Plagiarismcheck.org is a sophisticated similarity search engine. We advocate for bringing technology into academics to help instructors save time and motivate students write better papers.
report.php seems to allow a Moodle fileid to be passed to the script but there is no validation performed to see if the current user should have access to this file. - particular on the POST action.
This presents a security risk and you should not be using the Moodle "fileid" in this way.
The method of sending a file needs to occur in a different way so that correct user permissions are checked.
JaneAdelmann
commented
5 years ago
report.php seems to allow a Moodle fileid to be passed to the script but there is no validation performed to see if the current user should have access to this file. - particular on the POST action. This presents a security risk and you should not be using the Moodle "fileid" in this way.
The method of sending a file needs to occur in a different way so that correct user permissions are checked.