Closed KaiOrca closed 1 year ago
ersion: Moodle Version: 3.9.16
Link: Moodle Sandbox
user:XXX pw:XXXX
Reproduction steps:
Login as user in provider system
Create Course
Enable editing
Add activity
Select ORCA LTI to open Plugin
Select ORCA Content
Actual result:
In Providersystem, it should not be possible to aceessing subordinated pages.
Accessing this part is e.g. possible. https://provider.preview.orca.nrw/moodle/user/files.php
User can now start doing file uploads. This could be critical, if user wants is registered by self-service. If this is the case user can upload infinite amount of files via Orca.
In Provider-Test: Course categories user can take a look on all courses.
Issue can be closed since ticket was put on done
ersion: Moodle Version: 3.9.16
Link: Moodle Sandbox
user:XXX pw:XXXX
Reproduction steps:
Login as user in provider system
Create Course
Enable editing
Add activity
Select ORCA LTI to open Plugin
Select ORCA Content
Actual result:
In Providersystem, it should not be possible to aceessing subordinated pages.
Accessing this part is e.g. possible. https://provider.preview.orca.nrw/moodle/user/files.php
User can now start doing file uploads. This could be critical, if user wants is registered by self-service. If this is the case user can upload infinite amount of files via Orca.
In Provider-Test: Course categories user can take a look on all courses.