Topic: | file_save_draft_area_files() does not validate references are allowed |
Severity/Risk: | Minor |
Versions affected: | 2.3 |
Reported by: | Petr Škoda |
Issue no.: | MDL-33948 |
CVE Identifier: |
CVE-2012-3387 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948 |
Description:
Where file shortcuts/aliases were not permitted, this was being validated at the client, but not on the server.