Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51440

gradeimport_direct: incorrect config inclusion

XMLWordPrintable

    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • mdl51440-master
    • Hide

      1. Verify the Grade -> Import -> Paste from spreadsheet renders correctly.
      2. Undo this fix so the page generates an error by changing require_once statement as follows:
      require_once(_DIR_ . "/../../../config.php");
      to
      require_once(_DIR_ . "/../../../../config.php");
      3. Refresh page and expect a require_once error:
      require_once(/var/www/moodle/grade/import/direct/../../../../config.php)

      Show
      1. Verify the Grade -> Import -> Paste from spreadsheet renders correctly. 2. Undo this fix so the page generates an error by changing require_once statement as follows: require_once(_ DIR _ . "/../../../config.php"); to require_once(_ DIR _ . "/../../../../config.php"); 3. Refresh page and expect a require_once error: require_once(/var/www/moodle/grade/import/direct/../../../../config.php)

      Currently when accessing the Grade -> Import -> Paste from spreadsheet it is trying to include the config.php file outside of the Moodle directory.

      /var/www/moodle/grade/import/direct../../../../config.php

      Moodle is removing the incorrect '..' so the page works correctly.

      This issue changes so it is included like Import from CSV.

            tlock Tim Lock
            tlock Tim Lock
            Simey Lameze Simey Lameze
            David Monllaó David Monllaó
            David Monllaó David Monllaó
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.