Bug Tracker

Browse through the lastest 25 bug reports in the table below. Click on the Bug ID for a more detailed account of the bug. Select from the links to browse or search the bug tracker, to request a bug tracker account (open to ATutor developers), or to report a bug to the Bug Report Forum.

Browse Bug Tracker Anonymously | Request Bug Tracker Account | Report Bugs

Current Bug Summary


Bug IDSummaryDescription
5775 AContent linking across domains

Status: New
Date Submitted: 1490307470
Last Updated: 1490308399
Severity: Major
Resolution: Open

When linking AContent content into demo.atutorspaces.com, from atutor.ca/acontent/devdemo none of the linked content appears.
5774 Special characters in forum notifications

Status: New
Date Submitted: 1489675202
Last Updated: 1489675202
Severity: Minor
Resolution: Open

Various special characters from non-English languages are being render as entities in forum notifications.
5773 Edit test Quote to entities

Status: Resolved
Date Submitted: 1489616667
Last Updated: 1489616812
Severity: Minor
Resolution: Fixed

When creating/editing a test, quote in the textarea are converted to entities.
5772 escaped apostrophe's in test results

Status: Resolved
Date Submitted: 1489258650
Last Updated: 1489449517
Severity: Minor
Resolution: Fixed

Message: In the "remedial content" box, when I have used words that are contracted they have the apostrophe escaped when looking at the test results, as you can see below. I've attached a screenshot that shows this.

Question 1: Open Ended (short paragraph)

test of contracted words.
he\'s\r\nshe\'s\r\nit\'s\r\nthey\'re\r\naren\'t\r\nisn\'t\r\ncan\'t\r\nwon\'t\r\ndidn\'t\r\ndon\'t\r\nwe\'re\r\ndoesn\'t\r\nwhat\'s\r\nthat\'s\r\nJim\'s\r\nPete\'s\r\ncar\'s\r\ndog\'s
5762 htmlchars in forum post notifications

Status: Resolved
Date Submitted: 1488205230
Last Updated: 1489444381
Severity: Minor
Resolution: Fixed

Quotes are converted to htmlspecialchars in the notification sent out. Need to add a decode before sending posts by email.
5770 Quote in open ended question

Status: Resolved
Date Submitted: 1489253994
Last Updated: 1489256049
Severity: Minor
Resolution: Fixed

Apostrophies in open ended questions break the db connection.

http://www.atutor.ca/view/3/26192/1.html
5771 Upload patch access denied

Status: Resolved
Date Submitted: 1489255607
Last Updated: 1489255748
Severity: Minor
Resolution: Fixed

When uploading a patch, and access denied message appears
5769 Edit Language

Status: Resolved
Date Submitted: 1488584727
Last Updated: 1488587746
Severity: Minor
Resolution: Fixed

Product: ATutor
Download: https://github.com/atutor/ATutor
Vunlerable Version: 2.2.2 and probably prior
Tested Version: 2.2.2
Author: Haojun Hou in ADLab of Venustech

Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered inATutor 2.2.2, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in the lang_code HTTP GET parameter passed to ATutor-master/themes/default/admin/system_preferences/language_edit.tmpl.php ?ATutor-master/themes/mobile/admin/system_preferences/language_edit.tmpl.php and ATutor-master/themes/simplified_desktop/admin/system_preferences/language_edit.tmpl.phpurls. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
http://localhost/.../ATutor-master/themes/default/admin/system_preferences/language_edit.tmpl.php?lang_code=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
(2)
http://localhost/.../ATutor-master/themes/mobile/admin/system_preferences/language_edit.tmpl.php?lang_code=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
(3)
http://localhost/.../ATutor-master/themes/simplified_desktop/admin/system_preferences/language_edit.tmpl.php?lang_code=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
5760 PHP7 Issues

Status: New
Date Submitted: 1487350202
Last Updated: 1487350202
Severity: Major
Resolution: Open

ATutor won;t run with php7.1. The $array_type should be MYSQLI_ASSOC in mysql_connect.inc.php:

function queryDB($query, $params=array(), $oneRow = false, $sanitize = true, $callback_func = "mysql_affected_rows", $array_type = MYSQL_ASSOC) {
5759 Deprecated Class with same funciton name in php7

Status: New
Date Submitted: 1487346012
Last Updated: 1487346012
Severity: Major
Resolution: Open

Function names cannot be the same as class names in PHP 7


Message: PHP7 don`t use mysql librery, error install (don`t view mysql)
Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Message has a deprecated constructor in J:\OpenServer\domains\atutor1\include\classes\Message\Message.class.php on line 20

Warning: Cannot modify header information - headers already sent by (output started at J:\OpenServer\domains\atutor1\include\classes\Message\Message.class.php:20) in J:\OpenServer\domains\atutor1\install\index.php on line 22

Warning: Cannot modify header information - headers already sent by (output started at J:\OpenServer\domains\atutor1\include\classes\Message\Message.class.php:20) in J:\OpenServer\domains\atutor1\install\index.php on line 23


Things to describe:
Operating system ATutor is installed on - win 7
ATutor version - 2.2.2 (night build )
Patch #s applied - no
ATutor theme name -
PHP version - 7.0.8
MySQL version - 5.0.12
Webserver & version - apache 2 with PHP7x64 x64
Copies of error messages -
Changes to default settings - no
Web browser being used - FF, Chrome
5746 MySQL strict mode in 5.7+ fails

Status: New
Date Submitted: 1483916599
Last Updated: 1483916599
Severity: Major
Resolution: Open

Introduced in MySQL 5.7, if strict mode is enabled, the default dates like 00-00-00 will fail during installation (ans elsewhere assumed).

http://www.atutor.ca/view/7/26136/1.html
5745 Add forums to content nav

Status: New
Date Submitted: 1483571659
Last Updated: 1483571659
Severity: Feature
Resolution: Open

Like quizzes that get displayed in the content menu when they are associated with content, do the same for forums associated with content.
5744 Side menu title elipse'd

Status: New
Date Submitted: 1483565218
Last Updated: 1483565218
Severity: Minor
Resolution: Open

The title attribute for side menu listing is truncated at the same point as the link text. The title should display the full text of the listing.
Default theme
5743 Visual Editor Pref Fails

Status: New
Date Submitted: 1483564372
Last Updated: 1483564372
Severity: Minor
Resolution: Open

In ATSP, the text based HTML editor opens by default in the content editor, even when the users as the visual editor preference set.
5742 Delayed Announcements

Status: New
Date Submitted: 1483388145
Last Updated: 1483388145
Severity: Feature
Resolution: Open

Add feature that would let instructors schedule preauthored course announcements. i.e. delayed announcements
5617 Google Calendars require OAuth 2

Status: Assigned
Date Submitted: 1451943439
Last Updated: 1483366193
Severity: Major
Resolution: Open

As of April 20, 2015 OAuth2 is required for google api access. Cpnnecting to google calendars from ATutor is currently not possible for any new connections. Existing OAuth1 connections will continue for a while.

Calendar API
https://developers.google.com/google-apps/calendar/?csw=1
https://developers.google.com/google-apps/calendar/overview
https://developers.google.com/google-apps/calendar/quickstart/php
5720 Undefined index error in vitals

Status: Assigned
Date Submitted: 1473082449
Last Updated: 1483366145
Severity: Minor
Resolution: Open

Notice: Undefined index: qti_export_version in ATutor/include/lib/vital_funcs.inc.php on line 1205
5623 handbook links not linked

Status: Closed
Date Submitted: 1452033819
Last Updated: 1483365951
Severity: Minor
Resolution: Fixed

Handbook links have lost their direct link to the relevant page in the handbook.
5724 Edit FS file specialchars

Status: Resolved
Date Submitted: 1474581604
Last Updated: 1483365924
Severity: Minor
Resolution: Fixed

When editing an html file in file storage, charcaters are output as entities.
5725 Sidemenu toggle image fails

Status: Assigned
Date Submitted: 1475100171
Last Updated: 1483365905
Severity: Minor
Resolution: Open

On occasion the + toggles in the side menu loose the toggle image and are replaced with the alt text "toggle."
5729 NoLookUpFeedback

Status: Resolved
Date Submitted: 1478565560
Last Updated: 1483365796
Severity: Minor
Resolution: Fixed

Need to add noLookUpFeedback to the header templates for each of the themes to make it possible to pass untranslated strings as feedback using the GET['fb'] variable.

A better strategy would be to update Message.class.php to allow strings, rather than tokens,to be added to the SESSION, and printed out when the page reloads.
5740 Uninstall Module Fails

Status: New
Date Submitted: 1482537294
Last Updated: 1482537294
Severity: Major
Resolution: Open

Can't rememeber the last time I saw the module uninstall work.

For GameMe, the module dir seems to delete okay, though an error message say it failed.

The GameMe tables and language do not get deleted.
5700 Gamification Module

Status: Resolved
Date Submitted: 1470229407
Last Updated: 1482535001
Severity: Feature
Resolution: Fixed

Potential lib for gamification module for ATutor
PHPGamification gamification Lib
https://github.com/atutor/PHPGamification
5737 GameMe runs when not enabled

Status: Resolved
Date Submitted: 1481153231
Last Updated: 1482534898
Severity: Minor
Resolution: Fixed

When in a course that does not have the side menu or GameMe panel enabled, the config GameMe message appears.
5739 Restore Backup with option

Status: New
Date Submitted: 1482449442
Last Updated: 1482452147
Severity: Minor
Resolution: Open

When restoring a GameMe backup, restoring the gm_options table breaks, because the first field "options" is a reserved word.

Prefereably update backup restore to backquote all column names, or change the option column to something else.