Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-72050

File API attempted denial-of-service mitigation blocks legitimate uses

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • 3.5.18, 3.9.7, 3.10.4, 3.11
    • None
    • Files API
    • None
    • MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_35_STABLE, MOODLE_39_STABLE

    Description

      The heuristic added in MDL-69028 is not very good, and can block legitimate users.

      Stepts to reproduce:

      1. Go to: https://tjh238.vledev3.open.ac.uk/moodle_head/question/import.php?courseid=2
      2. Import the attached file: Qs with lots of images.xml (which is Moodle XML format).
      3. Go to: Go to: https://tjh238.vledev3.open.ac.uk/moodle_head/question/import.php?courseid=2
      4. Try to add the file to the form again.*

      Expected result: you can (obviously, in real use, you are more likely to want to upload a different file the second time, but for our testing, using the same file twice should be fine.)

      Actual result: The file upload is blocked with pop-up message "Your file uploads are temporarily limited after you uploaded a high volume of files. Please wait then try again."

      That's odd, so far, I have only uploaded 2 files, right?

      Attachments

        Activity

          People

            Unassigned Unassigned
            timhunt Tim Hunt
            Matteo Scaramuccia, Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            4 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated: