Loading...

XML

Word

Printable

Type: Sub-task
Resolution: Fixed
Priority: Minor
Fix Version/s: 2.6
Affects Version/s: 2.6
Component/s: Events API
Labels:
- triaged

Affected Branches:
MOODLE_26_STABLE
Fixed Branches:
MOODLE_26_STABLE
Pull from Repository:
https://github.com/rajeshtaneja/moodle.git
Pull Main Branch:
wip-mdl-42584
Pull Main Diff URL:
https://github.com/rajeshtaneja/moodle/compare/master...wip-mdl-42584
Testing Instructions:

Hide

Run phpunit

Show
Run phpunit

Sprint:
BACKEND Sprint 6

If there is user submitted text in event description we need to deal with XSS somehow, I guess it would be better to use only integers and safe strings there for now until we decide how to deal with this in logging and reports...

Affected events:

blog_entry_created
blog_entry_deleted (collides with record in other field)
blog_entry_updated (incorrect single quotes)
course_module_created (modulename is ok)
course_module_updated
user_deleted
course_module_viewed (not sure about the 'content')

Note: this is a minor issues because we can change descriptions at any time...

is duplicated by

MDL-42581 blog_entry_deleted pushes full post record into other field

Closed

Assignee:: Rajesh Taneja

Reporter:: Petr Skoda

Peer reviewer:: Ankit Agarwal

Integrator:: Marina Glancy

Tester:: Marina Glancy

Participants:: Ankit Agarwal, Dan Poltawski, Marina Glancy, Petr Skoda, Rajesh Taneja

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 29/Oct/13 4:54 AM

Updated:: 01/Nov/13 4:17 PM

Resolved:: 01/Nov/13 4:17 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Clockify