[2.9.3] Flowplayer not working

[2.9.3] Flowplayer not working

- Richard van Iwaarden の投稿
返信数: 10
画像 Particularly helpful Moodlers

After updating from Moodle 2.9.2 to 2.9.3 the flowplayer stopped working. We are using theme 'Essential'.


When I went back to version 2.9.2 suddenly the flowplayer started working again. I do not know what happened here, but just warning people about it.


Can anyone confirm this?

評点平均: -
Richard van Iwaarden への返信

Re: [2.9.3] Flowplayer not working

- Sergio Rabellino の投稿
画像 Particularly helpful Moodlers 画像 Plugin developers
Mee too on Moodle 2.7. I posted the problem to the Moodle-resources forum.
It's about the new params checking in lib/flowplayer/lib.php around line 34.
I don't know why these tests were added (it's about a security ticket) but removing them, the floplayer works again.
Waiting a response from the developers, you can TEMPORARILY comment that code out as follow

   //if (!empty($_GET) or !empty($_POST) or !empty($_REQUEST)) {
        //header("HTTP/1.1 404 Not Found");
        //die;
    //}

But it's definitely a temporary hack that can lead to a security hole, so take care and choose for yourself what to do...
評点平均: -
Sergio Rabellino への返信

Re: [2.9.3] Flowplayer not working

- Petr Skoda の投稿
画像 Core developers 画像 Documentation writers 画像 Particularly helpful Moodlers 画像 Peer reviewers 画像 Plugin developers
Hi Sergio,
please try to find out what is in your $_POST and $_GET variables, one way to do it is for example:

error_log(var_export($_GET, true));

instead of the header and die, then have a look at your error log. There should not be anything in those globals.

Cheers,
Petr
評点平均: -
Petr Skoda への返信

Re: [2.9.3] Flowplayer not working

- Sergio Rabellino の投稿
画像 Particularly helpful Moodlers 画像 Plugin developers

Following your kind response in the other forum post, the problem is into the $_REQUEST that in my configuration carries the site cookies, and the lib.php fires the 404 file not found. $_GET and $_POST are empty arrays.

thanks.

評点平均: -
Sergio Rabellino への返信

Re: [2.9.3] Flowplayer not working

- Damyon Wiese の投稿
Thanks for reporting back - can please say which browser / OS you are testing on? It is not normal that the flash file would have access to site cookies. I tried this with IE8 and IE11 specifically and it worked fine (as well as other mainstream browsers).
評点平均: -
Damyon Wiese への返信

Re: [2.9.3] Flowplayer not working

- Sergio Rabellino の投稿
画像 Particularly helpful Moodlers 画像 Plugin developers

I'm testing on Win7 or Scientific Linux7 with FF/Chrome at the latest version on either platforms and IE11 on win. The backend is centos/apache/php.

Please note that the $_REQUEST check is done into the php script which in turns serve the flash, but initially is served as a php, so i believe that it's normal having the cookies set in the php code, where Petr wrote the "broken" if.

i'm wrong ?


評点平均: -
Sergio Rabellino への返信

Re: [2.9.3] Flowplayer not working

- Damyon Wiese の投稿
No it is not normal that the request to load the swf has access to the site cookies. What are the cookies exactly? Have you got some sort of SSO in place ?
評点平均: -
Damyon Wiese への返信

Re: [2.9.3] Flowplayer not working

- Sergio Rabellino の投稿
画像 Particularly helpful Moodlers 画像 Plugin developers

The "moodlesession" cookie and others cookies from google analitycs like __utma __utmx , ga and few others  (we don't use GA, but i was not able, until now,  to understand why they are sent to the server).

No SSOs are used.


評点平均: -
Sergio Rabellino への返信

Re: [2.9.3] Flowplayer not working

- Sergio Rabellino の投稿
画像 Particularly helpful Moodlers 画像 Plugin developers

Ok, maybe i've got it.

Following the suggestion by Skoda, i was missing the php.ini config for

; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; http://php.net/request-order
request_order = "GP"

Because our php.ini was migrated from time to time between system update/upgrade.

Adding this to our config , the $_REQUEST will be empty, as the cookies will not referenced anymore.


thanks a lot.

評点平均: -
Richard van Iwaarden への返信

Re: [2.9.3] Flowplayer not working

- Damyon Wiese の投稿
Thanks for reporting - we have tried to reproduce a problem here and cannot - we tested various web servers etc - and all were working properly so it would be good if you can report back with your POST/GET variables as Petr commented above. It may be something environmental that we can work around.

Things we tested:
slashargs, IIS, Apache on windows, Apache on Linux, url parameters manually set on the link
評点平均: -