Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71998

Buttons that send users to the login form to log in should use GET not POST

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 3.10.4, 3.11
    • Choice, Forum, Quiz
    • MOODLE_310_STABLE, MOODLE_311_STABLE
    • Hide

      Setup

      1. Log in as admin.
      2. Create a course.
      3. In course settings -> Enrolment methods, enable guest enrolment.
      4. Add a choice, a chat, a quiz and a forum.
      5. Log out.
      6. Log in as guest.

      Test chat

      1. Go to the chat.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.

      Test choice

      1. Go to the choice.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.

      Test forum

      There are three screens modified in this patch (post.php, markpost.php and subscribe.php) although I cannot currently work out how to get to them as guest, even though I thik I have seen them in real use. (It may be a case of cliking a link in an email the forum has sent you, while you are logged out.) It would be great if a forum expert could fill this in. Or, we could rely on the patch for forum being just like the other bits.

      Test quiz

      1. Go to the quiz.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.
      Show
      Setup Log in as admin. Create a course. In course settings -> Enrolment methods, enable guest enrolment. Add a choice, a chat, a quiz and a forum. Log out. Log in as guest. Test chat Go to the chat. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page. Test choice Go to the choice. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page. Test forum There are three screens modified in this patch (post.php, markpost.php and subscribe.php) although I cannot currently work out how to get to them as guest, even though I thik I have seen them in real use. (It may be a case of cliking a link in an email the forum has sent you, while you are logged out.) It would be great if a forum expert could fill this in. Or, we could rely on the patch for forum being just like the other bits. Test quiz Go to the quiz. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page.

      This affects 4 modues: chat, choice, forum, quiz. I'll use quiz as an example to explain the issue:

      1. Site allows guests to browse around.
      2. User browes to a quiz.
      3. They see a message "Sorry, guests cannot see or attempt quizzes", "Would you like to log in now with a full user account?" with buttons "Yes" (going to login/index.php) and "No" (going back to the referrer).

      The issue is that the Yes button does a POST to the login page, wereas since we are just showing the login form, that would be more correct as a GET.

      (And, if you are doing crazy hackery like we are at the OU, this can break the assumptions in your hacks!)

            Unassigned Unassigned
            timhunt Tim Hunt
            Jason Platts Jason Platts
            Andrew Lyons Andrew Lyons
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 6 minutes
                6m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.