Totara Release Notes

Totara Learn Evergreen-20190919, 12.10, 11.19, 10.25, 9.36 and security releases for 2.6.70, 2.5.76, 2.4.72, 2.2.74

 
David Curry (Core Developer)
Totara Learn Evergreen-20190919, 12.10, 11.19, 10.25, 9.36 and security releases for 2.6.70, 2.5.76, 2.4.72, 2.2.74
di David Curry (Core Developer) - Wednesday, 18 September 2019, 22:33
Gruppo Totara

Hello everyone,

The following versions of Totara Learn have now been released:

There are no releases for 2.9 or 2.7 this month, but security fixes have been back-ported to version 2.6 and earlier and for this reason we strongly recommend upgrading if you are on those versions. Each release also includes bug fixes and improvements.

Kind regards
David Curry

Release Evergreen (19th September 2019):


Key:           + Evergreen only

Performance improvements:

    TL-22055       Materialization in MariaDB is now forced off for audience-based visibility queries

                   We became aware of an issue that affects the performance of audience-based
                   visibility check within MariaDB in situations where the context tree was
                   deep (many nested categories), there were lots of role assignments or
                   capability overrides.
                   In this situation the MariaDB query planner would inevitably choose to use
                   materialization in the query, however as MariaDB does not fully support
                   subquery condition pushdowns, this particular query would not perform well
                   with materialized subqueries.
                   
                   This patch implements the ability to force materialization off for a single
                   query on MariaDB and then forces it off for the audience-based visibility
                   query.

    TL-22056       Improved performance of check_access_audience_visibility() function
    TL-22057       Optimised SQL capability checks for commonly encountered environments
    TL-22060       Improved the performance of course/program/certification management pages
    TL-22345       Performance improvements to 'Manage Course Category' page

                   Removed the very expensive 'can the current user delete all the
                   courses/subcategories?' check when displaying the 'Manage course category'
                   page. The system performs this check anyway when a user selects the
                   'delete' menu item on a category item.


Improvements:

    TL-21513   +   Added 'Require event over for' seminar activity completion criteria

                   By default, seminar activities are considered complete as soon as the
                   required completion criteria are achieved. With the ability to take
                   attendance and mark grades at the beginning of sessions (or anytime) it is
                   possible for trainers to trigger seminar activity completion before a
                   seminar event is complete. 
                   
                   As this may not be a desirable outcome, there is now a 'Require event over
                   for' criteria that delays activity completion for 0 or more days after the
                   end of an event. To enable this functionality, there is a new scheduled
                   task which is set to run every 5 minutes by default.

    TL-21822   +   Added a new 'Abstract' text field for Report Builder reports to allow content to be truncated and displayed correctly
    TL-21909   +   Added a 'Room Name' column to 'My Future Bookings' report

                   This change only affects new installations; admins of existing sites are
                   encouraged to add a 'Room Name (linked to room details page)' column to the
                   'My Future Bookings' report to provide more complete information for
                   learners.

    TL-22047   +   Renamed 'Hide in My Reports' setting name to 'Hide on user reports list' and updated its help string in Report Builder
    TL-22049   +   Moved and renamed 'View This Report' link when editing a Report Builder report
    TL-22080       Default context maintenance task frequency was reduced to once a day to prevent overloading of database servers
    TL-22249   +   The 'Cancel' modal can now have a custom string for the 'Cancel' button

Bug fixes:

    TL-21855       Fixed issue causing SCORM packages to fail to launch on IIS
    TL-21871       Fixed seminar 'Cancel booking' link displayed in calendar for users who have already cancelled their booking
    TL-21976       Fixed incorrect capability check when removing attendees from a seminar event

                   Previously, the 'Add attendees to a seminar event' capability was checked
                   when a user removed seminar attendees. With this patch, the correct 'Remove
                   attendees from a seminar event' capability is checked instead. 

    TL-21995       Rangy selector spans are no longer added when editing HTML in the Atto editor

                   This will not remove pre-existing rangy selector spans.

    TL-22032       MDL-61996: Fixed login with the site policy enabled

                   Previously when the 'Force users to log in' setting was turned off, and the
                   site policies were enabled, it was possible for new users to log in,
                   immediately navigate to the homepage, and view the site content without
                   having consented to the policy.
                   This fix ensures that users have consented to the policy and can't view the
                   site content without it.

    TL-22041   +   Ensured activity descriptions are consistently cleaned

                   Prior to this change, the activity descriptions on the course page were
                   cleaned regardless of the 'Disable consistent cleaning' setting. This was
                   inconsistent with the display of activity descriptions throughout the rest
                   of the site.
                   
                   The 'Disable consistent cleaning' setting is now consistently respected.

    TL-22042       Fixed seminar restore when rooms/assets were deleted from the system between backup and restore
    TL-22044       Removed accidentally included non-functional API changes for login page tokens
    TL-22045       Login form is now only submitted once per page load
    TL-22069   +   Fixed a bug where dropping a test database had not been possible on MySQL due to foreign keys
    TL-22083       Fixed an error in the help text for URL pattern matching in User Tours
    TL-22112       Preserve activity completion status for activity completed via record of prior learning (RPL)

                   Previously, when an activity was marked as complete via record of prior
                   learning (RPL), the apparent completion status of the activity could change
                   to not completed, depending on activity completion criteria. The RPL
                   information was still there, and counted toward course completion, but the
                   activity itself could appear to be incomplete.
                   
                   This has been fixed. Activities which are marked as complete via RPL will
                   always appear completed. The completion status may change to
                   complete-with-pass or complete-with-fail depending on activity completion
                   criteria and whether a passing grade has been entered in the grade book,
                   but they will never appear as not completed.

    TL-22123       Fixed HR Import failing to import users when using a MSSQL database

                   HR Import uses temporary tables to import records and in some situations
                   MSSQL runs into problems with updating records in temporary tables. We now
                   preload the database record set to work around this issue.

    TL-22124   +   Fixed line chart line colour not matching the dots in ChartJS
    TL-22133       Fixed language strings for Google reCaptcha
    TL-22135       Ensured that changing a seminar event does not empty its waitlist when 'Send all bookings to waitlist' is enabled
    TL-22182       Fixed incorrectly changed default value which caused program summary to not be shown

                   A default value was incorrectly changed in a previous fix which caused the
                   program / certification summary to not be shown on the program view page.
                   This now works as expected.

    TL-22208       Fixed file support in Totara form editor element

                   Prior to this patch, when using an editor element with Totara forms, images
                   that had previously been uploaded to the field were not displaying properly
                   during editing.
                   
                   Note: This form element is not currently in use anywhere in a way that
                   would be affected by this.

    TL-22209       Fixed category titles being coloured incorrectly in the administration menu when using theme style overrides
    TL-22212       Fixed course default image on course creation workflow page

                   Prior to this patch, when a content marketplace was enabled and a default
                   image was configured in course default settings, the course creation
                   workflow page still showed the course default image of the basis theme.
                   With this patch the default image defined in the course default settings
                   will be shown.

    TL-22229       Fixed certif_completion_progress report builder display function

                   The display function certif_completion_progress in some circumstances was
                   using incorrect variables when trying to calculate the progress. This would
                   cause a PHP error and the progress would not be displayed.

    TL-22238   +   Fixed missing include of filelib in text_field_formatter
    TL-22239   +   Added a missing 'Number of unable to attend' column in seminar report
    TL-22265       Ensured cloning Report Builder reports copies textarea files

                   When a report was cloned, any images added to the report description were
                   not copied. This patch ensures that they are.

    TL-22266   +   Fixed class name resolution of GraphQL resolvers to support underscores in plugin names
    TL-22269       Removed user content restrictions from Course completion by Organisation report source

                   Whenever user content restrictions were added to the report, an error would
                   be generated because there is no user-related information in the report
                   source. Due to the purpose of the source, adding the user content
                   restrictions would not work. Therefore we have removed these content
                   restrictions.

    TL-22272   +   Fixed the 'Record of Learning: Courses' report to ensure correct records for active and completed learning are displayed

                   TL-20772 incorrectly applied report parameters which led to active courses
                   appearing in the 'Completed learning' report for a user. This has now been
                   fixed and the users will see only completed courses when viewing this
                   report under their Record of Learning.

    TL-22280       Backported MDL-65908 to fix an issue with PDF annotation in assignments when changing screen resolutions
    TL-22289       Ensured cloning an Audience also copies textarea files

                   When an Audience was cloned, any images added to the report description
                   were not copied. This patch ensure that they are.

    TL-22300   +   Ensured format_text() options and formatting was applied consistently

                   This fixes:
                   * The blank target option which was previously inconsistently applied
                   depending upon which filters were enabled.
                   * Markdown format now correctly respects the allowxss option.

    TL-22319       Fixed manager approval ignoring the 'sign-up for an event' permission

                   Before allowing learners to request manager approval for a seminar event,
                   the system now checks the 'sign-up for an event' capability
                   (mod/facetoface:signup).
                   
                   Note that the capability check will be skipped for signup via the seminar
                   direct enrolment plugin.


API changes:

    TL-9072    +   Refactored certification core code

                   Introduced some separation around the transitions and creating completion
                   records for certifications. This added specific functions for
                   certification-only operations such as becoming certified, window opening
                   and expiring. Conditions that were providing similar functionality in
                   programs no longer work if the program being supplied to them is a
                   certification and throw an exception.

    TL-16531   +   Refactored internal totara_sync code to use traits
    TL-21922   +   Introduced and applied prettier to .graphql and .grapqhls files

                   This patch adds prettier support for .graphql and .graphqls files. It also
                   adds a grunt task for it which is automatically run with grunt.
                   
                   Make sure you update your node modules via 'npm install'. To trigger
                   prettier to format all graphql/graphqls files use
                   './node_modules/.bin/grunt prettier'.
                   
                   Instructions on how to integrate prettier with your IDE can be found here:
                   https://prettier.io/docs/en/editors.html.


Release 12.10 (19th September 2019):



Performance improvements:

    TL-22055       Materialization in MariaDB is now forced off for audience-based visibility queries

                   We became aware of an issue that affects the performance of audience-based
                   visibility check within MariaDB in situations where the context tree was
                   deep (many nested categories), there were lots of role assignments or
                   capability overrides.
                   In this situation the MariaDB query planner would inevitably choose to use
                   materialization in the query, however as MariaDB does not fully support
                   subquery condition pushdowns, this particular query would not perform well
                   with materialized subqueries.
                   
                   This patch implements the ability to force materialization off for a single
                   query on MariaDB and then forces it off for the audience-based visibility
                   query.

    TL-22056       Improved performance of check_access_audience_visibility() function
    TL-22057       Optimised SQL capability checks for commonly encountered environments
    TL-22060       Improved the performance of course/program/certification management pages
    TL-22345       Performance improvements to 'Manage Course Category' page

                   Removed the very expensive 'can the current user delete all the
                   courses/subcategories?' check when displaying the 'Manage course category'
                   page. The system performs this check anyway when a user selects the
                   'delete' menu item on a category item.


Improvements:

    TL-22080       Default context maintenance task frequency was reduced to once a day to prevent overloading of database servers

Bug fixes:

    TL-21855       Fixed issue causing SCORM packages to fail to launch on IIS
    TL-21871       Fixed seminar 'Cancel booking' link displayed in calendar for users who have already cancelled their booking
    TL-21976       Fixed incorrect capability check when removing attendees from a seminar event

                   Previously, the 'Add attendees to a seminar event' capability was checked
                   when a user removed seminar attendees. With this patch, the correct 'Remove
                   attendees from a seminar event' capability is checked instead. 

    TL-21995       Rangy selector spans are no longer added when editing HTML in the Atto editor

                   This will not remove pre-existing rangy selector spans.

    TL-22032       MDL-61996: Fixed login with the site policy enabled

                   Previously when the 'Force users to log in' setting was turned off, and the
                   site policies were enabled, it was possible for new users to log in,
                   immediately navigate to the homepage, and view the site content without
                   having consented to the policy.
                   This fix ensures that users have consented to the policy and can't view the
                   site content without it.

    TL-22042       Fixed seminar restore when rooms/assets were deleted from the system between backup and restore
    TL-22044       Removed accidentally included non-functional API changes for login page tokens
    TL-22045       Login form is now only submitted once per page load
    TL-22083       Fixed an error in the help text for URL pattern matching in User Tours
    TL-22112       Preserve activity completion status for activity completed via record of prior learning (RPL)

                   Previously, when an activity was marked as complete via record of prior
                   learning (RPL), the apparent completion status of the activity could change
                   to not completed, depending on activity completion criteria. The RPL
                   information was still there, and counted toward course completion, but the
                   activity itself could appear to be incomplete.
                   
                   This has been fixed. Activities which are marked as complete via RPL will
                   always appear completed. The completion status may change to
                   complete-with-pass or complete-with-fail depending on activity completion
                   criteria and whether a passing grade has been entered in the grade book,
                   but they will never appear as not completed.

    TL-22123       Fixed HR Import failing to import users when using a MSSQL database

                   HR Import uses temporary tables to import records and in some situations
                   MSSQL runs into problems with updating records in temporary tables. We now
                   preload the database record set to work around this issue.

    TL-22133       Fixed language strings for Google reCaptcha
    TL-22135       Ensured that changing a seminar event does not empty its waitlist when 'Send all bookings to waitlist' is enabled
    TL-22182       Fixed incorrectly changed default value which caused program summary to not be shown

                   A default value was incorrectly changed in a previous fix which caused the
                   program / certification summary to not be shown on the program view page.
                   This now works as expected.

    TL-22208       Fixed file support in Totara form editor element

                   Prior to this patch, when using an editor element with Totara forms, images
                   that had previously been uploaded to the field were not displaying properly
                   during editing.
                   
                   Note: This form element is not currently in use anywhere in a way that
                   would be affected by this.

    TL-22209       Fixed category titles being coloured incorrectly in the administration menu when using theme style overrides
    TL-22212       Fixed course default image on course creation workflow page

                   Prior to this patch, when a content marketplace was enabled and a default
                   image was configured in course default settings, the course creation
                   workflow page still showed the course default image of the basis theme.
                   With this patch the default image defined in the course default settings
                   will be shown.

    TL-22229       Fixed certif_completion_progress report builder display function

                   The display function certif_completion_progress in some circumstances was
                   using incorrect variables when trying to calculate the progress. This would
                   cause a PHP error and the progress would not be displayed.

    TL-22259       Fixed display of position and organisation names when exported in Report Builder

                   In the Position and Organisation report sources names that included '&'
                   would not be displayed correctly when exported.

    TL-22265       Ensured cloning Report Builder reports copies textarea files

                   When a report was cloned, any images added to the report description were
                   not copied. This patch ensures that they are.

    TL-22269       Removed user content restrictions from Course completion by Organisation report source

                   Whenever user content restrictions were added to the report, an error would
                   be generated because there is no user-related information in the report
                   source. Due to the purpose of the source, adding the user content
                   restrictions would not work. Therefore we have removed these content
                   restrictions.

    TL-22280       Backported MDL-65908 to fix an issue with PDF annotation in assignments when changing screen resolutions
    TL-22289       Ensured cloning an Audience also copies textarea files

                   When an Audience was cloned, any images added to the report description
                   were not copied. This patch ensure that they are.

    TL-22319       Fixed manager approval ignoring the 'sign-up for an event' permission

                   Before allowing learners to request manager approval for a seminar event,
                   the system now checks the 'sign-up for an event' capability
                   (mod/facetoface:signup).
                   
                   Note that the capability check will be skipped for signup via the seminar
                   direct enrolment plugin.


