Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71998

Buttons that send users to the login form to log in should use GET not POST

    XMLWordPrintable

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.10.4, 3.11
    • None
    • Chat, Choice, Forum, Quiz
    • MOODLE_310_STABLE, MOODLE_311_STABLE
    • MDL-71998_311
    • Hide

      Setup

      1. Log in as admin.
      2. Create a course.
      3. In course settings -> Enrolment methods, enable guest enrolment.
      4. Add a choice, a chat, a quiz and a forum.
      5. Log out.
      6. Log in as guest.

      Test chat

      1. Go to the chat.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.

      Test choice

      1. Go to the choice.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.

      Test forum

      There are three screens modified in this patch (post.php, markpost.php and subscribe.php) although I cannot currently work out how to get to them as guest, even though I thik I have seen them in real use. (It may be a case of cliking a link in an email the forum has sent you, while you are logged out.) It would be great if a forum expert could fill this in. Or, we could rely on the patch for forum being just like the other bits.

      Test quiz

      1. Go to the quiz.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.
      Show
      Setup Log in as admin. Create a course. In course settings -> Enrolment methods, enable guest enrolment. Add a choice, a chat, a quiz and a forum. Log out. Log in as guest. Test chat Go to the chat. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page. Test choice Go to the choice. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page. Test forum There are three screens modified in this patch (post.php, markpost.php and subscribe.php) although I cannot currently work out how to get to them as guest, even though I thik I have seen them in real use. (It may be a case of cliking a link in an email the forum has sent you, while you are logged out.) It would be great if a forum expert could fill this in. Or, we could rely on the patch for forum being just like the other bits. Test quiz Go to the quiz. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page.

    Description

      This affects 4 modues: chat, choice, forum, quiz. I'll use quiz as an example to explain the issue:

      1. Site allows guests to browse around.
      2. User browes to a quiz.
      3. They see a message "Sorry, guests cannot see or attempt quizzes", "Would you like to log in now with a full user account?" with buttons "Yes" (going to login/index.php) and "No" (going back to the referrer).

      The issue is that the Yes button does a POST to the login page, wereas since we are just showing the login form, that would be more correct as a GET.

      (And, if you are doing crazy hackery like we are at the OU, this can break the assumptions in your hacks!)

      Attachments

        Activity

          People

            Unassigned Unassigned
            timhunt Tim Hunt
            Jason Platts Jason Platts
            Andrew Lyons Andrew Lyons
            Amaia Anabitarte, Carlos Escobedo, Laurent David, Sabina Abellan, Sara Arjona (@sarjona), Dan Marsden, Amaia Anabitarte, Carlos Escobedo, Laurent David, Sabina Abellan, Sara Arjona (@sarjona), Adrian Greeve, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie, Tim Hunt, Ilya Tregubov, Kevin Percy, Mathew May, Mihail Geshoski, Shamim Rezaie
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 6 minutes
                6m