From da5e6f3a29d4736811033cef7c9711f227e02712 Mon Sep 17 00:00:00 2001 From: skodak Date: Tue, 27 Jan 2009 17:39:32 +0000 Subject: [PATCH] MDL-18057 fixed XSS test; merged from MOODLE_19_STABLE --- admin/report/security/lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/report/security/lib.php b/admin/report/security/lib.php index 0891ce3b1c..a1eed212c2 100644 --- a/admin/report/security/lib.php +++ b/admin/report/security/lib.php @@ -487,7 +487,7 @@ function report_security_check_riskxss($detailed=false) { $sqlfrom = "FROM {role_capabilities} rc JOIN {capabilities} cap ON cap.name = rc.capability JOIN {context} c ON c.id = rc.contextid - JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'").") + JOIN {context} sc ON (sc.path = c.path OR sc.path LIKE ".$DB->sql_concat('c.path', "'/%'")." OR c.path LIKE ".$DB->sql_concat('sc.path', "'/%'").") JOIN {role_assignments} ra ON (ra.contextid = sc.id AND ra.roleid = rc.roleid) JOIN {user} u ON u.id = ra.userid WHERE ".$DB->sql_bitand('cap.riskbitmask', RISK_XSS)." <> 0 -- 2.39.5