Release 11.19 (19th September 2019):



Performance improvements:

    TL-22345       Performance improvements to 'Manage Course Category' page

                   Removed the very expensive 'can the current user delete all the
                   courses/subcategories?' check when displaying the 'Manage course category'
                   page. The system performs this check anyway when a user selects the
                   'delete' menu item on a category item.


Bug fixes:

    TL-21995       Rangy selector spans are no longer added when editing HTML in the Atto editor

                   This will not remove pre-existing rangy selector spans.

    TL-22045       Login form is now only submitted once per page load
    TL-22112       Preserve activity completion status for activity completed via record of prior learning (RPL)

                   Previously, when an activity was marked as complete via record of prior
                   learning (RPL), the apparent completion status of the activity could change
                   to not completed, depending on activity completion criteria. The RPL
                   information was still there, and counted toward course completion, but the
                   activity itself could appear to be incomplete.
                   
                   This has been fixed. Activities which are marked as complete via RPL will
                   always appear completed. The completion status may change to
                   complete-with-pass or complete-with-fail depending on activity completion
                   criteria and whether a passing grade has been entered in the grade book,
                   but they will never appear as not completed.

    TL-22123       Fixed HR Import failing to import users when using a MSSQL database

                   HR Import uses temporary tables to import records and in some situations
                   MSSQL runs into problems with updating records in temporary tables. We now
                   preload the database record set to work around this issue.

    TL-22208       Fixed file support in Totara form editor element

                   Prior to this patch, when using an editor element with Totara forms, images
                   that had previously been uploaded to the field were not displaying properly
                   during editing.
                   
                   Note: This form element is not currently in use anywhere in a way that
                   would be affected by this.


Release 10.25 (19th September 2019):



Bug fixes:

    TL-22045       Login form is now only submitted once per page load
    TL-22208       Fixed file support in Totara form editor element

                   Prior to this patch, when using an editor element with Totara forms, images
                   that had previously been uploaded to the field were not displaying properly
                   during editing.
                   
                   Note: This form element is not currently in use anywhere in a way that
                   would be affected by this.


Release 9.36 (19th September 2019):



Bug fixes:

    TL-22208       Fixed file support in Totara form editor element

                   Prior to this patch, when using an editor element with Totara forms, images
                   that had previously been uploaded to the field were not displaying properly
                   during editing.
                   
                   Note: This form element is not currently in use anywhere in a way that
                   would be affected by this.


Release 2.6.70 (19th September 2019):



Security issues:

    TL-22246       Improved the validation of the form used to edit block configuration

                   Validation on the fields in the edit block configuration form has been
                   improved, and only fields that the user is permitted to change are passed
                   through this form. The results of logical operators are no longer passed
                   through or relied upon.


Release 2.5.76 (19th September 2019):



Security issues:

    TL-22246       Improved the validation of the form used to edit block configuration

                   Validation on the fields in the edit block configuration form has been
                   improved, and only fields that the user is permitted to change are passed
                   through this form. The results of logical operators are no longer passed
                   through or relied upon.

    TL-22310       Backported MDL-62275 quiz question validation

                   Additional validation was added to quiz questions in MDL-62275 to protect
                   against remote code execution by a user with permission to create or edit
                   quiz questions. This fix was initially backported as far as Totara 2.6 as
                   part of TL-17785.


Release 2.4.72 (19th September 2019):



Security issues:

    TL-22310       Backported MDL-62275 quiz question validation

                   Additional validation was added to quiz questions in MDL-62275 to protect
                   against remote code execution by a user with permission to create or edit
                   quiz questions. This fix was initially backported as far as Totara 2.6 as
                   part of TL-17785.


Release 2.2.74 (19th September 2019):



Security issues:

    TL-22310       Backported MDL-62275 quiz question validation

                   Additional validation was added to quiz questions in MDL-62275 to protect
                   against remote code execution by a user with permission to create or edit
                   quiz questions. This fix was initially backported as far as Totara 2.6 as
                   part of TL-17785.