New version of this plugin ALL USERS SHOULD UPDATE
-fixes a Critical Security Problem:
#179 - Students can access administration tabs (bulk operations,..) due a lack of credential checks
-fixes a security problem:
#178 - Any loged in users (including guest) can get certificate files (with copy watermark) by send a POST with a sequential number
Version 2.2.5 (MOODLE_30) and below are no more available for download in moodle repo, only by git.
Any user with this version should do:
- upgrade moodle (best option)
- apply a patch (see below)
- remove this plugin
Applying the patch
I think this patch can be safely applied in any version above 2.2.0 (MOODLE_25), and to do this first download the patch file:
https://gist.github.com/bozoh/a282badf56ffa7da0c4f1ec3d85a0af7/archive/ff385cda11e155167abf0ccb9e9127cc0427b48e.zip
Unzip it and copy bug-178-179.patch file to <YOUR MOODLE FOLDER>/mod/simplecertificate
Run this command in simplecertificate folder
patch < bug-178-179.patch
* patch command it's part of most linux version and flavors