Closed danmarsden closed 4 years ago
Moodle security guidelines state that we should use optional/required_param instead of raw $_GET access - it would be good to address this:
https://github.com/LafColITS/Moodle-auth_casattras/blob/be1a4582c5f80e05751ab4febc749fde63bfca1d/auth.php#L205
I know there isn't an actual security issue here in the way it's used there, but it does violate the security guidelines which is typically a blocker for approval in the plugins db.
This was resolved by #22.
mackensen
commented
4 years ago
Moodle security guidelines state that we should use optional/required_param instead of raw $_GET access - it would be good to address this:
https://github.com/LafColITS/Moodle-auth_casattras/blob/be1a4582c5f80e05751ab4febc749fde63bfca1d/auth.php#L205
I know there isn't an actual security issue here in the way it's used there, but it does violate the security guidelines which is typically a blocker for approval in the plugins db.