I have given an assignment to my students to upload a few files as an assignment (PDF and MP3), but when I wanted to grade those assignements, I found to my horror that Moodle forces me to download everything.
I have tried to change all possible settings related with file downloads, but nothing seems to make any kind of difference. Also trying to change the URL used manually (by copying the link and try some things in an empty browser window, such as ?forcedownload=0) will not make me allow to view the files online, and do all the grading online.
I hoped that by upgrading my Moodle instance to 2.5 stable would give me at least a setting to configure the display of the assignment files, but sadly that wasn't the case.
My question therefore: why is this not possible?
I may be wrong, but I suspect that isn't quite the answer Maurits was looking for.
The simple answer is that displaying files from untrusted sources within the browser is a security risk. Moodle does not allow files from students to be embedded within the browser (my pdf annotation plugin gets around this by generating images based on the PDF, then displaying the images in the browser).
Why doesn't Moodle allow their users (and admins) to decide whether content uploaded by students is an untrusted source or not? There are many use cases where the content provided by students is perfectly trustable to be opened in the browser. This should be configurable with the default on disabled to provide a standard security, like so many settings in Moodle with a similar security impact.
Don't take me wrong, as a web programmer I do understand the fact that it might be a security risk, but the admin of the site should be the one who is end responsible.
I am also hunting for a solution of not forcing me to download the assignment ...
Thanks so much for your reply since it is really a very old thread.
My concern is that I want to open images in the browser, since it can not be submited using text.
I know that untrusted images and PDFs can be a security risk, but how can ignore this risk?
or must I hack the code? I am not really willing to do that kind of hack.