Loading...

XML

Word

Printable

Type: Task
Resolution: Fixed
Priority: Minor
Fix Version/s: 3.0
Affects Version/s: 2.6.8, 2.7.5, 2.8.3
Component/s: Libraries
Labels:
- ci
- triaged

Affected Branches:
MOODLE_26_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE
Fixed Branches:
MOODLE_30_STABLE
Pull from Repository:
git://github.com/lameze/moodle.git
Pull Main Branch:
~~MDL-49383~~-master
Pull Main Diff URL:
https://github.com/lameze/moodle/compare/d846254...MDL-49383-master
Testing Instructions:
Hide

Exploratory testing

Search for usages of get_referer() and make sure is not used anywhere.

Note: get_referer() still present on lib/deprecatelib.php.
Show
Exploratory testing Search for usages of get_referer() and make sure is not used anywhere. Note: get_referer() still present on lib/deprecatelib.php .

Sprint:
Team '; drop tables Sprint 7, Team '; drop tables Sprint 9

As MDL-49179 highlighted, the usage of referer can be insecure, it was mentioned there that we would deprecate the unsafe version of get_referer() in favour of a safe one, such as get_local_referer() or get_safe_referer().

The deprecation will be applied to all versions, to secure Moodle but give time to 3rd party developers to secure their code.

blocks

MDL-49360 Use get_local_referer() rather direct HTTP_REFERER directly

Closed

has a non-specific relationship to

MDL-50265 Phase 2 of deprecation of functions in lib/deprecatedlib.php initially deprecated in 3.0

Closed

Assignee:: Simey Lameze

Reporter:: Frédéric Massart

Peer reviewer:: Frédéric Massart

Integrator:: Dan Poltawski

Tester:: Mark Nelson

Participants:: CiBoT, Dan Poltawski, Frédéric Massart, Mark Nelson, Simey Lameze

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 05/Mar/15 4:43 AM

Updated:: 31/Jul/15 7:30 AM

Resolved:: 31/Jul/15 7:30 AM

Details

Exploratory testing

Description

Attachments

Issue Links

Activity

People

Dates

Clockify