Details

    • Type: Task Task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0
    • Component/s: Blog
    • Labels:
      None
    • Difficulty:
      Difficult
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE
    • Rank:
      35392

      Description

      List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec
      Discuss this on http://moodle.org/mod/forum/discuss.php?d=133348

        Issue Links

        Progress
        Resolved Sub-Tasks

        Sub-Tasks

        1.
        Remove group and course visibility options from blog visibility setting Sub-task Closed Nicolas Connault
         
        2.
        Upgrade blog code to new pagelib and outputlib code Sub-task Closed Nicolas Connault
         
        3.
        Use USER context for displaying blocks on a user's blog view Sub-task Closed Nicolas Connault
         
        4.
        Use SYSTEM context for displaying sticky blog blocks on every blog view except user's Sub-task Closed Nicolas Connault
         
        5.
        Add more fine-grained capabilities Sub-task Closed Nicolas Connault
         
        6.
        Implement commenting for blog Sub-task Closed Nicolas Connault
         
        7.
        Implement external blog PULL system Sub-task Closed Nicolas Connault
         
        8.
        Make tags block context-dependent and add link to All Tags Sub-task Closed Nicolas Connault
         
        9.
        Implement full-text search of blog entries Sub-task Closed Nicolas Connault
         
        10.
        Improve blog menu block Sub-task Closed Nicolas Connault
         
        11.
        New block: Recent blog entries Sub-task Closed Nicolas Connault
         
        12.
        Fix blog attachment support Sub-task Closed Nicolas Connault
         
        13.
        Upgrade backup/restore code Sub-task Closed Nicolas Connault
         
        14.
        Delete blog_external block and implement this functionality in the Settings block Sub-task Closed Nicolas Connault
         
        15.
        Enable users to comment on blogs Sub-task Closed Nicolas Connault
         
        16.
        Allow blogs to be connected to different things in Moodle Sub-task Closed Nicolas Connault
         
        17.
        Show/track blog entries in the outline activity reports Sub-task Closed Nicolas Connault
         
        18.
        Add tag filters to External blog form Sub-task Closed Nicolas Connault
         
        19.
        Create a new forum type called "blog" to copy obsolete blog entries to Sub-task Closed Martin Dougiamas
         
        20.
        can not use messaging in upgrade, we have a new upgrade_log() instead Sub-task Closed Petr Škoda
         
        21.
        Implement secure RSS links for each blog view Sub-task Closed Andrew Davis
         
        22.
        Integrate blogs within the navigation blocks Sub-task Closed Sam Hemelryk
         

          Activity

          Nicolas Connault created issue -
          Nicolas Connault made changes -
          Field Original Value New Value
          Status Open [ 1 ] In Progress [ 3 ]
          Nicolas Connault made changes -
          Summary 2.0 Blog Improvements META META: 2.0 Blog Improvements
          Nicolas Connault made changes -
          Security Could be a security issue [ 10030 ]
          Hide
          Nicolas Connault added a comment -

          First patch attached

          Show
          Nicolas Connault added a comment - First patch attached
          Nicolas Connault made changes -
          Attachment blogpatch.diff [ 17794 ]
          Hide
          Nicolas Connault added a comment - - edited

          Updated the patch.

          Show
          Nicolas Connault added a comment - - edited Updated the patch.
          Nicolas Connault made changes -
          Attachment blogandcommentspatch.diff [ 17868 ]
          Nicolas Connault made changes -
          Attachment blogandcommentspatch.diff [ 17868 ]
          Nicolas Connault made changes -
          Attachment blogpatch.diff [ 17869 ]
          Nicolas Connault made changes -
          Attachment blogpatch.diff [ 17794 ]
          Martin Dougiamas made changes -
          Link This issue will be resolved by MDL-15435 [ MDL-15435 ]
          Martin Dougiamas made changes -
          Link This issue is duplicated by MDL-14411 [ MDL-14411 ]
          Hide
          Petr Škoda added a comment -

          oh, where is the proposal that describes needed internal changes?

          I have quickly discovered multiple issues in file hacdling, db storage, upgrade code, etc...

          going to post here the details of my findings...

          Show
          Petr Škoda added a comment - oh, where is the proposal that describes needed internal changes? I have quickly discovered multiple issues in file hacdling, db storage, upgrade code, etc... going to post here the details of my findings...
          Nicolas Connault made changes -
          Description List of issues to fix in blog for 2.0 List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec
          Nicolas Connault made changes -
          Description List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec List of issues to fix in blog for 2.0. See http://docs.moodle.org/en/Development:Blog_2.0 for a spec
          Discuss this on http://moodle.org/mod/forum/discuss.php?d=133348
          Hide
          Nicolas Connault added a comment -

          Just attached a patch with the blog almost completed. Please apply and give feedback.

          Show
          Nicolas Connault added a comment - Just attached a patch with the blog almost completed. Please apply and give feedback.
          Nicolas Connault made changes -
          Attachment blog_2009-10-08.patch [ 18562 ]
          Hide
          Nicolas Connault added a comment -

          Updated patch with upgrade solution for old blog levels

          Show
          Nicolas Connault added a comment - Updated patch with upgrade solution for old blog levels
          Nicolas Connault made changes -
          Attachment blog_2009-10-14.patch [ 18621 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-14.patch [ 18624 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-14.patch [ 18621 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-08.patch [ 18562 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-19.patch [ 18646 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-19.patch [ 18646 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-14.patch [ 18624 ]
          Hide
          Nicolas Connault added a comment -

          Latest patch includes completed external blog

          Show
          Nicolas Connault added a comment - Latest patch includes completed external blog
          Nicolas Connault made changes -
          Attachment blog_2009-10-20.patch [ 18675 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-20.patch [ 18675 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-21.patch [ 18685 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-21.patch [ 18685 ]
          Hide
          Nicolas Connault added a comment -

          Updated patch. Full one-way synchronisation of external blogs now implemented

          Show
          Nicolas Connault added a comment - Updated patch. Full one-way synchronisation of external blogs now implemented
          Nicolas Connault made changes -
          Attachment blog_2009-10-23.patch [ 18701 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-23.patch [ 18701 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-23.patch [ 18704 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-23.patch [ 18704 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-23.patch [ 18705 ]
          Hide
          Dan Poltawski added a comment -

          Just one comment about using the class SimplePie_File - you should be able to use moodle_simplepie_file instead. This uses the inbuilt filelib curl class (so respects proxies etc).

          Show
          Dan Poltawski added a comment - Just one comment about using the class SimplePie_File - you should be able to use moodle_simplepie_file instead. This uses the inbuilt filelib curl class (so respects proxies etc).
          Nicolas Connault made changes -
          Attachment blog_2009-10-23.patch [ 18705 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-27.patch [ 18727 ]
          Nicolas Connault made changes -
          Attachment blogpatch.diff [ 17869 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-28.patch [ 18740 ]
          Hide
          Petr Škoda added a comment -

          finishing review, going to send it tomorrow, ehm, today when I wakeup

          Show
          Petr Škoda added a comment - finishing review, going to send it tomorrow, ehm, today when I wakeup
          Hide
          Nicolas Connault added a comment -

          Final patch attached

          Show
          Nicolas Connault added a comment - Final patch attached
          Nicolas Connault made changes -
          Attachment blog_2009-10-29.patch [ 18745 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-28.patch [ 18740 ]
          Nicolas Connault made changes -
          Attachment blog_2009-10-27.patch [ 18727 ]
          Hide
          Petr Škoda added a comment -

          1/ bloglevelupgrade.php must not modify $USER->id like this, it can not work because it breaks all caching and assumptions in accesslib.php, you might also end up logged in as somebody else [CRITICAL]

          2/ cron.php - it might be better to use record sets in oder limit memory use [MINOR]

          3/ block_blog_menu.php - I do not like the use of $PAGE->url->param('modid') at all, passing params around using page object looks like a sloppy hack; there is another use of this hack in adminlib for section parameter, this looks wrong too, I really hope this will not spread all over moodle codebase, please use something else [MAJOR]

          4/ admin/settings/top.php - please do not pollute top with one time upgrade hacks [MAJOR]

          5/ blog/lib.php - why discard coding exceptions in blog_get_headers()? this looks like a wrong coding style [CRITICAL]

          6/ block_blog_recent.php can be used on any page, right? (missing applicable_formats()?) If yes it does not make much sense to use blog_get_headers() which is designed to work on blog/index.php [MAJOR]

