Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78225

Content bank is leaking user sesskey when switching contexts

XMLWordPrintable

      When using the content bank and selecting different category or course contexts, the URL becomes:

      http://localhost:8000/contentbank/index.php?sesskey=mrF1itzAqH&contextid=3
      

      We should not leak the users sesskey in GET requests like this

      It's a regression from MDL-77148, specifically these block which both unconditionally add a 'sesskey' parameter (previously this would only be added for POST requests)

            pholden Paul Holden
            pholden Paul Holden
            Amaia Anabitarte Amaia Anabitarte
            Ferran Recio Ferran Recio
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 40 minutes
                1h 40m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.