Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-19303 META: XMLDB Editor various bugs/improvements
  3. MDL-20916

Apply sesskey() mechanism to all the actions in the XMLDB Editor

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Fixed
    • Icon: Minor Minor
    • 1.8.11, 1.9.7, 2.0
    • 1.8.10, 1.9.6, 2.0
    • Database SQL/XMLDB
    • None
    • Any
    • MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE
    • MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE
    • Easy

      The XMLDB Editor is missing sesskey protection (thanks Petr for spotting that). While it's difficult to perform any attack based on that (mainly because of the session-based nature of the whole editor), to be 100% sure and correct the sesskey thing must be applied to all "edit" actions in the editor.

      Going to do it. Ciao

            stronk7 Eloy Lafuente (stronk7)
            stronk7 Eloy Lafuente (stronk7)
            Nobody Nobody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.