Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61192

Make wiki media send only the pageid instead of the whole url when selecting images

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Development in progress
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: Future Dev
    • Fix Version/s: None
    • Component/s: Repositories
    • Labels:
    • Testing Instructions:
      Hide
      1. Log in and go to the private files on the dashboard.
      2. Click "manage private files"
      3. Open up the developer console in the browser and go to the network tab.
      4. Go to add a file and select wikimedia as the repository.
      5. Search for an image.
      6. Look for "repository_ajax.php?action=signin" and view the "Preview" tab.
      7. Expand the object and find the list field. Expand that and you should see a bunch of image information. Expand one of the images and look for the source field. It should not be a full url address. It should only be a number.
      8. Select a file.
      9. Look for "repository_ajax.php?action=download" and view the "Headers" tab.
      10. Scroll all the way down to the "Form Data" section and view the source. Check that it is just a number and not a full url.
      11. Make sure that the image selected is the image now shown in the files area.
      Show
      Log in and go to the private files on the dashboard. Click "manage private files" Open up the developer console in the browser and go to the network tab. Go to add a file and select wikimedia as the repository. Search for an image. Look for "repository_ajax.php?action=signin" and view the "Preview" tab. Expand the object and find the list field. Expand that and you should see a bunch of image information. Expand one of the images and look for the source field. It should not be a full url address. It should only be a number. Select a file. Look for "repository_ajax.php?action=download" and view the "Headers" tab. Scroll all the way down to the "Form Data" section and view the source. Check that it is just a number and not a full url. Make sure that the image selected is the image now shown in the files area.
    • Pull from Repository:
    • Pull Master Branch:
      wip-MDL-61192-master

      Description

      Wikimedia at the moment puts the whole url to the image in the source field. Ideally we would only send the pageid and then reconstruct the url on the server. This just tightens down security in this area.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              abgreeve Adrian Greeve
              Peer reviewer:
              Tim Hunt
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: