Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-22526

Ratings security needs work

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.0
    • 2.0
    • General
    • None
    • Any
    • MOODLE_20_STABLE
    • MOODLE_20_STABLE

    Description

      Ratings security is lacking. Its not using sesskey() and confirm_sesskey()/require_sesskey() and is thus vulnerable to CSRF.

      Is it possible to rate yourself by hand crafting a URL?

      Attachments

        Issue Links

          Activity

            People

              andyjdavis Andrew Davis
              andyjdavis Andrew Davis
              Nobody Nobody
              Adrian Greeve, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                24/Nov/10