15 March 2010, 20:25

I have noted that there seems to be a problem with my installation of Mahara 1.2, in which a secret url view will not allow feedback.  The problem seems to me to be located within the code in the /lib/view.php file, at lines 2803...

function add_feedback_form_validate(Pieform $form, $values) {
    global $USER, $view;
    if (!$USER->is_logged_in()) {
        $token = get_cookie('viewaccess:'.$view->get('id'));
        if (!$token || get_view_from_token($token) != $view->get('id')) {
            $form->set_error('message', get_string('placefeedbacknotallowed', 'view'));
        }
    }
}

 Note the cookie in the code is called "viewacess", and this is what the cookie name that is involved in the mahara.org installation; however, in my installation (and other parts of the code), the cookie is name "mviewacess".   If I change the name of the cookie in the code above, I get an error. 

Should the getcookie line really include the ->get('id') code?  Or, do you see anything else that seems wrong? 

Basically I think the !token element in the next line is being initiatted, because of the cookie problem.

Advice?

15 March 2010, 20:34

sorry, above should read "viewaccess", not "viewacess". 

Also, I did change the cookie name to "mviewaccess" and it didn't produce an error, and the feedback was processed for a non-logged in user!  However, I now have a "Loading...." message at the top left of my screen in the view.   

Any advice?

15 March 2010, 22:11

Hi Tim,

Excellent detective work, thanks!  I think the problem is probably that the wrong name is used when setting the cookie, rather than when the cookie is looked up on feedback submission.  I'll look into this some more, but my feeling is that the bug is actually in the $usertoken bit in view/view.php on lines 55-56, which should both read 'viewaccess' rather than 'mviewaccess'.

I'll try changing that and let you know...

R.

15 March 2010, 23:30

That seems to fix the problem for me.  The patch is here if you need it:

http://gitorious.org/mahara/mahara/commit/48e22072c9bed9315e5cb40a7734775a88778f44

16 March 2010, 4:52

Excellent !  Yes, that fix did it.... feedback for the secret url is now working. 

Thank you for the follow up Richard - I'm glad to have this little bug taken care of.  I learned something in the process as well.  

 TF

16 March 2010, 5:44

Oh no... initially it worked fine, I thought the problem was fully solved.  However, that fix seems to result in the "Loading... " progress image to staul in the top left of the screen. 

Any ideas what's going on there?

16 March 2010, 6:05

I wonder if the problem is now in the end of the add_feedback_form_submit function, where the $goto is being constructed.  There does not appear to be a suitable construct for the secret url $goto in the code found around 2889 in view/view.php
  

  if ($artefact) {
        $goto = get_config('wwwroot') . 'view/artefact.php?artefact=' . $artefact->get('id') . '&view='.$view->get('id');
        $newlist = $artefact->get_feedback(10, null, $view->get('id'), true);
    }
    else {
        $goto = get_config('wwwroot') . 'view/view.php?id='.$view->get('id');
        $newlist = $view->get_feedback(10, null, true);
    }
    build_feedback_html($newlist);
    $form->reply(PIEFORM_OK, array(
        'message' => get_string('feedbacksubmitted', 'view'),
        'goto' => $goto,
        'data' => $newlist,
       
    ));
}

I think with the secret url it would go into the else, and the resulting url would not be suitable, and the action might be stauling within the $form in the next lines, because the $goto isn't appropriate.  

Does this sound right?  How to fix?

16 March 2010, 6:08

16 March 2010, 16:51

The url with the view id should work, because once you've hit the page once with the secret url, you should have a cookie in your browser that will get you through.

The stalled 'loading' message is usually caused by a javascript error -- if you have access to a javascript debugger like firebug you could look for a message.  Unfortunately I can't reproduce the stalled loading message yet (tried FF3, IE8, & Chrome).