Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-22526

Ratings security needs work

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • 2.0
    • 2.0
    • General
    • None
    • Any
    • MOODLE_20_STABLE
    • MOODLE_20_STABLE

      Ratings security is lacking. Its not using sesskey() and confirm_sesskey()/require_sesskey() and is thus vulnerable to CSRF.

      Is it possible to rate yourself by hand crafting a URL?

            andyjdavis Andrew Davis
            andyjdavis Andrew Davis
            Nobody Nobody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.