I apologize, as I have tried postingn this in Developers and the Calendar forum with no reply. I was wondering if anyone could give me an answer to the below questions:
I have two particular issues I was wondering if anyone else was having, or has heard of.
- Upon selecting a course in the dropdown in "Detailed Month View" found at the URI of /calendar/view.php?view=month, I am unable to get the PHP to actually 'stick' to a course I select. Once selecting a course, it will automatically go back to 'All Courses'. I have reproduced this on multiple Moodle 2.1 installs. I notice that the URI changes, but nothing shows up differently in the calendar itself. What is the desired outcome of this particular function?
- During a security scan, calendar/set.php shows up as a possible XSS/Phising vulnerability due to the setting of the 'return' variable. Is there any reason why this return variable is not grabbed from the $CFG->wwwroot of the site? I have not been able to find any calendar 'imports' and have not found any functionality that looks like it would of needed the return parameter to be anything other than the wwwroot set in the config.php. Is this desired functionality as well?
I have tested the functionality on more than one install, mainly using the build: Moodle 2.1 (Build: 20110701). I have peered into the tracker and I am unable to find a bug report. I will gladly create one, but I do not fully understand the intended functionality.
Can anyone share their insights/opinions on this?