From: skodak Date: Tue, 24 Oct 2006 08:06:56 +0000 (+0000) Subject: fixed risks associated with capabilitites in modules MDL-7174; merged from MOODLE_17_... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=8e9eebe62906d88231949558477c185556c3a5c4;p=moodle.git fixed risks associated with capabilitites in modules MDL-7174; merged from MOODLE_17_STABLE --- diff --git a/mod/data/db/access.php b/mod/data/db/access.php index 0f1e57c600..29ba9fc2fc 100644 --- a/mod/data/db/access.php +++ b/mod/data/db/access.php @@ -115,6 +115,8 @@ $mod_data_capabilities = array( 'mod/data:manageentries' => array( + 'riskbitmask' => RISK_SPAM, + 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -127,6 +129,8 @@ $mod_data_capabilities = array( 'mod/data:managecomments' => array( + 'riskbitmask' => RISK_SPAM, + 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -139,7 +143,7 @@ $mod_data_capabilities = array( 'mod/data:managetemplates' => array( - 'riskbitmask' => RISK_SPAM, + 'riskbitmask' => RISK_SPAM | RISK_XSS, 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, diff --git a/mod/data/version.php b/mod/data/version.php index 0fecce89b5..d4eb8b2d41 100644 --- a/mod/data/version.php +++ b/mod/data/version.php @@ -5,7 +5,7 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006100200; +$module->version = 2006100201; $module->requires = 2006080900; // Requires this Moodle version $module->cron = 60; diff --git a/mod/glossary/db/access.php b/mod/glossary/db/access.php index be881aae08..0f9ce1df51 100644 --- a/mod/glossary/db/access.php +++ b/mod/glossary/db/access.php @@ -50,6 +50,8 @@ $mod_glossary_capabilities = array( 'mod/glossary:manageentries' => array( + 'riskbitmask' => RISK_SPAM, + 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -62,6 +64,8 @@ $mod_glossary_capabilities = array( 'mod/glossary:managecategories' => array( + 'riskbitmask' => RISK_SPAM, + 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -89,6 +93,8 @@ $mod_glossary_capabilities = array( 'mod/glossary:managecomments' => array( + 'riskbitmask' => RISK_SPAM, + 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( @@ -127,6 +133,8 @@ $mod_glossary_capabilities = array( 'mod/glossary:approve' => array( + 'riskbitmask' => RISK_SPAM, + 'captype' => 'write', 'contextlevel' => CONTEXT_MODULE, 'legacy' => array( diff --git a/mod/glossary/version.php b/mod/glossary/version.php index 2a5427ad79..46d9369020 100644 --- a/mod/glossary/version.php +++ b/mod/glossary/version.php @@ -5,7 +5,7 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2006091800; +$module->version = 2006091801; $module->requires = 2006082600; // Requires this Moodle version $module->cron = 0; // Period for cron to check this module (secs)