Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-34862

Question preview session checks sometimes fail

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.2.4, 2.3.1, 2.4
    • 2.2.5, 2.3.2
    • Questions
    • MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • MOODLE_22_STABLE, MOODLE_23_STABLE
    • Hide
      1. Go into the question bank in a course and preview a question.
      2. Verify that previewing the question works.

      I am struggling to think of anything else that needs testing here. These things might be worth trying:

      1. In the course settings, try forcing the theme or the language, then reload the preview window. Verify that the preview respects the course settings.
      2. Try a preview from the quiz editing page instead.
      3. Preview a question in adaptive mode. After Checking some answers, copy and paste the URL from the preview window into another web browser. You should be able to continue from where you left off. (Previously, this would have failed.)
      Show
      Go into the question bank in a course and preview a question. Verify that previewing the question works. I am struggling to think of anything else that needs testing here. These things might be worth trying: In the course settings, try forcing the theme or the language, then reload the preview window. Verify that the preview respects the course settings. Try a preview from the quiz editing page instead. Preview a question in adaptive mode. After Checking some answers, copy and paste the URL from the preview window into another web browser. You should be able to continue from where you left off. (Previously, this would have failed.)

    Description

      The question preview pop-up window (question/preview.php) uses the session in a weird way as a security measure.

      On the OU's system, with multiple web servers, this test is failing even when it should not, which many be some sort of race condition / concurrency problem.

      Anyway, the use of session here is weird, and I cannot remember why I did it that way. A better way to make this secure is to change the preview code so that the $quba belongs to the user's context. Then we can validate that the preview belongs to the current user in a robust way.

      Attachments

        Activity

          People

            timhunt Tim Hunt
            timhunt Tim Hunt
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Andrew Davis Andrew Davis
            Safat Shahin, Tim Hunt, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              10/Sep/12