ION606
commented
1 month ago I think this was taken care of in https://github.com/Submitty/Submitty/commit/2c18347f133bbc7beb4768bcec23f659fca5b648
Open ziesski opened 1 month ago
ION606
commented
1 month ago I think this was taken care of in https://github.com/Submitty/Submitty/commit/2c18347f133bbc7beb4768bcec23f659fca5b648
github-actions[bot]
commented
1 month ago Hi @ION606,
Thank you for your interest in the Submitty open source project!
We encourage you to join our Zulip server to discuss new features requests, bug reports, and technical implementation questions.
We welcome contributions from new developers! Please read our documentation on how to get started with Submitty, specifically our pages on setting up your development environment and making a pull request.
NOTE: We do not use the Github issue 'assign' feature for first time prospective contributors. You do not need to be assigned to an issue to create a pull request that will be reviewed by our team and then merged if it appropriately resolves the issue.
Describe the bug
There is possibility to find out the id of the student even though the anonymity setting is turned on. While attempting to download a student pdfs’ submission, when viewing it didn’t work (not because of Submitty, but because of the student).
https://submitty.cs.rpi.edu/courses/u24/csci2600/gradeable/hw02/download_pdf?filename=hw2_answers.pdf&path=%2Fvar%2Flocal%2Fsubmitty%2Fcourses%2Fu24%2Fcsci2600%2Fcheckout%2Fhw02%2Fneumaa2%2F3%2Fanswers%2Fhw2_answers.pdf&anon_path=%2Fvar%2Flocal%2Fsubmitty%2Fcourses%2Fu24%2Fcsci2600%2Fcheckout%2Fhw02%2Fneumaa2%2F3%2Fanswers%2Fhw2_answers.pdf&student_id=.
Also note that when you attempt to download the file, instead of opening it then downloading it from the pop up that shows, it will directly download the file with no redirecting to a new link, which I suppose is the expected behavior.
Expected behavior
To Reproduce Steps to reproduce the behavior:
grade a student submission
open the files tab then open the file you want to view.
following pop up will appear
Click on download, and it will redirect you to a new link and then download the file. However, the link that opens actually has the id of the student: https://submitty.cs.rpi.edu/courses/u24/csci2600/gradeable/hw02/download_pdf?filename=hw2_answers.pdf&path=%2Fvar%2Flocal%2Fsubmitty%2Fcourses%2Fu24%2Fcsci2600%2Fcheckout%2Fhw02%2Fneumaa2%2F3%2Fanswers%2Fhw2_answers.pdf&anon_path=%2Fvar%2Flocal%2Fsubmitty%2Fcourses%2Fu24%2Fcsci2600%2Fcheckout%2Fhw02%2Fneumaa2%2F3%2Fanswers%2Fhw2_answers.pdf&student_id=.
See error
Additional context
This is issue has been reported by @Youssef-Chip and I am writing it on behave of him. There is very similar issue reported as well #10601 (for Zip file)