Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-80124

Admin preset tool doesn't correctly prevent the deletion of core presets

    XMLWordPrintable

Details

    Description

      There is front-end logic (only) to prevent the deletion of the pre-installed admin presets (Starter & Full): https://github.com/moodle/moodle/blob/14414fe253f8cb96c4b1a69c45145e9e2df41f33/admin/tool/admin_presets/classes/output/presets_list.php#L108-L118

      However there is no backend logic of the same, meaning we can amend the URL to delete them

      I've marked this as Could be a security issue although I don't think actually it represents one - we could probably mark as "security_benefit" - michaelh, thoughts?

      Attachments

        Issue Links

          Activity

            People

              pholden Paul Holden
              pholden Paul Holden
              Stevani Andolo Stevani Andolo
              Ilya Tregubov Ilya Tregubov
              Kim Jared Lucas Kim Jared Lucas
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 53 minutes
                  1h 53m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.