          7/ 'moodle/blog:search' is not personal risk, if yes it should not be default for guest role [MINOR]

          8/ lang/en_utf8/admin.php bloglevelupgradebody has some funny Windows line endings [MINOR]

          9/ string['modulename'] = 'Blog'; in blog.php looks strange

          10/ external_blogs.php looks like a joke - XSRF and missing access control, once you have 'moodle/blog:manageexternal' you can delete ANY external blog (given to all students by default), with XSRF you can trick any student to delta any external blog

          11/ when deleting entry only 'blog_attachment' area is purged, but not 'blog_post', this applies

          12/ I personally do not like the blog_entry class because it is mixing all levels of code (db access, accesscontrol, forms processing, html printing, etc.) - I do not think that any functions there are usable in external API, we need to separate low level code

          Show
          Petr Škoda added a comment - 1/ bloglevelupgrade.php must not modify $USER->id like this, it can not work because it breaks all caching and assumptions in accesslib.php, you might also end up logged in as somebody else [CRITICAL] 2/ cron.php - it might be better to use record sets in oder limit memory use [MINOR] 3/ block_blog_menu.php - I do not like the use of $PAGE->url->param('modid') at all, passing params around using page object looks like a sloppy hack; there is another use of this hack in adminlib for section parameter, this looks wrong too, I really hope this will not spread all over moodle codebase, please use something else [MAJOR] 4/ admin/settings/top.php - please do not pollute top with one time upgrade hacks [MAJOR] 5/ blog/lib.php - why discard coding exceptions in blog_get_headers()? this looks like a wrong coding style [CRITICAL] 6/ block_blog_recent.php can be used on any page, right? (missing applicable_formats()?) If yes it does not make much sense to use blog_get_headers() which is designed to work on blog/index.php [MAJOR] 7/ 'moodle/blog:search' is not personal risk, if yes it should not be default for guest role [MINOR] 8/ lang/en_utf8/admin.php bloglevelupgradebody has some funny Windows line endings [MINOR] 9/ string ['modulename'] = 'Blog'; in blog.php looks strange 10/ external_blogs.php looks like a joke - XSRF and missing access control, once you have 'moodle/blog:manageexternal' you can delete ANY external blog (given to all students by default), with XSRF you can trick any student to delta any external blog 11/ when deleting entry only 'blog_attachment' area is purged, but not 'blog_post', this applies 12/ I personally do not like the blog_entry class because it is mixing all levels of code (db access, accesscontrol, forms processing, html printing, etc.) - I do not think that any functions there are usable in external API, we need to separate low level code
          Hide
          Nicolas Connault added a comment -

          Petr, thanks for your review. Here are the items in your list I have fixed:
          1/ I had to modify the forum_add_discussion() function, which used $USER exclusively. I just added $userid as last optional param
          4/ Removed
          5/ Fixed
          6/ Added applicable_formats(). blog_get_headers() works on any page, it's mainly designed to generate appropriate links to blog/index.php
          7/ Removed risk
          8/ Couldn't see that, did a dos2unix on the file but still couldn't detect any differences
          10/ Added proper access control and check on $USER->id
          11/ Fixed

          Show
          Nicolas Connault added a comment - Petr, thanks for your review. Here are the items in your list I have fixed: 1/ I had to modify the forum_add_discussion() function, which used $USER exclusively. I just added $userid as last optional param 4/ Removed 5/ Fixed 6/ Added applicable_formats(). blog_get_headers() works on any page, it's mainly designed to generate appropriate links to blog/index.php 7/ Removed risk 8/ Couldn't see that, did a dos2unix on the file but still couldn't detect any differences 10/ Added proper access control and check on $USER->id 11/ Fixed
          Martin Dougiamas made changes -
          Fix Version/s 2.0 [ 10122 ]
          Affects Version/s 2.0 [ 10122 ]
          Affects Version/s 1.9.5 [ 10320 ]
          Martin Dougiamas made changes -
          Assignee Nicolas Connault [ nicolasconnault ] moodle.com [ moodle.com ]
          Martin Dougiamas made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Martin Dougiamas made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Martin Dougiamas made changes -
          Workflow jira [ 32569 ] MDL Workflow [ 62727 ]
          Martin Dougiamas made changes -
          Workflow MDL Workflow [ 62727 ] MDL Full Workflow [ 91942 ]

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: