** Changed in: mahara/1.3
Status: In Progress => Fix Released
** Visibility changed to: Public
--
You received this bug notification because you are a member of Mahara
Core, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/800032
Title:
Session key not checked in admin/users/addtoinstitution.php
Status in Mahara ePortfolio:
Fix Released
Status in Mahara 1.3 series:
Fix Released
Bug description:
The addtoinstitution.php script, for adding users to institutions,
doesn't check the user session key, & could be used to trick an admin
into granting institution membership.
Easiest fix is probably to remove the script and move its contents
into a pieform submit function. The script is linked to from the
admin user search page when viewed by an institutional admin for users
who have requested institution membership.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/800032/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
