WeBWorK 2.19 Release Candidate #2416
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…wparicalcorrect Fix instructor feedback not being given when showPartialCorrectAnswers is false.
This just uses the simplest possible approach and switches the script from using the now removed `templatesFrom` option to using the new `copyFrom` option. If that option is set, then the new `copyTemplatesHtml` option is also set to be true. Thus the existing behavior of the script is preserved. The script could be updated to actually take advantage of the new options instead if one were ambitious, but this is good enough for now. This also fixes all of the long lines in `lib/WeBWorK/Utils/CourseManagement.pm`, and an issue with comments in the `initNonNativeTables` method.
Update the `bin/addcourse` script for the new `addCourse` options.
be able to copy more things from a course when adding a new course
This fixes issue #2310 in the simple way I mention there. This also only makes the change mentioned for the preview button, and does not address the submit/check answers button issue. A discussion is needed on the best fix for this though.
The workflows currently use `actions/checkout@v3` which used node version 16. This results in a warning that Node.js 16 actions are deprecated. So this updates to `actions/checkout@v4`.
Update the `actions/checkout` action used by the Github workflows.
This is caused by trying to match the problem flags with `/:needs_grading$/' when there isn't a real problem. For instance when a set info file is rendered.
Fix an uninitialized value used in pattern match.
Change the preview button name for the RPC endpoints.
On the UserList, ProblemSetList, and AchievementList managers, remove the scope option that helps determine which items to act on, instead users will always select which items to act on and can use filters to change the list of items to select from. This address #1991. In addition add javascript form validation that will inform the user if the form is missing information, such as no items are selected, a text string is not provided, a valid file is not selected, and so on. Last, disable the import tab if no valid files are found to import from.
When dealing with large classes (>200 users), having to filter before acting on all users is an extra step which can slow things down, so in these cases there is a scope to choose between all users or selected users. Compared to the previous scope, there is no longer a 'visible' option, as that can be done via selecting all visible users.
First fix a but where the javascript required a set to be selected when acting on 'all course sets'. Second make it so the all/selected select gets flagged as is-invalid when failing to select any item, since one way to select an item is to toggle this to all. Also remove the is-invalid class when an item is selected.
To enable these routes set `enable_certbot_renewal_routs: 1` in
conf/webwork2.mojolicious.yml. Also make sure that `http://*:80` is in
the hypnotoad `listen` list in addition to `https://*:443?...`.
Then execute
```
sudo certbot certonly --webroot -w /opt/webwork/webwork2/tmp \
-d your.domain.edu \
--post-hook "chown -R www-data:www-data /etc/letsencrypt && systemctl reload webwork2"
```
to renew certificates without needing to stop the webwork2 app. That
command will renew the certificate for the first time, and also set up
autorenewal in the future. Obviously your.domain.edu needs to be changed
to your actual domain name. Note that /opt/webwork/webwork2/tmp is the
default value of $webworkDirs{tmp}. If you customize $webworkDirs{tmp}
in localOverrides.conf, then you will need to use what you have that
variable set to instead. Be careful since the default value of
$webworkDirs{tmp} depends on the value of $webworkDirs{root} (which is
/opt/webwork/webwork2 by default). So if you customize
$webworkDirs{root}, then you will need to adjust the path accordingly.
Also, change www-data:www-data in the command to be
server_user:server_group where server_user and server_group are the
values of those settings above. The post hook in the command will run
every time that certificates are automatically renewed, and will fix
permissions on the new certificates so that the webwork2 app can read
them, and will hot reload the webwork2 app to load the new certificates
(with zero downtime).
Remove action scope and add action form validation.
Add optional certbot renewal routes.
Also add some other attributes to the field that are useful for such a field (placeholder, autocorrect: off, and autocapitalization: off), and make the field of type "email" instead of "text" to begin with. It also wouldn't hurt to add server side validation of this fields contents in case an email saved for the user in the database is not valid, but that is not done yet here.
Verify the from email address is at least in the form username@host.suffix before sending any email to avoid perl errors if trying to send an email from an invalid address.
Add pattern validation to the email address field on the feedback page.
Update dependencies again.
…il-recipients Fix a useless defined check when searching for email recipients.
Force scaffolds open when checking for a show me another variant.
Since gif2png was the last of the netpbm externalPrograms that was actually used, now none of them are. Those are all removed. Additionally, remove some of the full line perl comments to make just a rather short section on externalPrograms with only 11 remaining.
There is a security vulnerability that allows a student to bypass the
limit on the number of times that show me another can be used
($pg{options}{showMeAnotherMaxReps}) or to open a show me another
problem before the required number of attempts at the original problem
have been made. The ShowMeAnother package adds a hidden
showMeAnotherCheckAnswers field, and if this parameter is set it is
assumed that the user is allowed to use ShowMeAnother. That can easily
be hacked. To do so construct the url `https?://server.edu/webwork2/course_id/set_id/problem_id/show_me_another?showMeAnotherCheckAnswers=1&checkAnswers=1&problemSeed=6543`
where `problem_id` is a valid problem number for the set `set_id`.
Change the seed at will, and you will get a new version of the problem.
If that happens to generate the same problem as the seed for the
assigned problem, it will not render a problem, but in no case will the
showMeAnotherCount in the database be incremented, nor will the number
of attempts at the original problem be checked. You can preview answers
and check answers and do anything except click the "Show Me Another"
page with this.
That issue was fixed by saving the problem seed found that generates a
new problem variant in the session as well as the set id and problem id.
Thus it is not possible for a user to change these things. One advantage
to this is that it is no longer necessary to verify that the problem is
not the same as the assigned problem when checking or previewing
answers. The seed saved in the session can safely be used.
Another issue that was seen is that when the "Show Me Another" button is
used on the show me another page until all uses are exhausted (assuming
that `$pg{options}{showMeAnotherMaxReps}` is set to limit uses), the
last time that it is used the tooltip on the button says "You can use
this feature as many times as you want on this problem." If the button
is then clicked a new problem is not given and it says the uses are
exhausted as it should, but the button shouldn't say that.
There is an issue with opening the show me another page in a new window
that I have seen that is not fixed by this pull request in the case that
`$pg{options}{showMeAnotherMaxReps}` is set to limit usage. That is that
when the "Show Me Another" button is clicked, the show me another page
opens in a new window, but the tooltip on the button still says the
feautre can be used same number of times. The page must be reloaded to
update the count. There is only one way that I know of that can
possibly definitively fix this. That is stop opening the show me
another page in a new window. It is possible to fix this by posting
messages from the opened window, but that is complicated to implement
(javascript for both the problem page and show me another page is
needed). In any case you can't stop the user from opening the problem
itself in another window, and then opening two different show me another
pages. In which case one window or the other will have the incorrect
count. So this is an issue that can never be completely fixed.
Adjustment to the PGresource restructuring for PG.
Fix more issues with show me another.
This is purely the result of executing the `bin/dev_scripts/update-copyright` script.
When I made the "Show Me Another" button an actual submit button in #2405, and unintended consequence is that the answers from the original problem or previous show me another problem persist when show me another is initialized with a new problem. I don't know why I thought that would work. So that will need to be a link again.
Update the copyright in files.
…last-answers Don't show last answers when a new ShowMeAnother problem is shown.
…dcopy.
There are many answers for which the `original_student_ans` does not
work inside `$\displaystyle \text{...}$` which is what is currently used
for student answers if `preview_latex_string` is not defined or is
empty.
For example, consider the following MWE.
```
DOCUMENT();
loadMacros('PGstandard.pl', 'PGML.pl', 'contextFraction.pl', 'PGcourse.pl');
$b = random(2, 4);
$ans = Compute("3^($b)");
Context()->operators->undefine('+', '-', '*', ' *', '* ', '^', '**');
BEGIN_PGML
Simplify [`3^[$b]`]: [_]{$ans}
END_PGML
ENDDOCUMENT();
```
Add that problem to a set and submit the answer `3^$b` (whatever `$b` is
for you) without actually simplifying. Since exponents are disabled for
this problem, that answer does not parse into a MathObject value, and so
`preview_latex_string` is undefined. Now if you generate a hardcopy for
this set including "Student answers" hardcopy will fail since the `^`
character must be in math mode and not inside `\text`.
So I see no alternative, but to go back to using verbatim in this case.
…r hardcopy. This prevents a student from entering an answer that can break out of the verbatim and add malicious TeX.
