-
Bug
-
Resolution: Fixed
-
Major
-
None
-
2.9.5, 3.0.3
-
MOODLE_29_STABLE, MOODLE_30_STABLE
I discovered this while investigating MDL-50735. Basically I crafted a URL to hit the get_file method of the upload repository. Then because the default argument of get_file is an empty filename, it is passed to prepare_file which does not bother generating a file name and thus returns a path. That path is passed to curl which complains.
{"error":"An error occurred while downloading the file: Cannot write to file ([localcachedir]\/f3c4fdf9-f539-49c2-b97f-5e2f122b1cba\/8c4afc0a-1f0a-42e6-ab67-1331b853fdd4\/)","stacktrace":"* line 1673 of \/repository\/lib.php: moodle_exception thrown\n* line 278 of \/repository\/repository_ajax.php: call to repository->get_file()\n","debuginfo":"\nError code: errorwhiledownload","reproductionlink":"http:\/\/fmc.per.in.moodle.com\/sm\/"}
|
This is the curl command:
curl 'http://fmc.per.in.moodle.com/sm/repository/repository_ajax.php?action=download' -H 'Host: fmc.per.in.moodle.com' -H 'Cookie: MoodleSession=fjdhfuf1e4gtttd598mak3iu05;' --data 'file=a&repo_id=3&p=&page=&env=filemanager&sesskey=1nLhogQLGt&client_id=&itemid=&maxbytes=134217728&areamaxbytes=-1&ctx_id=5&source=https://google.com'
|
I am not sure if this scenario can be hit without manipulating the URL, but it could affect any code using get_file() or prepare_file().
