Loading...

XML

Word

Printable

Type: Improvement
Resolution: Inactive
Priority: Minor
Fix Version/s: None
Affects Version/s: 1.9.7
Component/s: Accessibility, Language
Labels:
- triaged

Affected Branches:
MOODLE_19_STABLE

It's possible to set a users language for the current session without any confirmation from the user.

setup.lib checks for a 'lang' parameter and sets $SESSION->lang

http://xref.moodle.org/nav.html?lib/setup.php.source.html#l644

current_language() checks for existence of this session variable and sets language

http://xref.moodle.org/nav.html?lib/moodlelib.php.source.html#l5069

Probably some confirm_sesskey() checks should be used so that users can't have their language changed simply by requesting http://moodle.org?lang=he

duplicates

MDL-19675 Session languages changes via lang=... in the URL should be sesskey protected

Closed

has been marked as being related by

MDLSITE-6714 Wrong language displayed occasionally on Moodle.org

Development in progress

Assignee:: Unassigned

Reporter:: Paul Holden

Participants:: Marina Glancy, Paul Holden, Petr Skoda

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 11/Feb/10 3:19 AM

Updated:: 02/Feb/23 10:02 PM

Resolved:: 22/Nov/14 12:26 AM