Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32458

Verify all the capabilities specified in services.php definitions are checked in code

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • None
    • 2.1.5, 2.2.2, 2.3
    • Web Services
    • None
    • MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE

      Creating this as potential security issue.

      We should check all the function implementations and verify that all the capabilities defined in the services.php files are really checked in the function body.

      Personally I always had thought that such checks were performed automatically but Jerome confirmed they aren't on execution time:

      http://tracker.moodle.org/browse/MDL-30082?focusedCommentId=152091&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-152091

      So that's the task, ciao

            jerome Jérôme Mouneyrac
            stronk7 Eloy Lafuente (stronk7)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.