Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69047

Content bank status message should be hard coded

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. As an admin go to Content bank (in the drawer for Boost theme or in the Navigation block> Site pages for Classic theme)
      2. Upload the attached chart.h5p file
      3. Open the cog menu and select Rename option.
      4. Add a new name and click on 'Rename'.
      5. Confirm there is a 'The content has been renamed.' message.
      6. Confirm there is a 'statusmsg=contentrenamed' parameter in the URL.
      7. Open the cog menu and select Delete option.
      8. Click on 'Delete'.
      9. Confirm there is a 'The content has been deleted.' message.
      10. Confirm there is a 'statusmsg=contentdeleted' parameter in the URL.

       

       

      Show
      As an admin go to Content bank (in the drawer for Boost theme or in the Navigation block> Site pages for Classic theme) Upload the attached chart.h5p file Open the cog menu and select Rename option. Add a new name and click on 'Rename'. Confirm there is a 'The content has been renamed.' message. Confirm  there is a 'statusmsg=contentrenamed' parameter in the URL. Open the cog menu and select Delete option. Click on 'Delete'. Confirm there is a 'The content has been deleted.' message. Confirm  there is a 'statusmsg=contentdeleted' parameter in the URL.    
    • Affected Branches:
      MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_39_STABLE
    • Pull from Repository:
    • Pull 3.9 Branch:
    • Pull 3.9 Diff URL:
    • Pull Master Branch:
      MDL-69047-master
    • Pull Master Diff URL:
    • Sprint:
      Moppies Kanban

      Description

      https://qa.moodledemo.net/contentbank/index.php?contextid=25%27%22%3Cb%3E&statusmsg=Custom%20Text

       

      The statusmsg is safe from any javascript attack but a student could send this link to a teacher to trick him (link to phishing for exemple) with an official looking statement. Message text should be hardcoded.

        Attachments

        1. chart.h5p
          110 kB
        2. Screenshot_1.png
          Screenshot_1.png
          52 kB

          Issue Links

          Testing discovered

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-69089 Content bank allows empty names

          • Minor - Minor loss of function where workaround is possible
          • Closed

            Activity

              People

              Assignee:
              amaia Amaia Anabitarte
              Reporter:
              degrangem DegrangeM
              Peer reviewer:
              Carlos Escobedo Carlos Escobedo
              Integrator:
              Jake Dallimore Jake Dallimore
              Tester:
              Janelle Barcega Janelle Barcega
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                13/Jul/20

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours, 51 minutes
                  3h 51m