My university would like to update whatever files are needed to counter the bug reported in MDL-17799 ( MSA-09-0007: Missing input validation in logs allows...) but merely replacing the file moodle/course/lib.php with the newly updated one doesn't work. Only the header displays with the rest of the page remaining white. What else needs to be replaced to make it work properly? --Or could we make it work by merely adding (or substracting) the changes made to lib,php to counter this security breach?
Minimal update against MDL-17799?
Number of replies: 4Re: Minimal update against MDL-17799?
Random mixing of PHP files from different Moodle versions is definitely not a good idea.
Here is the full commit info with links. I am wondering why not do full upgrade instead of manual patching?
Here is the full commit info with links. I am wondering why not do full upgrade instead of manual patching?
Petr Škoda committed 1 file to 'Moodle CVS' - 08/Jan/09 08:00 AM
|
|||||||||
|
Petr Škoda committed 1 file to 'Moodle CVS' on branch 'MOODLE_19_STABLE' - 08/Jan/09 08:01 AM
|
|||||||||
|
Petr Škoda committed 1 file to 'Moodle CVS' on branch 'MOODLE_18_STABLE' - 08/Jan/09 08:02 AM
|
|||||||||
|
Petr Škoda committed 1 file to 'Moodle CVS' on branch 'MOODLE_17_STABLE' - 08/Jan/09 08:02 AM
|
|||||||||
|
Petr Škoda committed 1 file to 'Moodle CVS' on branch 'MOODLE_16_STABLE' - 08/Jan/09 08:02 AM
|
|||||||||
|
Re: Minimal update against MDL-17799?
Note that you can always get the changes that were done to fix a but by clicking on the 'Version Control' tab in the tracker, just under the issue description.
(I think that is where Petr copied and pasted from
)
(I think that is where Petr copied and pasted from
Re: Minimal update against MDL-17799?
Except that security bugs are not publicly available. When I go to MDL-17799, I get a:
(The Version Control tab usually works very well, though)
PERMISSION VIOLATION
|
(The Version Control tab usually works very well, though)
Re: Minimal update against MDL-17799?
Doh! sorry. It is easy to forget that if you are in the security group.
Ah! That is why Petr often puts direct links to cvs.moodle.org in the security advisories.
Ah! That is why Petr often puts direct links to cvs.moodle.org in the security advisories.