MDL-18057 fixed XSS test; merged from MOODLE_19_STABLE

diff --git a/admin/report/security/lib.php b/admin/report/security/lib.php
index 0891ce3b1c004230509f421dddd2e23916a2e404..a1eed212c2be6644366c3e19dbd84d7bfcfe4896 100644 (file)
--- a/admin/report/security/lib.php
+++ b/admin/report/security/lib.php
@@ -487,7 +487,7 @@ function report_security_check_riskxss($detailed=false) {
     $sqlfrom = "FROM {role_capabilities} rc
                 JOIN {capabilities} cap ON cap.name = rc.capability
                 JOIN {context} c ON c.id = rc.contextid
-                JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'").")
+                JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").")
                 JOIN {role_assignments} ra ON (ra.contextid = sc.id AND ra.roleid = rc.roleid)
                 JOIN {user} u ON u.id = ra.userid
                WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0