Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-83674

Files: pluginfile.php outputs debugging log if user not allowed course

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 4.4.7, 4.5.3
    • 4.4.5
    • Files API
    • MOODLE_404_STABLE
    • MOODLE_404_STABLE, MOODLE_405_STABLE
    • MDL-83674-m404
    • MDL-83674-m405
    • MDL-83674-main
    • Hide

      For this test, you will need to be able to check the web server (e.g. Apache) error log. It may be helpful to clear the error log before starting the test.

      1. The server must be set to output warning messages, if this is not already on then turn it on first via Site administration / Development/ Debugging. Set Debug messages to DEVELOPER and Display debug messages to on (ticked).
      2. Use Site administration / Courses / Add a new course to create a new course. Fill in anything suitable for the required name fields, and set the Course visibility option to Hide. Save and display the course.
      3. Using the Participants screen, enrol a test user account in the course as Student.
      4. Go back to the course page and turn editing mode on.
      5. Drag an image file from your computer into one of the course sections. A popup should ask what you want to do; choose Create file resource and click Upload.
      6. Click into the file resource link so that the image is displayed.
      7. Right-click the image and copy its URL, which should include 'pluginfile.php'.
      8. In a separate browser, e.g. private browsing window, log in as the test user account (you will not be able to see the course but should be able to log into Moodle).
      9. Paste the URL into your browser.
        • EXPECTED (no change): You should see an error 'This course is currently unavailable to students'
      10. Check the server error log.
        • EXPECTED: Nothing should have been added to the server error log as a result of this request.
      11. Back in your main browser logged in as admin, edit the course settings and change Course visibility from Hide to Show.
      12. In the other browser logged in as test user, reload the pluginfile.php URL.
        • EXPECTED (no change): The image should now display.
      Show
      For this test, you will need to be able to check the web server (e.g. Apache) error log. It may be helpful to clear the error log before starting the test. The server must be set to output warning messages, if this is not already on then turn it on first via Site administration / Development/ Debugging . Set Debug messages to DEVELOPER and Display debug messages to on (ticked). Use Site administration / Courses / Add a new course to create a new course. Fill in anything suitable for the required name fields, and set the Course visibility option to Hide . Save and display the course. Using the Participants screen, enrol a test user account in the course as Student . Go back to the course page and turn editing mode on. Drag an image file from your computer into one of the course sections. A popup should ask what you want to do; choose Create file resource and click Upload . Click into the file resource link so that the image is displayed. Right-click the image and copy its URL, which should include 'pluginfile.php'. In a separate browser, e.g. private browsing window, log in as the test user account (you will not be able to see the course but should be able to log into Moodle). Paste the URL into your browser. EXPECTED (no change): You should see an error 'This course is currently unavailable to students' Check the server error log. EXPECTED: Nothing should have been added to the server error log as a result of this request. Back in your main browser logged in as admin, edit the course settings and change Course visibility from Hide to Show . In the other browser logged in as test user, reload the pluginfile.php URL. EXPECTED (no change): The image should now display.
    • Hide

      Code verified against automated checks.

      Checked MDL-83674 using repository: https://github.com/sammarshallou/moodle.git

      More information about this report

      Built on: Wed 13 Nov 2024 11:27:14 AM UTC

      Show
      Code verified against automated checks. Checked MDL-83674 using repository: https://github.com/sammarshallou/moodle.git MOODLE_404_STABLE (0 errors / 0 warnings) [branch: MDL-83674-m404 | CI Job ] MOODLE_405_STABLE (0 errors / 0 warnings) [branch: MDL-83674-m405 | CI Job ] main (0 errors / 0 warnings) [branch: MDL-83674-main | CI Job ] More information about this report Built on: Wed 13 Nov 2024 11:27:14 AM UTC
    • Hide

      Launching automatic jobs for branch MDL-83674-m404

      Launching automatic jobs for branch MDL-83674-m405

      Launching automatic jobs for branch MDL-83674-main

      Built on: Wed Nov 13 10:28:13 UTC 2024

      Show
      Launching automatic jobs for branch MDL-83674 -m404 https://ci.moodle.org/view/Testing/job/DEV.02%20-%20Developer-requested%20PHPUnit/17331/ PHPUnit (sqlsrv) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59131/ Behat (NonJS - boost and classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59132/ Behat (Firefox - boost) Launching automatic jobs for branch MDL-83674 -m405 https://ci.moodle.org/view/Testing/job/DEV.02%20-%20Developer-requested%20PHPUnit/17332/ PHPUnit (sqlsrv) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59133/ Behat (NonJS - boost and classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59134/ Behat (Firefox - boost) Launching automatic jobs for branch MDL-83674 -main https://ci.moodle.org/view/Testing/job/DEV.02%20-%20Developer-requested%20PHPUnit/17333/ PHPUnit (sqlsrv) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59135/ Behat (NonJS - boost and classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59136/ Behat (Firefox - boost) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59137/ Behat (Firefox - classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/59138/ App tests (stable app version) Built on: Wed Nov 13 10:28:13 UTC 2024

      If you make a request using pluginfile.php or tokenpluginfile.php for a resource on a course where the current user is not allowed access to it (not enrolled or course hidden), this displays a notice e.g. 'This course is currently unavailable to students'.

      This behaviour (which comes from require_login) is OK, but it also throws an error in the server log, because if you display a page rather than just throwing an exception, you need to call $PAGE->set_url:

      [2024-11-08 15:04:16.982287 GMT] [php:notice] [pid 25684:tid 1200] [client 127.0.0.1:50403] Debugging: This page did not call $PAGE->set_url(...). Using http://localhost/core-moodle-github/pluginfile.php/26747/mod_resource/content/0/gvVL52GbFV.png in

      • line 685 of \lib\pagelib.php: call to debugging()
      • line 966 of \lib\pagelib.php: call to moodle_page->magic_get_url()
      • line 4520 of \lib\navigationlib.php: call to moodle_page->__get()
      • line 844 of \lib\pagelib.php: call to settings_navigation->initialise()
      • line 966 of \lib\pagelib.php: call to moodle_page->magic_get_settingsnav()
      • line 755 of \lib\classes\navigation\views\secondary.php: call to moodle_page->__get()
      • line 238 of \lib\classes\navigation\views\secondary.php: call to core\navigation\views\secondary->load_admin_navigation()
      • line 894 of \lib\pagelib.php: call to core\navigation\views\secondary->initialise()
      • line 966 of \lib\pagelib.php: call to moodle_page->magic_get_secondarynav()
      • line 67 of \theme\boost\layout\drawers.php: call to moodle_page->__get()
      • line 972 of \lib\classes\output\core_renderer.php: call to include()
      • line 888 of \lib\classes\output\core_renderer.php: call to core\output\core_renderer->render_page_layout()
      • line ? of unknownfile: call to core\output\core_renderer->header()
      • line 109 of \lib\classes\output\bootstrap_renderer.php: call to call_user_func_array()
      • line 2052 of \lib\weblib.php: call to core\output\bootstrap_renderer->__call()
      • line 2476 of \lib\moodlelib.php: call to notice()
      • line 2755 of \lib\moodlelib.php: call to require_login()
      • line 370 of \mod\resource\lib.php: call to require_course_login()
      • line 5279 of \lib\filelib.php: call to resource_pluginfile()
      • line 44 of \pluginfile.php: call to file_pluginfile()

      While this does not cause any practical problems (and for some reason the error is not displayed to user even if debugging is enabled), it does clutter up the server log.

      To resolve this problem, pluginfile.php should probably set the page URL.

        1. MDL-83674.png
          MDL-83674.png
          1.59 MB

            quen Sam Marshall
            quen Sam Marshall
            Katie Ransom Katie Ransom
            Safat Shahin Safat Shahin
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 36 minutes
                1h 36m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.