Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-49383

Deprecate get_referer() in favour of a safer get_referer()

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Minor
    • 3.0
    • 2.6.8, 2.7.5, 2.8.3
    • Libraries
    • MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE
    • MOODLE_30_STABLE
    • MDL-49383-master
    • Hide
      Exploratory testing
      1. Search for usages of get_referer() and make sure is not used anywhere.
        • Note: get_referer() still present on lib/deprecatelib.php.
      Show
      Exploratory testing Search for usages of get_referer() and make sure is not used anywhere. Note: get_referer() still present on lib/deprecatelib.php .
    • Team '; drop tables Sprint 7, Team '; drop tables Sprint 9

    Description

      As MDL-49179 highlighted, the usage of referer can be insecure, it was mentioned there that we would deprecate the unsafe version of get_referer() in favour of a safe one, such as get_local_referer() or get_safe_referer().

      The deprecation will be applied to all versions, to secure Moodle but give time to 3rd party developers to secure their code.

      Attachments

        Issue Links

          Activity

            People

              lameze Simey Lameze
              fred Frédéric Massart
              Frédéric Massart Frédéric Massart
              Dan Poltawski Dan Poltawski
              Mark Nelson Mark Nelson
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.