Loading...

XML

Word

Printable

Type: Improvement
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: 2.8.3
Component/s: Blocks
Labels:
- triaged

Affected Branches:
MOODLE_28_STABLE

Most of 'block/xxx:addinstance' permissions have risk bitmask

'riskbitmask' => RISK_SPAM | RISK_XSS,

There is no XSS risk in any blocks except for html (and maybe one-two others). Also not sure what SPAM is for

is a regression caused by

MDL-34270 Block restrictions - addinstance

Closed

Assignee:: Unassigned

Reporter:: Marina Glancy

Participants:: Dan Poltawski, Eloy Lafuente (stronk7), Marina Glancy, Matt Porritt, Tim Hunt

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 11/Feb/15 12:20 AM

Updated:: 02/Dec/22 7:54 AM

Resolved:: 02/Dec/22 7:54 AM