-
Bug
-
Resolution: Deferred
-
Minor
-
None
-
3.6.7, 3.7.1, 3.7.2, 3.11.6, 4.0
-
MOODLE_311_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_400_STABLE
-
MDL-67198-error-307 -
I am running Moodle 3.7.2 on a shared webserver. My logfiles showed several scripts generating 404 (and other) errors in what seemed to be a somewhat arbitrary pattern. A few examples:
- /mod/assign/index.php
- /mod/assign/view.php
- /mod/lesson/edit.php
- /mod/lesson/continue.php
- /mod/lesson/view.php
- /mod/lesson/essay.php
- /mod/lesson/lesson.php
- /mod/lesson/report.php
After giving it a closer look, I found out that this happens for example if the id parameter is missing. However, this should not happen if people are following a lesson normally. Some users had the problem right after logging in. There is at least one case where the HTTP referrer was mod/lesson/view.php?id=XXX&pageid=XXX, meaning that the id and pageid were there before. In other cases, it is caused by a missing sesskey parameter.
In my opinion, the 404 Status Code is wrong in that case, because the requested resource is actually found. I suggest setting the response to 307 (Temporary Redirect), because we are only redirecting to an error page for the missing parameters. On the next correct request, the resource will be shipped out normally.
We should bear in mind that 404 errors might trigger IP bans on shared hosting plans.
As a workaround, I modified lib/outputrenderers.php on line 2788.