet the new completion criteria were not marked complete, and
this would not be fixed by any cron task. This could lead to users being
stuck with an incomplete status. Now, the records will be marked for
reaggregation and will be processed by the completion cron task.
TL-7273 Corrected the help text for Report builder simple select filters
Filters that use a drop-down select with no additional options such as 'not
equal to' now have correct corresponding help text, rather than referring
to additional options that do not exist.
TL-7437 Switched the badges backpack URL to use HTTPS
TL-7514 Fixed the display order of Face-to-face sessions for the Face-to-face direct enrolment plugin
Sessions will now be displayed in order of their start date/times instead
of when they were created
TL-7559 Enabled the transfer of position and organistion custom fields for the database source of HR Sync
TL-7562 Fixed strings for audience rules based on course and program completion
TL-7594 Fixed users booked on a Face-to-face session with no dates being incorrectly removed when another user cancels their booking
TL-7602 Re-enabled the Save and Cancel buttons for the Face-to-face take attendance tab
Save and Cancel buttons present in previous versions have been reintroduced
to the Face-to-face take attendance tab. Save must be clicked in order to
update attendance records.
TL-7611 Fixed the handling of username and suspended fields for external database sources in HR Import
TL-7644 Corrected the amount of white space in the 'recordoflearning' language string
TL-7659 Prevented cancellation notifications being sent to users booked in completed Face-to-face sessions when the course is deleted
TL-7660 Fixed the behaviour of pagination on hierarchy index pages
When viewing Positions, Organisations, Competencies or Goals within a
framework, pagination was not working correctly and instead was displaying
all of the items even though the paging bar was displaying the correct
number of pages.
TL-7664 Fixed dynamic audience rules based upon checkbox position custom fields
TL-7675 Fixed the display of an aggregation warning for Report builder columns
The warning that column aggregation options may not be compatible with
reports that use aggregation internally is now shown only for reports that
actually use aggregation internally.
TL-7676 Fixed the display of duplicate categories in pie charts
TL-7686 Fixed URL validation when adding new links to the quicklinks block
TL-7695 Re-aggregate when course completion criteria is changed without deletion
When changing course completion criteria, and unlocking without deleting
existing completion data, re-aggregation was not being performed. Now,
users who are assigned but not complete and match the new criteria will be
marked complete after cron re-aggregates them. To fix any users affected by
this problem, an upgrade script will mark all incomplete users in all
courses for re-aggregation, which will be performed by cron, and may take a
while to process on larger sites.
TL-7698 Fixed the handling of position and organisation 'Text area' custom fields within HR Import
TL-7711 Fixed the "duedate(extra info)" column for Report builder export to pdf
TL-7724 Fixed an error when adding audience visibility during program creation.
A user who was assigned the site manager role within a category context
would previously be presented with an error when giving audiences
visibility during program creation. This error no longer appears.
TL-7732 Allow HR import to set posenddate value as blank when posstartdate is set
TL-7769 The Report builder "Manager's name" filter now counts users without a manager as "empty"
TL-7770 Fixed date validation for Face-to-face sessions when removing dates or wait-listing a session
TL-7783 Fixed the ordering of the Face-to-face waitlist
Previously when a user cancelled an overbooked session the Face-to-face
replaced them with a user from the waitlist based off the user's names, now
the replacement is decided based off their signup time.
TL-7784 Fixed the help text for Face-to-face 'minimum capacity' setting
TL-7789 Fixed the formatting of the Face-to-face intro page
TL-7821 Fixed a Totara Connect upgrade step that introduced a non-existent local plugin
TL-7833 Fixed cron failure when sending Face-to-face notifications
When scheduled Face-to-face notifications were being sent out, the cron
task would potentially fail if notifications were going to users who had
their session bookings approved by a manager. This has now been fixed,
notifications go out as normal, and cron is not disrupted.
TL-7836 Ensured images are restricted by their assigned widths
If an image is resized from its native dimensions and then displayed,
Internet Explorer would display the image at its native size, and not the
size that had been requested.
TL-7844 Grader report now scrolls when it is too wide for the screen
TL-7849 Removed reports and saved searches from the report table block when users do not have access
TL-7851 Fixed the display of the "duedates" column for program and certification overview Report builder reports
TL-7876 Stopped the incorrect archiving of facetoface sessions without dates
Previously if a user was waitlisted on a Face-to-face session which had no
dates set, in a Certification Course. When the user's recertification
window opened, the signup would be marked as archived, meaning it would no
longer count towards course completion.
TL-7881 Recreate course completion records when activity criteria are reset with deletion
Course completion records for users who were not complete according to the
new criteria were not being recreated immediately. Although the records
were being created when the completion cron task was run or when a user's
status in the course changed, it was possible that some unexpected
behaviour could have occurred due to the missing records.
TL-7883 Fixed date handling on the Face-to-face block calendar page
TL-7909 Make sure url params are passed when using report builder toolbar search
TL-7921 Fixed regression with media playback when request_order="GPC" in PHP.ini
Release 2.7.9 (16th November 2015):
Security issues:
TL-7829 Removed reliance on url parameter for choosing table
The script for getting the positions and organisations to assign to a
program relied on a url parameter to choose which table to access. The
table is now chosen according to the type of hierarchy that the query is
for.
TL-7886 Fixed access checks for the position assignment AJAX script
New features:
TL-7868 Merged Moodle 2.7.11
A special note in the changelog for this one.
Security related issues:
* MDL-51861 enrol: Don't get all parts in get_enrolled_users with groups
* MDL-51684 badges: Make sure 'moodle/badges:viewbadges' is respected
* MDL-51569 mod_choice: validate user actions and availability
* MDL-51091 core_registration: session key check in registration.
* MDL-50837 mod_scorm: Fix availability checks
* MDL-49940 mod_survey: Fix XSS
* MDL-48109 mod_lesson: prevent CSRF on password protected lesson
Improvements:
TL-6282 Improved handling and displaying of the user's name in Core dialogs
TL-6657 Added actual due dates to program Assignments and audience Enrolled Learning tabs
The Assignments tab in programs and certifications and the Enrolled
Learning tab in audiences now include a column "Actual due date". This new
column shows the due date that the user will see. For group assignments
(such as audiences or organisations), clicking the "View dates" link will
show a popup with a list of all assigned users relating to that group
assignment. The help popup for the "Actual due date" column explains why
assignment due dates may be different from the actual due dates. After
upgrading, the "Actual due date" field can be manually added to the
"Audience: Enrolled Learning" embedded report, or you can reset it to the
default to have it automatically added.
TL-7183 Trigger updates to program user assignments when changing assignments via the audience Enrolled Learning tab
When you make a change in an audience's Enrolled Learning tab, it will
immediately trigger an update of program and certification user
assignments. If there are less than 200 total users involved in the program
then the users will be processed immediately, otherwise the update will be
deferred. By default, deferred program user assignments are processed the
next time cron runs. This patch makes the behaviour consistent with making
changes in a program's Assignments tab.
TL-7256 Mark programs for deferred user assignment update when assignment membership changes
This patch includes several improvements which cause program and
certification memberships to be updated sooner:
* When audience membership changes, either by a user manually editing an
audience or when a dynamic audience's membership is automatically updated,
related programs and certifications will be marked as having user
assignment changes deferred.
* When a user's assigned position, organisation or manager change, programs
and certifications related to the old and new positions, organisations and
management hierarchy are marked as having user assignment changes
deferred.
With this change in place, all changes to program membership should now be
detected as they occur and are either processed immediately or by the
"Deferred program assignments changes" scheduled task. As such, we
recommend setting the related tasks to their default schedules: "Deferred
program assignments changes" can be run every time cron runs, while
"Program user assignments" only needs to be run once per day.
TL-7529 Fixed handling of RPL records when resetting or deleting a course or its completions
This change fixes how RPL records are handled when a course is reset by a
certification, deleted or reset by a user, or course completions unlocked
by a teacher.
When deleting or resetting a course, RPL completions are now also deleted
correctly. Previously these were not removed. An upgrade step will safely
remove invalid data records for deleted courses.
