-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
3.0
-
None
-
MOODLE_30_STABLE
This is very weird usage of the mforms API. What is the point of such a form mod_domoscio_create_notion_form if it is not actually used to transfer and validate the data?
Among other consequences, the delete_notion.php is not protected against CSRF so any teacher can become a subject of a malicious attack like
<img width="1" height="1" src=".../url/to/delete_notion.php?d=1&kn=1" />