hw4mdl-devel Mailing List for Wimba Moodle Integration
Brought to you by:
jhlinder,
trollinger
Menu
▾
▴
hw4mdl-devel — Wimba for Moodle Developers
You can subscribe to this list here.
| 2008 |
Jan
(7) |
Feb
(9) |
Mar
(1) |
Apr
(5) |
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|
|
From: Ashley H. <as...@ne...> - 2008-07-29 06:52:53
|
Hi Thomas,
That's great to hear, much appreciated. I would be happy to help QA the
3.3 code when you're ready to release it (on sourceforge?).
I noticed in the 3.1.3 release that there are still several occurences
of PHP short tags, which will cause issues for servers that have
short_tags turned off. These are all the short tags I could find with grep:
./mod/voicetools/manageAction.php:196: <?
./mod/voicetools/error.php:39: <?require_once("../../config.php"); ?>
./mod/voicetools/view.php:159: <?
./mod/voicetools/view.php:164: doOpenPopup("<?php echo
$servername ?>/<? echo
$resource->getType();?>?action=display_popup&nid=<?php echo
$vtSession->getNid() ?>","<?php echo $resource->getType()?>");
./mod/voicetools/view.php:172: <?}else{
./mod/voicetools/view.php:175: doOpenPopup("<?php echo
$servername ?>/<? echo
$resource->getType();?>?action=display_popup&nid=<?php echo
$vtSession->getNid() ?>","<?php echo $resource->getType()?>");
./mod/voicetools/view.php:177: <?}?>
./mod/voicetools/mod.html:573: <?}?>
./mod/voicetools/mod.html:935:
<?
./mod/voicetools/mod.html:967:
<? }?>
./mod/voicetools/mod.html:994:
<font class="fontCurrent"><?echo
get_string('duration_calendar','voicetools')?></font>
./mod/voicetools/mod.html:1023:
<font class="fontCurrent"><? echo get_string('description_calendar',
'voicetools')?></font>
./mod/voicetools/mod.html:1149:<?
./mod/voicetools/mod.html:1158:<?
./mod/liveclassroom/view.php:274:<?
./mod/liveclassroom/doAction.php:156: <?
./mod/liveclassroom/mod.html:447: <?
./mod/liveclassroom/mod.html:573: <? }
./mod/liveclassroom/mod.html:869:
<?
./mod/liveclassroom/mod.html:901:
<? }?>
./mod/liveclassroom/mod.html:929:
<font class="fontCurrent"><?echo
get_string('duration_calendar','liveclassroom')?></font>
./mod/liveclassroom/mod.html:958:
<font class="fontCurrent"><? echo get_string('description_calendar',
'liveclassroom')?></font>
Regarding version 3.3, I had a discussion with Jeff O'Connell about a
feature suggested to us by one of our customers. They wanted to be able
to use Moodle's "groupings" feature to be able to restrict access to
VT/LC activities to specific groupings within Moodle. This
functionality is implemented in the standard Moodle modules, eg.
assignments and resources, however it is missing in the Wimba module.
Is it possible that this feature could be included in the spec for
v3.3? I can provide more detailed information on the
requirements/implementation of this feature if you like. If you can't
fit this in the plans for v3.3, I may be able to spend some time
implementing it and send you a patch if you are able to share the trunk
code with me.
Thanks as always
Ashley
Thomas Rollinger wrote:
> Hi Ashley,
>
> All the problems reported by Catalyst were fixed in the current trunk
> of the Wimba Moodle integration. All these changes were not part of
> 3.1.3 because we have estimated that the risks to include them were
> too important for a maintenance release.
>
> We are currently working on the minor release 3.3 which will contain
> these fixes and also new features :
>
> · Add Voice Authoring Activity
>
> · /Add Activity/ Workflow Changes
>
> · Course Copy Support
>
> · Adding Voice Email as an Activity and a Block
>
> We have also considered adding the Voice Authoring Applet to Moodle
> WYSIWYG Editor
>
> Best
>
> Thomas
>
> On 28 juil. 08, at 01:04, Ashley Holman wrote:
>
>> Hi all,
>>
>> I'm just following up on the code review that Catalyst did a while
>> ago and whether those issues have been addressed in the latest code.
>>
>> I've attached the PDF again to reference.
>>
>> Thomas do you think we can check any of these off? I had a read
>> through them and the issues still seem to be present in v3.1.3.
>>
>> To summarise the issues they found:
>>
>> - getXmlChoicePage.php - Doesn't check $USER or require_login()
>> - use of $_POST, $_GET, $_REQUEST instead of required_param(),
>> optional_param()
>> - some concern about include paths
>> - CSS declaration for voice recorder block should move into
>> styles.php and use .block_bvoicerecorder class
>>
>> More details are in the PDF that they compiled.
>>
>> Do these issues need to be fixed, or if not could I get an
>> explanation about why they don't need to be fixed, so that I can give
>> a response back to our customer about it. I believe that this
>> particular customer engaged Catalyst to do a security review of the
>> Wimba/Moodle module, and they are holding off on implementing Voice
>> Tools until these are addressed.
>>
>> Thanks very much
>>
>> Regards
>> Ashley
>>
>> Thomas Rollinger wrote:
>>>
>>> Hi all,
>>>
>>> I started to review the code of the moodle integration and fix the
>>> different problems. All this work is done on the branche "team/
>>> Thomas" if you want to take a look and give feedback.
>>>
>>>
>>> Here is my comments about the review:
>>>
>>>> * [CRITICAL] getXMLChoicePage.php never checks $USER or
>>>> require_login() to the course. Is this intended? WimbaMoodleSession
>>>> seems to have an MD5 checksum but this seems to only be an internal
>>>> consistency check; the request can still be faked. All AJAX
>>>> interaction must check for a session key or similar shared secret.
>>>
>>> I will check if the user is really logged in by using the function
>>> required_login. I have to verify if this function still works when
>>> php is configured to not used the cookie for the session.
>>>
>>>> * [POTENTIALLY CRITICAL] Use of $_POST, $_GET, $_REQUEST
>>>> superglobals throughout the code, without escaping or filtering.
>>>> Although lib/setup.php is requiring or emulating magic_quotes_gpc()
>>>> behaviour, serious SQL injections and cross-site scripting
>>>> vulnerabilities may result from such use. Moodle has the built-in
>>>> functions required_param() and optional_param() that should be used
>>>> instead. See http://xkcd.com/327/
>>>>
>>>
>>> I reviewed the management of the parameters by using the functions
>>> required_param and optional_param.
>>> On each page, I check if the different parameters are like expected
>>> and do not contain some critical elements which can cause problems.
>>>
>>>
>>>> * [MODERATE to CRITICAL] The "login" to Wimba backend is
>>>> <adminusername><courseid><first_lastname><teacher/student-suffix>
>>>> ... what about users with identical first and lastnames (e.g. two
>>>> users with the name "John Smith"), will they collide, and if so,
>>>> how would it be resolved?
>>>
>>> The name " John Smith" will appear twice in the list. We can
>>> use $USER->username instead of concatenate the first name and the
>>> last name.
>>>
>>>> In LiveClassroom, liveclassroom_get_student_userid() which
>>>> populates $userid in liveclassroom_create_session() does not
>>>> include any user-unique identifier. Is this intended (i.e. are
>>>> users only ever authenticated at a course-level)?
>>>>
>>>
>>> liveclassroom_get_student_userid() return the user id of the LC user.
>>> For each course, there are 2 generic users created in the live
>>> classroom. One user will be used for creating sessions for all
>>> instructors of this course and the other will be used for creating
>>> sessions for all students of this course.
>>>
>>>> * [MODERATE] The constant LIVECLASROOM_MOODLE_PREFIX is used in
>>>> several places in the code but is not defined (it has been
>>>> commented out). Perhaps this has been replaced by getPrefix()
>>>> defined in PrefixUtil.php (?) At the least, undefined constants
>>>> will echo PHP Warnings out to the browser.
>>>>
>>>
>>> The function which used the constant LIVECLASSROOM_MOODLE_PREFIX are
>>> deprecated. I will remove them.
>>>
>>>> * [MODERATE] The code has require, require_once, include and
>>>> include_once statements that do not anchor relative paths with a
>>>> dirname(__FILE__). This can trip up command-line execution (e.g.
>>>> cron jobs), as well as pose a potential security risk. For instance
>>>>
>>>> include "../../config.php";
>>>>
>>>> should be
>>>>
>>>> include dirname(dirname(dirname(__FILE__))) . "/config.php";
>>>>
>>>> or perhaps
>>>>
>>>> include dirname(__FILE__) . "/../../config.php";
>>>>
>>>
>>> Moodle usually does:
>>> require_once('../config.php'); // defines $CFG
>>> require_once($CFG->dirroot.'/course/lib.php');
>>>
>>> We've done what most of the other modules do.
>>>
>>>> * [MODERATE] HTTPS is recommended for communicating with the
>>>> VoiceTools server. The requests from Moodle are passing the Wimba
>>>> adminusername and password as cleartext over HTTP. Even though the
>>>> WVT server has an IP whitelist, this is still risking compromise by
>>>> an IP spoofing Man-In-The-Middle attack.
>>>>
>>>
>>> This is a known problem of our API.
>>>
>>>> * [MINOR] Bad style CSS declaration in the bvoicerecorder block.
>>>> Should be moved to the canonical /blocks/bvoicerecorder/styles.php
>>>> and use the .block_bvoicerecorder class.
>>>
>>> I will move the css into a stylesheet file
>>>
>>>
>>> > Since the review, we've realised ... this module needs to define some
>>> > capabilities and then use has_capability()
>>>
>>> Can you provide me more informations?
>>>
>>>
>>> Best
>>>
>>> Thomas Rollinger
>>> Software Engineer
>>>
>>> Wimba Inc
>>> tro...@wi... <mailto:tro...@wi...>
>>>
>>>
>>>
>>>
>>> On 14 janv. 08, at 01:28, Ashley Holman wrote:
>>>
>>>> Hi All,
>>>>
>>>> Catalyst have done an analysis of the hw4mdl code and have
>>>> identified several issues which may need fixing/improving. I've
>>>> attached the PDF document that they prepared outlining the problems
>>>> they found. I'm a developer at NetSpot in Australia and we've
>>>> decided to give some time to fixing those problems, so I'd
>>>> appreciate any comments people have on each of those points in the
>>>> PDF - whether the issues are real concerns or not and what should
>>>> be considered in implementing a fix, so that I can take those into
>>>> consideration before starting development.
>>>>
>>>> Also there is an additional issue that was raised after the PDF was
>>>> written:
>>>>
>>>> > Since the review, we've realised ... this module needs to define some
>>>> > capabilities and then use has_capability()
>>>>
>>>> Thanks very much for any thoughts/comments!
>>>>
>>>> Cheers
>>>> Ashley.
>>>>
>>>> --
>>>> Ashley Holman
>>>> Software Engineer
>>>> NetSpot Pty Ltd
>>>> 183 Melbourne Street, North Adelaide, 5006
>>>> Ph: +618 8361 6800 Fax: +618 8361 6811
>>>>
>>>> <wimba-moodle-review.pdf>-------------------------------------------------------------------------
>>>> Check out the new SourceForge.net Marketplace.
>>>> It's the best place to buy or sell services for
>>>> just about anything Open Source.
>>>> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace_______________________________________________
>>>> Hw4mdl-devel mailing list
>>>> Hw4...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Microsoft
>>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Hw4mdl-devel mailing list
>>> Hw4...@li...
>>> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel
>>>
>>
>>
>> --
>> Ashley Holman
>> Software Engineer
>> NetSpot Pty Ltd
>> 183 Melbourne Street, North Adelaide, 5006
>> Ph: +618 8361 6800, Fax: +618 8361 6811
>>
>> <wimba-moodle-review.pdf>-------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win
>> great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
>> <http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________>
>> Hw4mdl-devel mailing list
>> Hw4...@li...
>> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Hw4mdl-devel mailing list
> Hw4...@li...
> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel
>
--
Ashley Holman
Software Engineer
NetSpot Pty Ltd
183 Melbourne Street, North Adelaide, 5006
Ph: +618 8361 6800, Fax: +618 8361 6811
|
|
From: Thomas R. <tro...@wi...> - 2008-07-28 22:09:49
|
Hi Ashley, All the problems reported by Catalyst were fixed in the current trunk of the Wimba Moodle integration. All these changes were not part of 3.1.3 because we have estimated that the risks to include them were too important for a maintenance release. We are currently working on the minor release 3.3 which will contain these fixes and also new features : · Add Voice Authoring Activity · Add Activity Workflow Changes · Course Copy Support · Adding Voice Email as an Activity and a Block We have also considered adding the Voice Authoring Applet to Moodle WYSIWYG Editor Best Thomas On 28 juil. 08, at 01:04, Ashley Holman wrote: > Hi all, > > I'm just following up on the code review that Catalyst did a while > ago and whether those issues have been addressed in the latest code. > > I've attached the PDF again to reference. > > Thomas do you think we can check any of these off? I had a read > through them and the issues still seem to be present in v3.1.3. > > To summarise the issues they found: > > - getXmlChoicePage.php - Doesn't check $USER or require_login() > - use of $_POST, $_GET, $_REQUEST instead of required_param(), > optional_param() > - some concern about include paths > - CSS declaration for voice recorder block should move into > styles.php and use .block_bvoicerecorder class > > More details are in the PDF that they compiled. > > Do these issues need to be fixed, or if not could I get an > explanation about why they don't need to be fixed, so that I can > give a response back to our customer about it. I believe that this > particular customer engaged Catalyst to do a security review of the > Wimba/Moodle module, and they are holding off on implementing Voice > Tools until these are addressed. > > Thanks very much > > Regards > Ashley > > Thomas Rollinger wrote: >> >> >> Hi all, >> >> I started to review the code of the moodle integration and fix the >> different problems. All this work is done on the branche "team/ >> Thomas" if you want to take a look and give feedback. >> >> >> Here is my comments about the review: >> >>> * [CRITICAL] getXMLChoicePage.php never checks $USER or >>> require_login() to the course. Is this intended? >>> WimbaMoodleSession seems to have an MD5 checksum but this seems to >>> only be an internal consistency check; the request can still be >>> faked. All AJAX interaction must check for a session key or >>> similar shared secret. >> >> >> I will check if the user is really logged in by using the function >> required_login. I have to verify if this function still works when >> php is configured to not used the cookie for the session. >> >>> * [POTENTIALLY CRITICAL] Use of $_POST, $_GET, $_REQUEST >>> superglobals throughout the code, without escaping or filtering. >>> Although lib/setup.php is requiring or emulating >>> magic_quotes_gpc() behaviour, serious SQL injections and cross- >>> site scripting vulnerabilities may result from such use. Moodle >>> has the built-in functions required_param() and optional_param() >>> that should be used instead. See http://xkcd.com/327/ >>> >> >> I reviewed the management of the parameters by using the functions >> required_param and optional_param. >> On each page, I check if the different parameters are like expected >> and do not contain some critical elements which can cause problems. >> >> >>> * [MODERATE to CRITICAL] The "login" to Wimba backend is >>> <adminusername><courseid><first_lastname><teacher/student- >>> suffix> ... what about users with identical first and lastnames >>> (e.g. two users with the name "John Smith"), will they collide, >>> and if so, how would it be resolved? >> >> The name " John Smith" will appear twice in the list. We can use >> $USER->username instead of concatenate the first name and the last >> name. >> >>> In LiveClassroom, liveclassroom_get_student_userid() which >>> populates $userid in liveclassroom_create_session() does not >>> include any user-unique identifier. Is this intended (i.e. are >>> users only ever authenticated at a course-level)? >>> >> >> liveclassroom_get_student_userid() return the user id of the LC user. >> For each course, there are 2 generic users created in the live >> classroom. One user will be used for creating sessions for all >> instructors of this course and the other will be used for creating >> sessions for all students of this course. >> >>> * [MODERATE] The constant LIVECLASROOM_MOODLE_PREFIX is used in >>> several places in the code but is not defined (it has been >>> commented out). Perhaps this has been replaced by getPrefix() >>> defined in PrefixUtil.php (?) At the least, undefined constants >>> will echo PHP Warnings out to the browser. >>> >> >> The function which used the constant LIVECLASSROOM_MOODLE_PREFIX >> are deprecated. I will remove them. >> >>> * [MODERATE] The code has require, require_once, include and >>> include_once statements that do not anchor relative paths with a >>> dirname(__FILE__). This can trip up command-line execution (e.g. >>> cron jobs), as well as pose a potential security risk. For instance >>> >>> include "../../config.php"; >>> >>> should be >>> >>> include dirname(dirname(dirname(__FILE__))) . "/config.php"; >>> >>> or perhaps >>> >>> include dirname(__FILE__) . "/../../config.php"; >>> >> >> Moodle usually does: >> require_once('../config.php'); // defines $CFG >> require_once($CFG->dirroot.'/course/lib.php'); >> >> We've done what most of the other modules do. >> >>> * [MODERATE] HTTPS is recommended for communicating with the >>> VoiceTools server. The requests from Moodle are passing the Wimba >>> adminusername and password as cleartext over HTTP. Even though the >>> WVT server has an IP whitelist, this is still risking compromise >>> by an IP spoofing Man-In-The-Middle attack. >>> >> >> This is a known problem of our API. >> >>> * [MINOR] Bad style CSS declaration in the bvoicerecorder block. >>> Should be moved to the canonical /blocks/bvoicerecorder/styles.php >>> and use the .block_bvoicerecorder class. >> >> I will move the css into a stylesheet file >> >> >> > Since the review, we've realised ... this module needs to define >> some >> > capabilities and then use has_capability() >> >> Can you provide me more informations? >> >> >> Best >> >> Thomas Rollinger >> Software Engineer >> >> Wimba Inc >> tro...@wi... >> >> >> >> >> On 14 janv. 08, at 01:28, Ashley Holman wrote: >> >>> Hi All, >>> >>> Catalyst have done an analysis of the hw4mdl code and have >>> identified several issues which may need fixing/improving. I've >>> attached the PDF document that they prepared outlining the >>> problems they found. I'm a developer at NetSpot in Australia and >>> we've decided to give some time to fixing those problems, so I'd >>> appreciate any comments people have on each of those points in the >>> PDF - whether the issues are real concerns or not and what should >>> be considered in implementing a fix, so that I can take those into >>> consideration before starting development. >>> >>> Also there is an additional issue that was raised after the PDF >>> was written: >>> >>> > Since the review, we've realised ... this module needs to define >>> some >>> > capabilities and then use has_capability() >>> >>> Thanks very much for any thoughts/comments! >>> >>> Cheers >>> Ashley. >>> >>> -- >>> Ashley Holman >>> Software Engineer >>> NetSpot Pty Ltd >>> 183 Melbourne Street, North Adelaide, 5006 >>> Ph: +618 8361 6800 Fax: +618 8361 6811 >>> >>> <wimba-moodle- >>> review >>> .pdf >>> > >>> ------------------------------------------------------------------------- >>> Check out the new SourceForge.net Marketplace. >>> It's the best place to buy or sell services for >>> just about anything Open Source. >>> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace_______________________________________________ >>> Hw4mdl-devel mailing list >>> Hw4...@li... >>> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel >> >> >> >> >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> >> _______________________________________________ >> Hw4mdl-devel mailing list >> Hw4...@li... >> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel >> > > > -- > Ashley Holman > Software Engineer > NetSpot Pty Ltd > 183 Melbourne Street, North Adelaide, 5006 > Ph: +618 8361 6800, Fax: +618 8361 6811 > <wimba-moodle- > review > .pdf > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win > great prizes > Grand prize is a trip for two to an Open Source event anywhere in > the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________ > Hw4mdl-devel mailing list > Hw4...@li... > https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel |
|
From: Ashley H. <as...@ne...> - 2008-04-30 07:25:25
|
Patch is attached Ashley Holman wrote: > Hi all, > > Here is a patch which demonstrates the use of roles/capabilities to > define whether a user has presenter access or not to a Live Classroom. > To edit the capabilities, as an Administrator to go Users -> Permissions > -> Define Roles. Edit a role, eg. "Student", and then you can change > the capability called "Has presenter access to Live Classrooms". The > default settings are to have teachers and admins as presenters and > students without presenter access. > > I've added a liveclassroom_getRole() function into > mod/liveclassroom/lib.php which is called instead of the generic > getRoleForWimbaTools() function in WimbaLib.php. The reason I moved it > is so that Live Classroom and Voice Tools can have separate capabilities > defined. > > I have only tested this in 1.9 and the capabilities are only implemented > for Live Classroom not Voice Tools, so this is just a proof of concept. > If you are happy with this implementation I can do some further testing > to get it working on older versions and also implement the capabilities > for the voicetools module. > > Regards > Ashley > > -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800, Fax: +618 8361 6811 |
|
From: Ashley H. <as...@ne...> - 2008-04-30 07:23:05
|
Hi all, Here is a patch which demonstrates the use of roles/capabilities to define whether a user has presenter access or not to a Live Classroom. To edit the capabilities, as an Administrator to go Users -> Permissions -> Define Roles. Edit a role, eg. "Student", and then you can change the capability called "Has presenter access to Live Classrooms". The default settings are to have teachers and admins as presenters and students without presenter access. I've added a liveclassroom_getRole() function into mod/liveclassroom/lib.php which is called instead of the generic getRoleForWimbaTools() function in WimbaLib.php. The reason I moved it is so that Live Classroom and Voice Tools can have separate capabilities defined. I have only tested this in 1.9 and the capabilities are only implemented for Live Classroom not Voice Tools, so this is just a proof of concept. If you are happy with this implementation I can do some further testing to get it working on older versions and also implement the capabilities for the voicetools module. Regards Ashley -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800, Fax: +618 8361 6811 |
|
From: Ashley H. <as...@ne...> - 2008-04-30 05:03:30
|
Hi all,
The last chunk in that patch is a fix for the firstname/lastname bug.
Users appear with their name reversed in Live Classroom, eg. "Ashley
Holman" in Moodle becomes "Holman_Ashley" in Live Classroom.
Index: branches/team/Thomas/integrations_common/php/lc/LCAction.php
===================================================================
--- branches/team/Thomas/integrations_common/php/lc/LCAction.php (revision 258)
+++ branches/team/Thomas/integrations_common/php/lc/LCAction.php (working copy)
@@ -270,7 +270,7 @@
$screenName = $this->session->getFirstname() . "_" . $this->session->getLastname();
return $this->api->lcapi_get_session($this->session->getLcCurrentUser(), $screenName);
}
- function getAuthokenNormal($userID, $lastName, $firstName)
+ function getAuthokenNormal($userID, $firstName, $lastName)
{
return $this->api->lcapi_get_session($userID, $firstName . "_" . $lastName);
}
Ashley Holman wrote:
> Hi all,
>
> I've attached a patch which fixes the short PHP tags in
> branches/team/Thomas/
>
> Could this be included before the release of the next version as
> otherwise the module won't work on servers with the PHP short_tags
> setting off.
>
> Thanks
> Ashley
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> ------------------------------------------------------------------------
>
> _______________________________________________
> Hw4mdl-devel mailing list
> Hw4...@li...
> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel
--
Ashley Holman
Software Engineer
NetSpot Pty Ltd
183 Melbourne Street, North Adelaide, 5006
Ph: +618 8361 6800, Fax: +618 8361 6811
|
|
From: Ashley H. <as...@ne...> - 2008-04-30 04:46:15
|
Hi all, I've attached a patch which fixes the short PHP tags in branches/team/Thomas/ Could this be included before the release of the next version as otherwise the module won't work on servers with the PHP short_tags setting off. Thanks Ashley -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800, Fax: +618 8361 6811 |
|
From: Ashley H. <as...@ne...> - 2008-04-21 02:33:34
|
Hi all, I tried enabling VTAPI_DEBUG to help debug a Voice Tools integration which is failing with the error "Moodle cannot connect to the Voice Board server". This is happening on a load-balanced installation of Moodle. When connecting directly to the Moodle nodes, the VT module works fine, however when connecting through the load balance it comes up with that error. I enabled the API debugging to try to get some more information from voicetools_api_create_resource(), however the error_log calls are not correct so no messages are getting logged. eg. error_log (__FUNCTION__ ." : Resource not created because ".$resource->error_message, TRUE); should be: error_log (__FUNCTION__ ." : Resource not created because ".$resource->error_message, 0); Documentation at http://au2.php.net/error_log Regards Ashley. -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800, Fax: +618 8361 6811 |
|
From: Ashley H. <as...@ne...> - 2008-03-13 23:53:15
|
Hi all,
A customer of ours has found a bug in the Wimba/Moodle integration which
causes the firstname/lastname to appear in reverse order in Live
Classroom, eg. Holman_Ashley. I've attached some screen captures
demonstrating the issue.
The problem seems to be in "integrations_common/php/lc/LCAction.php", in
function getAuthokenNormal($userID, $lastName, $firstName). There are
three calls to that function which are all supplying the
firstname/lastname in the opposite order:
./moodle/mod/liveclassroom/doAction.php:82:
$authToken = $api->getAuthokenNormal($session->getCourseId() . "_S",
./moodle/mod/liveclassroom/doAction.php-83-
$session->getFirstname(),
./moodle/mod/liveclassroom/doAction.php-84-
$session->getLastname());
./moodle/mod/liveclassroom/view.php:78: $authToken =
$api->getAuthokenNormal($course->id."_T",$USER->firstname,$USER->lastname);
./moodle/mod/liveclassroom/view.php:82: $authToken =
$api->getAuthokenNormal($course->id."_S",$USER->firstname,$USER->lastname);
I've attached a patch with a suggested fix.
Thanks
Ashley.
-------- Original Message --------
Subject: different order of first and second name in the Wimba classroom
It appears that sometimes the name that is shown in the Wimba classroom is last name first and for other people it is first name first
Could the USQ and Netspot people talk to work out what might be doing on here.
This is in thefoe1000>2008_1 course
In Moodle in the list of participants these two people are shown as
--
Ashley Holman
Software Engineer
NetSpot Pty Ltd
183 Melbourne Street, North Adelaide, 5006
Ph: +618 8361 6800 Fax: +618 8361 6811
|
|
From: Ashley H. <as...@ne...> - 2008-02-21 03:00:41
|
Thanks Thomas, I understand now. I've set the end date out to 2009 and it is now accessible. FYI there is a debug message that pops up when you save changes to the start/end dates. Hopefully everything is OK now. Thanks very much for your help. Ashley. Thomas Rollinger wrote: > Hi Ashley, > > Ashley Holman a écrit : > >> Hi, >> >> I just came across some other errors. Sorry to bombard you: >> >> Fatal error: require_once() [function.require]: Failed opening required 'lib/php/vt/vtAction.php' (include_path='.:/usr/share/pear') in /var/www/html/moodle19/moodle/mod/voicetools/view.php on line 39 >> >> This is a case sensitivity problem as the file is named "VtAction.php" (capital V). Are you guys working on Windows there? I'm testing this on Linux so the filesystem is case-sensitive. After fixing that up I got this error when trying to load up a Voice Board: >> > > My dev environment is on Mac and the filesystem is not case sensitive :) > > >> "The Voice Tools linked to this activity is currently unavailable. >> Please contact your instructor" >> >> Do you know why I might be getting that error? If you're interested I should be able to set you up with SSH access to a development Moodle I have here which I'm using to test the Voice Tools module. So far I've been plagued with errors so would appreciate your assistance in getting it to work under my setup here. Once I can get it working I'll be able to start on the patch for using roles/capabilities. >> >> > > This is not an error. The resource linked to this activity is not available. That's mean that the availability setting of this particular voice tools is set to false(Access panel of the settings) > > To change the avaibility of a tools, you have to go to the Voice Tools component ( where all the voice tools are listed ) and edit the settings. > There is a green/red icon to indicate the availability of the resource > > Best > > Thomas > >> Thanks >> Ashley. >> >> > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Hw4mdl-devel mailing list > Hw4...@li... > https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel > -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
|
From: Thomas R. <tro...@wi...> - 2008-02-21 02:43:28
|
Hi Ashley, Ashley Holman a écrit : > Hi, > > I just came across some other errors. Sorry to bombard you: > > Fatal error: require_once() [function.require]: Failed opening required 'lib/php/vt/vtAction.php' (include_path='.:/usr/share/pear') in /var/www/html/moodle19/moodle/mod/voicetools/view.php on line 39 > > This is a case sensitivity problem as the file is named "VtAction.php" (capital V). Are you guys working on Windows there? I'm testing this on Linux so the filesystem is case-sensitive. After fixing that up I got this error when trying to load up a Voice Board: My dev environment is on Mac and the filesystem is not case sensitive :) > > "The Voice Tools linked to this activity is currently unavailable. > Please contact your instructor" > > Do you know why I might be getting that error? If you're interested I should be able to set you up with SSH access to a development Moodle I have here which I'm using to test the Voice Tools module. So far I've been plagued with errors so would appreciate your assistance in getting it to work under my setup here. Once I can get it working I'll be able to start on the patch for using roles/capabilities. > This is not an error. The resource linked to this activity is not available. That's mean that the availability setting of this particular voice tools is set to false(Access panel of the settings) To change the avaibility of a tools, you have to go to the Voice Tools component ( where all the voice tools are listed ) and edit the settings. There is a green/red icon to indicate the availability of the resource Best Thomas > Thanks > Ashley. > |
|
From: Ashley H. <as...@ne...> - 2008-02-21 02:29:10
|
Hi, I just came across some other errors. Sorry to bombard you:** *Fatal error*: require_once() [function.require <http://dev1.netspot.com.au/moodle19/mod/voicetools/function.require>]: Failed opening required 'lib/php/vt/vtAction.php' (include_path='.:/usr/share/pear') in */var/www/html/moodle19/moodle/mod/voicetools/view.php* on line *39 * This is a case sensitivity problem as the file is named "VtAction.php" (capital V). Are you guys working on Windows there? I'm testing this on Linux so the filesystem is case-sensitive. After fixing that up I got this error when trying to load up a Voice Board: "The Voice Tools linked to this activity is currently unavailable. Please contact your instructor" Do you know why I might be getting that error? If you're interested I should be able to set you up with SSH access to a development Moodle I have here which I'm using to test the Voice Tools module. So far I've been plagued with errors so would appreciate your assistance in getting it to work under my setup here. Once I can get it working I'll be able to start on the patch for using roles/capabilities. Thanks Ashley. Ashley Holman wrote: > Hi Thomas, > > Thanks. That's working a lot better here now, although there are still > these remaining lines with short tags which cause some errors if > short_tags if turned off: > > liveclassroom/mod.html:214: <? > liveclassroom/mod.html:665: > <? > liveclassroom/mod.html:726: > <font class="fontCurrent"><?echo > get_string('duration_calendar','liveclassroom')?></font> > liveclassroom/view.php:211:<? > voicetools/error.php:39: <?require_once("../../config.php"); ?> > voicetools/mod.html:411: <?}?> > voicetools/mod.html:737: <? > voicetools/mod.html:798: <font > class="fontCurrent"><?echo > get_string('duration_calendar','voicetools')?></font> > voicetools/index.php:83: <iframe src="<?=$url?>" > width="705px" height="405px" name="frameWidget" style="overflow:hidden;" > FRAMEBORDER=0> > > That last line also looks like it might be a syntax error - perhaps it > should be "<? print $url; ?>"? > > One other thing I noticed is that the "php-xml" RPM package had to be > installed on RedHat with PHP5 for the voicetools module to work. Last > time I checked the hw4mdl installation docs it only mentioned php-domxml > needing to be installed in PHP4 environments so perhaps that needs to be > amended. > > If you give me commit access I'm happy to check-in some of these fixes > directly to save you the trouble. > > Cheers > Ashley. > -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
|
From: Ashley H. <as...@ne...> - 2008-02-21 02:03:42
|
Hi Thomas,
Thanks. That's working a lot better here now, although there are still
these remaining lines with short tags which cause some errors if
short_tags if turned off:
liveclassroom/mod.html:214: <?
liveclassroom/mod.html:665:
<?
liveclassroom/mod.html:726:
<font class="fontCurrent"><?echo
get_string('duration_calendar','liveclassroom')?></font>
liveclassroom/view.php:211:<?
voicetools/error.php:39: <?require_once("../../config.php"); ?>
voicetools/mod.html:411: <?}?>
voicetools/mod.html:737: <?
voicetools/mod.html:798: <font
class="fontCurrent"><?echo
get_string('duration_calendar','voicetools')?></font>
voicetools/index.php:83: <iframe src="<?=$url?>"
width="705px" height="405px" name="frameWidget" style="overflow:hidden;"
FRAMEBORDER=0>
That last line also looks like it might be a syntax error - perhaps it
should be "<? print $url; ?>"?
One other thing I noticed is that the "php-xml" RPM package had to be
installed on RedHat with PHP5 for the voicetools module to work. Last
time I checked the hw4mdl installation docs it only mentioned php-domxml
needing to be installed in PHP4 environments so perhaps that needs to be
amended.
If you give me commit access I'm happy to check-in some of these fixes
directly to save you the trouble.
Cheers
Ashley.
Thomas Rollinger wrote:
> Hi Ashley,
>
> I did some changes into my branches to fix the several errors that you
> discovered :
>
> -I enabled the moodle debugging and fixed the couple of notice/warning
> error. Please let me know if you continue to encountered problems.
>
> -I have also verified that I use <?php instead of <? in all my file to
> follow the moodle coding convention and committed the missing
> file(popup.php).
>
>
> I set up a new dev environment with the latest code and I was able to
> use and configure the two module without any problems.
>
>
> Thanks for your help
>
> Thomas
>
>
> On 17 févr. 08, at 20:46, Ashley Holman wrote:
>
>> Hi all,
>>
>> I tried setting up the latest code from branches/team/Thomas/ and
>> have encountered several errors trying to get it going.
>>
>> Firstly there is a parse error in
>> integrations_common/php/lc/lcapi.php on line 837. The stray '.' on
>> the end of that line causes the installation to fail. The /admin/
>> URL shows up blank.
>>
>> There are a few short PHP tags in mod/voicetools/mod.html, ie. <?
>> instead of <?php, which caused parse errors in my environment as I
>> don't have short tags enabled. The Moodle coding guidelines say that
>> short tags should not be used
>> (http://docs.moodle.org/en/Coding#General_rules).
>>
>> Once I fixed that up I got the following error from mod.html:
>>
>> Include(http://dev1.netspot.com.au/moodle19/mod/voicetools/popup.php?type=popup)
>> [function.include
>> <http://dev1.netspot.com.au/moodle19/course/function.include>]:
>> failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in
>> */var/www/html/moodle19/moodle/mod/voicetools/mod.html* on line *894*
>>
>> *Warning*: include() [function.include
>> <http://dev1.netspot.com.au/moodle19/course/function.include>]:
>> Failed opening
>> 'http://dev1.netspot.com.au/moodle19/mod/voicetools/popup.php?type=popup'
>> for inclusion (include_path='.:/usr/share/pear') in
>> */var/www/html/moodle19/moodle/mod/voicetools/mod.html* on line *894*
>>
>> I can't see any popup.php that came with the code I checked out from SVN.
>>
>> There are also a few warning messages that come up if you enable the
>> moodle debugging (Administration -> Server -> Debugging) and change
>> the debug setting to ALL. Eg. warnings about constants being already
>> defined, and also some warnings about uninitialised variables.
>>
>> Regards
>> Ashley.
>> --
>> Ashley Holman
>> Software Engineer
>> NetSpot Pty Ltd
>> 183 Melbourne Street, North Adelaide, 5006
>> Ph: +618 8361 6800 Fax: +618 8361 6811
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
>> Hw4mdl-devel mailing list
>> Hw4...@li...
>> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel
>
>
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Hw4mdl-devel mailing list
> Hw4...@li...
> https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel
>
--
Ashley Holman
Software Engineer
NetSpot Pty Ltd
183 Melbourne Street, North Adelaide, 5006
Ph: +618 8361 6800 Fax: +618 8361 6811
|
|
From: Thomas R. <tro...@wi...> - 2008-02-19 22:41:03
|
Hi Ashley, I did some changes into my branches to fix the several errors that you discovered : -I enabled the moodle debugging and fixed the couple of notice/ warning error. Please let me know if you continue to encountered problems. -I have also verified that I use <?php instead of <? in all my file to follow the moodle coding convention and committed the missing file(popup.php). I set up a new dev environment with the latest code and I was able to use and configure the two module without any problems. Thanks for your help Thomas On 17 févr. 08, at 20:46, Ashley Holman wrote: > Hi all, > > I tried setting up the latest code from branches/team/Thomas/ and > have encountered several errors trying to get it going. > > Firstly there is a parse error in integrations_common/php/lc/ > lcapi.php on line 837. The stray '.' on the end of that line causes > the installation to fail. The /admin/ URL shows up blank. > > There are a few short PHP tags in mod/voicetools/mod.html, ie. <? > instead of <?php, which caused parse errors in my environment as I > don't have short tags enabled. The Moodle coding guidelines say > that short tags should not be used (http://docs.moodle.org/en/Coding#General_rules > ). > > Once I fixed that up I got the following error from mod.html: > > Include(http://dev1.netspot.com.au/moodle19/mod/voicetools/popup.php?type=popup > ) [function.include]: failed to open stream: HTTP request failed! > HTTP/1.1 404 Not Found in /var/www/html/moodle19/moodle/mod/ > voicetools/mod.html on line 894 > > Warning: include() [function.include]: Failed opening 'http://dev1.netspot.com.au/moodle19/mod/voicetools/popup.php?type=popup' > for inclusion (include_path='.:/usr/share/pear') in /var/www/html/ > moodle19/moodle/mod/voicetools/mod.html on line 894 > > I can't see any popup.php that came with the code I checked out from > SVN. > > There are also a few warning messages that come up if you enable the > moodle debugging (Administration -> Server -> Debugging) and change > the debug setting to ALL. Eg. warnings about constants being > already defined, and also some warnings about uninitialised variables. > > Regards > Ashley. > -- > Ashley Holman > Software Engineer > NetSpot Pty Ltd > 183 Melbourne Street, North Adelaide, 5006 > Ph: +618 8361 6800 Fax: +618 8361 6811 > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ > Hw4mdl-devel mailing list > Hw4...@li... > https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel |
|
From: Ashley H. <as...@ne...> - 2008-02-18 01:48:08
|
Hi all, I tried setting up the latest code from branches/team/Thomas/ and have encountered several errors trying to get it going. Firstly there is a parse error in integrations_common/php/lc/lcapi.php on line 837. The stray '.' on the end of that line causes the installation to fail. The /admin/ URL shows up blank. There are a few short PHP tags in mod/voicetools/mod.html, ie. <? instead of <?php, which caused parse errors in my environment as I don't have short tags enabled. The Moodle coding guidelines say that short tags should not be used (http://docs.moodle.org/en/Coding#General_rules). Once I fixed that up I got the following error from mod.html: Include(http://dev1.netspot.com.au/moodle19/mod/voicetools/popup.php?type=popup) [function.include <http://dev1.netspot.com.au/moodle19/course/function.include>]: failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in */var/www/html/moodle19/moodle/mod/voicetools/mod.html* on line *894* *Warning*: include() [function.include <http://dev1.netspot.com.au/moodle19/course/function.include>]: Failed opening 'http://dev1.netspot.com.au/moodle19/mod/voicetools/popup.php?type=popup' for inclusion (include_path='.:/usr/share/pear') in */var/www/html/moodle19/moodle/mod/voicetools/mod.html* on line *894* I can't see any popup.php that came with the code I checked out from SVN. There are also a few warning messages that come up if you enable the moodle debugging (Administration -> Server -> Debugging) and change the debug setting to ALL. Eg. warnings about constants being already defined, and also some warnings about uninitialised variables. Regards Ashley. -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
|
From: Ashley H. <as...@ne...> - 2008-02-04 23:08:25
|
Hi Thomas, Thanks for that info on the StudentBis role. The isteacher() etc functions are now replaced with has_capability(). Modules can define their own capabilities for each role which I am working on a patch for. Cheers Ashley. Thomas Rollinger wrote: > Hi Ashley, > > StudentBis is a temporary role. It used when the teacher switches his > role to a student role by the drop down "Switch role to ..." . > This role has the same behavior than student role except for the > launching of the tools. In this case, a popup will alert the teacher > that the tool is launched with the student privilege. > > Do you know which functions replace isteacher() isadmin() in the new > version of moodle? > > Best > > Thomas > > On 3 févr. 08, at 21:07, Ashley Holman wrote: > > >> Hi Thomas, >> >> In the getRoleForWimbaTools() function in WimbaLib.php, one of the >> return values is "StudentBis". What is that role and is it still >> needed? I'm working on using capabilities to define the Wimba roles >> so wanted to see which situation "StudentBis" should be used in... >> does it need its own capability defined? >> >> Also I note that the isteacher() isadmin() etc functions are in >> Moodle's lib/deprecatedlib.php as of 1.7 so its probably important >> that these functions be no longer used. >> >> Thanks >> Ashley. >> >> -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
|
From: Thomas R. <tro...@wi...> - 2008-02-04 22:54:34
|
Hi Ashley, StudentBis is a temporary role. It used when the teacher switches his role to a student role by the drop down "Switch role to ..." . This role has the same behavior than student role except for the launching of the tools. In this case, a popup will alert the teacher that the tool is launched with the student privilege. Do you know which functions replace isteacher() isadmin() in the new version of moodle? Best Thomas On 3 févr. 08, at 21:07, Ashley Holman wrote: > Hi Thomas, > > In the getRoleForWimbaTools() function in WimbaLib.php, one of the > return values is "StudentBis". What is that role and is it still > needed? I'm working on using capabilities to define the Wimba roles > so wanted to see which situation "StudentBis" should be used in... > does it need its own capability defined? > > Also I note that the isteacher() isadmin() etc functions are in > Moodle's lib/deprecatedlib.php as of 1.7 so its probably important > that these functions be no longer used. > > Thanks > Ashley. > > Thomas Rollinger wrote: >> >> Hi, >> >> It can be great if you can make the patch. >> >> Can you please start from the code of the branche "team/Thomas" >> because trunk is not up to date and will not working correctly. >> >> >> Best >> >> Thomas >> >> On 16 janv. 08, at 19:08, Ashley Holman wrote: >> >> >>> Hi Thomas, >>> >>> >>>>> Since the review, we've realised ... this module needs to define >>>>> >>>> some >>>> >>>>> capabilities and then use has_capability() >>>>> >>>> Can you provide me more informations? >>>> >>>> >>> I think a capability could be defined for being an instructor for >>> the >>> Wimba tools. At the moment the getRoleForWimbaTools() function in >>> WimbaCommons.php checks isstudent(), isteacher(), isadmin() etc. >>> This >>> could be replaced with has_capability(), and the default >>> capabilities >>> could be set up to match the current behaviour. Ie, the capability >>> mod/liveclassroom:instructor would be assigned to the Teacher, >>> Course >>> Creator, and Admin roles. This would allow for better customisation >>> of >>> roles, and work in different contexts where roles are overridden >>> etc. >>> >>> If you are interested I can make a patch. >>> >>> Cheers >>> Ashley. >>> >>> PS. sorry for duplicate message - forgot to CC the list on the first >>> one >>> >>> -- >>> Ashley Holman >>> Software Engineer >>> NetSpot Pty Ltd >>> 183 Melbourne Street, North Adelaide, 5006 >>> Ph: +618 8361 6800 Fax: +618 8361 6811 >>> >>> >>> >> > > -- > Ashley Holman > Software Engineer > NetSpot Pty Ltd > 183 Melbourne Street, North Adelaide, 5006 > Ph: +618 8361 6800 Fax: +618 8361 6811 Thomas Rollinger Software Engineer Wimba - People teach People 10 East 40th Street, 11th floor New York, NY 10016 Tel : +1 646 861 5117 Fax: +1 212 533 6041 tro...@wi... http://www.wimba.com Connect & Collaborate at our Users Conference! Wimba Connect 2008 March 2-5, 2008 in Orlando www.wimba.com/connect08 |
|
From: Ashley H. <as...@ne...> - 2008-02-04 02:41:22
|
Hi Thomas, In the getRoleForWimbaTools() function in WimbaLib.php, one of the return values is "StudentBis". What is that role and is it still needed? I'm working on using capabilities to define the Wimba roles so wanted to see which situation "StudentBis" should be used in... does it need its own capability defined? Also I note that the isteacher() isadmin() etc functions are in Moodle's lib/deprecatedlib.php as of 1.7 so its probably important that these functions be no longer used. Thanks Ashley. Thomas Rollinger wrote: > Hi, > > It can be great if you can make the patch. > > Can you please start from the code of the branche "team/Thomas" > because trunk is not up to date and will not working correctly. > > > Best > > Thomas > > On 16 janv. 08, at 19:08, Ashley Holman wrote: > > >> Hi Thomas, >> >> >>>> Since the review, we've realised ... this module needs to define >>>> >>> some >>> >>>> capabilities and then use has_capability() >>>> >>> Can you provide me more informations? >>> >>> >> I think a capability could be defined for being an instructor for the >> Wimba tools. At the moment the getRoleForWimbaTools() function in >> WimbaCommons.php checks isstudent(), isteacher(), isadmin() etc. This >> could be replaced with has_capability(), and the default capabilities >> could be set up to match the current behaviour. Ie, the capability >> mod/liveclassroom:instructor would be assigned to the Teacher, Course >> Creator, and Admin roles. This would allow for better customisation >> of >> roles, and work in different contexts where roles are overridden etc. >> >> If you are interested I can make a patch. >> >> Cheers >> Ashley. >> >> PS. sorry for duplicate message - forgot to CC the list on the first >> one >> >> -- >> Ashley Holman >> Software Engineer >> NetSpot Pty Ltd >> 183 Melbourne Street, North Adelaide, 5006 >> Ph: +618 8361 6800 Fax: +618 8361 6811 >> >> >> -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
|
From: Ashley H. <as...@ne...> - 2008-01-21 05:55:22
|
Hi Thomas, I installed the module from your branch but noticed that the image links were broken. I copied the integrations_common directory into lib/ for both the voicetools and liveclassroom modules. An example of a broken link is "/mod/voicetools/pictures/buttons/new-createvoicepresentation.png". The image is actually located at "/mod/voicetools/lib/web/pictures/buttons/new-createvoicepresentation.png" after copying the integrations_common directory to lib. Cheers Ashley. Thomas Rollinger wrote: > Hi all, > > I did some changes on the structure of the Svn repository. > I separated the generic part(used in all our modules) in a new > directory named integrations_common. > > The content of integrations_common has to be placed in a directory > named "lib" in the modules(liveclassroom and voice tools). > > I started to update the path of the files into the branche "team/ > Thomas" but trunk is not up to date. > > Best > > Thomas Rollinger > Software Engineer > > Wimba - People teach People > tro...@wi... > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Hw4mdl-devel mailing list > Hw4...@li... > https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel > -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
|
From: Thomas R. <tro...@wi...> - 2008-01-17 15:29:03
|
Hi, It can be great if you can make the patch. Can you please start from the code of the branche "team/Thomas" because trunk is not up to date and will not working correctly. Best Thomas On 16 janv. 08, at 19:08, Ashley Holman wrote: > Hi Thomas, > >> > Since the review, we've realised ... this module needs to define >> some >> > capabilities and then use has_capability() >> >> Can you provide me more informations? >> > > I think a capability could be defined for being an instructor for the > Wimba tools. At the moment the getRoleForWimbaTools() function in > WimbaCommons.php checks isstudent(), isteacher(), isadmin() etc. This > could be replaced with has_capability(), and the default capabilities > could be set up to match the current behaviour. Ie, the capability > mod/liveclassroom:instructor would be assigned to the Teacher, Course > Creator, and Admin roles. This would allow for better customisation > of > roles, and work in different contexts where roles are overridden etc. > > If you are interested I can make a patch. > > Cheers > Ashley. > > PS. sorry for duplicate message - forgot to CC the list on the first > one > > -- > Ashley Holman > Software Engineer > NetSpot Pty Ltd > 183 Melbourne Street, North Adelaide, 5006 > Ph: +618 8361 6800 Fax: +618 8361 6811 > > |
|
From: Ashley H. <as...@ne...> - 2008-01-17 00:10:33
|
Hi Thomas, > > Since the review, we've realised ... this module needs to define some > > capabilities and then use has_capability() > > Can you provide me more informations? > I think a capability could be defined for being an instructor for the Wimba tools. At the moment the getRoleForWimbaTools() function in WimbaCommons.php checks isstudent(), isteacher(), isadmin() etc. This could be replaced with has_capability(), and the default capabilities could be set up to match the current behaviour. Ie, the capability mod/liveclassroom:instructor would be assigned to the Teacher, Course Creator, and Admin roles. This would allow for better customisation of roles, and work in different contexts where roles are overridden etc. If you are interested I can make a patch. Cheers Ashley. PS. sorry for duplicate message - forgot to CC the list on the first one -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
|
From: Thomas R. <tro...@wi...> - 2008-01-16 21:31:49
|
Hi all, I did some changes on the structure of the Svn repository. I separated the generic part(used in all our modules) in a new directory named integrations_common. The content of integrations_common has to be placed in a directory named "lib" in the modules(liveclassroom and voice tools). I started to update the path of the files into the branche "team/ Thomas" but trunk is not up to date. Best Thomas Rollinger Software Engineer Wimba - People teach People tro...@wi... |
|
From: Thomas R. <tro...@wi...> - 2008-01-16 20:44:05
|
Hi all, I started to review the code of the moodle integration and fix the different problems. All this work is done on the branche "team/ Thomas" if you want to take a look and give feedback. Here is my comments about the review: > * [CRITICAL] getXMLChoicePage.php never checks $USER or > require_login() to the course. Is this intended? WimbaMoodleSession > seems to have an MD5 checksum but this seems to only be an internal > consistency check; the request can still be faked. All AJAX > interaction must check for a session key or similar shared secret. I will check if the user is really logged in by using the function required_login. I have to verify if this function still works when php is configured to not used the cookie for the session. > * [POTENTIALLY CRITICAL] Use of $_POST, $_GET, $_REQUEST > superglobals throughout the code, without escaping or filtering. > Although lib/setup.php is requiring or emulating magic_quotes_gpc() > behaviour, serious SQL injections and cross-site scripting > vulnerabilities may result from such use. Moodle has the built-in > functions required_param() and optional_param() that should be used > instead. See http://xkcd.com/327/ > I reviewed the management of the parameters by using the functions required_param and optional_param. On each page, I check if the different parameters are like expected and do not contain some critical elements which can cause problems. > * [MODERATE to CRITICAL] The "login" to Wimba backend is > <adminusername><courseid><first_lastname><teacher/student- > suffix> ... what about users with identical first and lastnames > (e.g. two users with the name "John Smith"), will they collide, and > if so, how would it be resolved? The name " John Smith" will appear twice in the list. We can use $USER->username instead of concatenate the first name and the last name. > In LiveClassroom, liveclassroom_get_student_userid() which populates > $userid in liveclassroom_create_session() does not include any user- > unique identifier. Is this intended (i.e. are users only ever > authenticated at a course-level)? > liveclassroom_get_student_userid() return the user id of the LC user. For each course, there are 2 generic users created in the live classroom. One user will be used for creating sessions for all instructors of this course and the other will be used for creating sessions for all students of this course. > * [MODERATE] The constant LIVECLASROOM_MOODLE_PREFIX is used in > several places in the code but is not defined (it has been commented > out). Perhaps this has been replaced by getPrefix() defined in > PrefixUtil.php (?) At the least, undefined constants will echo PHP > Warnings out to the browser. > The function which used the constant LIVECLASSROOM_MOODLE_PREFIX are deprecated. I will remove them. > * [MODERATE] The code has require, require_once, include and > include_once statements that do not anchor relative paths with a > dirname(__FILE__). This can trip up command-line execution (e.g. > cron jobs), as well as pose a potential security risk. For instance > > include "../../config.php"; > > should be > > include dirname(dirname(dirname(__FILE__))) . "/config.php"; > > or perhaps > > include dirname(__FILE__) . "/../../config.php"; > Moodle usually does: require_once('../config.php'); // defines $CFG require_once($CFG->dirroot.'/course/lib.php'); We've done what most of the other modules do. > * [MODERATE] HTTPS is recommended for communicating with the > VoiceTools server. The requests from Moodle are passing the Wimba > adminusername and password as cleartext over HTTP. Even though the > WVT server has an IP whitelist, this is still risking compromise by > an IP spoofing Man-In-The-Middle attack. > This is a known problem of our API. > * [MINOR] Bad style CSS declaration in the bvoicerecorder block. > Should be moved to the canonical /blocks/bvoicerecorder/styles.php > and use the .block_bvoicerecorder class. I will move the css into a stylesheet file > Since the review, we've realised ... this module needs to define some > capabilities and then use has_capability() Can you provide me more informations? Best Thomas Rollinger Software Engineer Wimba Inc tro...@wi... On 14 janv. 08, at 01:28, Ashley Holman wrote: > Hi All, > > Catalyst have done an analysis of the hw4mdl code and have > identified several issues which may need fixing/improving. I've > attached the PDF document that they prepared outlining the problems > they found. I'm a developer at NetSpot in Australia and we've > decided to give some time to fixing those problems, so I'd > appreciate any comments people have on each of those points in the > PDF - whether the issues are real concerns or not and what should be > considered in implementing a fix, so that I can take those into > consideration before starting development. > > Also there is an additional issue that was raised after the PDF was > written: > > > Since the review, we've realised ... this module needs to define > some > > capabilities and then use has_capability() > > Thanks very much for any thoughts/comments! > > Cheers > Ashley. > > -- > Ashley Holman > Software Engineer > NetSpot Pty Ltd > 183 Melbourne Street, North Adelaide, 5006 > Ph: +618 8361 6800 Fax: +618 8361 6811 > > <wimba-moodle- > review > .pdf > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace_______________________________________________ > Hw4mdl-devel mailing list > Hw4...@li... > https://lists.sourceforge.net/lists/listinfo/hw4mdl-devel |
|
From: jeff o. <jef...@gm...> - 2008-01-16 12:14:22
|
sorry for the spam, but there seems to be trouble getting messages through to the list. just trying to prime the pump here... j- |
|
From: Ashley H. <as...@ne...> - 2008-01-14 06:29:45
|
Hi All, Catalyst have done an analysis of the hw4mdl code and have identified several issues which may need fixing/improving. I've attached the PDF document that they prepared outlining the problems they found. I'm a developer at NetSpot in Australia and we've decided to give some time to fixing those problems, so I'd appreciate any comments people have on each of those points in the PDF - whether the issues are real concerns or not and what should be considered in implementing a fix, so that I can take those into consideration before starting development. Also there is an additional issue that was raised after the PDF was written: > Since the review, we've realised ... this module needs to define some > capabilities and then use has_capability() Thanks very much for any thoughts/comments! Cheers Ashley. -- Ashley Holman Software Engineer NetSpot Pty Ltd 183 Melbourne Street, North Adelaide, 5006 Ph: +618 8361 6800 Fax: +618 8361 6811 |
1 message has been excluded from this view by a project administrator.
