Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66245

GDPR data request export not usable when using special characters (invalid file paths)

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      Setup
      1. Go to "Site administration / Users / Privacy and policies / Privacy settings"
      2. Turn on "Contact the privacy officer"
      3. Turn on "Automatic data export request approval" (master only)
      4. Save the changes.
      5. # Create a course category that contains special characters, like "# / \ > " < &"
      6. In a course within that course category, create an assignment with the following settings:
        • a name that contains special characters as well
        • accepts file and online text submissions.
      7. On another browser session, log in as a student in that course.
      8. Create an assignment submission with both text and file included.
      9. Go to your profile and press "Export all of my personal data"
      10. On the admin's browser window, go to the data requests page.
      11. Approve the student's data export request (no need to do this in master, it will be automatically approved)
      12. Open the terminal and navigate to your Moodle root folder.
      13. Run the data request processing ad-hoc task. 

        php admin/tool/task/cli/adhoc_task.php --execute

      14. Back on the student's browser, refresh the data requests page.
      15. Download the data export zip file.
      Test

      Note: Repeat the test on these browser/OS combinations

      OS Browser
      Windows Chrome
        Firefox
        Edge
        Internet Explorer
      Linux Chrome
        Firefox
      Mac OS Safari
      1. Extract the contents of export.zip.
      2. Open index.html
      3. Open your browser's javascript console.
      4. Navigate to the student's assignment data.
      5. Confirm that the data about the assignment, the student's attempts, submission data, etc are being shown as you navigate in each of the nodes under the assignment.
      6. Confirm that you don't see any error in the JS console.
      7. Navigate throughout the rest of the data export tree
      8. Confirm that the relevant data are being displayed.
      9. Confirm that you don't see any error in the JS console.

       

      Show
      Setup Go to " Site administration / Users / Privacy and policies / Privacy settings " Turn on " Contact the privacy officer " Turn on " Automatic data export request approval " (master only) Save the changes. # Create a course category that contains special characters, like " # / \ > " < & " In a course within that course category, create an assignment with the following settings: a name that contains special characters as well accepts file and online text submissions. On another browser session, log in as a student in that course. Create an assignment submission with both text and file included. Go to your profile and press " Export all of my personal data " On the admin's browser window, go to the data requests page. Approve the student's data export request (no need to do this in master, it will be automatically approved) Open the terminal and navigate to your Moodle root folder. Run the data request processing ad-hoc task.  php admin/tool/task/cli/adhoc_task.php --execute Back on the student's browser, refresh the data requests page. Download the data export zip file. Test Note: Repeat the test on these browser/OS combinations OS Browser Windows Chrome   Firefox   Edge   Internet Explorer Linux Chrome   Firefox Mac OS Safari Extract the contents of export.zip. Open index.html Open your browser's javascript console. Navigate to the student's assignment data. Confirm that the data about the assignment, the student's attempts, submission data, etc are being shown as you navigate in each of the nodes under the assignment. Confirm that you don't see any error in the JS console. Navigate throughout the rest of the data export tree Confirm that the relevant data are being displayed. Confirm that you don't see any error in the JS console.  
    • Affected Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
    • Pull 3.5 Branch:
    • Pull 3.7 Branch:
    • Pull 3.8 Branch:
    • Pull Master Branch:
      MDL-66245-master
    • Story Points:
      0
    • Sprint:
      International 3.9 - Sprint 5, International 3.9 - Sprint 6

      Description

      This is a follow-up issue arising from the code change in the context of issue https://tracker.moodle.org/browse/MDL-64511. I confirmed the problem for current versions of Chrome, Firefox and Edge Dev Build on Windows 10.

      If you try to access the data.json files by clicking in the navigation bar of the index.html file, which has been exported by a data request, the corresponding data is not loaded. For example, the error message in Chrome is "GET file:///[...]/export/Kernsystem%20_.1*%2F*data.js net::ERR_INVALID_URL".

      The problem is that the 'slash' in the data path is encoded as '%2F'. Obviously, for some combinations of browser and operating system, slashes must not be encoded. In Windows the error message also remains when you use XAMPP as local web server to serve the data export and try to access it via http.

      The usage of encodeURIComponent in line 65 of the js/general.js seems to be problematic. I have experimented with a possibility to restore slashes after the encoding with the replace function:

      E.g. newscript.src = encodeURIComponent(data).replace(/%2F/g, "\/");

      However, the only reasonable solution in my view is to avoid all special html symbols in the file names of the export and to use encodeURI instead of encodeURIComponent afterwards.

      As most users probably use Windows with Chrome or Firefox in my opinion this is an urgent problem.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jpataleta Jun Pataleta
              Reporter:
              sebabo Sebastian B
              Peer reviewer:
              Shamim Rezaie
              Integrator:
              Sara Arjona (@sarjona)
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              9 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/May/20

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 5 hours, 25 minutes
                  2d 5h 25m