Details

    • Type: Task
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0
    • Component/s: Blog
    • Labels:
      None
    • Difficulty:
      Difficult
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE

      Description

      List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec
      Discuss this on http://moodle.org/mod/forum/discuss.php?d=133348

        Gliffy Diagrams

          Attachments

            Issue Links

            1.
            Remove group and course visibility options from blog visibility setting Sub-task Closed Nicolas Connault
             
            2.
            Upgrade blog code to new pagelib and outputlib code Sub-task Closed Nicolas Connault
             
            3.
            Use USER context for displaying blocks on a user's blog view Sub-task Closed Nicolas Connault
             
            4.
            Use SYSTEM context for displaying sticky blog blocks on every blog view except user's Sub-task Closed Nicolas Connault
             
            5.
            Add more fine-grained capabilities Sub-task Closed Nicolas Connault
             
            6.
            Implement commenting for blog Sub-task Closed Nicolas Connault
             
            7.
            Implement external blog PULL system Sub-task Closed Nicolas Connault
             
            8.
            Make tags block context-dependent and add link to All Tags Sub-task Closed Nicolas Connault
             
            9.
            Implement full-text search of blog entries Sub-task Closed Nicolas Connault
             
            10.
            Improve blog menu block Sub-task Closed Nicolas Connault
             
            11.
            New block: Recent blog entries Sub-task Closed Nicolas Connault
             
            12.
            Fix blog attachment support Sub-task Closed Nicolas Connault
             
            13.
            Upgrade backup/restore code Sub-task Closed Nicolas Connault
             
            14.
            Delete blog_external block and implement this functionality in the Settings block Sub-task Closed Nicolas Connault
             
            15.
            Enable users to comment on blogs Sub-task Closed Nicolas Connault
             
            16.
            Allow blogs to be connected to different things in Moodle Sub-task Closed Nicolas Connault
             
            17.
            Show/track blog entries in the outline activity reports Sub-task Closed Nicolas Connault
             
            18.
            Add tag filters to External blog form Sub-task Closed Nicolas Connault
             
            19.
            Create a new forum type called "blog" to copy obsolete blog entries to Sub-task Closed Martin Dougiamas
             
            20.
            can not use messaging in upgrade, we have a new upgrade_log() instead Sub-task Closed Petr Skoda
             
            21.
            Implement secure RSS links for each blog view Sub-task Closed Andrew Davis
             
            22.
            Integrate blogs within the navigation blocks Sub-task Closed Sam Hemelryk
             

              Activity

              nicolasconnault Nicolas Connault created issue -
              nicolasconnault Nicolas Connault made changes -
              Field Original Value New Value
              Status Open [ 1 ] In Progress [ 3 ]
              nicolasconnault Nicolas Connault made changes -
              Summary 2.0 Blog Improvements META META: 2.0 Blog Improvements
              nicolasconnault Nicolas Connault made changes -
              Security Could be a security issue [ 10030 ]
              Hide
              nicolasconnault Nicolas Connault added a comment -

              First patch attached

              Show
              nicolasconnault Nicolas Connault added a comment - First patch attached
              nicolasconnault Nicolas Connault made changes -
              Attachment blogpatch.diff [ 17794 ]
              Hide
              nicolasconnault Nicolas Connault added a comment - - edited

              Updated the patch.

              Show
              nicolasconnault Nicolas Connault added a comment - - edited Updated the patch.
              nicolasconnault Nicolas Connault made changes -
              Attachment blogandcommentspatch.diff [ 17868 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blogandcommentspatch.diff [ 17868 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blogpatch.diff [ 17869 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blogpatch.diff [ 17794 ]
              dougiamas Martin Dougiamas made changes -
              Link This issue will be resolved by MDL-15435 [ MDL-15435 ]
              dougiamas Martin Dougiamas made changes -
              Link This issue is duplicated by MDL-14411 [ MDL-14411 ]
              Hide
              skodak Petr Skoda added a comment -

              oh, where is the proposal that describes needed internal changes?

              I have quickly discovered multiple issues in file hacdling, db storage, upgrade code, etc...

              going to post here the details of my findings...

