| Topic: | Calendar doesn't check $returnurl is valid |
| Severity: | Minor |
| Versions affected: | 2.1 to 2.1.2+ (2.0.x, 1.9.x not affected) |
| Reported by: | Dan Marsden |
| Issue no.: | MDL-28720 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28720&sr=1 |
Description:
The Calendar set page was taking a full URL used for redirection without checking if the URL is within the Moodle site.