BIM – Tidy up #4 – Security checks

The last tidy up of BIM resulted in some fairly major code changes as early design assumptions were over-turned in favour of more PHP/Moodle like approaches, not to mention general better design/structure. This tidy up turns to some of the more “housekeeping” types of tasks. This one seeks to ensure that BIM follows all of the security guidelines as suggested on the Moodle site

Auth and capabilities

  • require_login course is used check
  • has_capability called early. check

Forms

  • Use moodleforms wherever possible check
    There are 7 forms in BIM
    • allocation_form.php
    • coordinator/find_student_form.php
    • coordinator/marker_allocation_form.php
    • coordinator/question_form.php
    • marking_form.php
    • mod_form.php
    • ./student/register_form.php
  • setType method for each field
    • allocation_form.php check
    • coordinator/find_student_form.php check
    • coordinator/marker_allocation_form.php check
    • coordinator/question_form.php check
    • marking_form.php check
    • mod_form.php check
    • ./student/register_form.php check
  • use optional_param/required_param check
  • Clean data from external sources – RSS Feeds
    I’m using SimplePie to retrieve all the feeds. I’m assuming this does the job of cleaning. I would hope so. This will need confirmation

Output

more information

  • Use s or p to output plain text
  • use format_string for minimal HTML
  • use format_text for all other content
  • use stripslashes on data from option_param or required_param if being outputed

There’s also the question here of some of the internationalisation stuff that I need to include.

Currently, I’m simply using “print”. Source files using print include:

  • coordinator/allocate_markers.php check
  • coordinator/find_student.php check
  • coordinator/manage_marking.php check
  • coordinator/view.php check
  • coordinator/question_form.php check
  • lib/bim_rss.php check
  • lib/locallib.php check
  • marker/view.php
  • marker/allocation_form.php check
  • marking_form.php
  • student/view.php

Adding in language support is interesting. Not a lot of examples. Having to use some arcane greps and finds to discover examples and try to deduce from there.

Log every request

Use add_to_log

The major requests for BIM are:

  • Coordinator Check
    • Configure BIM
    • Manage and change questions
    • Allocate markers
    • Manage marking
      • View students in various states
      • Release results
    • Find student
    • Your students
      • student details
      • post details
      • reallocate post
      • Mark post
  • Marker CHECK
    • student details
    • student post details
    • reallocate post
    • Mark post
  • student CHECK
    • view details
    • try to register feed

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s