Moodle
  1. Moodle
  2. MDL-29401

create new PARAM_COMPONENT, PARAM_AREA and PARAM_PLUGIN

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0, 2.1, 2.2
    • Fix Version/s: 2.2
    • Component/s: Repositories
    • Labels:
    • Testing Instructions:
      Hide

      This should be a relatively low regression risk, test plugin administration functions + comments, ratings and general file/repository related operations. for example:
      0/ run new unittests in lib/simpletest/testmoodlelib.php
      1/ comments in glossary
      2/ comments in course blocks
      3/ new install and upgrade from 2.0
      4/ installation and uninstallation of blocks, modules and other plugins
      5/ use repositories

      Show
      This should be a relatively low regression risk, test plugin administration functions + comments, ratings and general file/repository related operations. for example: 0/ run new unittests in lib/simpletest/testmoodlelib.php 1/ comments in glossary 2/ comments in course blocks 3/ new install and upgrade from 2.0 4/ installation and uninstallation of blocks, modules and other plugins 5/ use repositories
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w38_MDL-29401_m22_frankenstyle
    • Rank:
      18955

      Description

      The validation of component, plugin and file areas is very inconsistent, we need new PARAM_COMPONENT, PARAM_PLUGIN and PARAM_AREA.

      • PARAM_COMPONENT - expected to be used for 'frankenstyle' names of plugins, that is plugintype_pluginname
      • PARAM_PLUGIN - plugin name, please note standard modules (mod/*) must not use underscores and numbers are strongly discouraged
      • PARAM_AREA - areas are used in file api, comments, ratings and other subsystems, it is usually used as "contextid + component + area + itemid" which allows content addressing

      Upgrades:

      • core is not affected by the changes
      • contrib code has to be upgraded to use new more restricted format (special chars we already creating problems in different areas)
      • it is not possible to migrate file areas during restore of older backup format yet (see MDL-30930)

        Issue Links

          Activity

          Hide
          Petr Škoda added a comment -

          marking as critical because it may break contrib - this is not a security issue

          Show
          Petr Škoda added a comment - marking as critical because it may break contrib - this is not a security issue
          Hide
          Petr Škoda added a comment -

          hmm, it is problematic in many other places - ratings, comments, files
          we should create definitely create PARAM_COMPONENT and PARAM_AREA

          the problem with PARAM_SAFEDIR is the '-' which is not really good, we should also prevent names starting with numbers...

          Show
          Petr Škoda added a comment - hmm, it is problematic in many other places - ratings, comments, files we should create definitely create PARAM_COMPONENT and PARAM_AREA the problem with PARAM_SAFEDIR is the '-' which is not really good, we should also prevent names starting with numbers...
          Hide
          Petr Škoda added a comment -

          the integration request contains new param types:

          • PARAM_COMPONENT - to be used for full component names (aka frankenstyle)
          • PARAM_PLUGIN - to be used for plugin names
          • PARAM_AREA - to be used for file, comment and ratings related areas

          Hopefully this could prevent dev confusion in the future, it may also indirectly improve security especially in 3rd party plugins...

          Show
          Petr Škoda added a comment - the integration request contains new param types: PARAM_COMPONENT - to be used for full component names (aka frankenstyle) PARAM_PLUGIN - to be used for plugin names PARAM_AREA - to be used for file, comment and ratings related areas Hopefully this could prevent dev confusion in the future, it may also indirectly improve security especially in 3rd party plugins...
          Hide
          Petr Škoda added a comment -

          oops, Eloy discovered one forgotten PARAM_ALPHAEXT in filestorage class, fixed...

          Show
          Petr Škoda added a comment - oops, Eloy discovered one forgotten PARAM_ALPHAEXT in filestorage class, fixed...
          Hide
          Eloy Lafuente (stronk7) added a comment -

          (note Petr is fixing some bits here, I get this for tomorrow)

          Show
          Eloy Lafuente (stronk7) added a comment - (note Petr is fixing some bits here, I get this for tomorrow)
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Integrated, many thanks for all the synchronous support! Ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Integrated, many thanks for all the synchronous support! Ciao
          Hide
          Sam Hemelryk added a comment -

          Thanks guys - tested and passed - have been watching for things while working on testing other issues and havn't seen anything.

          Show
          Sam Hemelryk added a comment - Thanks guys - tested and passed - have been watching for things while working on testing other issues and havn't seen anything.
          Hide
          Aparup Banerjee added a comment -

          fixes have been rolled merrily up the stream! Thanks everybody!

          Show
          Aparup Banerjee added a comment - fixes have been rolled merrily up the stream! Thanks everybody!

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: