function xmldb_quiz_upgrade($oldversion = 0)
{
global $CFG, $THEME, $db;
$result = true;
/// And upgrade begins here. For each one, you'll need one
/// block of code similar to the next one. Please, delete
/// this comment lines once this file start handling proper
/// upgrade code.
if ($result && $oldversion < 2007022800) {
/// Ensure that there are not existing duplicate entries in the database.
$duplicateunits = get_records_select('question_numerical_units', "id > (SELECT MIN(iqnu.id)\n FROM {$CFG->prefix}question_numerical_units iqnu\n WHERE iqnu.question = {$CFG->prefix}question_numerical_units.question AND\n iqnu.unit = {$CFG->prefix}question_numerical_units.unit)", '', 'id');
if ($duplicateunits) {
delete_records_select('question_numerical_units', 'id IN (' . implode(',', array_keys($duplicateunits)) . ')');
}
/// Define index question-unit (unique) to be added to question_numerical_units
$table = new XMLDBTable('question_numerical_units');
$index = new XMLDBIndex('question-unit');
$index->setAttributes(XMLDB_INDEX_UNIQUE, array('question', 'unit'));
/// Launch add index question-unit
$result = $result && add_index($table, $index);
}
if ($result && $oldversion < 2007070200) {
/// Changing precision of field timelimit on table quiz to (10)
$table = new XMLDBTable('quiz');
$field = new XMLDBField('timelimit');
$field->setAttributes(XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, '0', 'timemodified');
/// Launch change of precision for field timelimit
$result = $result && change_field_precision($table, $field);
}
if ($result && $oldversion < 2007072200) {
require_once $CFG->dirroot . '/mod/quiz/lib.php';
// too much debug output
$db->debug = false;
quiz_update_grades();
$db->debug = true;
}
// Separate control for when overall feedback is displayed, independant of the question feedback settings.
if ($result && $oldversion < 2007072600) {
// Adjust the quiz review options so that overall feedback is displayed whenever feedback is.
$result = $result && execute_sql('UPDATE ' . $CFG->prefix . 'quiz SET review = ' . sql_bitor(sql_bitand('review', sql_bitnot(QUIZ_REVIEW_OVERALLFEEDBACK)), sql_bitor(sql_bitand('review', QUIZ_REVIEW_FEEDBACK & QUIZ_REVIEW_IMMEDIATELY) . ' * 65536', sql_bitor(sql_bitand('review', QUIZ_REVIEW_FEEDBACK & QUIZ_REVIEW_OPEN) . ' * 16384', sql_bitand('review', QUIZ_REVIEW_FEEDBACK & QUIZ_REVIEW_CLOSED) . ' * 4096'))));
// Same adjustment to the defaults for new quizzes.
$result = $result && set_config('quiz_review', $CFG->quiz_review & ~QUIZ_REVIEW_OVERALLFEEDBACK | ($CFG->quiz_review & QUIZ_REVIEW_FEEDBACK & QUIZ_REVIEW_IMMEDIATELY) << 16 | ($CFG->quiz_review & QUIZ_REVIEW_FEEDBACK & QUIZ_REVIEW_OPEN) << 14 | ($CFG->quiz_review & QUIZ_REVIEW_FEEDBACK & QUIZ_REVIEW_CLOSED) << 12);
}
//===== 1.9.0 upgrade line ======//
return $result;
}
/**
* Verifies sanity of default roles in courses.
* @param bool $detailed
* @return object result
*/
function report_security_check_courserole($detailed = false)
{
global $CFG, $SITE;
$problems = array();
$result = new object();
$result->issue = 'report_security_check_courserole';
$result->name = get_string('check_courserole_name', 'report_security');
$result->info = null;
$result->details = null;
$result->status = null;
$result->link = null;
if ($detailed) {
$result->details = get_string('check_courserole_details', 'report_security');
}
// get list of all student roles selected in courses excluding the default course role
$sql = "SELECT r.*\n FROM {$CFG->prefix}role r\n JOIN {$CFG->prefix}course c ON c.defaultrole = r.id\n WHERE c.id <> {$SITE->id} AND r.id <> {$CFG->defaultcourseroleid}";
if (!($student_roles = get_records_sql($sql))) {
$result->status = REPORT_SECURITY_OK;
$result->info = get_string('check_courserole_notyet', 'report_security');
$result->details = get_string('check_courserole_details', 'report_security');
return $result;
}
$roleids = array_keys($student_roles);
$sql = "SELECT DISTINCT rc.roleid\n FROM {$CFG->prefix}role_capabilities rc\n WHERE (rc.capability = 'moodle/legacy:coursecreator' OR rc.capability = 'moodle/legacy:admin'\n OR rc.capability = 'moodle/legacy:teacher' OR rc.capability = 'moodle/legacy:editingteacher')\n AND rc.permission = " . CAP_ALLOW . "";
$riskyroleids = get_records_sql($sql);
$riskyroleids = array_keys($riskyroleids);
// first test if do anything enabled - that would be really crazy!!!!!!
$inroles = implode(',', $roleids);
$sql = "SELECT rc.roleid, rc.contextid\n FROM {$CFG->prefix}role_capabilities rc\n WHERE rc.capability = 'moodle/site:doanything'\n AND rc.permission = " . CAP_ALLOW . "\n AND rc.roleid IN ({$inroles})\n GROUP BY rc.roleid, rc.contextid\n ORDER BY rc.roleid, rc.contextid";
$rs = get_recordset_sql($sql);
while ($res = rs_fetch_next_record($rs)) {
$roleid = $res->roleid;
$contextid = $res->contextid;
if ($contextid == SYSCONTEXTID) {
$a = "{$CFG->wwwroot}/{$CFG->admin}/roles/manage.php?action=view&roleid={$roleid}";
} else {
$a = "{$CFG->wwwroot}/{$CFG->admin}/roles/override.php?contextid={$contextid}&roleid={$roleid}";
}
$problems[] = get_string('check_courserole_anything', 'report_security', $a);
}
rs_close($rs);
// any XSS legacy cap does not make any sense here!
$inroles = implode(',', $riskyroleids);
$sql = "SELECT DISTINCT c.id, c.shortname\n FROM {$CFG->prefix}course c\n WHERE c.defaultrole IN ({$inroles})\n ORDER BY c.sortorder";
if ($courses = get_records_sql($sql)) {
foreach ($courses as $course) {
$a = (object) array('url' => "{$CFG->wwwroot}/course/edit.php?id={$course->id}", 'shortname' => $course->shortname);
$problems[] = get_string('check_courserole_riskylegacy', 'report_security', $a);
}
}
// risky caps in any level for roles not marked as risky yet - usually very dangerous!!
if ($checkroles = array_diff($roleids, $riskyroleids)) {
$inroles = implode(',', $checkroles);
$sql = "SELECT rc.roleid, rc.contextid\n FROM {$CFG->prefix}role_capabilities rc\n JOIN {$CFG->prefix}capabilities cap ON cap.name = rc.capability\n WHERE " . sql_bitand('cap.riskbitmask', RISK_XSS | RISK_CONFIG | RISK_DATALOSS) . " <> 0\n AND rc.permission = " . CAP_ALLOW . "\n AND rc.roleid IN ({$inroles})\n GROUP BY rc.roleid, rc.contextid\n ORDER BY rc.roleid, rc.contextid";
$rs = get_recordset_sql($sql);
while ($res = rs_fetch_next_record($rs)) {
$roleid = $res->roleid;
$contextid = $res->contextid;
if ($contextid == SYSCONTEXTID) {
$a = "{$CFG->wwwroot}/{$CFG->admin}/roles/manage.php?action=view&roleid={$roleid}";
} else {
$a = "{$CFG->wwwroot}/{$CFG->admin}/roles/override.php?contextid={$contextid}&roleid={$roleid}";
}
$problems[] = get_string('check_courserole_risky', 'report_security', $a);
}
rs_close($rs);
}
if ($problems) {
$result->status = REPORT_SECURITY_CRITICAL;
$result->info = get_string('check_courserole_error', 'report_security');
if ($detailed) {
$result->details .= "<ul>";
foreach ($problems as $problem) {
$result->details .= "<li>{$problem}</li>";
}
$result->details .= "</ul>";
}
} else {
$result->status = REPORT_SECURITY_OK;
$result->info = get_string('check_courserole_ok', 'report_security');
}
return $result;
}
/**
* Returns the SQL text to be used in order to perform one bitwise XOR operation
* between 2 integers.
* @param integer int1 first integer in the operation
* @param integer int2 second integer in the operation
* @return string the piece of SQL code to be used in your statement.
*/
function sql_bitxor($int1, $int2)
{
global $CFG;
switch ($CFG->dbfamily) {
case 'oracle':
return '(' . sql_bitor($int1, $int2) . ' - ' . sql_bitand($int1, $int2) . ')';
break;
case 'postgres':
return '((' . $int1 . ') # (' . $int2 . '))';
break;
default:
return '((' . $int1 . ') ^ (' . $int2 . '))';
}
}
/**
* Returns the SQL text to be used in order to perform one bitwise OR operation
* between 2 integers.
* @param integer int1 first integer in the operation
* @param integer int2 second integer in the operation
* @return string the piece of SQL code to be used in your statement.
*/
function sql_bitor($int1, $int2)
{
global $CFG;
switch ($CFG->dbfamily) {
case 'oracle':
return '((' . $int1 . ') + (' . $int2 . ') - ' . sql_bitand($int1, $int2) . ')';
break;
default:
return '((' . $int1 . ') | (' . $int2 . '))';
}
}
