Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-36050

Block pluginfile URLs need to be improved so that the correct capability checks can be implemented

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.3.2
    • Fix Version/s: DEV backlog
    • Component/s: Blocks
    • Labels:
    • Workaround:
      Hide

      Don't show any secure content on sticky blocks.

      Show
      Don't show any secure content on sticky blocks.
    • Affected Branches:
      MOODLE_23_STABLE
    • Epic Link:

      Description

      When a block gets displayed on a given page then a lot of useful information is available in $PAGE that can be used for has_capability checks. When we are serving images or other files that belong to a given block, then the only information we have available is the pluginfile.php URL.

      It seems from MDL-29762 that the pluginfile URL does not always contain all the information that is necessary to perform the correct permission checks.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              moodle.com moodle.com
              Reporter:
              rajeshtaneja Rajesh Taneja
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: