Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-79350

setup_lang_from_browser should not write to session when readonly sessions is declared

XMLWordPrintable

    • MOODLE_401_STABLE, MOODLE_402_STABLE, MOODLE_403_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MDL-79350-401
    • MDL-79350-402
    • MDL-79350-master
    • Hide
      1. Install the "French / Français ‎(fr)" language pack.
      2. Set $CFG->enable_read_only_sessions = true;
      3. Set $CFG->enable_read_only_sessions_debug = true;
      4. Set the debugging level to NORMAL.
      5. Run the following request using curl, setting the hostname appropriately:

        curl -s 'https://moodle.example.com/lib/ajax/service.php?sesskey=123456789&info=core_calendar_get_action_events_by_timesort' -X OPTIONS -H "Access-Control-Request-Method: POST" -H "Access-Control-Request-Headers: content-type" -H "Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5"
        

      6. Confirm that the error string is correctly translated:

        {"error":"Erreur de programmation d\u00e9tect\u00e9e. Ceci doit \u00eatre corrig\u00e9 par un programmeur\u00a0: Invalid json in request: Syntax error","errorcode":"codingerror","stacktrace":"* line 65 of \/lib\/ajax\/service.php: coding_exception thrown\n","debuginfo":"\nError code: codingerror","reproductionlink":"http:\/\/moodle.localhost\/"} 
        

      7. Confirm that in error.log in the server (usually in /var/log/apache2/error.log) there is no READ_ONLY_SESSION warning indicating that the session has been written to:

        "NOTICE: PHP message: Script /lib/ajax/service.php?sesskey=123456789&info=core_calendar_get_action_events_by_timesort defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->lang"

      Show
      Install the "French / Français ‎(fr)" language pack. Set $CFG->enable_read_only_sessions = true; Set $CFG->enable_read_only_sessions_debug = true; Set the debugging level to NORMAL. Run the following request using curl, setting the hostname appropriately: curl -s 'https://moodle.example.com/lib/ajax/service.php?sesskey=123456789&info=core_calendar_get_action_events_by_timesort' -X OPTIONS -H "Access-Control-Request-Method: POST" -H "Access-Control-Request-Headers: content-type" -H "Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5" Confirm that the error string is correctly translated: {"error":"Erreur de programmation d\u00e9tect\u00e9e. Ceci doit \u00eatre corrig\u00e9 par un programmeur\u00a0: Invalid json in request: Syntax error","errorcode":"codingerror","stacktrace":"* line 65 of \/lib\/ajax\/service.php: coding_exception thrown\n","debuginfo":"\nError code: codingerror","reproductionlink":"http:\/\/moodle.localhost\/"} Confirm that in error.log in the server (usually in /var/log/apache2/error.log ) there is no READ_ONLY_SESSION warning indicating that the session has been written to: "NOTICE: PHP message: Script /lib/ajax/service.php?sesskey=123456789&info=core_calendar_get_action_events_by_timesort defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->lang"

      This writes to the session as a side effect:

      https://github.com/moodle/moodle/blob/master/lib/moodlelib.php#L10325

      If read only sessions is on then the language in the Accept-Language header should be honoured for this request but not attempt to persist it into the session

      This was found from a CORS preflight request which doesn't have a session, so it is making a fresh session because even though the user is logged in the preflight request never sends cookies. Then the script sets the lang, which breaks, all for an OPTIONS request that doesn't actually work:

      curl -s 'https://moodle.example.com/lib/ajax/service.php?sesskey=123456789&info=core_calendar_get_action_events_by_timesort' -X OPTIONS -H "Access-Control-Request-Method: POST" -H "Access-Control-Request-Headers: content-type"  -H "Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5"

      {"error":"Erreur de programmation d\u00e9tect\u00e9e. Ceci doit \u00eatre corrig\u00e9 par un programmeur\u00a0: Invalid json in request: Syntax error","errorcode":"codingerror","stacktrace":null,"debuginfo":null,"reproductionlink":null}

      There is a few other things failing here which will be tackled in other trackers (eg proper CORS support)

      To reproduce you need to have other lang packs enabled

            daviesdale Dale Davies
            brendanheywood Brendan Heywood
            Brendan Heywood Brendan Heywood
            Sara Arjona (@sarjona) Sara Arjona (@sarjona)
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 7 minutes
                1h 7m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.