Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51440

gradeimport_direct: incorrect config inclusion

    XMLWordPrintable

Details

    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • mdl51440-master
    • Hide

      1. Verify the Grade -> Import -> Paste from spreadsheet renders correctly.
      2. Undo this fix so the page generates an error by changing require_once statement as follows:
      require_once(_DIR_ . "/../../../config.php");
      to
      require_once(_DIR_ . "/../../../../config.php");
      3. Refresh page and expect a require_once error:
      require_once(/var/www/moodle/grade/import/direct/../../../../config.php)

      Show
      1. Verify the Grade -> Import -> Paste from spreadsheet renders correctly. 2. Undo this fix so the page generates an error by changing require_once statement as follows: require_once(_ DIR _ . "/../../../config.php"); to require_once(_ DIR _ . "/../../../../config.php"); 3. Refresh page and expect a require_once error: require_once(/var/www/moodle/grade/import/direct/../../../../config.php)

    Description

      Currently when accessing the Grade -> Import -> Paste from spreadsheet it is trying to include the config.php file outside of the Moodle directory.

      /var/www/moodle/grade/import/direct../../../../config.php

      Moodle is removing the incorrect '..' so the page works correctly.

      This issue changes so it is included like Import from CSV.

      Attachments

        Activity

          People

            tlock Tim Lock
            tlock Tim Lock
            Simey Lameze Simey Lameze
            David Monllaó David Monllaó
            David Monllaó David Monllaó
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              9/Nov/15