Security Announcements

 
 
My ugly mug
MSA-11-0043: Possible link redirect in Calendar
 
Topic: Calendar doesn't check $returnurl is valid
Severity: Minor
Versions affected: 2.1 to 2.1.2+ (2.0.x, 1.9.x not affected)
Reported by: Dan Marsden
Issue no.: MDL-28720
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28720&sr=1

Description:

The Calendar set page was taking a full URL used for redirection without checking if the URL is within the Moodle site.