Minor Replication steps:-
- goto a course settings and select "hide sections completely that are invisible" for "Hidden sections" setting.
- Hide a section
- As a student try to access this section page (course/view.php?id=37§ion=12).
Since a blank page is shown instead of error, student can know that the section exists but is not visible.
IMO this is a minor security risk, as it gives away the information if the section exists or not.
- Discovered while testing
-
MDLQA-3913
Moodle 2.3 QA Cycle 2 Test Session 4
-
- Open
-