| Topic: | file_save_draft_area_files() does not validate references are allowed |
| Severity/Risk: | Minor |
| Versions affected: | 2.3 |
| Reported by: | Petr Škoda |
| Issue no.: | MDL-33948 |
|
CVE Identifier: |
CVE-2012-3387 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948 |
Description:
Where file shortcuts/aliases were not permitted, this was being validated at the client, but not on the server.