Totara Release Notes

Totara 1.0.25 Released 4th October 2011

 
Simon Coggins
Re: Totara 1.0.25 Released 4th October 2011
di Simon Coggins - Tuesday, 11 November 2014, 23:22
Gruppo Totara

One note on this release for sites with local customisations:

Bug 9203 fixes an issue with Moodle's "flexible tables", which makes it easy to introduce a security vulnerability if the code is not implemented correctly. We have modified the code to print an error if the code is vulnerable, to prevent any future occurrances.

If you get the error:

"Coding error: Base URL required"

somewhere on your site when upgrading it means your code is potentially vulnerable to cross-site scripting (XSS). You should ensure the flexible_table sets the baseurl by calling define_baseurl(), which will fix the error and protect your site.

Please feel free to post on the forum if you have any more questions.

Simon