Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-49383

Deprecate get_referer() in favour of a safer get_referer()

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.8, 2.7.5, 2.8.3
    • Fix Version/s: 3.0
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide
      Exploratory testing
      1. Search for usages of get_referer() and make sure is not used anywhere.
        • Note: get_referer() still present on lib/deprecatelib.php.
      Show
      Exploratory testing Search for usages of get_referer() and make sure is not used anywhere. Note: get_referer() still present on lib/deprecatelib.php .
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-49383-master
    • Sprint:
      Team '; drop tables Sprint 7, Team '; drop tables Sprint 9

      Description

      As MDL-49179 highlighted, the usage of referer can be insecure, it was mentioned there that we would deprecate the unsafe version of get_referer() in favour of a safe one, such as get_local_referer() or get_safe_referer().

      The deprecation will be applied to all versions, to secure Moodle but give time to 3rd party developers to secure their code.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              lameze Simey Lameze
              Reporter:
              fred Frédéric Massart
              Peer reviewer:
              Frédéric Massart Frédéric Massart
              Integrator:
              Dan Poltawski Dan Poltawski
              Tester:
              Mark Nelson Mark Nelson
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                16/Nov/15