Session key not checked in admin/users/addtoinstitution.php
Bug #800032 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Richard Mansfield | ||
1.3 |
Fix Released
|
High
|
Richard Mansfield |
Bug Description
The addtoinstitutio
Easiest fix is probably to remove the script and move its contents into a pieform submit function. The script is linked to from the admin user search page when viewed by an institutional admin for users who have requested institution membership.
CVE References
Changed in mahara: | |
status: | Confirmed → In Progress |
Changed in mahara: | |
status: | In Progress → Fix Released |
visibility: | private → public |
To post a comment you must log in.
This patch is for master (fb05fba459). In a day or so it will no longer apply cleanly, but I'm leaving it here so I don't forget about it.