Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30388

Site Admin > Blocks > Manage Blocks (Click on Block to get list of) > Show all/Next -- Fails and doesn't do pagination

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.1.2
    • 2.1.5, 2.2.2
    • Administration
    • Any
    • MOODLE_21_STABLE
    • MOODLE_21_STABLE, MOODLE_22_STABLE
    • wip-mdl-30388
    • Hide

      Need to manually edit the URL to add the sesskey. Example:

      https://<URL>/course/search.php?search=&perpage=30&page=1

      should be:
      https://<URL>/course/search.php?search=&perpage=30&page=1&blocklist=7&sesskey=qLwJ2tcQYm

      Show
      Need to manually edit the URL to add the sesskey. Example: https://<URL>/course/search.php?search=&perpage=30&page=1 should be: https://<URL>/course/search.php?search=&perpage=30&page=1&blocklist=7&sesskey=qLwJ2tcQYm
    • Hide
      1. Log in as admin
      2. On Site Admin panel go to Plugins > Blocks > Manage Blocks
      3. Click on link in "Instances" column > on blocks (with more then 30 instances)
      4. On top there are links called Show all or Next.
      5. Click on "Next" and you should see next page of results
      6. Click on "Show all" and you should see all the records. In addition you should see Page view link to view pages.
      Show
      Log in as admin On Site Admin panel go to Plugins > Blocks > Manage Blocks Click on link in "Instances" column > on blocks (with more then 30 instances) On top there are links called Show all or Next. Click on "Next" and you should see next page of results Click on "Show all" and you should see all the records. In addition you should see Page view link to view pages.

    Description

      When looking at the instances of blocks in either M1.9 or M2.x via the "Manage Blocks" screen you cannot get past the first page of results.

      There is a potential security issue according to one our developer's reports. The page that displays the list of instances of blocks doesn't seem to check if the user is logged in before doing a huge query for the block instances. Report is as follows:


      I'm able to view that page without logging in. It seems like a security flaw since i'm not authorized and I can view the content, or refresh the page over and over putting a heavy load on the server while it tries to fetch 6,500 block records. I think I'm able to do this because the sesskey is in the URL.

      https://<URL>/course/search.php?search=&perpage=99999&blocklist=7&sesskey=qLwJ2tcQYm

      is the correct URL for showing all.

      Steps to reproduce
      M1.9:

      1. On Site Admin panel go to Modules > Manage Blocks
      2. Click on link in "Instances" column > on blocks with any instances (about 40+) there are links called Show all or Next.
      3. Click on either the "Show all" or "Next"
      4. Blank page with a search box

      M2.x:

      1. On Site Admin panel go to Plugins > Blocks > Manage Blocks
      2. Click on link in "Instances" column > on blocks with any instances (about 40+) there are links called Show all or Next.
      3. Click on either the "Show all" or "Next"
      4. Blank page with a search box

      Attachments

        Issue Links

          Activity

            People

              rajeshtaneja Rajesh Taneja
              rex Rex Lorenzo
              Adrian Greeve Adrian Greeve
              Sam Hemelryk Sam Hemelryk
              Rossiani Wijaya Rossiani Wijaya
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                12/Mar/12