Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32774

Assignment upgrade tool lacks sesskey protection

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3
    • Fix Version/s: 2.3
    • Component/s: Assignment
    • Labels:
    • Testing Instructions:
      Hide

      Attempt to access a URL of the form: /admin/tool/assignmentupgrade/upgradesingle.php?id=XXX&confirm=1 where XXX is the course module id of an instance of the old assignment.

      Success: An error is shown: "A required parameter (sesskey) was missing"
      Error: The assignment upgrades.

      Show
      Attempt to access a URL of the form: /admin/tool/assignmentupgrade/upgradesingle.php?id=XXX&confirm=1 where XXX is the course module id of an instance of the old assignment. Success: An error is shown: "A required parameter (sesskey) was missing" Error: The assignment upgrades.
    • Affected Branches:
      MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_23_STABLE
    • Pull Master Branch:
      MDL-32774-CLEAN

      Description

      All URLs in the admin/tool/assignmentupgrade plugin should require the sesskey in the URL.

      The files that require protection are:

      upgradesingle.php
      upgradesingleconfirm.php
      batchupgrade.php
      and listnotupgraded.php (when one of the optional parameters "upgradeall" or "selectedassignments" is set)

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    25/Jun/12