takayuki-fuwa
commented
7 years ago Closed danmarsden closed 6 years ago
takayuki-fuwa
commented
7 years ago takayuki-fuwa
commented
6 years ago camera/com.php don't have check with has_capability.
Because com.php allows to post guest users who has old cell phone in Japan.
A number of your files make changes to data but do not check to see if the user is logged in or if they have the appropriate moodle capabilities to perform the tasks.
please check all files and ensure that you call require_login and also some form of has_capability check when performing actions.
for example: https://github.com/chikako0219/sharedpanel/blob/master/cardxy/index.php https://github.com/chikako0219/sharedpanel/blob/master/camera/cameraupload.php