Ephorus Plagiarism plugin

Plagiarism ::: plagiarism_ephorus
Maintained by Ephorus Integrations, David Winn, John McGettrick
Please see https://moodle.org/plugins/plagiarism_turnitin for further information.
Latest release:
15 sites
2 fans

Please see https://moodle.org/plugins/plagiarism_turnitin for further information.

Screenshots

Screenshot #0

Contributors

Ephorus Integrations (Lead maintainer)
Please login to view contributors details and/or to contact them

Comments RSS

Comments

  • David Mudrák
    Fri, 16 May 2014, 6:14 AM
    Hi.

    Many thanks for sharing this plugin with the Moodle community.

    I understand one needs a commercial license to use the plugin. So since I am
    unable to test the functionality of the plugin, might we be able to setup a
    quick demo so that I can see the plugin in action maybe?

    The plugin does not declare any capabilities. How do you control access to the
    reports and other aspects of the functionality? Do you rely oN the
    capabilities provided by the mod_assign module?

    The uploaded version contains the db/upgrade.php. So do I get it right that
    the plugin is already in production out there? Can you provide some rough info
    on how many institutions are already using it? Also, I did not found any
    upgrade_plugin_savepoint() call in the whole db/upgrade. Note that it might
    make the upgrade path more safe and avoid accidental repeats of the same
    upgrade code being executed.

    I noticed table names in install.xml lack the plagiarism_ prefix. This is
    pretty serious as it might lead to plugin names conflict in the future. Even
    though in this case this could be tolerated as it is unlikely that anybody but
    you would come with an activity module of the 'ephorus' name (which would then
    collide).

    However, other functions like create_file() or event_mod_deleted() etc that
    are loaded into the global scope from lib.php should really have the
    plagiarism_ephorus_ prefix to preven eventual collision in the global
    namespace.

    I am afraid that the call_user_func() code at the top of functions.php
    represents an unacceptable security flaw in this plugin. Simply said, you
    implemented a backdoor allowing anybody at the Internet execute any function
    in Moodle without any validation, authentication and authorization. If this
    code is already in production somewhere, I would really recommend to fix those
    sites before we eventually publish this code.

    Plugins uploaded to the Plugins directory are supposed to contain just the
    English language pack. All translations are maintained separately at
    lang.moodle.org portal.

    Using DIRECTORY_SEPARATOR is not necessarily needed, PHP always converts / to
    the appropriate character in its file functions. We avoid it in Moodle to make
    the code more readable (and thence easier to spot eventual bugs).

    I have also asked our plagirism specialist for a quick peer-review of the API
    usage in the plugin. Beside that, the record form of the plugin could be
    improved.

    Looking at the validation results, a meaningful README file could be useful to
    have. For example, to mention the need for the XSL extension to show reports.0

    Please review http://docs.moodle.org/dev/Plugin_validation#Recommended_URLs
    and then edit the plugin entry to provide the source, tracker, and
    documentation URLs that will enable others in the community to more actively
    participate in using this plugin.

    I noticed that you did not specify an issue tracker for your plugin. Providing
    a place for users of your plugin to report issues encourages participation and
    provides a way for users to report bugs, make feature requests, or suggest
    other types of improvements. There are a couple of options. You are welcome to
    request that a component be created in the Moodle Tracker. This will allow for
    you to become more familiar with how issues are managed in Moodle core but may
    take a little more time to setup. Alternatively, for folks who are using
    Github.com, you can use the issues feature of Github to handle such requests.
    Kindly let me know which of these two options seems best for you.

    Please provide a documentation URL. You are welcome to create your
    documentaiton in Moodle Docs,  See
    http://docs.moodle.org/dev/Plugin_documentation for more information.

    Please consider adding a screenshot of your plugin to help folks get an idea
    of what it looks like when installed.  

    I noticed some files are encoded using the DOS/Windows end-of-lines. See
    http://docs.moodle.org/dev/Coding_style#Line_Termination

    For now, I am going to mark this plugin as needing more work until we get
    these issues resolved. Thanks for your patience with the review and approval
    process.
  • Ephorus Integrations
    Fri, 16 May 2014, 2:56 PM
    Dear David,

    Thank you very much for your thorough review and for all your remarks. Though our plugin has already been used by hundreds of institutions for many years, it now seems that a lot of improvements need to be made.

    We will start working on those as soon as possible and upload a new version once we are done.

    Regarding your question about testing; you would indeed need a demo account for that. I would be more than happy to set one up for you if you want but perhaps it would be better to wait until we have an improved version?

    By the way, Gavin Henrick already has a test account with us and has testing of the plugin on his todo-list.

    Again, thank you very much for all your remarks and please let me know if there are any more questions or remarks.

    Kind regards,
    Peter Janknegt
    Ephorus
  • David Mudrák
    Fri, 16 May 2014, 4:07 PM
    Thanks Peter. Let us wait with the demo account for the improved version then. Once you consider it all fixed, feel free to schedule the plugin for re-approval using the link in the side Settings block. Have fun smile
  • David Mudrák
    Mon, 21 Jul 2014, 10:11 PM
    Hi. Thanks for the updated version. I saw Gavin's review and that's seem to be enough from the usability perspective.

    I think you might want to include some more capability checks in further versions of your plugin. I don't know details of your
    service API but currently, any logged in user can execute remote SOAP functions, e.g. via change_index. It may or may not be
    intentional, just be aware of the fact that hiding the link via UI is not enough to effectively protect and secure the
    functionality.

    Do I get it right you ran into the limitation with the maximum table name? As noted above, the tables should have full frankenstyle
    prefix. So even though you fixed the eventual collision with a hypothetical 'ephorus' activity (mod_ephorus), your tables would now
    collide with (hypothetical again) 'eph' plagiarism plugin. I understand it's not trivial issue to fix, given the length of this core
    component name. Anyway, thanks for attempting to fix this in the upgrade step.

    Said that, you are cleared to land now. Welcome to the Plugins directory!
  • Jan Derriks
    Wed, 31 Aug 2016, 3:11 PM
    I just received an email from Ephorus (now merged with Turnitin) that development with the Ephorus API's will be discouraged/discontinued.

    No info about alternatives (Turnitin?) yet.
  • Wazza
    Wed, 17 Apr 2019, 7:33 PM
    Can students actually see there plagiarism score? A teacher has the ability to press the 'eye' icon in Moodle next to the score, but my students can't see the scores even with the eyes open. What am I missing here?
Please login to post comments