-
Bug
-
Resolution: Fixed
-
Minor
-
3.11.4, 4.0
-
MOODLE_311_STABLE, MOODLE_400_STABLE
-
MOODLE_311_STABLE
-
Easy
-
The manage tokens page must have a sesskey, but this isn't an action page, ie a http post, or a get with a redirect to remove the sesskey
/user/managetoken.php?sesskey=ml2kgScgD0
The sesskey check should be moved down to only apply to the actions of reseting tokens instead of the whole page
- has been marked as being related by
-
MDL-73088 Refactor /user/managetoken.php to allow all user keys to be managed and revoked
- Open