Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71998

Buttons that send users to the login form to log in should use GET not POST

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Reopened
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.10.4, 3.11
    • Fix Version/s: None
    • Component/s: Chat, Choice, Forum, Quiz
    • Labels:
    • Testing Instructions:
      Hide

      Setup

      1. Log in as admin.
      2. Create a course.
      3. In course settings -> Enrolment methods, enable guest enrolment.
      4. Add a choice, a chat, a quiz and a forum.
      5. Log out.
      6. Log in as guest.

      Test chat

      1. Go to the chat.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.

      Test choice

      1. Go to the choice.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.

      Test forum

      There are three screens modified in this patch (post.php, markpost.php and subscribe.php) although I cannot currently work out how to get to them as guest, even though I thik I have seen them in real use. (It may be a case of cliking a link in an email the forum has sent you, while you are logged out.) It would be great if a forum expert could fill this in. Or, we could rely on the patch for forum being just like the other bits.

      Test quiz

      1. Go to the quiz.
      2. Verify that the confirm message looks OK.
      3. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.)
      4. Click back.
      5. Verify that the 'No' button goes back to the course page.
      Show
      Setup Log in as admin. Create a course. In course settings -> Enrolment methods, enable guest enrolment. Add a choice, a chat, a quiz and a forum. Log out. Log in as guest. Test chat Go to the chat. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page. Test choice Go to the choice. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page. Test forum There are three screens modified in this patch (post.php, markpost.php and subscribe.php) although I cannot currently work out how to get to them as guest, even though I thik I have seen them in real use. (It may be a case of cliking a link in an email the forum has sent you, while you are logged out.) It would be great if a forum expert could fill this in. Or, we could rely on the patch for forum being just like the other bits. Test quiz Go to the quiz. Verify that the confirm message looks OK. Verify that the 'Yes' button goes to the login form, and that there is a '?' at the end of the URL (or verify it was a GET in some other way, e.g. Browser developer tools.) Click back. Verify that the 'No' button goes back to the course page.
    • Affected Branches:
      MOODLE_310_STABLE, MOODLE_311_STABLE
    • Pull 3.10 Branch:
      MDL-71998_310
    • Pull 3.11 Branch:
      MDL-71998_311
    • Pull Master Branch:

      Description

      This affects 4 modues: chat, choice, forum, quiz. I'll use quiz as an example to explain the issue:

      1. Site allows guests to browse around.
      2. User browes to a quiz.
      3. They see a message "Sorry, guests cannot see or attempt quizzes", "Would you like to log in now with a full user account?" with buttons "Yes" (going to login/index.php) and "No" (going back to the referrer).

      The issue is that the Yes button does a POST to the login page, wereas since we are just showing the login form, that would be more correct as a GET.

      (And, if you are doing crazy hackery like we are at the OU, this can break the assumptions in your hacks!)

        Attachments

          Activity

            People

            Assignee:
            timhunt Tim Hunt
            Reporter:
            timhunt Tim Hunt
            Peer reviewer:
            Jason Platts Jason Platts
            Integrator:
            Andrew Lyons Andrew Lyons
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Dan Marsden, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Tim Hunt, Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 minutes
                5m