From: skodak <skodak>
Date: Tue, 27 Jan 2009 17:39:32 +0000 (+0000)
Subject: MDL-18057 fixed XSS test; merged from MOODLE_19_STABLE
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=da5e6f3a29d4736811033cef7c9711f227e02712;p=moodle.git

MDL-18057 fixed XSS test; merged from MOODLE_19_STABLE
---

diff --git a/admin/report/security/lib.php b/admin/report/security/lib.php
index 0891ce3b1c..a1eed212c2 100644
--- a/admin/report/security/lib.php
+++ b/admin/report/security/lib.php
@@ -487,7 +487,7 @@ function report_security_check_riskxss($detailed=false) {
     $sqlfrom = "FROM {role_capabilities} rc
                 JOIN {capabilities} cap ON cap.name = rc.capability
                 JOIN {context} c ON c.id = rc.contextid
-                JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'").")
+                JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").")
                 JOIN {role_assignments} ra ON (ra.contextid = sc.id AND ra.roleid = rc.roleid)
                 JOIN {user} u ON u.id = ra.userid
                WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0