|
|
| Participants: |
Nobody and Yoshiyuki Owa
|
| Security Level: |
None
|
| Affected Branches: |
MOODLE_19_STABLE
|
|
There is a bug in /mnet/xmlrpc/server.php line 504
$includefile = $CFG->dirroot.'/'.$filename;
I think
$includefile = '/'.$filename;
is true;
First, $includefile is used in mnet_server_invoke_method line 506.
Then $includefile is called at mnet_permit_rpc_call at line 691.
The function, mnet_permit_rpc_call, is in /mnet/lib.php.
In /mnet/lib.php line 414,
The system checks whether there is the file you want to include or not.
But, $CFG->dirroot is atatched again, here.
So, if you want to call /filename, the system checks that whether $CFG->dirroot.$CFG->dirroot.'/filename' exists or not.(doubled!)
Moodle isn't work when you access some function that isn't suported as normal function at setting mnet_dispather_mode='dangerous'.
And it returns RPC_NOSUCHFILE error.
Please check!
|
|
Description
|
There is a bug in /mnet/xmlrpc/server.php line 504
$includefile = $CFG->dirroot.'/'.$filename;
I think
$includefile = '/'.$filename;
is true;
First, $includefile is used in mnet_server_invoke_method line 506.
Then $includefile is called at mnet_permit_rpc_call at line 691.
The function, mnet_permit_rpc_call, is in /mnet/lib.php.
In /mnet/lib.php line 414,
The system checks whether there is the file you want to include or not.
But, $CFG->dirroot is atatched again, here.
So, if you want to call /filename, the system checks that whether $CFG->dirroot.$CFG->dirroot.'/filename' exists or not.(doubled!)
Moodle isn't work when you access some function that isn't suported as normal function at setting mnet_dispather_mode='dangerous'.
And it returns RPC_NOSUCHFILE error.
Please check! |
Show » |
| There are no comments yet on this issue.
|
|
Bug
Open
Critical
Mnet isn't work when the setting of mnet_dispatcher_mode is 'dangerous'.
