Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-46447

/rating/rate.php Non-ajax file returning JSON data

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.4
    • Fix Version/s: 2.8
    • Component/s: Ratings
    • Labels:
    • Testing Instructions:
      Hide

      You will need two browsers and a course containing a forum with ratings turned on.

      As admin, go to the forum and post.

      If students don't have them already give students moodle/rating:rate and mod/forum:rate in the course. Leave that screen open and go to your other browser.

      Log in as student and go to admin's forum post. The rating drop down should appear if you have the capabilities correct.

      In the student's browser, turn off Javascript and reload the page. You should now have a 'rate' button next to the rating drop down.

      Alt+tab back to admin and take away one of the two required capabilities.

      As student, click the rate button. You should get an error.

      Given them back the capability you removed. Check the student can now submit ratings.

      Take away the other capability and check that they again get an error.

      Show
      You will need two browsers and a course containing a forum with ratings turned on. As admin, go to the forum and post. If students don't have them already give students moodle/rating:rate and mod/forum:rate in the course. Leave that screen open and go to your other browser. Log in as student and go to admin's forum post. The rating drop down should appear if you have the capabilities correct. In the student's browser, turn off Javascript and reload the page. You should now have a 'rate' button next to the rating drop down. Alt+tab back to admin and take away one of the two required capabilities. As student, click the rate button. You should get an error. Given them back the capability you removed. Check the student can now submit ratings. Take away the other capability and check that they again get an error.
    • Affected Branches:
      MOODLE_26_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE
    • Pull Master Branch:
      MDL-46447_rating_json

      Description

      In rate.php if the user doesn't have the required capabilities JSON data is returned. Most likely we should be calling print_error() or similar. It appears to have been copy pasted from rate_ajax.php and hasn't been noticed as theoretically it should never happen during legitimate use.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              andyjdavis Andrew Davis
              Reporter:
              andyjdavis Andrew Davis
              Peer reviewer:
              Dan Poltawski
              Integrator:
              Marina Glancy
              Tester:
              Mark Nelson
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Nov/14