Incubating: Bookmarks (within book chapter)

block_bookmarks
Maintained by Picture of Hrvoje GolcicHrvoje Golcic
Bookmarks block plugin provides functionality of user bookmarks creation within the text of Moodle Book chapter (So-called book pins within the text). This can also be used to leave personal notes onto desired locations within Moodle Book chapter.
5 sites
1 downloads
5 fans
Current versions available: 1

Users can create their own bookmarks at any desired position within the text Moodle Book chapters and they can later access it quickly using "jump focus" switch. All the bookmarks will be listed within the block once the user open desired chapter again. This might be useful to anyone who likes to have side notes next to their learning material. The tool can increase accessibility for blind and visually impaired people. Each user can easily create, delete and rename their own bookmarks.

This block works only with Moodle Book chapter. You can create an instance of a block in each Moodle Book chapter view where you need it. To include a block globally across all Moodle Book chapter views please follow this instructions:

  1. Go to Moodle homepage. Create a block instance to the Moodle homepage and set the configuration for the block to be visible in any page throughout entire Moodle
  2. Go to any Moodle Book chapter page. Access the configuration again and restrict the block to be visible only on Moodle Book type of pages


Please don't report bugs here

If you experience an error with the block, or would like to request a feature, please use the "Bug Tracker" link below.


Disclaimer:

  • This is a beta version of a block. Some functionality might not work properly. Please keep in mind that chapter text editing might cause user bookmarks to lose their correct positions within the text. In other words, if chapter text is edited after bookmark is created, a bookmark might not keep its correct position and could became useless.
  • The plugin works exclusively in modern web browsers with Javascript enabled support, including Internet Explorer 9 and higher
  • Released Under the GNU General Public Licence http://www.gnu.org/copyleft/gpl.html

You are the developer? This plugin is not maintained anymore. If you wish to bacome the contributor and continue the development feel free to contact me over github.

Sets

This plugin is part of set Seeking new maintainer.

Screenshots

Screenshot #0
Screenshot #1
Screenshot #2
Screenshot #3

Contributors

Picture of Hrvoje Golcic
Hrvoje Golcic (Lead maintainer)
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Dan Marsden
    Wed, Feb 18, 2015, 6:18 AM
    HI There,

    thanks for sharing the plugin. I've just had a quick look and noticed that the file dbaccess.php introduces some security issues and doesn't seem to be complete (you have some TODO comments at the top of the file that suggest you are already aware of this.)

    Specifically - you make a call to $_POST which is not allowed - you should be using required_param and optional_param calls.

    you should add the following text to the top of the page:
    define('AJAX_SCRIPT', true);

    You should be passing the sesskey() to the ajax script and checking it before any actions are taken.
    https://docs.moodle.org/dev/Security:Cross-site_request_forgery

    a better name for that file might be modifybookmarks.ajax.php rather than dbaccess.php
  • Picture of David Mudrák
    Wed, Feb 18, 2015, 5:47 PM
    Thanks Dan for spotting these. I agree this file has security related issues. Additionally, it allows any logged-id user to delete or update any record from that table. Also, $SESSION->chapterid seems to violate the naming convention and I would suggest to ideally not to (ab)use the session for this, or at least make it something like $SESSION->block_bookmarks->chapterid or so.
    I am going to mark this plugin as needing more work to get these issues sorted out. Please note, I am having troubles to precheck the plugin code with our tools due to space characters in you directory and file names (Installation instructions). I admit it is a bug in our checking system (as we normally do not allow spaces in filenames), still you may want to move those instructions out of the plugin code to a web site or so.
  • Picture of Hrvoje Golcic
    Wed, Feb 18, 2015, 10:50 PM
    Your feedback have been very valuable to me. I agree with all the comments and have fixed the issues:

    1. no more calls to $_POST, only required_param and optional_param calls.
    2. define('AJAX_SCRIPT', true); is set but I created another file for non-ajax database access
    3. confirm_sesskey() is now used before any database action
    4. I agree to your proposal on file name change: modifybookmarks.ajax.php
    5. documentation is moved out of github
    6. $SESSION is not used anymore at all. Not necessary needed
    7. not any user is allowed to delete or update any record from database anymore

    Are there any further comments? Should I re-apply?
  • Picture of David Mudrák
    Thu, Feb 19, 2015, 12:29 AM
    Hi. Thanks for prompt fixes. Can you please check the "Download versions" link at this page? It seems to me that you hid the more recent version "1.0 (2015021700)" (it appears as Invisible now) instead of the older one. Probably you want to do the opposite - hide the version "0.1 (2015020604)" and show the version 1.0 to make it available.
    We will get to re-reviewing your latest version this week and will let you know. Thanks for your patience.
  • Picture of Hrvoje Golcic
    Thu, Feb 19, 2015, 1:52 AM
    True! Tnx for notifying me.
  • Picture of David Mudrák
    Mon, Feb 23, 2015, 3:52 AM
    Hi Hrvoje. As I understood from the description, you are not able to maintain this plugin in the future so I put the plugin into the 'Seeking new maintainer' set. I tested the functionality of the plugin and it looks like a really good idea. It would be pity to let it die so I hope you will either change your mind and keep maintaining this, or you will be able to find a new maintainer soon.
    Thanks for fixing the most crucial issues detected by Dan in his peer-review. Currently, it seems that the code would need a bit more clean-up and polishing to meet Moodle coding guidelines standards. I moved it into the 'Incubating' category so it can get a bit more mature there.
  • Picture of Hrvoje Golcic
    Fri, Mar 13, 2015, 4:46 AM
    Hi!

    Yes, I'm unable to continue the development on this one, I wish I could. I'm able to assist in development though as much the free time makes it possible for me. I'm always here for advice as well or for some small improvements and bugfixes. It's not that I'm resigning of it completely, I'll just not code it anymore. All the cards are open for now.

    I published the plugin here here because there is nothing similar on Moodle yet and it sounds like an interesting idea. It could help someone for sure or at least open mind.

    I've fixed the issues you posted on Github! Thanks for feedback!

    Cheers!
Please login to post comments