Affects Version/s: 3.5.17, 3.8.8, 3.9.5, 3.10.2
Fix Version/s: None
Affected Branches:MOODLE_310_STABLE, MOODLE_35_STABLE, MOODLE_38_STABLE, MOODLE_39_STABLE
Currently, when replying to a forum post, the user is presented with a simple textarea for the message body. The user can, however, click the "Advanced" button, which will load a new page with more detailed options. The existing post data – what the user has already entered in the reply box – is passed to this page through query parameters in the URL in order to auto-fill the response box. However, this can cause issues in some setups.
A very similar functionality exists when creating a new forum topic (rather than replying to an existing one). In this case, clicking "Advanced" handles the page transition appropriately, passing the data as form data in the request body. The way this works should be duplicated for forum responses.
- Create a forum activity
- Add a new topic
- Add a subject and some text to the message box
- Clicked "Advanced"
- Note that the data is passed through the request body in order to autofill the box on the next page
- Submit the forum topic
- Click on the posted topic to view the thread
- Click "Reply" and add a few lines of text
- Click "Advanced"
- Note how the data is passed through the URL as query parameters in order to autofill the box on the next page
The issue with using query parameters here is that control characters in URLs can cause problems with some setups. Lighttp, for example, will return a 400 error by default for any URL containing a control character, such as a linefeed + carriage return (%0D%0A). In this case, users can not reply to a forum post with text containing multiple lines unless they first click the "Advanced" button.