TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade 1-11.38

Browse Source
This commit is contained in:
xesmyd
2026-03-30 14:10:30 +02:00
parent f2a7e6d1fc
commit ac648ef29d
24665 changed files with 69682 additions and 2205004 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main/install/configuration.dist.php
+53 -5
View File
@@ -533,6 +533,7 @@ ALTER TABLE c_lp_item CHANGE title title LONGTEXT NOT NULL;
// Session admin access to all course content
//$_configuration['session_admins_access_all_content'] = false;
// Session admin allowed to edit all courses content
// including all exercises attemps results edition, calculation and deletion
//$_configuration['session_admins_edit_courses_content'] = false;
// Adds roles to the system announcements (requires DB change BT#12476)
/*
@@ -776,6 +777,8 @@ $_configuration['send_all_emails_to'] = [
//$_configuration['quiz_question_edit_open_advanced_params_by_default'] = false;
// Define how many seconds an AJAX request should be started to avoid loss of connection.
//$_configuration['quiz_keep_alive_ping_interval'] = 0;
// Add the official code of the user in the pdf export of the results.
//$_configuration['quiz_result_pdf_export_include_official_code_in_file_name'] = false;
// Hide search form in session list
//$_configuration['hide_search_form_in_session_list'] = false;
// Allow exchange of messages from teachers/bosses about a user.
@@ -1441,6 +1444,15 @@ $_configuration['profile_fields_visibility'] = [
// Allow to session admins login as teachers
//$_configuration['allow_session_admin_login_as_teacher'] = false;
// Disallow the login-as feature to HRM users
//$_configuration['disallow_hrm_login_as'] = false;
// Disallow the login-as feature to session admin users
//$_configuration['disallow_session_admin_login_as'] = false;
// Disallow user edition to session admin users
//$_configuration['disallow_session_admin_edit_users'] = false;
// Allow gradebook stats
// Requires to edit the GradebookLink.php And GradebookEvaluation.php files adding the "@" in the ORM phpdoc block
/* ALTER TABLE gradebook_link ADD score_weight DOUBLE PRECISION DEFAULT NULL, ADD average_score DOUBLE PRECISION DEFAULT NULL, ADD best_score DOUBLE PRECISION DEFAULT NULL, ADD user_score_list LONGTEXT DEFAULT NULL COMMENT '(DC2Type:array)' ;
@@ -1781,6 +1793,10 @@ ALTER TABLE notification_event_rel_user ADD CONSTRAINT FK_USER FOREIGN KEY (user
//$_configuration['quiz_prevent_backwards_move'] = false;
// Allow third party plugins to be uploaded through a form in the plugins section
// This option has high inherent risks, by allowing a "simple" administrator role
// to upload executable PHP code to the server. If needed, we recommend to use
// this option temporarily to allow the upload to happen, and then reverting to
// the default 'false' value for increased safety.
//$_configuration['plugin_upload_enable'] = false;
// ALTER TABLE session ADD COLUMN status INT DEFAULT 0;
@@ -1949,6 +1965,21 @@ $_configuration['auth_password_links'] = [
// Default items per page in main/mySpace/users.php
// $_configuration['my_space_users_items_per_page'] = 10;
//Add an expected theorical time spent in a course to show in main/mySpace/myStudents.php and main/session/resume_session.php
//Create an extra field for courses with identifier "theoretical_time"
//$_configuration['display_theoretical_time'] = false;
// Show subscription column in session course list on main/mySpace/myStudents.php
//$_configuration['display_session_subscription_column'] = false;
// Enable improved tracking section in main/mySpace/myStudents.php
//$_configuration['improve_tracking_in_mystudent_php'] = false;
// Allow teachers to access all course/session tracking in main/mySpace/myStudents.php
// When enabled, teachers can view tracking for all courses and sessions
// of a student even if they are not the course admin or session coach
//$_configuration['teacher_access_all_tracking'] = false;
// Add teachers column in course list.
// $_configuration['add_teachers_in_course_list'] = false;
@@ -2069,9 +2100,6 @@ $_configuration['auth_password_links'] = [
// Use exercise score in platform settings in gradebook total rows/columns.
//$_configuration['gradebook_use_exercise_score_settings_in_total'] = false;
// Use exercise score in platform settings in gradebook total rows/columns.
//$_configuration['gradebook_use_exercise_score_settings_in_total'] = false;
// Show a link on the results page to download an answers report
//$_configuration['quiz_results_answers_report'] = false;
@@ -2289,6 +2317,13 @@ VALUES (21, 13, 'send_notification_at_a_specific_date', 'Send notification at a
// Enable image upload as file when doing a copy in the content or a drag and drop.
//$_configuration['enable_uploadimage_editor'] = false;
// Automatic image resize before upload image with CKEditor
/*$_configuration['wysiwyg_image_auto_resize_max'] = [
'w'=> 800, //max width
'h' => 600, //max height
'mb' => 2 //max size (in MB)
];*/
// Ckeditor settings.
//$_configuration['editor_settings'] = ['config' => ['youtube_responsive' => true, 'image_responsive' => true]];
@@ -2312,9 +2347,12 @@ VALUES (21, 13, 'send_notification_at_a_specific_date', 'Send notification at a
// Option to hide the teachers info on courses about info page.
//$_configuration['course_about_teacher_name_hide'] = false;
// Hides the option "Never expire" for expiration date in add/edit user page
// Hides the option "Never expire" for expiration date in add/edit user page for none admin users
//$_configuration['user_hide_never_expire_option'] = false;
// Hides parameter expiration date in add/edit user page for none admin users
//$_configuration['user_hide_expiration_date_for_session_admin'] = false;
// Allow multiple languages to a course
// as a selection bar for languages used in the course.
// Add another field "multilingual" to be used separately as a true/false
@@ -2482,6 +2520,9 @@ INSERT INTO `extra_field` (`extra_field_type`, `field_type`, `variable`, `displa
// Then add the "@" symbol to CAttendanceResultComment class in the ORM\Entity() line.
//$_configuration['attendance_allow_comments'] = false;
// Add the official code of students in the attendance table, pdf and xls export
//$_configuration['attendance_add_official_code'] = false;
// Enable categories in Wiki tool.
// 1. Run the following DB changes:
/*
@@ -2567,6 +2608,9 @@ INSERT INTO extra_field_options (field_id, option_value, display_text, priority,
// Display the Portal News link in the admin page to session admin users
//$_configuration['session_admin_access_system_announcement'] = false;
// Display Statistics link in the admin page to session admin users
//$_configuration['session_admin_access_global_statistics'] = false;
// File upload size limit in MB for teachers (set to 1024 for 1GB, 5120 for 5GB, etc).
//$_configuration['file_upload_size_limit_for_teacher'] = 0;
@@ -2664,10 +2708,12 @@ INSERT INTO extra_field (extra_field_type, field_type, variable, display_text, d
'session_end_date_header' => 'Fecha Fin',
'user_firstname_header' => 'Nombre',
'user_lastname_header' => 'Apellido 1',
'course_field_value' => 'CURSO',
'session_fields' => [
'0' => [
'header' => '1st session header',
'field' => 'modalidad'
'field' => 'modalidad',
'numberOfLetter' => 3
],
'1' => [
'header' => 'Sesion header without value',
@@ -2694,3 +2740,5 @@ INSERT INTO extra_field (extra_field_type, field_type, variable, display_text, d
],
],
]; */
// Extra field variable name to validate as unique per URL during user registration (e.g. 'dni')
//$_configuration['extra_field_to_validate_on_user_registration'] = ''; // set in admin or directly (e.g. 'dni')
main/install/index.php
+22 -14
View File
@@ -259,24 +259,32 @@ if (!isset($_GET['running'])) {
$installationProfile = api_htmlentities($_GET['profile'], ENT_QUOTES);
}
} else {
foreach ($_POST as $key => $val) {
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
if (is_string($val)) {
if ($magic_quotes_gpc) {
$val = stripslashes($val);
}
$val = trim($val);
$_POST[$key] = $val;
} elseif (is_array($val)) {
foreach ($val as $key2 => $val2) {
// Only assign known installer variables from POST. Never inject
// arbitrary POST keys into $GLOBALS — that allows an attacker to
// overwrite any global variable and inject code into configuration.php.
