-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
3.8.1
-
MOODLE_38_STABLE
I couldn't find where BBB performs sesskey checking in {bbb_ajax.php, which it appears to use as a custom endpoint for AJAX interactions - this could allow actions to be performed by a user without their knowledge
Solution: implement user sesskey checks, or re-factor to use AJAX webservices