Issue Details (XML | Word | Printable)

Key: MDL-17611
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Blocker Blocker
Assignee: Andreas Grabs
Reporter: Petr Skoda
Votes: 0
Watchers: 0
Operations

Add/Edit UI Mockup to this issue
If you were logged in you would be able to see more operations.
Moodle

mod/feedback:complete marked with XSS risk

Created: 12/Dec/08 03:04 AM   Updated: 10/Feb/09 11:48 AM
Return to search
Component/s: Feedback
Affects Version/s: 1.9.4, 2.0
Fix Version/s: 1.9.5, 2.0

Issue Links:
Relates
 

Participants: Andreas Grabs, Petr Skoda and Tim Hunt
Security Level: None
QA Assignee: Tim Hunt
Resolved date: 27/Jan/09
Affected Branches: MOODLE_19_STABLE, MOODLE_20_STABLE
Fixed Branches: MOODLE_19_STABLE, MOODLE_20_STABLE


 Description  « Hide
mod/feedback:complete capability is given to user, but is marked as RISK_XSS
This is not possible, no XSS cap may be given to students. I suppose you meant to set SPAM risk there only, right?

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Petr Skoda added a comment - 12/Dec/08 03:06 AM
I have committed a patch that removes the XSS risk from this cap, please review the code, thanks

[ Permalink | « Hide ]
Andreas Grabs added a comment - 12/Dec/08 06:17 AM
Thank you !

[ Permalink | « Hide ]
Petr Skoda added a comment - 27/Jan/09 06:25 PM
I have added the fix into 1.9.x contrib branch too because it was causing problems in security overview report, thanks.

[ Permalink | « Hide ]
Petr Skoda added a comment - 28/Jan/09 02:36 PM
oops, forgot to bump up version number in 19 branch, sorrry

[ Permalink | « Hide ]
Tim Hunt added a comment - 10/Feb/09 11:48 AM
Good fix. Thanks.


Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators