Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-5799

Remove RISK_XSS from capabilities which do not pose such a risk.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.8.6, 2.9
    • Fix Version/s: 2.8.7, 2.9.1, 3.0.4
    • Component/s: Set: Dataform
    • Labels:
      None

      Description

      This is particularly required in entry capabilities since these are granted by default to students and as such generate a warning in the security report.

      Capabilities affected:
      mod/dataform:managefilters
      mod/dataform:manageaccess
      mod/dataform:managenotifications
      mod/dataform:managecss
      mod/dataform:managetools
      mod/dataform:entryearlyadd
      mod/dataform:entrylateadd
      mod/dataform:entryownadd
      mod/dataform:entrygroupadd
      mod/dataform:entryanyadd
      mod/dataform:entryanonymousadd

        Attachments

          Activity

            People

            Assignee:
            itamart Itamar Tzadok
            Reporter:
            itamart Itamar Tzadok
            Participants:
            Component watchers:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              6/Jul/15