Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69257

H5P Interactive video should comply with maxbytes file upload limits

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.9.1, 3.9.2
    • Fix Version/s: 3.9.3
    • Component/s: H5P
    • Testing Instructions:
      Hide
      1. Check the value of your "Maximum uploaded file size (maxbytes" setting in the site administration. You may want to set this to a small value for easier testing (e.g. 5MB).
      2. Go to a content bank and upload interactive-video.h5p.
      3. Edit interactive video content.
      4. Under "Add a video", upload a video file with a size greater than the "maxbytes" setting.
      5. Confirm that you get the message: "The file x is too large. The maximum size you can upload is n."
      6. Try to upload a file that is smaller than the "maxbytes" setting.
      7. Confirm that the upload succeeds
      Antivirus test
      1. Install ClamAV e.g. on Ubuntu

        sudo apt update 
        sudo apt install -y clamav
        sudo freshclam
        

      2. Get the path of the clamscan executable (e.g. "which clamscan"). Take note of this path.
      3. Open a new browser window/tab and go to "Site administration / Plugins / Antivirus plugins / Manage antivirus plugins"
      4. Enable ClamAV antivirus.
      5. Go to its Settings page
      6. Enter the path to the clamscan executable in "Command line".
      7. Set "On ClamAV failure", set it to "Refues upload, try again".
      8. Save the changes.
      9. Download this anti-malware test file eicarcom2.zip.
      10. Rename it as "eicarcom2.mp4"
      11. Back on the interactive video editor's browser window, attempt to upload the anti-malware test file.
      12. Confirm that after a little while, it will show an error that it has been scanned by a virus checker and found to be infected.
      Show
      Check the value of your " Maximum uploaded file size (maxbytes " setting in the site administration. You may want to set this to a small value for easier testing (e.g. 5MB). Go to a content bank and upload interactive-video.h5p . Edit interactive video content. Under " Add a video ", upload a video file with a size greater than the "maxbytes" setting. Confirm that you get the message: "The file x is too large. The maximum size you can upload is n." Try to upload a file that is smaller than the "maxbytes" setting. Confirm that the upload succeeds Antivirus test Install ClamAV e.g. on Ubuntu sudo apt update sudo apt install -y clamav sudo freshclam Get the path of the clamscan executable (e.g. " which clamscan "). Take note of this path. Open a new browser window/tab and go to " Site administration / Plugins / Antivirus plugins / Manage antivirus plugins " Enable ClamAV antivirus. Go to its Settings page Enter the path to the clamscan executable in " Command line ". Set " On ClamAV failure ", set it to " Refues upload, try again ". Save the changes. Download this anti-malware test file eicarcom2.zip . Rename it as " eicarcom2.mp4 " Back on the interactive video editor's browser window, attempt to upload the anti-malware test file. Confirm that after a little while, it will show an error that it has been scanned by a virus checker and found to be infected.
    • Affected Branches:
      MOODLE_39_STABLE
    • Fixed Branches:
      MOODLE_39_STABLE
    • Pull 3.9 Branch:
    • Pull 3.10 Branch:
      MDL-69257-310
    • Pull Master Branch:
      MDL-69257-master

      Description

      Using H5P Interactive video, I can upload any size of video file, as it is not limited by the course/system maxbytes upload setting.

        Attachments

        1. eicarcom2.zip
          0.3 kB
        2. interactive-video.h5p
          2.84 MB
        3. screenshot-1.png
          screenshot-1.png
          165 kB

          Issue Links

            Activity

              People

              Assignee:
              mgauk Martin Gauk
              Reporter:
              nadavkav Nadav Kavalerchik
              Peer reviewer:
              Mihail Geshoski
              Integrator:
              Jun Pataleta
              Tester:
              Janelle Barcega
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
              Votes:
              11 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Nov/20

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 hours
                  4h