Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-72880

core_badges_get_user_badges can be broken if site name has HTML tags

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 3.11.3, 3.11.4, 4.0
    • 3.11.5
    • Badges, Web Services
    • MOODLE_311_STABLE, MOODLE_400_STABLE
    • MOODLE_311_STABLE
    • MDL-72880-311
    • Hide

      Testing instructions refer to 3.11, I have noted differences in navigation for 4.0

      Setup

      1. Log in as admin
      2. Navigate to Site administration > Front page > Front page settings in site administration
        • 4.0 Site administration > Site home > Site home settings
      3. Set Full site name to the following:

        <span class="multilang" lang="en">Moodle (EN)</span><span class="multilang" lang="de">Moodle (DE)</span>
        

      4. Navigate to Plugins > Filters > Manage filters in site administration
      5. Set Multi-Language Content to On and Apply to: Content and headings
      6. Create a new user
      7. Enable web services
      8. Generate (and make note of) token for test user
        • Navigate to Server > Web services > Manage tokens in site administration
        • Press Create token
        • Select your test user, press Save changes
        • Copy the Token value for the user

      Issue a site badge

      1. Navigate to Badges > Add a new badge in site administration
      2. Fill in required fields
      3. Press Create badge
      4. Add badge criteria Manual issue by role
      5. Select all roles, press Save
      6. Press Enable access > Continue
      7. Press Recipients
        • 4.0 Select Recipients from the dropdown navigation (next to the Back button)
      8. Press Award Badge
      9. Select Manager role
      10. Select test user from Potential badge recipients, press Award Badge

      Manual test

      1. Execute the following command from a terminal:

        $ curl -s '<WWWROOT>/webservice/rest/server.php?moodlewsrestformat=json' --data "wsfunction=core_badges_get_user_badges&moodlewssettingfilter=1&wstoken=<TOKEN>" | python -m json.tool
        

      2. Confirm the request completes without exceptions
      3. Confirm the issuername property of the awarded badge looks like the following in returned structure:

        "issuername": "Moodle (EN)",
        

      Show
      Testing instructions refer to 3.11, I have noted differences in navigation for 4.0 Setup Log in as admin Navigate to Site administration > Front page > Front page settings in site administration 4.0 Site administration > Site home > Site home settings Set Full site name to the following: <span class="multilang" lang="en">Moodle (EN)</span><span class="multilang" lang="de">Moodle (DE)</span> Navigate to Plugins > Filters > Manage filters in site administration Set Multi-Language Content to On and Apply to: Content and headings Create a new user Enable web services Generate (and make note of) token for test user Navigate to Server > Web services > Manage tokens in site administration Press Create token Select your test user, press Save changes Copy the Token value for the user Issue a site badge Navigate to Badges > Add a new badge in site administration Fill in required fields Press Create badge Add badge criteria Manual issue by role Select all roles, press Save Press Enable access > Continue Press Recipients 4.0 Select Recipients from the dropdown navigation (next to the Back button) Press Award Badge Select Manager role Select test user from Potential badge recipients , press Award Badge Manual test Execute the following command from a terminal: $ curl -s '<WWWROOT>/webservice/rest/server.php?moodlewsrestformat=json' --data "wsfunction=core_badges_get_user_badges&moodlewssettingfilter=1&wstoken=<TOKEN>" | python -m json.tool Confirm the request completes without exceptions Confirm the issuername property of the awarded badge looks like the following in returned structure: "issuername": "Moodle (EN)",

    Description

      In user_badge_exporter, the issuername is defined as PARAM_NOTAGS. However, by default the issuername is set as the site name, and the site name can contain HTML tags (e.g. for multilang). In that case, calling the WebService core_badges_get_user_badges returns an invalid response exception.

      How to reproduce:

      1. As admin, hange the name of your site to include HTML tags. E.g.: <span lang="en" class="multilang">My Site</span><span lang="es" class="multilang">Mi sitio</span>
      2. Add a new user to the site (Site administration ► Users ► Add a new user).
      3. Go to Site Administration ► Badges ► Add a new badge.
      4. Fill the required fields and create the badge.
      5. Go to the Criteria tab and add the criteria "Manual issue by role".
      6. Enable the badge so it can be awarded.
      7. Go to recipients and award the badge to the user you created before.
      8. Enable "Mobile services": Site administration ► Mobile app ► Mobile settings
      9. Create a Token in the mobile app service for the user you created before.
        • Click on Site administration ► Plugins ► Web services ► Manage tokens
      10. Open the console an execute this curl request, replacing WSTOKEN with the token you just created and the site url with yours. The USERID value has to be replaced with the id of the user you created before.

        curl 'http://SITE_URL/webservice/rest/server.php?moodlewsrestformat=json' --data 'userid=USERID&courseid=0&moodlewssettingfilter=true&moodlewssettingfileurl=true&wsfunction=core_badges_get_user_badges&wstoken=WSTOKEN' --compressed

      1. Check that you receive an invalid response exception.

      Attachments

        Issue Links

          Activity

            People

              pholden Paul Holden
              dpalou Dani Palou
              Amaia Anabitarte Amaia Anabitarte
              Shamim Rezaie Shamim Rezaie
              Angelia Dela Cruz Angelia Dela Cruz
              Yuliya Bozhko, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona), Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                17/Jan/22

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours, 25 minutes
                  3h 25m