In 2.9.0 when a users course completion gets reset by a certification
window opening, all course and activity RPL completions will be removed.
In 2.7.9, 2.6.26, and 2.5.33, when a user's course completion gets reset by
a certification window opening, all course RPL completions will be removed.
Activity RPL completions will remain and still count towards the next
course and certification completion.
As before, when a teacher unlocks course completion criteria and selects to
delete, course and activity RPL records will be kept and still count
towards a users completion.
Contributed by Eugene Venter at Catalyst NZ
TL-7697 Improved the layout of comments within learning plans
TL-7722 Added an accessible label to the hidden password field protecting forms
TL-7157 introduced a field as a workaround to prevent browsers from
automatically loading users saved passwords where they weren't desired.
This issue introduces a label for the field so that if this field is
detected (via a screen reader or other means) a user is not confused as to
its purpose
TL-7737 Improve help text for Case insensitive shortnames option on Completion import page
TL-7745 Added labels to settings on Site administration > Front page > Front page settings
TL-7748 Improved Accessibility when editing the Site administration > Plugins > Activity modules > Quiz Settings
TL-7750 Improved layout of "User Fullname (with links to learning components)" Report builder column
TL-7772 Make sure Case insensitive shortname checkbox loads value from database on page load
TL-7792 Added settings to enforce https access and prevent embedding of content in external Flash and PDF files
TL-7813 Reduced events triggered when program user assignments are updated
Some events were being triggered unnecessarily when updating program and
certification user assignments. They will now only be triggered if it is
certain that there are changes that need to be signalled.
Please remember that user_assignments_task by default is scheduled to
execute just once per day, whereas assignments_deferred_task is designed to
be run every time cron runs.
TL-7824 Moved program user assignment deferred flag reset to start of functon
If changes are made to a program's assignments while the function is
running in cron, those changes will be processed the next time cron runs,
rather than having to wait until the nightly cron or another change is
made.
TL-7869 Updated timezone file to 2015g
Bug fixes:
TL-6957 Display correct due date value in the upcoming certifications block
TL-6981 Reaggregate course completion when activity completion criteria are unlocked without deletion
Previously, course completion status was only reaggregated if "unlock with
delete" was used. If "unlock without delete" was used, it was possible that
users who meet the new completion criteria were not marked complete, and
this would not be fixed by any cron task. This could lead to users being
stuck with an incomplete status. Now, the records will be marked for
reaggregation and will be processed by the completion cron task.
TL-7273 Corrected the help text for Report builder simple select filters
Filters that use a drop-down select with no additional options such as 'not
equal to' now have correct corresponding help text, rather than referring
to additional options that do not exist.
TL-7398 Fix course backup and restore to include completion status
TL-7437 Switched the badges backpack URL to use HTTPS
TL-7514 Fixed the display order of Face-to-face sessions for the Face-to-face direct enrolment plugin
Sessions will now be displayed in order of their start date/times instead
of when they were created
TL-7559 Enabled the transfer of position and organistion custom fields for the database source of HR Sync
TL-7562 Fixed strings for audience rules based on course and program completion
TL-7594 Fixed users booked on a Face-to-face session with no dates being incorrectly removed when another user cancels their booking
TL-7602 Re-enabled the Save and Cancel buttons for the Face-to-face take attendance tab
Save and Cancel buttons present in previous versions have been reintroduced
to the Face-to-face take attendance tab. Save must be clicked in order to
update attendance records.
TL-7611 Fixed the handling of username and suspended fields for external database sources in HR Import
TL-7644 Corrected the amount of white space in the 'recordoflearning' language string
TL-7659 Prevented cancellation notifications being sent to users booked in completed Face-to-face sessions when the course is deleted
TL-7660 Fixed the behaviour of pagination on hierarchy index pages
When viewing Positions, Organisations, Competencies or Goals within a
framework, pagination was not working correctly and instead was displaying
all of the items even though the paging bar was displaying the correct
number of pages.
TL-7664 Fixed dynamic audience rules based upon checkbox position custom fields
TL-7675 Fixed the display of an aggregation warning for Report builder columns
The warning that column aggregation options may not be compatible with
reports that use aggregation internally is now shown only for reports that
actually use aggregation internally.
TL-7676 Fixed the display of duplicate categories in pie charts
TL-7686 Fixed URL validation when adding new links to the quicklinks block
TL-7691 Fixed the removal of individual assignments to company goals
When removing a user's individual assignment to a company goal, all user
assignments for that user-goal pair were being deleted. Group assignments
then regenerated the missing user assignments on the next cron, now only
the individual user assignment will be deleted.
TL-7694 Fix undefined index error when viewing user's position details without specifying type of position
TL-7695 Re-aggregate when course completion criteria is changed without deletion
When changing course completion criteria, and unlocking without deleting
existing completion data, re-aggregation was not being performed. Now,
users who are assigned but not complete and match the new criteria will be
marked complete after cron re-aggregates them. To fix any users affected by
this problem, an upgrade script will mark all incomplete users in all
courses for re-aggregation, which will be performed by cron, and may take a
while to process on larger sites.
TL-7698 Fixed the handling of position and organisation 'Text area' custom fields within HR Import
TL-7718 Fixed revoked alerts for deleted users when alert is set to "send alerts to all members"
TL-7723 Fixed phpunit test failure caused by Norfolk Island timezone change
TL-7724 Fixed an error when adding audience visibility during program creation.
A user who was assigned the site manager role within a category context
would previously be presented with an error when giving audiences
visibility during program creation. This error no longer appears.
TL-7725 Removed calls to window.status from group member management pages
TL-7732 Allow HR import to set posenddate value as blank when posstartdate is set
TL-7749 Linked the Download table data with the dropdown when exporting site logs
TL-7769 The Report builder "Manager's name" filter now counts users without a manager as "empty"
TL-7770 Fixed date validation for Face-to-face sessions when removing dates or wait-listing a session
TL-7777 Prevented the element library dialog from saving to the database
The multi select dialog example in the element library was previously
saving to the database, which should not have been happening.
TL-7783 Fixed the ordering of the Face-to-face waitlist
Previously when a user cancelled an overbooked session the Face-to-face
replaced them with a user from the waitlist based off the user's names, now
the replacement is decided based off their signup time.
TL-7784 Fixed the help text for Face-to-face 'minimum capacity' setting
TL-7785 Changed course catalog query to prevent failure in MariaDB
A bug in MariaDB was causing a query in the course catalog to return the
incorrect values. The query has been changed to avoid the problem. See
https://mariadb.atlassian.net/browse/MDEV-9028 for more infomation about
the bug.
TL-7789 Fixed the formatting of the Face-to-face intro page
TL-7821 Fixed a Totara Connect upgrade step that introduced a non-existent local plugin
TL-7833 Fixed cron failure when sending Face-to-face notifications
When scheduled Face-to-face notifications were being sent out, the cron
task would potentially fail if notifications were going to users who had
their session bookings approved by a manager. This has now been fixed,
notifications go out as normal, and cron is not disrupted.
TL-7836 Ensured images are restricted by their assigned widths
If an image is resized from its native dimensions and then displayed,
Internet Explorer would display the image at its native size, and not the
size that had been requested.
TL-7851 Fixed the display of the "duedates" column for program and certification overview Report builder reports
TL-7876 Stopped the incorrect archiving of facetoface sessions without dates
Previously if a user was waitlisted on a Face-to-face session which had no
dates set, in a Certification Course. When the user's recertification
window opened, the signup would be marked as archived, meaning it would no
longer count towards course completion.
TL-7881 Recreate course completion records when activity criteria are reset with deletion
Course completion records for users who were not complete according to the
new criteria were not being recreated immediately. Although the records
were being created when the completion cron task was run or when a user's
status in the course changed, it was possible that some unexpected
behaviour could have occurred due to the missing records.
