-
Bug
-
Resolution: Fixed
-
Minor
-
2.9.6, 3.0.4, 4.4.5
-
MOODLE_29_STABLE, MOODLE_30_STABLE, MOODLE_404_STABLE
-
MOODLE_404_STABLE, MOODLE_405_STABLE, MOODLE_500_STABLE
-
MDL-55034-404 -
MDL-55034-405 -
MDL-55034-500 -
-
Code verified against automated checks. 
Checked
MDL-55034using repository: https://github.com/paulholden/moodle/
MOODLE_404_STABLE (0 errors / 0 warnings) [branch: MDL-55034-404 | CI Job]- MOODLE_405_STABLE (0 errors / 0 warnings) [branch: MDL-55034-405 | CI Job]
- MOODLE_500_STABLE (0 errors / 0 warnings) [branch: MDL-55034-500 | CI Job]
- main (0 errors / 0 warnings) [branch: MDL-55034 | CI Job]
More information about this report
Built on: Mon Apr 14 17:19:10 UTC 2025
Code verified against automated checks. Checked MDL-55034 using repository: https://github.com/paulholden/moodle/ MOODLE_404_STABLE (0 errors / 0 warnings) [branch: MDL-55034-404 | CI Job ] MOODLE_405_STABLE (0 errors / 0 warnings) [branch: MDL-55034-405 | CI Job ] MOODLE_500_STABLE (0 errors / 0 warnings) [branch: MDL-55034-500 | CI Job ] main (0 errors / 0 warnings) [branch: MDL-55034 | CI Job ] More information about this report Built on: Mon Apr 14 17:19:10 UTC 2025 -
When deleting a External Blog entry from a user profile, the GET is showing the referer address with the sesskey value of the user session. This can be seen using Chrome Developer Tools Networking.
Steps to Replicate
- Ensure that External Blogs are enabled in the system
- Go to User Profile
- Preferences > External Blogs
- Add an External Blog RSS Feed and save
- Open up Developer Tools in Chrome
- Go to Networking
- Go back to the Moodle page
- Unregister/Delete blog in Moodle
- Look at the GET transactions (specifically Javascript)
- There will be one that has a referer that looks like the following:
https://<URL>/blog/external_blogs.php?delete=2&sesskey=<sesskey>
The system should not be sending a sesskey value as part of the GET
