[MDL-33941] Blank page is shown to students when they view a hidden section page - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Cannot Reproduce
Affects Version/s: 2.3
Fix Version/s: None
Component/s: Course
Labels:
- triaged

Affected Branches:
MOODLE_23_STABLE

Description

Replication steps:-

goto a course settings and select "hide sections completely that are invisible" for "Hidden sections" setting.
Hide a section
As a student try to access this section page (course/view.php?id=37&section=12).

Since a blank page is shown instead of error, student can know that the section exists but is not visible.
IMO this is a minor security risk, as it gives away the information if the section exists or not.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDL-33941.png
224 kB
15/Apr/18 2:51 PM

Issue Links

Discovered while testing

MDLQA-3913 Moodle 2.3 QA Cycle 2 Test Session 4

Open

Activity

People

Assignee:: Unassigned

Reporter:: Ankit Agarwal

Participants:: Ankit Agarwal, Dan Poltawski, Janelle Barcega, Luca Bösch, Michael de Raadt

Component watchers:: Amaia Anabitarte, Carlos Escobedo, Laurent David, Sabina Abellan, Sara Arjona (@sarjona)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Jun/12 11:31 PM

Updated:: 15/Oct/20 11:38 AM

Resolved:: 15/Oct/20 11:38 AM