Session key not checked in admin/users/addtoinstitution.php
Bug #800032 reported by
Richard Mansfield
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
High
|
Richard Mansfield | ||
| 1.3 |
Fix Released
|
High
|
Richard Mansfield | ||
Bug Description
The addtoinstitutio
Easiest fix is probably to remove the script and move its contents into a pieform submit function. The script is linked to from the admin user search page when viewed by an institutional admin for users who have requested institution membership.
CVE References
| Changed in mahara: | |
| status: | Confirmed → In Progress |
| Changed in mahara: | |
| status: | In Progress → Fix Released |
| visibility: | private → public |
To post a comment you must log in.

This patch is for master (fb05fba459). In a day or so it will no longer apply cleanly, but I'm leaving it here so I don't forget about it.