TL-7883 Fixed date handling on the Face-to-face block calendar page
TL-7909 Make sure url params are passed when using report builder toolbar search
TL-7921 Fixed regression with media playback when request_order="GPC" in PHP.ini
Contributions:
* Eugene Venter at Catalyst NZ - TL-7529
Release 2.6.26 (16th November 2015):
Security issues:
TL-7829 Removed reliance on url parameter for choosing table
The script for getting the positions and organisations to assign to a
program relied on a url parameter to choose which table to access. The
table is now chosen according to the type of hierarchy that the query is
for.
TL-7853 Added missing sesskey protection to lesson module
TL-7855 Fixed output escaping in survey activity
TL-7856 Added sesskey check to hub registration
TL-7857 Fixed input validation in choice activity
TL-7858 Fixed availability changes in SCORM activity
TL-7859 Respect view badges capability
TL-7870 Backport password autofilling workaround in more areas
TL-7886 Fixed access checks for the position assignment AJAX script
Improvements:
TL-6282 Improved handling and displaying of the user's name in Core dialogs
TL-7183 Trigger updates to program user assignments when changing assignments via the audience Enrolled Learning tab
When you make a change in an audience's Enrolled Learning tab, it will
immediately trigger an update of program and certification user
assignments. If there are less than 200 total users involved in the program
then the users will be processed immediately, otherwise the update will be
deferred. By default, deferred program user assignments are processed the
next time cron runs. This patch makes the behaviour consistent with making
changes in a program's Assignments tab.
TL-7529 Fixed handling of RPL records when resetting or deleting a course or its completions
This change fixes how RPL records are handled when a course is reset by a
certification, deleted or reset by a user, or course completions unlocked
by a teacher.
When deleting or resetting a course, RPL completions are now also deleted
correctly. Previously these were not removed. An upgrade step will safely
remove invalid data records for deleted courses.
In 2.9.0 when a users course completion gets reset by a certification
window opening, all course and activity RPL completions will be removed.
In 2.7.9, 2.6.26, and 2.5.33, when a user's course completion gets reset by
a certification window opening, all course RPL completions will be removed.
Activity RPL completions will remain and still count towards the next
course and certification completion.
As before, when a teacher unlocks course completion criteria and selects to
delete, course and activity RPL records will be kept and still count
towards a users completion.
Contributed by Eugene Venter at Catalyst NZ
TL-7737 Improve help text for Case insensitive shortnames option on Completion import page
TL-7824 Moved program user assignment deferred flag reset to start of functon
If changes are made to a program's assignments while the function is
running in cron, those changes will be processed the next time cron runs,
rather than having to wait until the nightly cron or another change is
made.
TL-7869 Updated timezone file to 2015g
Bug fixes:
TL-6957 Display correct due date value in the upcoming certifications block
TL-6981 Reaggregate course completion when activity completion criteria are unlocked without deletion
Previously, course completion status was only reaggregated if "unlock with
delete" was used. If "unlock without delete" was used, it was possible that
users who meet the new completion criteria were not marked complete, and
this would not be fixed by any cron task. This could lead to users being
stuck with an incomplete status. Now, the records will be marked for
reaggregation and will be processed by the completion cron task.
TL-7273 Corrected the help text for Report builder simple select filters
Filters that use a drop-down select with no additional options such as 'not
equal to' now have correct corresponding help text, rather than referring
to additional options that do not exist.
TL-7437 Switched the badges backpack URL to use HTTPS
TL-7562 Fixed strings for audience rules based on course and program completion
TL-7594 Fixed users booked on a Face-to-face session with no dates being incorrectly removed when another user cancels their booking
TL-7644 Corrected the amount of white space in the 'recordoflearning' language string
TL-7664 Fixed dynamic audience rules based upon checkbox position custom fields
TL-7686 Fixed URL validation when adding new links to the quicklinks block
TL-7691 Fixed the removal of individual assignments to company goals
When removing a user's individual assignment to a company goal, all user
assignments for that user-goal pair were being deleted. Group assignments
then regenerated the missing user assignments on the next cron, now only
the individual user assignment will be deleted.
TL-7695 Re-aggregate when course completion criteria is changed without deletion
When changing course completion criteria, and unlocking without deleting
existing completion data, re-aggregation was not being performed. Now,
users who are assigned but not complete and match the new criteria will be
marked complete after cron re-aggregates them. To fix any users affected by
this problem, an upgrade script will mark all incomplete users in all
courses for re-aggregation, which will be performed by cron, and may take a
while to process on larger sites.
TL-7769 The Report builder "Manager's name" filter now counts users without a manager as "empty"
TL-7777 Prevented the element library dialog from saving to the database
The multi select dialog example in the element library was previously
saving to the database, which should not have been happening.
TL-7783 Fixed the ordering of the Face-to-face waitlist
Previously when a user cancelled an overbooked session the Face-to-face
replaced them with a user from the waitlist based off the user's names, now
the replacement is decided based off their signup time.
TL-7789 Fixed the formatting of the Face-to-face intro page
TL-7833 Fixed cron failure when sending Face-to-face notifications
When scheduled Face-to-face notifications were being sent out, the cron
task would potentially fail if notifications were going to users who had
their session bookings approved by a manager. This has now been fixed,
notifications go out as normal, and cron is not disrupted.
TL-7876 Stopped the incorrect archiving of facetoface sessions without dates
Previously if a user was waitlisted on a Face-to-face session which had no
dates set, in a Certification Course. When the user's recertification
window opened, the signup would be marked as archived, meaning it would no
longer count towards course completion.
TL-7881 Recreate course completion records when activity criteria are reset with deletion
Course completion records for users who were not complete according to the
new criteria were not being recreated immediately. Although the records
were being created when the completion cron task was run or when a user's
status in the course changed, it was possible that some unexpected
behaviour could have occurred due to the missing records.
TL-7883 Fixed date handling on the Face-to-face block calendar page
TL-7921 Fixed regression with media playback when request_order="GPC" in PHP.ini
Contributions:
* Eugene Venter at Catalyst NZ - TL-7529
Release 2.5.33 (16th November 2015):
Security issues:
TL-7829 Removed reliance on url parameter for choosing table
The script for getting the positions and organisations to assign to a
program relied on a url parameter to choose which table to access. The
table is now chosen according to the type of hierarchy that the query is
for.
TL-7853 Added missing sesskey protection to lesson module
TL-7855 Fixed output escaping in survey activity
TL-7856 Added sesskey check to hub registration
TL-7857 Fixed input validation in choice activity
TL-7858 Fixed availability changes in SCORM activity
TL-7859 Respect view badges capability
TL-7870 Backport password autofilling workaround in more areas
TL-7886 Fixed access checks for the position assignment AJAX script
Improvements:
TL-7183 Trigger updates to program user assignments when changing assignments via the audience Enrolled Learning tab
When you make a change in an audience's Enrolled Learning tab, it will
immediately trigger an update of program and certification user
assignments. If there are less than 200 total users involved in the program
then the users will be processed immediately, otherwise the update will be
deferred. By default, deferred program user assignments are processed the
next time cron runs. This patch makes the behaviour consistent with making
changes in a program's Assignments tab.
TL-7529 Fixed handling of RPL records when resetting or deleting a course or its completions
This change fixes how RPL records are handled when a course is reset by a
certification, deleted or reset by a user, or course completions unlocked
by a teacher.
When deleting or resetting a course, RPL completions are now also deleted
correctly. Previously these were not removed. An upgrade step will safely
remove invalid data records for deleted courses.
In 2.9.0 when a users course completion gets reset by a certification
window opening, all course and activity RPL completions will be removed.
In 2.7.9, 2.6.26, and 2.5.33, when a user's course completion gets reset by
a certification window opening, all course RPL completions will be removed.
Activity RPL completions will remain and still count towards the next
course and certification completion.
As before, when a teacher unlocks course completion criteria and selects to
delete, course and activity RPL records will be kept and still count
towards a users completion.
Contributed by Eugene Venter at Catalyst NZ
TL-7737 Improve help text for Case insensitive shortnames option on Completion import page
TL-7824 Moved program user assignment deferred flag reset to start of functon
If changes are made to a program's assignments while the function is
running in cron, those changes will be processed the next time cron runs,
rather than having to wait until the nightly cron or another change is
made.
TL-7869 Updated timezone file to 2015g
Bug fixes:
TL-6957 Display correct due date value in the upcoming certifications block
TL-6981 Reaggregate course completion when activity completion criteria are unlocked without deletion
Previously, course completion status was only reaggregated if "unlock with
delete" was used. If "unlock without delete" was used, it was possible that
users who meet the new completion criteria were not marked complete, and
this would not be fixed by any cron task. This could lead to users being
stuck with an incomplete status. Now, the records will be marked for
reaggregation and will be processed by the completion cron task.
TL-7437 Switched the badges backpack URL to use HTTPS
TL-7664 Fixed dynamic audience rules based upon checkbox position custom fields
TL-7686 Fixed URL validation when adding new links to the quicklinks block
TL-7691 Fixed the removal of individual assignments to company goals
When removing a user's individual assignment to a company goal, all user
assignments for that user-goal pair were being deleted. Group assignments
then regenerated the missing user assignments on the next cron, now only
the individual user assignment will be deleted.
TL-7695 Re-aggregate when course completion criteria is changed without deletion
When changing course completion criteria, and unlocking without deleting
existing completion data, re-aggregation was not being performed. Now,
users who are assigned but not complete and match the new criteria will be
marked complete after cron re-aggregates them. To fix any users affected by
this problem, an upgrade script will mark all incomplete users in all
courses for re-aggregation, which will be performed by cron, and may take a
while to process on larger sites.
TL-7833 Fixed cron failure when sending Face-to-face notifications
When scheduled Face-to-face notifications were being sent out, the cron
task would potentially fail if notifications were going to users who had
their session bookings approved by a manager. This has now been fixed,
notifications go out as normal, and cron is not disrupted.
TL-7876 Stopped the incorrect archiving of facetoface sessions without dates
Previously if a user was waitlisted on a Face-to-face session which had no
dates set, in a Certification Course. When the user's recertification
window opened, the signup would be marked as archived, meaning it would no
longer count towards course completion.
TL-7881 Recreate course completion records when activity criteria are reset with deletion
Course completion records for users who were not complete according to the
new criteria were not being recreated immediately. Although the records
were being created when the completion cron task was run or when a user's
status in the course changed, it was possible that some unexpected
behaviour could have occurred due to the missing records.
TL-7921 Fixed regression with media playback when request_order="GPC" in PHP.ini
Contributions:
* Eugene Venter at Catalyst NZ - TL-7529
Release 2.4.36 (16th November 2015):
Security issues:
TL-7829 Removed reliance on url parameter for choosing table
The script for getting the positions and organisations to assign to a
program relied on a url parameter to choose which table to access. The
table is now chosen according to the type of hierarchy that the query is
for.
TL-7853 Added missing sesskey protection to lesson module
TL-7855 Fixed output escaping in survey activity
TL-7856 Added sesskey check to hub registration
TL-7857 Fixed input validation in choice activity
TL-7858 Fixed availability changes in SCORM activity
TL-7859 Respect view badges capability
TL-7870 Backport password autofilling workaround in more areas
TL-7886 Fixed access checks for the position assignment AJAX script
Improvements:
TL-7869 Updated timezone file to 2015g
Bug fixes:
TL-7921 Fixed regression with media playback when request_order="GPC" in PHP.ini
Release 2.2.43 (16th November 2015):
Security issues:
TL-7829 Removed reliance on url parameter for choosing table
The script for getting the positions and organisations to assign to a
program relied on a url parameter to choose which table to access. The
table is now chosen according to the type of hierarchy that the query is
for.
TL-7853 Added missing sesskey protection to lesson module
TL-7855 Fixed output escaping in survey activity
TL-7856 Added sesskey check to hub registration
TL-7857 Fixed input validation in choice activity
TL-7870 Backport password autofilling workaround in more areas
TL-7886 Fixed access checks for the position assignment AJAX script
Improvements:
TL-7869 Updated timezone file to 2015g
Bug fixes:
TL-7921 Fixed regression with media playback when request_order="GPC" in PHP.ini