Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-48753

badges_get_user_badges uses concatenation to form an SQL statement

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.6, 2.7.3, 2.8.2, 2.9
    • Fix Version/s: 2.7.5, 2.8.3
    • Component/s: Badges
    • Labels:
    • Testing Instructions:
      Hide
      1. Run unit tests on `vendor/bin/phpunit core_badges_badgeslib_testcase badges/tests/badgeslib_test.php`
      2. Run behat tests on @core_badges (thanks Yuliya for already covering this)
      1. Create a badge
      2. Issue it to a user
      3. Log in as that user and browse to your profile
      4. Check you see the badge.
      Show
      Run unit tests on `vendor/bin/phpunit core_badges_badgeslib_testcase badges/tests/badgeslib_test.php` Run behat tests on @core_badges (thanks Yuliya for already covering this) Create a badge Issue it to a user Log in as that user and browse to your profile Check you see the badge.
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-48753_master

      Description

      The function badges_get_user_badges in lib/badgeslib.php is using concatenation to form part of an SQL statement.
      While all current core uses are safely handing the concatenated param it could potentially be exploited if the calling code was sloppy.
      This is a pretty minor issue at this point, however one that really should be addressed.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                2/Feb/15