Bug Tracker

Browse through the lastest 25 bug reports in the table below. Click on the Bug ID for a more detailed account of the bug. Select from the links to browse or search the bug tracker, to request a bug tracker account (open to ATutor developers), or to report a bug to the Bug Report Forum.

Browse Bug Tracker Anonymously | Request Bug Tracker Account | Report Bugs

Current Bug Summary


Bug IDSummaryDescription
5711 Mysql query in profile

Status: Resolved
Date Submitted: 1472066982
Last Updated: 1472069975
Severity: Minor
Resolution: Fixed

There is a left over mysql_query in the profile.php file, and $addslashes break the query.
5707 Admin config edit quote in site name

Status: Resolved
Date Submitted: 1471387136
Last Updated: 1472069948
Severity: Minor
Resolution: Fixed

A quote in a site name in the admin's config editor, is escaped with a slash. Add stripslashes to $_config['site_name']
5708 deprecated /e flag preg_replace when latex

Status: Resolved
Date Submitted: 1471469904
Last Updated: 1472069851
Severity: Trivial
Resolution: Fixed

When a LaTeX server is defined, the following warning occurs:
[17-Aug-2016 23:32:56 Europe/Berlin] PHP Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /Applications/MAMP/htdocs/atutorgit/include/lib/output.inc.php on line 401
5700 Gamification Module

Status: New
Date Submitted: 1470229407
Last Updated: 1471387635
Severity: Feature
Resolution: Open

Potential lib for gamification module for ATutor
PHPGamification gamification Lib
https://github.com/atutor/PHPGamification
5695 File overwrite patch status

Status: Resolved
Date Submitted: 1467487597
Last Updated: 1471302115
Severity: Minor
Resolution: Fixed

When a file overwrite patch is installed, its status is not updated to installed
5694 Patcher editor addslashes

Status: Resolved
Date Submitted: 1467465286
Last Updated: 1471302101
Severity: Minor
Resolution: Fixed

When editing patches each save adds an additional slash to each quote.
5692 Untranslated Mobile/Simple Theme

Status: Resolved
Date Submitted: 1467463727
Last Updated: 1471302078
Severity: Minor
Resolution: Fixed

"Don't have an account" is not translated in login.tmpl.php in the mobile and simple themes.
5609 prequisite test text float right

Status: Closed
Date Submitted: 1451496845
Last Updated: 1471302062
Severity: Minor
Resolution: Fixed

When the screen is wide, the text tht appears before the prerequisite test area under the tests&surveys tab in the content editor, floats right.
5703 display HTML in content fails

Status: Resolved
Date Submitted: 1470336015
Last Updated: 1471302023
Severity: Minor
Resolution: Fixed

In 2.2.2 it is no longer possible to directly add HTML to content page, to display as HTML markup when the page renders.
5706 Update SCORM module

Status: New
Date Submitted: 1470916859
Last Updated: 1470916859
Severity: Minor
Resolution: Open

Update SCRM module to use queryDB().
5702 Moving multiple files fails

Status: New
Date Submitted: 1470331668
Last Updated: 1470331668
Severity: Minor
Resolution: Open

When moving mutliple files in the file manager, the move fails if more than on file is selected.
5682 Create folder XSS

Status: Closed
Date Submitted: 1463082356
Last Updated: 1468256626
Severity: Minor
Resolution: Fixed

Hello,
I have done the steps below:
- first step:
I logged in as a demo user
- second step:
I jumped to the URL : https://demo.atutorspaces.com/mods/_core/editor/edit_content_folder.php?
- third step:
I injected a script code , then i realized that your demo website is vulnerable to an stored XSS, attached u will find some screen-shots.
5696 Manual istall fails at setup db

Status: Resolved
Date Submitted: 1467721886
Last Updated: 1467722056
Severity: Minor
Resolution: Fixed

When installing manually, $db_name as %s is not recognized in the SQL statement SHOW CREATE DATABASE `%s`. Need to remove $db_name from the array.
5693 Missing language in mobile login

Status: Closed
Date Submitted: 1467464948
Last Updated: 1467487528
Severity: Minor
Resolution: Unable to Duplicate

Untranslated terms.

[off]
[topics_in]
5624 Upload width custom icon

Status: Closed
Date Submitted: 1452122926
Last Updated: 1467323035
Severity: Minor
Resolution: Fixed

A custom icon that is both higher and wider than the allowed default sizes, resizes to a small square. need to take both hieght and width ratios into account when resizing
5635 Content editor test assoc'n text

Status: Closed
Date Submitted: 1456533118
Last Updated: 1467323035
Severity: Minor
Resolution: Fixed

The text added to a Quiz when associated with content via the Tests & Surveys tab in the content editor, does not appear when the link is rendered to the page.
5638 Handbook link broken

Status: Closed
Date Submitted: 1456787012
Last Updated: 1467323035
Severity: Minor
Resolution: Fixed

The links to the handbooks in the main screen of the popup ATutor handbook, produces "Innaccessible Page" error. Fails on htmlentities($_GET['p']). Add a check for $_GET['p']
5644 module install wrong mod

Status: Closed
Date Submitted: 1457137154
Last Updated: 1467323035
Severity: Major
Resolution: Fixed

The selected module via install modules, is not the module that gets installed
5637 Gradeeboook, grade scale layout

Status: Closed
Date Submitted: 1456667610
Last Updated: 1467323005
Severity: Minor
Resolution: Fixed

The layout of the grade scale page is broken when a custom grade scale is added.

mods/_standard/gradebook/grade_scale.php
5640 Confirm News Feed buttons

Status: Closed
Date Submitted: 1456959903
Last Updated: 1467323005
Severity: Minor
Resolution: Fixed

When an admin adds a news feed via mods/_standard/rss_feeds/add_feed.php

there is no confirm button in the confirmation step, to complete the addition to the db.
5643 Mobile hardcoded language

Status: Closed
Date Submitted: 1457116046
Last Updated: 1467323005
Severity: Minor
Resolution: Fixed

See attached PDF for possible hardcoded language in the mobile theme.
3715 additional name formats

Status: Closed
Date Submitted: 1235383250
Last Updated: 1467323004
Severity: Feature
Resolution: Fixed

Japanese, and other languages, present last name first. Some of the following formats could be added.

http://www.atutor.ca/view/2/16741/1.html
5636 create new file in folder

Status: Closed
Date Submitted: 1456585559
Last Updated: 1467323004
Severity: Minor
Resolution: Fixed

When creating a new file inside a folder, the file gets saved into the filemanager's root directory. Missing the pathext value.
5647 Instr Create Course sys pref

Status: Closed
Date Submitted: 1457548222
Last Updated: 1467323004
Severity: Minor
Resolution: Fixed

The Instructor can create course setting in system preferences is not working on the demo site.
5654 Failed logic password_reminder.php Remote Password Reset vulnerability

Status: Closed
Date Submitted: 1458337397
Last Updated: 1467323004
Severity: Major
Resolution: Fixed

There a failed logic flaw in the password_reminder.php script that we can leverage for a remote password reset without requiring any kind of authentication or interaction via email. This is fatal mistake.

--------------------------------------------------------------------------------------------
} else if (isset($_REQUEST['id']) && isset($_REQUEST['g']) && isset($_REQUEST['h'])) {
//coming from an email link
//check if expired
$current = intval(((time()/60)/60)/24);
$expiry_date = $_REQUEST['g'] + AT_PASSWORD_REMINDER_EXPIRY; //2 days after creation
if ($current > $expiry_date) {
$msg->addError('INVALID_LINK');
$savant->display('password_reminder_feedback.tmpl.php');
exit;
}
/* check if already visited (possibley add a "last login" field to members table)... if password was changed, won't work anyway. do later. */
//check for valid hash
$sql = "SELECT password, email FROM %smembers WHERE member_id=%d";
$row = queryDB($sql, array(TABLE_PREFIX, $_REQUEST['id']), TRUE);
if (isset($row['email']) && $row['email'] != '') {
$email = $row['email'];
$hash = sha1($_REQUEST['id'] + $_REQUEST['g'] + $row['password']);
$hash_bit = substr($hash, 5, 15);
if ($_REQUEST['h'] != $hash_bit) {
$msg->addError('INVALID_LINK');
$savant->display('password_reminder_feedback.tmpl.php');
--------------------------------------------------------------------------------------------

Although this vulnerability is very hard to see, we start out by setting the id, g and h REQUEST. The g variable is used to calculate the expiry_date variable and needs to ensure that the value is greater than the number of days since epoch (1/1/1970).

Then later in the code, the our controlled h REQUEST variable is compared against a computed string. If it fails, the INVALID_LINK error is appended to our session array using $msg->addError('INVALID_LINK');. The problem arises on the next line of code. The call to $savant->display('password_reminder_feedback.tmpl.php'); actually includes that PHP file (and subsequently several other PHP files). Eventually, one of the files calls session_start() and rewrites our session to not contain our error in it. This essentially erases the error that the previous line appended!

Why is this important? Lets see in the next few lines of code.

--------------------------------------------------------------------------------------------
//changing the password
if (isset($_POST['form_change'])) {
/* password check: password is verified front end by javascript. here is to handle the errors from javascript */
if ($_POST['password_error'] <> ""){
$pwd_errors = explode(",", $_POST['password_error']);
foreach ($pwd_errors as $pwd_error){
if ($pwd_error == "missing_password")
$missing_fields[] = _AT('password');
else
$msg->addError($pwd_error);
}
}

if (!$msg->containsErrors()) {
//save data
$password = $addslashes($_POST['form_password_hidden']);

$sql = "UPDATE %smembers SET password='%s', last_login=last_login, creation_date=creation_date WHERE member_id=%d";
$result = queryDB($sql,array(TABLE_PREFIX, $password, $_REQUEST['id']));
--------------------------------------------------------------------------------------------

The code continues (even if we hit that error) then checks for the presence of the POST variable form_change. We need to sure that we do not include the POST variable password_error (generated from client side JavaScript) otherwise we will append errors to our session array. Then finally, a check is done on our session array if (!$msg->containsErrors()) then the code proceeds to update the members table with the supplied POST variable form_password_hidden

Patch??

Please just remove the line here:

$savant->display('password_reminder_feedback.tmpl.php');