Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Incomplete
    • Affects Version/s: 2.0
    • Fix Version/s: STABLE backlog
    • Component/s: Wiki (2.x)
    • Labels:
    • Affected Branches:
      MOODLE_20_STABLE

      Description

      Tim just created new security related pages in our docs http://docs.moodle.org/en/Development:Security

      1/ learn how to use require_login() and require_course_login()
      2/ learn how to use sesskey to prevent CSRF
      3/ add missing capability tests
      4/ learn how to use s() in forms - potential XSS in block_wiki_search - PARAM_ACTION prevents it, but this type is not correct there because it would work for english only

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: