Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69282

Prohibit calendar import of own export calendar url and blocked hosts

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.8.4, 3.9.1
    • Fix Version/s: None
    • Component/s: Calendar
    • Labels:
      None

      Description

      We've encountered by chance, that some students have subscribed their own Moodle calendar in Moodle itself. It was resulting in more than 1000 times the same calendar entry for this particular user. As it was hourly importing the Moodle calendar itself in Moodle.

      I think this is a missing part in the validation and should not be permitted. Further I've noticed that you can input just a "word" as URL and it will not lead to an error in this form validation. And it also doesn't checkes the blocked hosts defined in the HTTP security settings of Moodle.

      This part should be covered as well.

        Attachments

          Activity

            People

            Assignee:
            pead Adrian Perez
            Reporter:
            pead Adrian Perez
            Participants:
            Component watchers:
            Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: