You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that there is no sesskey check performed in the code (apart form the implicit ones coming with moodle forms API). There are actions that modify the database based on incoming user input. In these cases, it is necessary to check for the sesskey via require_sesskey() or confirm_sesskey(). See https://docs.moodle.org/dev/Security:Cross-site_request_forgery for why this is important.
The text was updated successfully, but these errors were encountered:
I noticed that there is no sesskey check performed in the code (apart form the implicit ones coming with moodle forms API). There are actions that modify the database based on incoming user input. In these cases, it is necessary to check for the sesskey via
require_sesskey()
orconfirm_sesskey()
. See https://docs.moodle.org/dev/Security:Cross-site_request_forgery for why this is important.The text was updated successfully, but these errors were encountered: