Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68491

Database - GPS data visible

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.8.5, 3.9.1
    • Fix Version/s: None
    • Labels:
    • Affected Branches:
      MOODLE_38_STABLE, MOODLE_39_STABLE

      Description

      GPS data of all entries in a database are visible to unauthorized users via the search dropdown.

      steps to reproduce:

      • create Database "testbase" Material
        • approval required = yes
        • Entries required before viewing = 50
        • Maximum number of entries = 3
      • add "gps" field of type longitude/latitude
      • add 3 entries with user A
      • make sure entries are not approved
      • with user B go to "testbase" -> search
      • expand "gps" dropdown

      Problem: dropbox reveals 3 hidden coordinates of user A to user B

      This has caused a privacy issue since the database was used to collect Students home locations for logistical reasons, which were not supposed to be visible to other students.

      expected behavior: no preset data to select for gps, since

      1. they should not be visible until approved
      2. B has not entered at least 50 entries

      workaround: change the template for search to not include gps field

       

      (using version 3.8.1)

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            primzahlteiler Primzahlteiler
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m