Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: 2.2.6, 2.3.3
Affects Version/s: 2.1.1, 2.2.1
Component/s: Blocks
Labels:
- patch
- triaged

Affected Branches:
MOODLE_21_STABLE, MOODLE_22_STABLE
Fixed Branches:
MOODLE_22_STABLE, MOODLE_23_STABLE
Pull from Repository:
git://github.com/rajeshtaneja/moodle.git
Pull Main Branch:
wip-mdl-29762
Pull Main Diff URL:
https://github.com/rajeshtaneja/moodle/compare/master...wip-mdl-29762
Testing Instructions:
Hide

Test 1
As Admin:

Access the course category page (site admin > courses > add/edit courses > select a categories

Add HTML block, embedded an image for the content and save it

Copy the site url

On different browser (to make testing easier)

Make sure you are not login to the system

Paste the site url
Make sure you are able to see the embedded image within the HTML block.

Test 2
As Admin:

Access the course category page (site admin > courses > add/edit courses

Add HTML block, embedded an image for the content and save it
Make sure you are able to see the embedded image within the HTML block.
Show
Test 1 As Admin: Access the course category page (site admin > courses > add/edit courses > select a categories Add HTML block, embedded an image for the content and save it Copy the site url On different browser (to make testing easier) Make sure you are not login to the system Paste the site url Make sure you are able to see the embedded image within the HTML block. Test 2 As Admin: Access the course category page (site admin > courses > add/edit courses Add HTML block, embedded an image for the content and save it Make sure you are able to see the embedded image within the HTML block.

Go to http://YOURMOODLEURL/course/category.php?id=SOMECATEGORYID
Create a HTML Block on the category page
Insert a image into the HTML Block with the richtext-editor
Save
View the category page as logged-in user -> Image appears
View the category page as not-logged-in user -> Image doesn't appear
Copy image URL (http://YOURMOODLEURL/pluginfile.php/CONTEXTID/block_html/content/FILENAME.FILESUFFIX) and try to load image in browser -> Login page appears

Hints for solution:
/pluginfile.php fetches context information from given context ID - line 55:
list($context, $course, $cm) = get_context_info_array($contextid);
Unfortunately, $course is null when viewing a block on a category page.

Later, /pluginfile.php calls block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload) in /blocks/html/lib.php.
There, login is required for the given course - line 32:
require_course_login($course);
Unfortunately, as $course is null, login requirement always fails for non-logged-in users and image isn't shown.

A quick and dirty fix would be to replace line 32 in /blocks/html/lib.php

require_course_login($course);

with

if ($course != null)
require_course_login($course);

But I'm quite sure that this would provoke some security issues so I would be grateful if you could provide a better fix

has been marked as being related by

MDL-36050 Block pluginfile URLs need to be improved so that the correct capability checks can be implemented

Closed

Assignee:: Rajesh Taneja

Reporter:: Alexander Bias

Peer reviewer:: Rossiani Wijaya

Integrator:: Dan Poltawski

Tester:: David Monllaó

Participants:: Alexander Bias, Aparup Banerjee, Dan Poltawski, David Monllaó, Helen Foster, Petr Skoda, Rajesh Taneja, Rossiani Wijaya

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 13/Oct/11 11:36 AM

Updated:: 28/Jan/14 5:38 PM

Resolved:: 01/Nov/12 11:03 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Clockify