Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32774

Assignment upgrade tool lacks sesskey protection

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.3
    • 2.3
    • Assignment
    • MOODLE_23_STABLE
    • MOODLE_23_STABLE
    • MDL-32774-CLEAN
    • Hide

      Attempt to access a URL of the form: /admin/tool/assignmentupgrade/upgradesingle.php?id=XXX&confirm=1 where XXX is the course module id of an instance of the old assignment.

      Success: An error is shown: "A required parameter (sesskey) was missing"
      Error: The assignment upgrades.

      Show
      Attempt to access a URL of the form: /admin/tool/assignmentupgrade/upgradesingle.php?id=XXX&confirm=1 where XXX is the course module id of an instance of the old assignment. Success: An error is shown: "A required parameter (sesskey) was missing" Error: The assignment upgrades.

    Description

      All URLs in the admin/tool/assignmentupgrade plugin should require the sesskey in the URL.

      The files that require protection are:

      upgradesingle.php
      upgradesingleconfirm.php
      batchupgrade.php
      and listnotupgraded.php (when one of the optional parameters "upgradeall" or "selectedassignments" is set)

      Attachments

        Issue Links

          Activity

            People

              damyon Damyon Wiese
              damyon Damyon Wiese
              Dan Poltawski Dan Poltawski
              Adrian Greeve Adrian Greeve
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                25/Jun/12