Uploaded image for project: 'Moodle Community Sites'
  1. Moodle Community Sites
  2. MDLSITE-2075

Moodle plus releases recent changelog is non-wellformed and so can't be displayed

    XMLWordPrintable

Details

    Description

      Visit http://download.moodle.org/
      Use Mozilla Firefox 17.0.1, click on "Recent changes log" (for 2.4+)

      Seems that it doesn't like this: href="http://tracker.moodle.org/browse/<a

      XML-Processing error: not wellformed
      http://git.moodle.org/gw?p=moodle.git;a=log;h=refs/heads/MOODLE_24_STABLE
      row no. 1356, column 243:
      Similar to the issue which allowed teachers to create site-wide scales by editing a course-specific scale (<a class="text" href="http://tracker.moodle.org/browse/<a class="text" href="http://tracker.moodle.org/browse/MDL-24682">MDL-24682</a>">MDL-24682</a>), teachers could also promote a course-specific scale to a site-wide (standard) by editing it.  As with MDL-24682, removing the course ID check (leaving just the capability check) prevents this unauthorised creation of site-wide (standard) outcomes.<br/>
      --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------^

      Marked as possible security issue, because without changelog nobody knows if something security related has been changed. The changelog shouldn't be not wellformed either.

      Maybe the changelog descriptions itself could also be improved, because I don't think many people immediately know what Merge branch ... of ... really changed/fixed without looking into the details?

      Attachments

        Issue Links

          Activity

            People

              poltawski Dan Poltawski
              moodlebugreporter Himmelbauer
              David Mudrák (@mudrd8mz)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: