Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-34862

Question preview session checks sometimes fail

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.4, 2.3.1, 2.4
    • Fix Version/s: 2.2.5, 2.3.2
    • Component/s: Questions
    • Labels:
    • Testing Instructions:
      Hide
      1. Go into the question bank in a course and preview a question.
      2. Verify that previewing the question works.

      I am struggling to think of anything else that needs testing here. These things might be worth trying:

      1. In the course settings, try forcing the theme or the language, then reload the preview window. Verify that the preview respects the course settings.
      2. Try a preview from the quiz editing page instead.
      3. Preview a question in adaptive mode. After Checking some answers, copy and paste the URL from the preview window into another web browser. You should be able to continue from where you left off. (Previously, this would have failed.)
      Show
      Go into the question bank in a course and preview a question. Verify that previewing the question works. I am struggling to think of anything else that needs testing here. These things might be worth trying: In the course settings, try forcing the theme or the language, then reload the preview window. Verify that the preview respects the course settings. Try a preview from the quiz editing page instead. Preview a question in adaptive mode. After Checking some answers, copy and paste the URL from the preview window into another web browser. You should be able to continue from where you left off. (Previously, this would have failed.)
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Pull from Repository:
    • Pull Master Branch:

      Description

      The question preview pop-up window (question/preview.php) uses the session in a weird way as a security measure.

      On the OU's system, with multiple web servers, this test is failing even when it should not, which many be some sort of race condition / concurrency problem.

      Anyway, the use of session here is weird, and I cannot remember why I did it that way. A better way to make this secure is to change the preview code so that the $quba belongs to the user's context. Then we can validate that the preview belongs to the current user in a robust way.

        Gliffy Diagrams

          Activity

          Hide
          stronk7 Eloy Lafuente (stronk7) added a comment -

          Integrated (22, 23 & master), thanks!

          Show
          stronk7 Eloy Lafuente (stronk7) added a comment - Integrated (22, 23 & master), thanks!
          Hide
          andyjdavis Andrew Davis added a comment -

          It all seems to be working fine. Passing.

          Show
          andyjdavis Andrew Davis added a comment - It all seems to be working fine. Passing.
          Hide
          stronk7 Eloy Lafuente (stronk7) added a comment -

          For the good and the bad... this is now part of Moodle and people around the world will start using it immediately, what a responsibility!

          Many thanks for your collaboration, yay!

          Closing, ciao

          Show
          stronk7 Eloy Lafuente (stronk7) added a comment - For the good and the bad... this is now part of Moodle and people around the world will start using it immediately, what a responsibility! Many thanks for your collaboration, yay! Closing, ciao

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Sep/12