$allowedFields = [
'dbHostForm', 'dbPortForm', 'dbUsernameForm', 'dbPassForm',
'dbNameForm', 'urlForm', 'pathForm', 'urlAppendPath',
'languageForm', 'emailForm', 'adminLastName', 'adminFirstName',
'adminPhoneForm', 'loginForm', 'passForm', 'campusForm',
'educationForm', 'institutionForm', 'institutionUrlForm',
'encryptPassForm', 'allowSelfReg', 'allowSelfRegProf',
'checkEmailByHashSent', 'ShowEmailNotCheckedToStudent',
'userMailCanBeEmpty', 'session_lifetime', 'installationProfile',
'old_version', 'new_version',
];
$magic_quotes_gpc = ini_get('magic_quotes_gpc');
foreach ($allowedFields as $field) {
if (isset($_POST[$field])) {
$val = $_POST[$field];
if (is_string($val)) {
if ($magic_quotes_gpc) {
$val2 = stripslashes($val2);
$val = stripslashes($val);
}
$val2 = trim($val2);
$_POST[$key][$key2] = $val2;
$val = trim($val);
}
$$field = $val;
}
$GLOBALS[$key] = $_POST[$key];
}
}
$dbPortForm = (int) $dbPortForm;
main/install/install.lib.php
+26 -22
View File
@@ -41,15 +41,12 @@ function isAlreadyInstalledSystem()
if (!file_exists($current_config_file)) {
return false; // Configuration file does not exist, install the system.
}
require $current_config_file;
$current_version = null;
if (isset($_configuration['system_version'])) {
$current_version = trim($_configuration['system_version']);
}
// If the current version is old, upgrading is assumed, the installer goes ahead.
return empty($current_version) ? false : version_compare($current_version, $new_version, '>=');
// If configuration.php exists the system is already installed.
// Block re-installation entirely to prevent unauthenticated attackers
// from overwriting the configuration. To upgrade, remove or rename
// configuration.php first, then run the installer.
return true;
}
/**
@@ -395,21 +392,28 @@ function write_system_config_file($path)
$root_sys = api_add_trailing_slash(str_replace('\\', '/', realpath($pathForm)));
$content = file_get_contents(__DIR__.'/'.SYSTEM_CONFIG_FILENAME);
$config['{DATE_GENERATED}'] = date('r');
$config['{DATABASE_HOST}'] = $dbHostForm;
$config['{DATABASE_PORT}'] = $dbPortForm;
$config['{DATABASE_USER}'] = $dbUsernameForm;
$config['{DATABASE_PASSWORD}'] = $dbPassForm;
$config['{DATABASE_MAIN}'] = $dbNameForm;
$config['{ROOT_WEB}'] = $urlForm;
$config['{ROOT_SYS}'] = $root_sys;
$config['{URL_APPEND_PATH}'] = $urlAppendPath;
$config['{PLATFORM_LANGUAGE}'] = $languageForm;
$config['{SECURITY_KEY}'] = md5(uniqid(rand().time()));
$config['{ENCRYPT_PASSWORD}'] = $encryptPassForm;
// Escape all user-supplied values to prevent PHP code injection.
// These values are interpolated into single-quoted strings in the
// configuration template, so escape single quotes and backslashes.
