Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43058

report_security_check_riskxss reports additional name fields in the user object.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.6.1
    • 2.6, 2.7
    • Reports
    • MOODLE_26_STABLE, MOODLE_27_STABLE
    • MOODLE_26_STABLE
    • wip-MDL-43058-master
    • Hide
      • Check that none of the following pages display a developer warning about additional name fields.
      1. Go to [Administration ► Site administration ► Reports ► Security overview]
      2. Check these pages:
        • XSS trusted users.
        • Administrators.
        • Backup of user data.
      Show
      Check that none of the following pages display a developer warning about additional name fields. Go to [Administration ► Site administration ► Reports ► Security overview] Check these pages: XSS trusted users. Administrators. Backup of user data.
    • 3
    • BACKEND Sprint 7

      The report_security_check_riskxss reports :

      You need to update your sql to include additional name fields in the user object.
      line 3580 of /lib/moodlelib.php: call to debugging()
      line 513 of /report/security/locallib.php: call to fullname()
      line 74 of /report/security/index.php: call to report_security_check_riskxss()

      Fix:

      /report/security/locallib.php

      if ($detailed) {
      --$users = $DB->get_records_sql("SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt $sqlfrom", $params);
      ++$userfields = user_picture::fields('u');
      ++$users = $DB->get_records_sql("SELECT DISTINCT $userfields $sqlfrom", $params);
      

            abgreeve Adrian Greeve
            rdebleu Renaat Debleu
            Sam Hemelryk Sam Hemelryk
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Frédéric Massart Frédéric Massart
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.