Security Announcements

My ugly mug
MSA-11-0043: Possible link redirect in Calendar
Topic: Calendar doesn't check $returnurl is valid
Severity: Minor
Versions affected: 2.1 to 2.1.2+ (2.0.x, 1.9.x not affected)
Reported by: Dan Marsden
Issue no.: MDL-28720
Changes (master):


The Calendar set page was taking a full URL used for redirection without checking if the URL is within the Moodle site.