Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- The Moppies team have scheduled this course to be finished by today. A few of us have completed it at our own pace and then today we've been discussing our findings in the course.
- This is a summary of them.
- First of all, congrats for the course: it's a good idea to have small courses with concrete topics (instead of big courses with more content). We loved the format!
- Some generic comments about the course:
- - It's too basic (at least for any Moodle developer). Based on the title, we were probably expecting to have more information related to Security.
- - There are some acronyms used that are not explained at all (maybe it would be good having a glossary and link them there, to help participants to understand them better).
- - We missed some space in the activities to think about the best solution (instead of directly giving it).
- - Instead of giving a .zip with the code, wouldn't be better to share a GitHub repository? Some of us were expecting to have this repository with the empty code and also with the solutions :-) (in different branches).
- - In some cases, like the first section, we missed some references to devdoc pages giving more information about PARAM_xxx and FORMAT_xxxx.
- - Apart from that, maybe it would be nice having a security course (unrelated to Moodle), to learn a little bit more about security basics.
- - Related to the quiz:
- - It was hard to understand some of the questions of the last quiz (at least for non-native English speakers).
- - Maybe adding some options like "None of the above" or "All of the above" to make them trickier/difficult.
- Apart from that, we have a few comments about the tasks:
- Task: Login and user input sanity check
- - The Greetings plugin is not displayed in 4.0 (before that, the screenshots show it's displayed in the drawer): https://moodle.academy/mod/book/view.php?id=936&chapterid=746
- - It would be good to give some examples of text to test to compare behaviour with different PARAM_xxx and FORMAT_xxx.
- - Codechecker should be added as a requirement for the course.
- - When running codechecker in "5. Check your code", as the require_login has been added, the warning ""Expected login check..." is not displayed.
- Task: Control access using capabilities
- - The given version of the Greetings plugin doesn't implement the feature for removing messages.
- Task: Add sesskey protection.
- - How this task can be done: "Before adding the sesskey protection, try to simulate the CSRF attack. Using a student account on the site, try to find a way how a student could easily make the Hello world wall populated with malicious content submitted from a teacher or admin accounts"?
- Task: Add administration setting for your plugin
- - Version needs to be bumped to add the default value to the database.
- - For Moodle 4.0 onwards, the example should be reviewed because it's not working (navigation has changed). You'll find more information about that in https://docs.moodle.org/dev/Moodle_4.0_developer_update#Navigation_changes
Add Comment
Please, Sign In to add comment