$safe = function ($value) {
return addcslashes((string) $value, "'\\");
};
$config['SESSION_LIFETIME'] = $session_lifetime;
$config['{NEW_VERSION}'] = $new_version;
$config['{DATE_GENERATED}'] = date('r');
$config['{DATABASE_HOST}'] = $safe($dbHostForm);
$config['{DATABASE_PORT}'] = (int) $dbPortForm;
$config['{DATABASE_USER}'] = $safe($dbUsernameForm);
$config['{DATABASE_PASSWORD}'] = $safe($dbPassForm);
$config['{DATABASE_MAIN}'] = $safe($dbNameForm);
$config['{ROOT_WEB}'] = $safe($urlForm);
$config['{ROOT_SYS}'] = $safe($root_sys);
$config['{URL_APPEND_PATH}'] = $safe($urlAppendPath);
$config['{PLATFORM_LANGUAGE}'] = $safe($languageForm);
$config['{SECURITY_KEY}'] = md5(uniqid(rand().time()));
$config['{ENCRYPT_PASSWORD}'] = $safe($encryptPassForm);
$config['SESSION_LIFETIME'] = (int) $session_lifetime;
$config['{NEW_VERSION}'] = $safe($new_version);
$config['NEW_VERSION_STABLE'] = trueFalse($new_version_stable);
foreach ($config as $key => $value) {
main/install/update-configuration.inc.php
+12 -7
View File
@@ -36,22 +36,27 @@ if (defined('SYSTEM_INSTALLATION')) {
$found_software_name = false;
$found_software_url = false;
// Escape values before writing into PHP config to prevent code injection.
$safe = function ($value) {
return addcslashes((string) $value, "'\\");
};
foreach ($file as $line) {
$ignore = false;
if (stripos($line, '$_configuration[\'system_version\']') !== false) {
$found_version = true;
$line = '$_configuration[\'system_version\'] = \''.$GLOBALS['new_version'].'\';'."\r\n";
$line = '$_configuration[\'system_version\'] = \''.$safe($GLOBALS['new_version']).'\';'."\r\n";
} elseif (stripos($line, '$_configuration[\'system_stable\']') !== false) {
$found_stable = true;
$line = '$_configuration[\'system_stable\'] = '.($GLOBALS['new_version_stable'] ? 'true' : 'false').';'."\r\n";
} elseif (stripos($line, '$_configuration[\'software_name\']') !== false) {
$found_software_name = true;
$line = '$_configuration[\'software_name\'] = \''.$GLOBALS['software_name'].'\';'."\r\n";
$line = '$_configuration[\'software_name\'] = \''.$safe($GLOBALS['software_name']).'\';'."\r\n";
} elseif (stripos($line, '$_configuration[\'software_url\']') !== false) {
$found_software_url = true;
$line = '$_configuration[\'software_url\'] = \''.$GLOBALS['software_url'].'\';'."\r\n";
$line = '$_configuration[\'software_url\'] = \''.$safe($GLOBALS['software_url']).'\';'."\r\n";
} elseif (stripos($line, '$userPasswordCrypted') !== false) {
$line = '$_configuration[\'password_encryption\'] = \''.$userPasswordCrypted.'\';'."\r\n";
$line = '$_configuration[\'password_encryption\'] = \''.$safe($userPasswordCrypted).'\';'."\r\n";
} elseif (stripos($line, '?>') !== false) {
$ignore = true;
}
@@ -61,16 +66,16 @@ if (defined('SYSTEM_INSTALLATION')) {
}
if (!$found_version) {
fwrite($fh, '$_configuration[\'system_version\'] = \''.$new_version.'\';'."\r\n");
fwrite($fh, '$_configuration[\'system_version\'] = \''.$safe($new_version).'\';'."\r\n");
}
if (!$found_stable) {
fwrite($fh, '$_configuration[\'system_stable\'] = '.($new_version_stable ? 'true' : 'false').';'."\r\n");
}
if (!$found_software_name) {
fwrite($fh, '$_configuration[\'software_name\'] = \''.$software_name.'\';'."\r\n");
fwrite($fh, '$_configuration[\'software_name\'] = \''.$safe($software_name).'\';'."\r\n");
}
if (!$found_software_url) {
fwrite($fh, '$_configuration[\'software_url\'] = \''.$software_url.'\';'."\r\n");
fwrite($fh, '$_configuration[\'software_url\'] = \''.$safe($software_url).'\';'."\r\n");
}
fclose($fh);
main/install/version.php
+1 -1
View File
@@ -13,7 +13,7 @@
/**
* Variables used from the main/install/index.php.
*/
$new_version = '1.11.32';
$new_version = '1.11.38';
$new_version_status = 'stable';
$new_version_last_id = 0;
$new_version_stable = true;