Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66493

readstring_accel should not use xsendfile via get_file_storage()

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      1) On a plain moodle make a test file:

      <?php
      require('config.php');
      readstring_accel('hello world', 'text/plain', 1);
      
      

      2) Run this in a browser, it should say hello world

      3) Setup xsendfile. This can be a real setup or even a wrong broken one ie set the header without the apache / nginx module being configured:

      config.php:

      $CFG->xsendfile = 'X-Sendfile';

      4) Re-run the test file again. It should still say hello world

       

      Show
      1) On a plain moodle make a test file: <?php require( 'config.php' ); readstring_accel( 'hello world' , 'text/plain' , 1 ); 2) Run this in a browser, it should say hello world 3) Setup xsendfile. This can be a real setup or even a wrong broken one ie set the header without the apache / nginx module being configured: config.php: $CFG->xsendfile = 'X-Sendfile'; 4) Re-run the test file again. It should still say hello world  
    • Affected Branches:
      MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_38_STABLE
    • Pull Master Branch:
      MDL-66493-readstring_accel

      Description

      In various places in moodle we send a temp file which is not inside the filedir

      https://github.com/moodle/moodle/blob/master/lib/filelib.php#L2268-L2272

      But some of these files are not in get_file_storage() and might be in temp, so sending a sha1 hash and pretending the file is filedir is wrong.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              brendanheywood Brendan Heywood
              Reporter:
              brendanheywood Brendan Heywood
              Peer reviewer:
              Matt Porritt
              Integrator:
              Jake Dallimore
              Tester:
              Gladys Basiana
              Participants:
              Component watchers:
              Matteo Scaramuccia, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                18/Nov/19

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours, 40 minutes
                  2h 40m