Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-56120

Debugging notices from calendar_get_events for disabled modules

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Create an activity such as an assignment and set a start and finish date. Make the dates some time this month.
      2. Add a calendar block to the course page. Check that events appear in the calendar.
      3. Disable the assignment activity "Site administration  ► Plugins  ► Activity modules  ► Manage activities" -> Click the eye icon.
      4. Go back to the course. The events related to your now disabled activity should no longer show up.
      5. Click the calendar block to go to full month view. You should still not be able to see the events. Click on the day (you may have to click on another day and then use the next and previous arrows to get to the next day) view and check that you still don't get any event information relating to the disabled activity.
      6. As a student, use the web service core_calendar_get_calendar_events() (Create a curl request or use the test webservice files) to get events for the month. Make sure that there is no events for the disabled activity.
      7. As a student, export the calendar and once again make sure that there are no events for the disabled activity.
      8. Enable the activity and run through step 4 - 7 and make sure that you now get the events for the activity.

      Run the following on all supported databases:

      vendor/bin/phpunit calendar/tests/lib_test.php
      

      Show
      Create an activity such as an assignment and set a start and finish date. Make the dates some time this month. Add a calendar block to the course page. Check that events appear in the calendar. Disable the assignment activity "Site administration  ► Plugins  ► Activity modules  ► Manage activities" -> Click the eye icon. Go back to the course. The events related to your now disabled activity should no longer show up. Click the calendar block to go to full month view. You should still not be able to see the events. Click on the day (you may have to click on another day and then use the next and previous arrows to get to the next day) view and check that you still don't get any event information relating to the disabled activity. As a student, use the web service core_calendar_get_calendar_events() (Create a curl request or use the test webservice files) to get events for the month. Make sure that there is no events for the disabled activity. As a student, export the calendar and once again make sure that there are no events for the disabled activity. Enable the activity and run through step 4 - 7 and make sure that you now get the events for the activity. Run the following on all supported databases: vendor/bin/phpunit calendar/tests/lib_test.php
    • Affected Branches:
      MOODLE_31_STABLE
    • Fixed Branches:
      MOODLE_30_STABLE, MOODLE_31_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip-MDL-56120-master-v2

      Description

      If you create future events that display in the calendar (e.g. assignment or quiz deadlines) then disable the mod that they relate to, then calls to the calendar function calendar_get_events will still return those events, even though in other parts of the code they will not be shown to users (for example, the activity itself won't be shown on the course page).

      If you have a calendar block on the page or visit the main calendar then it'll throw a notice similar to:

      PHP Notice: info_module::is_user_visible called with invalid cmid 6919

      Various other bits of code seem to expect only active modules events to be returned though they often throw errors rather than actually display any info.

      I've marked this as a minor security issue, as there is the possibility for information leaking unexpectedly, though it's probably quite difficult to stumble across this in normal usage and unlikely to leak anything critical.

        Attachments

        1. wip-MDL-56120-27.mdk.patch
          7 kB
          Adrian Greeve
        2. wip-MDL-56120-30.mdk.patch
          7 kB
          Adrian Greeve
        3. wip-MDL-56120-31.mdk.patch
          7 kB
          Adrian Greeve
        4. wip-MDL-56120-master-v2.mdk.patch
          7 kB
          Adrian Greeve

          Activity

            People

            Assignee:
            abgreeve Adrian Greeve
            Reporter:
            bawjaws David Scotson
            Peer reviewer:
            Ankit Agarwal
            Integrator:
            Andrew Nicols
            Tester:
            cameron1729
            Participants:
            Component watchers:
            Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              14/Nov/16