1. 06 Jan, 2017 2 commits
    • Dan Poltawski's avatar
    • David Mudrák's avatar
      MDL-57580 mod_assign: Fix the incorrect type of some input parameters · 82a8d0d2
      David Mudrák authored
      The PARAM_TEXT has been misused in certain cases here. The 'action'
      parameter seems to always be alphabetic, with values like
      savesubmission, editsubmission and others as handled in assign::view().
      Fixing the action handling fixes the reported XSS issue. While working
      on it, I spotted two more places where PARAM_TEXT does not seem
      appropriate. I include changes for them too, even if they are no
      strictly related to the reported bug and there are no known ways to
      abuse it.
      * The 'plugin' looks like PARAM_PLUGIN and is even declared as such in
        some other parts of the assignment code (such as feedback forms).
      * The 'workflowstate' is one of the ASSIGN_MARKING_WORKFLOW_STATE
        constants and is supposed to be alpha in external function input
        parameters handling, too.
  2. 05 Jan, 2017 6 commits
  3. 04 Jan, 2017 13 commits
  4. 03 Jan, 2017 9 commits
  5. 02 Jan, 2017 8 commits
  6. 30 Dec, 2016 2 commits