The cookie lifetime should be the same as the session timeout. It doesn't make sense to keep the cookie any longer than the session is valid for. That only results in stale cookies sitting unusable in the browser cache. The other direction is even worse. If the cookie lifetime is less than the session key timeout, then the user will need to sign in again before the session key timeout actually occurs. So remove the $CookieLifeTime setting entirely, and just use the $sessionKeyTimeout directly. Also correct the $CookieSameSite documentation in localOverrides.conf. I think this was a copy and paste issue.
If the result score from the last time that "Check Answers" (or "Submit Answers") is different from the recorded score, then a new button is shown to the right of the "Problem Score" input (if the percent score is shown) and another new button is shown to the right of the "Point Value" input (if the point score is shown). These buttons read "Use score from last check: score%" and "Use points from last check: points", respectively, where the score and points are the result that pg reported for the last time that "Check Answers" or "Submit Answers" was clicked. If one of those buttons is clicked, then the last checked score and points are inserted into the "Point Value" and "Problem Score" inputs. The idea here is that the instructor may change answers in a student problem (for example to fix a typo), and then click "Check Answers" to see the result of those answers. After doing so the scores from that check are now shown in the answer part scores above (if there are multiple parts). Currently to make those scores take effect in the problem score that will be saved you need to change one of those part score inputs away and back. This just adds a button that will take care of that for you. Note that this last checked score must not be put into the "Point Value" and "Problem Score" inputs, since those must show the currently recorded score. I am not sold on the wording shown on the buttons. Does anyone have a better suggestion? Note that the javascript for the single problem grader and the other grader has been separated into different files. There is no overlap between the javascript used by the two anymore, so there is no reason for this to be in the same file. Also prevent the default click behavior on 'help-popup's. This can make links to '#' scroll to the top of the page. This pull request is the result of a suggestion by @dlglin.
Basically just wrap the paragraphs in `p` tags styled so that the spacing looks good.
The variable is $useSessionCookie. If this is set to 1, then a "session" cookie will be used. This is the same as the "session" setting from before with the previous $CookieLifetime variable.
…ime. This command can be executed by any authenticated user that has the permission 'record_answers_after_open_date_with_attempts'. This is used for timed gateway tests to update the time delta and make sure that the time remaining for a timed gateway test is correct. This really serves two purposes. First, as was just stated, it ensures the correct time remaining is shown. Currently the time delta (the difference between the browser time and ther server time) is computed using server time that is saved in a data attribute on the gateway timer div. If a user hits the browser back button or does a soft page refresh, then the server time in the data attribute will not be correct (it will be the server time when the page was first generated by the server). So now, when the page loads javascript fetches the current server time using the new WebworkWebservice command. Second, the server time is also fetched on a time interval that is one minute less the session time out. Since this is an authenticated request, when this request occurs both the database timeout and the cookie timeout will be updated. This means that a user's session will never timeout during a timed gateway quiz.
Also fix a few copyright issues.
…d-score Add a "Use score from last check" button to the single problem grader.
…y-timeout Remove the $CookieLifeTime setting and use $sessionKeyTimeout instead.
The fallback original_student_ans can not be in math mode text in hardcopy.
Update the webwork2 version.
When this button is used correct answers will be shown with no other content in the feedback popover, scaffolds will all be open, and the feedback popovers will open immediately on page load. This is an instructor only option for now. I don't think this will be a good idea to enable for students. Furthermore, the "Show Correct Answers" buttons on other instructor pages (pg problem editor, problem library, set detail page, statistics, and manual problem grader) now use this for showing correct answers. This works well for most problems, but there are some cases where answers are tightly grouped particularly when there are on the same line that the popovers can overlap in not the best way. This is one potential resolution of openwebwork/pg#1047.
The issue is that with the restructuring of the page the hidden input corresponding to the "assigned" checkbox for a versioned set was not moved with the checkbox. As a result it now comes earlier in the DOM. This means that the order of the values for the hidden input and checkbox by the same name are now reversed in the submitted form. Since the WeBWorK::Controller param method returns the first one the code now gets the hidden input value of "delete" instead of the check box value of "assigned" even when the check box is checked. The fix is simply to move the hidden input back to after the checkbox. This fixes issue #2419.
…-set-deletion Fix unintentional versioned set deletion on the user detail page.
Add a "Show Correct Answers" button to the problem and test pages.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As usual, target pull request to this branch if you want it to go into the release.