Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78225

Content bank is leaking user sesskey when switching contexts

    XMLWordPrintable

Details

    Description

      When using the content bank and selecting different category or course contexts, the URL becomes:

      http://localhost:8000/contentbank/index.php?sesskey=mrF1itzAqH&contextid=3
      

      We should not leak the users sesskey in GET requests like this

      It's a regression from MDL-77148, specifically these block which both unconditionally add a 'sesskey' parameter (previously this would only be added for POST requests)

      Attachments

        Issue Links

          Activity

            People

              pholden Paul Holden
              pholden Paul Holden
              Amaia Anabitarte Amaia Anabitarte
              Ferran Recio Ferran Recio
              Kim Jared Lucas Kim Jared Lucas
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 40 minutes
                  1h 40m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.