Moodle
  1. Moodle
  2. MDL-34862

Question preview session checks sometimes fail

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.4, 2.3.1, 2.4
    • Fix Version/s: 2.2.5, 2.3.2
    • Component/s: Questions
    • Labels:
    • Testing Instructions:
      Hide
      1. Go into the question bank in a course and preview a question.
      2. Verify that previewing the question works.

      I am struggling to think of anything else that needs testing here. These things might be worth trying:

      1. In the course settings, try forcing the theme or the language, then reload the preview window. Verify that the preview respects the course settings.
      2. Try a preview from the quiz editing page instead.
      3. Preview a question in adaptive mode. After Checking some answers, copy and paste the URL from the preview window into another web browser. You should be able to continue from where you left off. (Previously, this would have failed.)
      Show
      Go into the question bank in a course and preview a question. Verify that previewing the question works. I am struggling to think of anything else that needs testing here. These things might be worth trying: In the course settings, try forcing the theme or the language, then reload the preview window. Verify that the preview respects the course settings. Try a preview from the quiz editing page instead. Preview a question in adaptive mode. After Checking some answers, copy and paste the URL from the preview window into another web browser. You should be able to continue from where you left off. (Previously, this would have failed.)
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:
    • Rank:
      43382

      Description

      The question preview pop-up window (question/preview.php) uses the session in a weird way as a security measure.

      On the OU's system, with multiple web servers, this test is failing even when it should not, which many be some sort of race condition / concurrency problem.

      Anyway, the use of session here is weird, and I cannot remember why I did it that way. A better way to make this secure is to change the preview code so that the $quba belongs to the user's context. Then we can validate that the preview belongs to the current user in a robust way.

        Activity

        Hide
        Eloy Lafuente (stronk7) added a comment -

        Integrated (22, 23 & master), thanks!

        Show
        Eloy Lafuente (stronk7) added a comment - Integrated (22, 23 & master), thanks!
        Hide
        Andrew Davis added a comment -

        It all seems to be working fine. Passing.

        Show
        Andrew Davis added a comment - It all seems to be working fine. Passing.
        Hide
        Eloy Lafuente (stronk7) added a comment -

        For the good and the bad... this is now part of Moodle and people around the world will start using it immediately, what a responsibility!

        Many thanks for your collaboration, yay!

        Closing, ciao

        Show
        Eloy Lafuente (stronk7) added a comment - For the good and the bad... this is now part of Moodle and people around the world will start using it immediately, what a responsibility! Many thanks for your collaboration, yay! Closing, ciao

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: