Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78225

Content bank is leaking user sesskey when switching contexts

XMLWordPrintable

      When using the content bank and selecting different category or course contexts, the URL becomes:

      http://localhost:8000/contentbank/index.php?sesskey=mrF1itzAqH&contextid=3

      We should not leak the users sesskey in GET requests like this

      It's a regression from MDL-77148, specifically these block which both unconditionally add a 'sesskey' parameter (previously this would only be added for POST requests)

        1. (I) Passed -- (400)MDL-78225.png
          83 kB
          Kim Jared Lucas
        2. (I) Passed -- (401)MDL-78225.png
          48 kB
          Kim Jared Lucas
        3. (I) Passed -- (402)MDL-78225.png
          48 kB
          Kim Jared Lucas
        4. (I) Passed -- (Master)MDL-78225.png
          71 kB
          Kim Jared Lucas

            pholden Paul Holden
            pholden Paul Holden
            Amaia Anabitarte Amaia Anabitarte
            Ferran Recio Ferran Recio
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 40 minutes
                1h 40m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.