Moodle

pluginfile.php serves seems to be serving private content

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 2.0
  • Fix Version/s: 2.0
  • Component/s: Files API
  • Labels:
    None
  • Difficulty:
    Easy
  • Affected Branches:
    MOODLE_20_STABLE
  • Fixed Branches:
    MOODLE_20_STABLE

Description

Was playing with File Manager when I discovered that some files, served by pluginfile.php were accessible without being logged. For example this:

http://127.0.0.1/~stronk7/moodle_head/pluginfile.php/16/forum_intro/header.txt
(one simple txt file uploaded in one course "forum_intro" area)

So, something is wrong there... I think. Ciao

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

should be fixed, thanks

Show
Petr Škoda (skodak) added a comment - should be fixed, thanks
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

tested. now pluginfile redirects to login page properly. Closing, thanks!

Show
Eloy Lafuente (stronk7) added a comment - tested. now pluginfile redirects to login page properly. Closing, thanks!

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.