Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-6062

Domoscio: mod_domoscio_create_notion_form

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 3.0
    • Module: Domoscio
    • None
    • MOODLE_30_STABLE

      This is very weird usage of the mforms API. What is the point of such a form mod_domoscio_create_notion_form if it is not actually used to transfer and validate the data?

      Among other consequences, the delete_notion.php is not protected against CSRF so any teacher can become a subject of a malicious attack like

      <img width="1" height="1" src=".../url/to/delete_notion.php?d=1&kn=1" />

            domoscio Benoit Praly
            mudrd8mz David Mudrák (@mudrd8mz)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.