Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30388

Site Admin > Blocks > Manage Blocks (Click on Block to get list of) > Show all/Next -- Fails and doesn't do pagination

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.2
    • Fix Version/s: 2.1.5, 2.2.2
    • Component/s: Administration
    • Labels:
    • Database:
      Any
    • Testing Instructions:
      Hide
      1. Log in as admin
      2. On Site Admin panel go to Plugins > Blocks > Manage Blocks
      3. Click on link in "Instances" column > on blocks (with more then 30 instances)
      4. On top there are links called Show all or Next.
      5. Click on "Next" and you should see next page of results
      6. Click on "Show all" and you should see all the records. In addition you should see Page view link to view pages.
      Show
      Log in as admin On Site Admin panel go to Plugins > Blocks > Manage Blocks Click on link in "Instances" column > on blocks (with more then 30 instances) On top there are links called Show all or Next. Click on "Next" and you should see next page of results Click on "Show all" and you should see all the records. In addition you should see Page view link to view pages.
    • Workaround:
      Hide

      Need to manually edit the URL to add the sesskey. Example:

      https://<URL>/course/search.php?search=&perpage=30&page=1

      should be:
      https://<URL>/course/search.php?search=&perpage=30&page=1&blocklist=7&sesskey=qLwJ2tcQYm

      Show
      Need to manually edit the URL to add the sesskey. Example: https://<URL>/course/search.php?search=&perpage=30&page=1 should be: https://<URL>/course/search.php?search=&perpage=30&page=1&blocklist=7&sesskey=qLwJ2tcQYm
    • Affected Branches:
      MOODLE_21_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull Master Branch:
      wip-mdl-30388

      Description

      When looking at the instances of blocks in either M1.9 or M2.x via the "Manage Blocks" screen you cannot get past the first page of results.

      There is a potential security issue according to one our developer's reports. The page that displays the list of instances of blocks doesn't seem to check if the user is logged in before doing a huge query for the block instances. Report is as follows:


      I'm able to view that page without logging in. It seems like a security flaw since i'm not authorized and I can view the content, or refresh the page over and over putting a heavy load on the server while it tries to fetch 6,500 block records. I think I'm able to do this because the sesskey is in the URL.

      https://<URL>/course/search.php?search=&perpage=99999&blocklist=7&sesskey=qLwJ2tcQYm

      is the correct URL for showing all.

      Steps to reproduce
      M1.9:

      1. On Site Admin panel go to Modules > Manage Blocks
      2. Click on link in "Instances" column > on blocks with any instances (about 40+) there are links called Show all or Next.
      3. Click on either the "Show all" or "Next"
      4. Blank page with a search box

      M2.x:

      1. On Site Admin panel go to Plugins > Blocks > Manage Blocks
      2. Click on link in "Instances" column > on blocks with any instances (about 40+) there are links called Show all or Next.
      3. Click on either the "Show all" or "Next"
      4. Blank page with a search box

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    12/Mar/12