Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47085

Badge download requires allow_url_fopen

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.7.1, 2.7.5, 2.8.3
    • Fix Version/s: 2.7.6, 2.8.4
    • Component/s: Badges
    • Labels:

      Description

      Up to now, Moodle has been running at our university for four years with allow_url_fopen turned off in the PHP configuration for security reasons. Recently, we have activated the Badge module and now we have a problem.

      Replication steps:

      • Disable allow_url_fopen in PHP
      • Create a badge and issue this badge to a user A in Moodle
      • Login as this user A
      • Go to /badges/mybadges.php
      • Try to download this badge to your computer

      Result:

      You should get a corrupt file which contains an error message like:
      <br />
      <b>Warning</b>: readfile(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in <b>/var/www/html/moodle_dev/badges/badge.php</b> on line <b>44</b><br />
      <br />
      <b>Warning</b>: readfile(https://your-moodle.com/pluginfile.php/1978/badges/userbadge/18/648f08190003a2a7f50b02f3292a28c4f9a020a7?forcedownload=1): failed to open stream: no suitable wrapper could be found in <b>/var/www/html/moodle_dev/badges/badge.php</b> on line <b>44</b><br />

      Expected result:

      The badge should be correctly downloaded.

      Is it possible to code the badge download mechanism without the need for allow_url_fopen=on?
      I assume, but am not sure, that the problem is caused by the readfile() function being called with a FQDN URL instead of only a local file path.

      I marked this as security problem as it affects the webserver's security settings.

        Attachments

          Activity

            People

            • Votes:
              3 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Mar/15