              Show
              skodak Petr Skoda added a comment - oh, where is the proposal that describes needed internal changes? I have quickly discovered multiple issues in file hacdling, db storage, upgrade code, etc... going to post here the details of my findings...
              nicolasconnault Nicolas Connault made changes -
              Description List of issues to fix in blog for 2.0 List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec
              nicolasconnault Nicolas Connault made changes -
              Description List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec
              Discuss this on http://moodle.org/mod/forum/discuss.php?d=133348
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Just attached a patch with the blog almost completed. Please apply and give feedback.

              Show
              nicolasconnault Nicolas Connault added a comment - Just attached a patch with the blog almost completed. Please apply and give feedback.
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-08.patch [ 18562 ]
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Updated patch with upgrade solution for old blog levels

              Show
              nicolasconnault Nicolas Connault added a comment - Updated patch with upgrade solution for old blog levels
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-14.patch [ 18621 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-14.patch [ 18624 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-14.patch [ 18621 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-08.patch [ 18562 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-19.patch [ 18646 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-19.patch [ 18646 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-14.patch [ 18624 ]
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Latest patch includes completed external blog

              Show
              nicolasconnault Nicolas Connault added a comment - Latest patch includes completed external blog
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-20.patch [ 18675 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-20.patch [ 18675 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-21.patch [ 18685 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-21.patch [ 18685 ]
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Updated patch. Full one-way synchronisation of external blogs now implemented

              Show
              nicolasconnault Nicolas Connault added a comment - Updated patch. Full one-way synchronisation of external blogs now implemented
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-23.patch [ 18701 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-23.patch [ 18701 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-23.patch [ 18704 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-23.patch [ 18704 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-23.patch [ 18705 ]
              Hide
              poltawski Dan Poltawski added a comment -

              Just one comment about using the class SimplePie_File - you should be able to use moodle_simplepie_file instead. This uses the inbuilt filelib curl class (so respects proxies etc).

              Show
              poltawski Dan Poltawski added a comment - Just one comment about using the class SimplePie_File - you should be able to use moodle_simplepie_file instead. This uses the inbuilt filelib curl class (so respects proxies etc).
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-23.patch [ 18705 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-27.patch [ 18727 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blogpatch.diff [ 17869 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-28.patch [ 18740 ]
              Hide
              skodak Petr Skoda added a comment -

              finishing review, going to send it tomorrow, ehm, today when I wakeup

              Show
              skodak Petr Skoda added a comment - finishing review, going to send it tomorrow, ehm, today when I wakeup
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Final patch attached

              Show
              nicolasconnault Nicolas Connault added a comment - Final patch attached
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-29.patch [ 18745 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-28.patch [ 18740 ]
              nicolasconnault Nicolas Connault made changes -
              Attachment blog_2009-10-27.patch [ 18727 ]
              Hide
              skodak Petr Skoda added a comment -

              1/ bloglevelupgrade.php must not modify $USER->id like this, it can not work because it breaks all caching and assumptions in accesslib.php, you might also end up logged in as somebody else [CRITICAL]

              2/ cron.php - it might be better to use record sets in oder limit memory use [MINOR]

              3/ block_blog_menu.php - I do not like the use of $PAGE->url->param('modid') at all, passing params around using page object looks like a sloppy hack; there is another use of this hack in adminlib for section parameter, this looks wrong too, I really hope this will not spread all over moodle codebase, please use something else [MAJOR]

              4/ admin/settings/top.php - please do not pollute top with one time upgrade hacks [MAJOR]

              5/ blog/lib.php - why discard coding exceptions in blog_get_headers()? this looks like a wrong coding style [CRITICAL]

              6/ block_blog_recent.php can be used on any page, right? (missing applicable_formats()?) If yes it does not make much sense to use blog_get_headers() which is designed to work on blog/index.php [MAJOR]

              7/ 'moodle/blog:search' is not personal risk, if yes it should not be default for guest role [MINOR]

              8/ lang/en_utf8/admin.php bloglevelupgradebody has some funny Windows line endings [MINOR]

              9/ string['modulename'] = 'Blog'; in blog.php looks strange

              10/ external_blogs.php looks like a joke - XSRF and missing access control, once you have 'moodle/blog:manageexternal' you can delete ANY external blog (given to all students by default), with XSRF you can trick any student to delta any external blog

              11/ when deleting entry only 'blog_attachment' area is purged, but not 'blog_post', this applies

              12/ I personally do not like the blog_entry class because it is mixing all levels of code (db access, accesscontrol, forms processing, html printing, etc.) - I do not think that any functions there are usable in external API, we need to separate low level code

              Show
              skodak Petr Skoda added a comment - 1/ bloglevelupgrade.php must not modify $USER->id like this, it can not work because it breaks all caching and assumptions in accesslib.php, you might also end up logged in as somebody else [CRITICAL] 2/ cron.php - it might be better to use record sets in oder limit memory use [MINOR] 3/ block_blog_menu.php - I do not like the use of $PAGE->url->param('modid') at all, passing params around using page object looks like a sloppy hack; there is another use of this hack in adminlib for section parameter, this looks wrong too, I really hope this will not spread all over moodle codebase, please use something else [MAJOR] 4/ admin/settings/top.php - please do not pollute top with one time upgrade hacks [MAJOR] 5/ blog/lib.php - why discard coding exceptions in blog_get_headers()? this looks like a wrong coding style [CRITICAL] 6/ block_blog_recent.php can be used on any page, right? (missing applicable_formats()?) If yes it does not make much sense to use blog_get_headers() which is designed to work on blog/index.php [MAJOR] 7/ 'moodle/blog:search' is not personal risk, if yes it should not be default for guest role [MINOR] 8/ lang/en_utf8/admin.php bloglevelupgradebody has some funny Windows line endings [MINOR] 9/ string ['modulename'] = 'Blog'; in blog.php looks strange 10/ external_blogs.php looks like a joke - XSRF and missing access control, once you have 'moodle/blog:manageexternal' you can delete ANY external blog (given to all students by default), with XSRF you can trick any student to delta any external blog 11/ when deleting entry only 'blog_attachment' area is purged, but not 'blog_post', this applies 12/ I personally do not like the blog_entry class because it is mixing all levels of code (db access, accesscontrol, forms processing, html printing, etc.) - I do not think that any functions there are usable in external API, we need to separate low level code
              Hide
              nicolasconnault Nicolas Connault added a comment -

              Petr, thanks for your review. Here are the items in your list I have fixed:
              1/ I had to modify the forum_add_discussion() function, which used $USER exclusively. I just added $userid as last optional param
              4/ Removed
              5/ Fixed
              6/ Added applicable_formats(). blog_get_headers() works on any page, it's mainly designed to generate appropriate links to blog/index.php
              7/ Removed risk
              8/ Couldn't see that, did a dos2unix on the file but still couldn't detect any differences
              10/ Added proper access control and check on $USER->id
              11/ Fixed

              Show
              nicolasconnault Nicolas Connault added a comment - Petr, thanks for your review. Here are the items in your list I have fixed: 1/ I had to modify the forum_add_discussion() function, which used $USER exclusively. I just added $userid as last optional param 4/ Removed 5/ Fixed 6/ Added applicable_formats(). blog_get_headers() works on any page, it's mainly designed to generate appropriate links to blog/index.php 7/ Removed risk 8/ Couldn't see that, did a dos2unix on the file but still couldn't detect any differences 10/ Added proper access control and check on $USER->id 11/ Fixed
              dougiamas Martin Dougiamas made changes -
              Fix Version/s 2.0 [ 10122 ]
              Affects Version/s 2.0 [ 10122 ]
              Affects Version/s 1.9.5 [ 10320 ]
              dougiamas Martin Dougiamas made changes -
              Assignee Nicolas Connault [ nicolasconnault ] moodle.com [ moodle.com ]
              dougiamas Martin Dougiamas made changes -
              Status In Progress [ 3 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              dougiamas Martin Dougiamas made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              dougiamas Martin Dougiamas made changes -
              Workflow jira [ 32569 ] MDL Workflow [ 62727 ]
              dougiamas Martin Dougiamas made changes -
              Workflow MDL Workflow [ 62727 ] MDL Full Workflow [ 91942 ]

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    24/Nov/10