1. 10 Jan, 2017 1 commit
  2. 06 Jan, 2017 3 commits
    • Dan Poltawski's avatar
      weekly release 3.3dev · 8ed0851a
      Dan Poltawski authored
    • Dan Poltawski's avatar
    • David Mudrák's avatar
      MDL-57580 mod_assign: Fix the incorrect type of some input parameters · 82a8d0d2
      David Mudrák authored
      The PARAM_TEXT has been misused in certain cases here. The 'action'
      parameter seems to always be alphabetic, with values like
      savesubmission, editsubmission and others as handled in assign::view().
      Fixing the action handling fixes the reported XSS issue. While working
      on it, I spotted two more places where PARAM_TEXT does not seem
      appropriate. I include changes for them too, even if they are no
      strictly related to the reported bug and there are no known ways to
      abuse it.
      * The 'plugin' looks like PARAM_PLUGIN and is even declared as such in
        some other parts of the assignment code (such as feedback forms).
      * The 'workflowstate' is one of the ASSIGN_MARKING_WORKFLOW_STATE
        constants and is supposed to be alpha in external function input
        parameters handling, too.
  3. 05 Jan, 2017 6 commits
  4. 04 Jan, 2017 13 commits
  5. 03 Jan, 2017 9 commits
  6. 02 Jan, 2017 8 commits