Details

    • Type: Task
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0
    • Component/s: Blog
    • Labels:
      None
    • Difficulty:
      Difficult
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE

      Description

      List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec
      Discuss this on http://moodle.org/mod/forum/discuss.php?d=133348

        Gliffy Diagrams

          Attachments

            Issue Links

            1.
            Remove group and course visibility options from blog visibility setting Sub-task Closed Nicolas Connault
             
            2.
            Upgrade blog code to new pagelib and outputlib code Sub-task Closed Nicolas Connault
             
            3.
            Use USER context for displaying blocks on a user's blog view Sub-task Closed Nicolas Connault
             
            4.
            Use SYSTEM context for displaying sticky blog blocks on every blog view except user's Sub-task Closed Nicolas Connault
             
            5.
            Add more fine-grained capabilities Sub-task Closed Nicolas Connault
             
            6.
            Implement commenting for blog Sub-task Closed Nicolas Connault
             
            7.
            Implement external blog PULL system Sub-task Closed Nicolas Connault
             
            8.
            Make tags block context-dependent and add link to All Tags Sub-task Closed Nicolas Connault
             
            9.
            Implement full-text search of blog entries Sub-task Closed Nicolas Connault
             
            10.
            Improve blog menu block Sub-task Closed Nicolas Connault
             
            11.
            New block: Recent blog entries Sub-task Closed Nicolas Connault
             
            12.
            Fix blog attachment support Sub-task Closed Nicolas Connault
             
            13.
            Upgrade backup/restore code Sub-task Closed Nicolas Connault
             
            14.
            Delete blog_external block and implement this functionality in the Settings block Sub-task Closed Nicolas Connault
             
            15.
            Enable users to comment on blogs Sub-task Closed Nicolas Connault
             
            16.
            Allow blogs to be connected to different things in Moodle Sub-task Closed Nicolas Connault
             
            17.
            Show/track blog entries in the outline activity reports Sub-task Closed Nicolas Connault
             
            18.
            Add tag filters to External blog form Sub-task Closed Nicolas Connault
             
            19.
            Create a new forum type called "blog" to copy obsolete blog entries to Sub-task Closed Martin Dougiamas
             
            20.
            can not use messaging in upgrade, we have a new upgrade_log() instead Sub-task Closed Petr Skoda
             
            21.
            Implement secure RSS links for each blog view Sub-task Closed Andrew Davis
             
            22.
            Integrate blogs within the navigation blocks Sub-task Closed Sam Hemelryk
             

              Activity

              Hide
              nicolasconnault Nicolas Connault added a comment -

              First patch attached

              Show
              nicolasconnault Nicolas Connault added a comment - First patch attached
              Hide
              nicolasconnault Nicolas Connault added a comment - - edited

              Updated the patch.

              Show
              nicolasconnault Nicolas Connault added a comment - - edited Updated the patch.
              Hide
              skodak Petr Skoda added a comment -

              oh, where is the proposal that describes needed internal changes?

              I have quickly discovered multiple issues in file hacdling, db storage, upgrade code, etc...

              going to post here the details of my findings...

              Show
              skodak Petr Skoda added a comment - oh, where is the proposal that describes needed internal changes? I have quickly discovered multiple issues in file hacdling, db storage, upgrade code, etc... going to post here the details of my findings...
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Just attached a patch with the blog almost completed. Please apply and give feedback.

              Show
              nicolasconnault Nicolas Connault added a comment - Just attached a patch with the blog almost completed. Please apply and give feedback.
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Updated patch with upgrade solution for old blog levels

              Show
              nicolasconnault Nicolas Connault added a comment - Updated patch with upgrade solution for old blog levels
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Latest patch includes completed external blog

              Show
              nicolasconnault Nicolas Connault added a comment - Latest patch includes completed external blog
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Updated patch. Full one-way synchronisation of external blogs now implemented

              Show
              nicolasconnault Nicolas Connault added a comment - Updated patch. Full one-way synchronisation of external blogs now implemented
              Hide
              poltawski Dan Poltawski added a comment -

              Just one comment about using the class SimplePie_File - you should be able to use moodle_simplepie_file instead. This uses the inbuilt filelib curl class (so respects proxies etc).

              Show
              poltawski Dan Poltawski added a comment - Just one comment about using the class SimplePie_File - you should be able to use moodle_simplepie_file instead. This uses the inbuilt filelib curl class (so respects proxies etc).
              Hide
              skodak Petr Skoda added a comment -

              finishing review, going to send it tomorrow, ehm, today when I wakeup

              Show
              skodak Petr Skoda added a comment - finishing review, going to send it tomorrow, ehm, today when I wakeup
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Final patch attached

              Show
              nicolasconnault Nicolas Connault added a comment - Final patch attached
              Hide
              skodak Petr Skoda added a comment -

              1/ bloglevelupgrade.php must not modify $USER->id like this, it can not work because it breaks all caching and assumptions in accesslib.php, you might also end up logged in as somebody else [CRITICAL]

              2/ cron.php - it might be better to use record sets in oder limit memory use [MINOR]

              3/ block_blog_menu.php - I do not like the use of $PAGE->url->param('modid') at all, passing params around using page object looks like a sloppy hack; there is another use of this hack in adminlib for section parameter, this looks wrong too, I really hope this will not spread all over moodle codebase, please use something else [MAJOR]

              4/ admin/settings/top.php - please do not pollute top with one time upgrade hacks [MAJOR]

              5/ blog/lib.php - why discard coding exceptions in blog_get_headers()? this looks like a wrong coding style [CRITICAL]

              6/ block_blog_recent.php can be used on any page, right? (missing applicable_formats()?) If yes it does not make much sense to use blog_get_headers() which is designed to work on blog/index.php [MAJOR]

              7/ 'moodle/blog:search' is not personal risk, if yes it should not be default for guest role [MINOR]

              8/ lang/en_utf8/admin.php bloglevelupgradebody has some funny Windows line endings [MINOR]

              9/ string['modulename'] = 'Blog'; in blog.php looks strange

              10/ external_blogs.php looks like a joke - XSRF and missing access control, once you have 'moodle/blog:manageexternal' you can delete ANY external blog (given to all students by default), with XSRF you can trick any student to delta any external blog

              11/ when deleting entry only 'blog_attachment' area is purged, but not 'blog_post', this applies

              12/ I personally do not like the blog_entry class because it is mixing all levels of code (db access, accesscontrol, forms processing, html printing, etc.) - I do not think that any functions there are usable in external API, we need to separate low level code

              Show
              skodak Petr Skoda added a comment - 1/ bloglevelupgrade.php must not modify $USER->id like this, it can not work because it breaks all caching and assumptions in accesslib.php, you might also end up logged in as somebody else [CRITICAL] 2/ cron.php - it might be better to use record sets in oder limit memory use [MINOR] 3/ block_blog_menu.php - I do not like the use of $PAGE->url->param('modid') at all, passing params around using page object looks like a sloppy hack; there is another use of this hack in adminlib for section parameter, this looks wrong too, I really hope this will not spread all over moodle codebase, please use something else [MAJOR] 4/ admin/settings/top.php - please do not pollute top with one time upgrade hacks [MAJOR] 5/ blog/lib.php - why discard coding exceptions in blog_get_headers()? this looks like a wrong coding style [CRITICAL] 6/ block_blog_recent.php can be used on any page, right? (missing applicable_formats()?) If yes it does not make much sense to use blog_get_headers() which is designed to work on blog/index.php [MAJOR] 7/ 'moodle/blog:search' is not personal risk, if yes it should not be default for guest role [MINOR] 8/ lang/en_utf8/admin.php bloglevelupgradebody has some funny Windows line endings [MINOR] 9/ string ['modulename'] = 'Blog'; in blog.php looks strange 10/ external_blogs.php looks like a joke - XSRF and missing access control, once you have 'moodle/blog:manageexternal' you can delete ANY external blog (given to all students by default), with XSRF you can trick any student to delta any external blog 11/ when deleting entry only 'blog_attachment' area is purged, but not 'blog_post', this applies 12/ I personally do not like the blog_entry class because it is mixing all levels of code (db access, accesscontrol, forms processing, html printing, etc.) - I do not think that any functions there are usable in external API, we need to separate low level code
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Petr, thanks for your review. Here are the items in your list I have fixed:
              1/ I had to modify the forum_add_discussion() function, which used $USER exclusively. I just added $userid as last optional param
              4/ Removed
              5/ Fixed
              6/ Added applicable_formats(). blog_get_headers() works on any page, it's mainly designed to generate appropriate links to blog/index.php
              7/ Removed risk
              8/ Couldn't see that, did a dos2unix on the file but still couldn't detect any differences
              10/ Added proper access control and check on $USER->id
              11/ Fixed

              Show
              nicolasconnault Nicolas Connault added a comment - Petr, thanks for your review. Here are the items in your list I have fixed: 1/ I had to modify the forum_add_discussion() function, which used $USER exclusively. I just added $userid as last optional param 4/ Removed 5/ Fixed 6/ Added applicable_formats(). blog_get_headers() works on any page, it's mainly designed to generate appropriate links to blog/index.php 7/ Removed risk 8/ Couldn't see that, did a dos2unix on the file but still couldn't detect any differences 10/ Added proper access control and check on $USER->id 11/ Fixed

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    24/Nov/10