Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-77320

License manager leaks sesskey when creating new license

XMLWordPrintable

    • MOODLE_400_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE
    • MOODLE_400_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE
    • MDL-77320-401
    • Hide
      1. Log in as admin
      2. Navgate to License > License manager in site administration
      3. Confirm sesskey is not present in URL
      4. Press Create license
      5. Confirm sesskey is not present in URL
      6. Fill in form and save
      7. Press Edit button for your new license
      8. Confirm sesskey is not present in URL
      9. Edit form and save
      10. Press Move up/down icon for your new license
      11. Confirm licence ordering is updated as appopriate
      12. Press Disable icon for your new license
      13. Confirm license is disabled
      14. Press Enable icon for your new license
      15. Confirm license is enabled
      16. Press Delete icon for your new license
      17. Confirm you do want to delete the license in dialog
      18. Confirm license is deleted
      19. Copy the Disable link for an existing license, it'll look like:

        <WWWROOT>/admin/tool/licensemanager/index.php?action=disable&license=cc-nd&sesskey=NHCGiDsbFq
        

      20. Remove the &sesskey= portion of the URL and navigate to the new URL
      21. Confirm you see an error about required sesskey
      22. Go back to list of licenses
      23. Disable a license
      24. Copy the Enable link for the disabled license, it'll look like:

        <WWWROOT>/admin/tool/licensemanager/index.php?action=enable&license=cc-nc&sesskey=NHCGiDsbFq
        

      25. Remove the &sesskey= portion of the URL and navigate to the new URL
      26. Confirm you see an error about required sesskey
      27. Go back to list of licenses
      28. Copy the Move up link for an existing license, it'll look like:

        <WWWROOT>/admin/tool/licensemanager/index.php?action=moveup&license=cc-nc&sesskey=NHCGiDsbFq
        

      29. Remove the &sesskey= portion of the URL and navigate to the new URL
      30. Confirm you see an error about required sesskey
      31. Go back to list of licenses
      32. Copy the Move down link for an existing license, it'll look like:

        <WWWROOT>/admin/tool/licensemanager/index.php?action=movedown&license=cc-nc&sesskey=NHCGiDsbFq
        

      33. Remove the &sesskey= portion of the URL and navigate to the new URL
      34. Confirm you see an error about required sesskey
      Show
      Log in as admin Navgate to License > License manager in site administration Confirm sesskey is not present in URL Press Create license Confirm sesskey is not present in URL Fill in form and save Press Edit button for your new license Confirm sesskey is not present in URL Edit form and save Press Move up/down icon for your new license Confirm licence ordering is updated as appopriate Press Disable icon for your new license Confirm license is disabled Press Enable icon for your new license Confirm license is enabled Press Delete icon for your new license Confirm you do want to delete the license in dialog Confirm license is deleted Copy the Disable link for an existing license, it'll look like: <WWWROOT>/admin/tool/licensemanager/index.php?action=disable&license=cc-nd&sesskey=NHCGiDsbFq Remove the &sesskey= portion of the URL and navigate to the new URL Confirm you see an error about required sesskey Go back to list of licenses Disable a license Copy the Enable link for the disabled license, it'll look like: <WWWROOT>/admin/tool/licensemanager/index.php?action=enable&license=cc-nc&sesskey=NHCGiDsbFq Remove the &sesskey= portion of the URL and navigate to the new URL Confirm you see an error about required sesskey Go back to list of licenses Copy the Move up link for an existing license, it'll look like: <WWWROOT>/admin/tool/licensemanager/index.php?action=moveup&license=cc-nc&sesskey=NHCGiDsbFq Remove the &sesskey= portion of the URL and navigate to the new URL Confirm you see an error about required sesskey Go back to list of licenses Copy the Move down link for an existing license, it'll look like: <WWWROOT>/admin/tool/licensemanager/index.php?action=movedown&license=cc-nc&sesskey=NHCGiDsbFq Remove the &sesskey= portion of the URL and navigate to the new URL Confirm you see an error about required sesskey

      Discovered while integrating MDL-77269

      Pressing "Create license" leads to the following URL:

      http://integration.internal/master/admin/tool/licensemanager/index.php?action=create&sesskey=oFQT7f1XzY
      

      The &sesskey= parameter just to display the form is redundant

            pholden Paul Holden
            pholden Paul Holden
            Stevani Andolo Stevani Andolo
            Ilya Tregubov Ilya Tregubov
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 30 minutes
                1h 30m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.