moodle/assign at ab1ca45eb0fda30915c49454bc199d9e644e2e7f - moodle - Irisnetwork

mirror_php/moodle

mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00

History

David Mudrák 82a8d0d21d MDL-57580 mod_assign: Fix the incorrect type of some input parameters

The PARAM_TEXT has been misused in certain cases here. The 'action'
parameter seems to always be alphabetic, with values like
savesubmission, editsubmission and others as handled in assign::view().

Fixing the action handling fixes the reported XSS issue. While working
on it, I spotted two more places where PARAM_TEXT does not seem
appropriate. I include changes for them too, even if they are no
strictly related to the reported bug and there are no known ways to
abuse it.

* The 'plugin' looks like PARAM_PLUGIN and is even declared as such in
  some other parts of the assignment code (such as feedback forms).

* The 'workflowstate' is one of the ASSIGN_MARKING_WORKFLOW_STATE
  constants and is supposed to be alpha in external function input
  parameters handling, too.

2017-01-05 17:39:36 +01:00

..

MDL-57097 mod_assign: add event listener to avoid form submit

2016-11-24 11:24:25 +08:00

MDL-29795 assign: add missing sortorder column for overrides when backing up a course

2016-11-08 13:23:22 +11:00

MDL-29795 mod_assign: Add user/group override assignment module

2016-10-24 11:03:49 +01:00

MDL-57266 upgrade: add 3.2.0 separation line to all upgrade scripts

2016-12-05 17:10:20 +01:00

MDL-56810 unoconv: task fails if user removed

2016-12-12 08:22:51 -05:00

MDL-56903 lang: Merge English strings from the en_fix language pack

2016-11-15 11:19:48 +01:00

NOBUG: Fixed SVG browser compatibility

2016-07-07 10:19:45 +02:00

Merge branch 'MDL-57266' of git://github.com/stronk7/moodle

2016-12-07 09:53:16 +08:00

Merge branch 'MDL-29795_master' of https://github.com/dmonllao/moodle

2016-11-07 09:20:59 +08:00

MDL-57222 mod_assign: show validation message on visible element

2016-12-12 11:55:18 +08:00

MDL-55244 js: build changes

2016-07-25 07:58:05 +01:00

adminlib.php

MDL-42078 multiple uninstall improvements and cleanup

2013-10-07 13:10:36 +02:00

adminmanageplugins.php

MDL-35628 performance: Remove dirname() where possible.

2016-06-10 08:06:49 +10:00

assignmentplugin.php

MDL-55129 mod_assign: Allow plugins to handle configs for external

2016-10-04 20:28:38 +01:00

batchsetallocatedmarkerform.php

MDL-42531 assign: refactor batch operations to use forms properly

2014-06-10 14:06:41 +10:00

batchsetmarkingworkflowstateform.php

MDL-45324 assign: notify when workflow is Off, or if state is Released

2014-12-10 22:29:08 +10:00

extensionform.php

MDL-55472 assign: Show userlist on extension form error page

2016-09-25 11:29:43 +10:00

externallib.php

MDL-57580 mod_assign: Fix the incorrect type of some input parameters

2017-01-05 17:39:36 +01:00

feedbackplugin.php

MDL-53601 mod_assign: Feedback files are sent to all group members.

2016-05-02 15:54:53 +08:00

gradeform.php

MDL-57222 mod_assign: show validation message on visible element

2016-12-12 11:55:18 +08:00

gradingbatchoperationsform.php

MDL-52490 mod_assign: Patch refinements

2016-04-18 09:17:08 +08:00

gradingoptionsform.php

MDL-56022 Assign: Make folders structure in the downloaded zip optional

2016-10-17 16:19:28 -04:00

gradingtable.php

Merge branch 'MDL-29795_master' of https://github.com/dmonllao/moodle

2016-11-07 09:20:59 +08:00

index.php

MDL-41101 convert assign event triggers to new create_from_xxx helpers

2014-04-17 09:51:12 +08:00

lib.php

MDL-56566 mod_assign: ignore "doanything" in course overview

2016-12-08 19:53:37 +00:00

locallib.php

MDL-57580 mod_assign: Fix the incorrect type of some input parameters

2017-01-05 17:39:36 +01:00

mod_form.php

MDL-53392 mod_assign: Remove old Grade Max warning string references

2016-05-26 17:16:53 +08:00

module.js

MDL-56022 Assign: Make folders structure in the downloaded zip optional

2016-10-17 16:19:28 -04:00

override_form.php

MDL-29795 mod_assign: Add user/group override assignment module

2016-10-24 11:03:49 +01:00

overridedelete.php

MDL-29795 mod_assign: Add user/group override assignment module

2016-10-24 11:03:49 +01:00

overrideedit.php

MDL-29795 assign: Add 'Duplicate override' breadcrumb

2016-10-27 14:10:43 +11:00

overrides.php

MDL-29795 assign: Add course to user profile link

2016-10-27 11:38:40 +11:00

quickgradingform.php

MDL-46718: Return user to last accessed page when quick grading

2014-08-08 14:01:02 +09:30

renderable.php

MDL-54113 assign: Open files in new window

2016-08-24 11:33:09 +08:00

renderer.php

MDL-54595 mod_assign: Remove btn-group class

2016-05-17 11:53:10 +08:00

settings.php

MDL-51948 admin: Make admin settings RTL friendly

2016-09-23 10:54:22 +01:00

styles.css

MDL-56318 assign: Polish for assign grading in boost

2016-11-21 16:59:39 +08:00

submission_form.php

MDL-55376 mod_assign: Fix bug stopping admin from editing submissions

2016-07-29 19:05:22 +08:00

submissionconfirmform.php

MDL-43628 mod_assign: fixed formatting of statement

2014-11-20 10:18:28 +13:00

submissionplugin.php

MDL-41945 mod_assign: Properly check if submission is empty

2016-07-04 10:55:06 +08:00

upgrade.txt

MDL-56839 upgrade.txt: Fix incorrect information in lib/upgrade.txt

2016-11-09 21:00:33 +00:00

upgradelib.php

MDL-47686 assign: Fix restoring from a mod_assignment backup.

2014-10-15 15:56:30 +08:00

version.php

MDL-57197 versions: bump all versions and requires near release

2016-11-29 22:57:05 +01:00

view.php

MDL-57580 mod_assign: Fix the incorrect type of some input parameters

2017-01-05 17:39:36 +01:00