PARAM_RAW and missing defaults.php and function facetoface_install

PARAM_RAW and missing defaults.php and function facetoface_install

by Debbie McDonald -
Number of replies: 2

We are trying to get the face-to-face module installed on our LMS Moodle 2.0.2. In order to get it installed we need to get some changes made apparently. I am not sure what I am asking you to do but if it is a small thing help, if not please advise?

Issue 1. The author uses PARAM_RAW for a search string against the database in editattendees.php. This is a serious SQL injection vulnerability.

Issue 2. Missing - defaults.php and function facetoface_install()

Average of ratings: -
In reply to Debbie McDonald

Re: PARAM_RAW and missing defaults.php and function facetoface_install

by Alastair Munro -

Hi Debbie,

The first issue has been fixed in the latest 2.0 version of F2F availiable here https://github.com/mynameisdongyoung/Face-to-Face2.0

See http://moodle.org/mod/forum/discuss.php?d=190468 for details.

Cheers,
Alastair

Average of ratings: -
In reply to Alastair Munro

Re: PARAM_RAW and missing defaults.php and function facetoface_install

by Debbie McDonald -

Thank you! Do you know if there are plans to address the other issue they brought up? Missing - defaults.php and function facetoface_install()

Average of ratings: -