Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30005

revert too strict URL cleaning in mod/url

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.0.5, 2.1.2, 2.2
    • Fix Version/s: 2.0.6, 2.1.3
    • Component/s: Resource
    • Labels:
      None
    • Testing Instructions:
      Hide

      1/ create new url resource - try various valid and invalid URLs and general URIs, use different display modes
      2/ edit 'url' table - set external url to '' and 'https://' - verify the error message
      3/ run tests from mod/url/simpletest/testlib.php

      Show
      1/ create new url resource - try various valid and invalid URLs and general URIs, use different display modes 2/ edit 'url' table - set external url to '' and 'https://' - verify the error message 3/ run tests from mod/url/simpletest/testlib.php
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w43_MDL-30005_m22_uri
    • Pull Master Diff URL:

      Description

      The problem is we allow not only http and https, but also people do not understand that they must use encoded entities.

      We should not use PARAM_URL because it is too strict which breaks backwards compatibility, technically we previously supported general URIs, not just web URLs.

        Attachments

          Issue Links

          has a non-specific relationship to

          Sub-task - Issues are sometimes broken into multiple sub-tasks. MDL-20509 "http://" content in "add link" text box can be confusing

          • Minor - Minor loss of function where workaround is possible
          • Closed
          is a regression caused by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-28483 adding URL resource without an url leads to error

          • Critical - Crashes server, loss of data, severe memory leak
          • Closed

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              skodak Petr Skoda
              Integrator:
              Aparup Banerjee
              Tester:
              Adrian Greeve
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                28/Nov/11