Mahara

Broken link checker

Bug #1724950 reported by Kristina Hoeppner on 2017-10-19

262

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Confirmed	Wishlist	Unassigned

Bug Description

Implement a broken link checker to prevent people going to web sites that may be up for grabs and thus exposing them to phishing, serving malware, impersonation.

Thanks to Vineet Kumar for reporting this.

I think it concerns primarily links in the editor (TinyMCE and plain text) as well as any field where you can enter a URL. External media should be fairly safe as domains need to be whitelisted in the "Allowed iframes". So having a check for them rather than when a block is on a page might suffice.

Before implementing a solution, the following should be discussed:
- What do current link checkers offer?
- Unlink automatically or require admin intervention? If admin intervention, will there be a weekly / daily email?
- If admin intervention, most links will be in user created content though to which admin doesn't have direct access.
- Should links be crossed out and unlinked automatically? That would also resolve the issue with posting direct links rather than linking text.

See original description

Kristina Hoeppner (kris-hoeppner) on 2017-10-19

description:

updated

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2017-11-09:

We created a plugin for Moodle: https://moodle.org/plugins/tool_crawler Something to adapt?

Revision history for this message

Robert Lyon (robertl-9) wrote on 2017-11-09:

From what I can tell about the moodle tool_crawler plugin it goes and finds broken links and then alerts the admin/course admin about them.

Am I right in thinking the content it checks is generated by admins/course admins?

If so this is different to how Mahara works where the content is student generated.

Having a robot crawl the site to find links would also be difficult in Mahara as a robot even with site admin rights would still not be able to 'see' everything, eg a site admin not in a group would not be able to access the group pages.

It might be easier to have a plugin that reads directly from db all the external links (I'm assuming that broken internal links are safe) and ignore ones that we can trust within a whitelist, eg links to google.com, facebook.com, youtube.com etc

Also as students may stop maintaining their account we will need to work out what to do with potentially unsafe broken links. Who will fix them up? if they are not fixed up after a certain time do we just not display them or delete them?

Things to ponder

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2017-11-12:

Links can be put into forums in Moodle by students. So it's not fully just admins.

Robert, take a look at the report from Vineet to see which links were affected in his original report.

Robert Lyon (robertl-9) on 2018-03-08

Changed in mahara:
milestone:	18.04.0 → 18.10.0

Kristina Hoeppner (kris-hoeppner) on 2018-08-31

Changed in mahara:
milestone:	18.10.0 → none

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.