Behat: Fix feature scenarios for Parkur - refs #7149#8280
Closed
Ilyassbennanii wants to merge 44 commits into
Closed
Behat: Fix feature scenarios for Parkur - refs #7149#8280Ilyassbennanii wants to merge 44 commits into
Ilyassbennanii wants to merge 44 commits into
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix month navigation: read displayed month once, calculate exact steps without DOM re-read loop. Fix end date navigation: use start month as reference to avoid timing issues. Add calendarReadMonth/calendarNavigateSteps/calendarClickDay helper methods. Add 3rd and 4th agenda events in SpecialCase2 covering cross-month date ranges. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…eContext steps Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Added comments to clarify the purpose of the script.
Updated script comment to clarify watched files.
…n - refs BT#23500
…nt attachement filename is empty to avoid error with a resource that can not have an empty name - refs BT#23469
…esource title or name is empty to avoid error with a resource that can not have an empty name - refs BT#23469
The user-selection query in access_url_add_users_to_url.php mixed AND and OR
without parentheses, so SQL precedence made the active <> USER_SOFT_DELETED
filter apply only to the first LIKE clause; the trailing OR clause matched
users regardless of status, listing soft-deleted accounts in the admin
assignment UI.
The OR was a redundant leftover: it originally matched the first letter in
both original and lowercased case ('A%' OR 'a%'), but a 2015 change (refs
chamilo#7440) replaced both sides with the same escaped lowercase value, leaving
two identical conditions. With Chamilo's case-insensitive collation a single
lowercase LIKE already matches both cases, so collapse the OR to one LIKE.
This removes the dead condition and the precedence ambiguity, keeping the
active-status filter always applied.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Refs GHSA-j9jg-h6cw-jj7v The admin language list rendered the stored original_name directly inside an input value attribute (and a label / table cell) without HTML-attribute encoding, so a name containing a double quote could break out of the value attribute and inject an event handler that runs in another admin's browser. Encode the value with htmlspecialchars(..., ENT_QUOTES, 'UTF-8') at every render point of original_name. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…2wwx) Centralize XML parsing for the user-import flows in a single Import::xml()/xmlFromString() helper that hardens against XXE by blocking external entity loading via libxml_set_external_entity_loader, restoring the default loader in a finally block. This mirrors the 1.11.x Import::xml() approach but uses the modern API (libxml_disable_entity_loader is deprecated and a no-op on PHP 8.x; LIBXML_NOENT would make things worse by enabling entity expansion). Refactors parse_xml_data in myspace.lib.php, user_import.php and user_update_import.php to call Import::xml($file). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Apply the same XXE hardening to the other XML import surfaces found while auditing Crawler/loadXML usage: - scorm.class.php (SCORM manifest) and exercise_import.inc.php (QTI2) now parse through the centralized Import::xmlFromString() helper instead of a bare Crawler->addXmlContent(). - Moodle backup and Common Cartridge importers (src/CourseBundle) now pass LIBXML_NONET to DOMDocument::loadXML(), matching the convention already used by the SVG and legacy Moodle parsers. PDF (HTML) and the LIBXML_NONET-protected simplexml parsers were reviewed and are not affected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Translate all French comments to English in SpecialCase1, SpecialCase1optim, SpecialCase2, SpecialCase2optim and teardownoptim feature files - Fix garbled em-dash encoding (UTF-8 misread as cp1252) in SpecialCase1/optim - Rename SpecialCase1copieoptim → SpecialCase1optim and SpecialCase2copieoptim → SpecialCase2optim - Add English developer comments to all 5 .sh runner scripts (run_and_log.sh, run_scenario.sh, watch_and_run.sh, read_debug.sh, run_and_debug.sh): usage headers, WSL note, PIPESTATUS explanation, inotifywait flag documentation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Behat: Fix feature scenarios for Parkur - refs #7149