Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-6062

Domoscio: mod_domoscio_create_notion_form

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.0
    • None
    • Module: Domoscio
    • None
    • MOODLE_30_STABLE

    Description

      This is very weird usage of the mforms API. What is the point of such a form mod_domoscio_create_notion_form if it is not actually used to transfer and validate the data?

      Among other consequences, the delete_notion.php is not protected against CSRF so any teacher can become a subject of a malicious attack like

      <img width="1" height="1" src=".../url/to/delete_notion.php?d=1&kn=1" />

      Attachments

        Activity

          People

            domoscio Benoit Praly
            mudrd8mz David Mudrák (@mudrd8mz)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: