Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59045

Viewing user in edit-mode isn't saved to the standard log.

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.7.20, 3.1.6, 3.3
    • Fix Version/s: None
    • Component/s: Events API
    • Labels:
      None
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_31_STABLE, MOODLE_33_STABLE

      Description

      Hello,

      When an manager/administrator views user information from site administration -> users -> browse list of users -> then he edits an user he can see his/hers information and this "viewing" isn't saved to standard log.

      If he goes from administration -> users -> browse list of users -> then he clicks the users name -> this is saved to the standard log with event name "User profile viewed" "The user with id '2' viewed the profile for the user with id '4'."

      So this should be applied to the edit situtation as well because it seems an security issue to me when some admin user can exploits this to malicous ends by looking end users's private information and nothing is saved to the log.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: