Merge branch 'install_27_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_27_STABLE

Merge branch 'install_27_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_27_STABLE

$_REQUEST variable may contain cookies in some php configurations. See also MDL-48085

Merge branch 'install_27_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_27_STABLE

Merge branch 'install_27_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_27_STABLE

Eloy Lafuente authored 9 years ago and Andrew Lyons committed 9 years ago

This unit test does not verify contents, details, but only
that the returned users for every group mode, for every
filtering (active, groupid and withcapability) together
with permissions are correct.

Damyon Wiese authored 9 years ago and Dan Poltawski committed 9 years ago

Make sure any submitted choice options actually belong to the current choice
module.

David Monllaó authored 9 years ago and Dan Poltawski committed 9 years ago

Credit to Yuliya Bozhko.

    This patch fixes a XSS vulnerability with surveys where a student user
    could inject arbitrary HTML in a comment on the survey. The fix is to
    escape the comment before displaying it to the teacher.

This commit add a new session key hidden field on the lesson password form
and confirm if the session key is valid on related pages to prevent CSRF on
password protected lessons.

Additional checks that access is available for item ratings
on records that have a group id of zero (all participants).