Moodle in English: Upgrade moodle 3.5.5, login as issue

Hi,

yesterday we upgrade our Moodle instance from 3.3 to 3.5.5 and now I have a small issue. We have a lot of courses and in some of them there are embed (iframe) resources, like video, h5p etc.

All the iframe contents are visible if user are logged in to the platform, but they disappear if I use the 'log as' technique.

We do a lot of courses with lot users around the world and the 'login as' technique is widely used in our center.

Has anyone run into the same problem?

best,

Emanuel Bechis

Average of ratings: -

Re: Upgrade moodle 3.5.5, login as issue

by Emanuel Bechis - Friday, 24 May 2019, 5:08 PM

Dear all,
the issue was caused by the patch MSA-19-0004 to solve this issue:
[Serious] Users with the “login as other users” capability (such as administrators/managers) can access other users’ Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf (CVE-2019-3847)

But by applying this patch (http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=93dda3bfd3caaaa8d23fe8ede543f27ef774958d) I'm unable to see the section like the other users, because embed video, embed h5p etc were stripped.

Average of ratings: Useful (2)

Re: Upgrade moodle 3.5.5, login as issue

by Gemma Lesterhuis - Thursday, 9 April 2020, 7:05 PM

There is a tracker for this issue: https://tracker.moodle.org/browse/MDL-66486 please vote!

Average of ratings: -

General help

Upgrade moodle 3.5.5, login as issue

Upgrade moodle 3.5.5, login as issue

Re: Upgrade moodle 3.5.5, login as issue

Re: Upgrade moodle 3.5.5, login as issue

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world