Moodle

repalce cookie hack with web service user key in gradebook stats report

Details

  • Type: Sub-task Sub-task
  • Status: Open Open
  • Priority: Minor Minor
  • Resolution: Unresolved
  • Affects Version/s: 2.0
  • Fix Version/s: 2.0.8
  • Component/s: Gradebook
  • Labels:
    None
  • Affected Branches:
    MOODLE_20_STABLE
  • Fixed Branches:
    MOODLE_20_STABLE

Description

if(empty($_COOKIE) && isset($_GET['sessionid']) && isset($_GET['sessioncookie']) && isset($_GET['sessiontest'])) {
$_COOKIE['MoodleSession' . $_GET['sessioncookie']] = $_GET['sessionid'];
$_COOKIE['MoodleSessionTest' . $_GET['sessioncookie']] = $_GET['sessiontest'];
$cookiewasset = true;
}

require_once '../../../config.php';

breaks our session fixation prevention in setup.php, we can not send cookies this way

Activity

There are no comments yet on this issue.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.