MSA-17-0013: Missing permission check when adding forum post attachments in Web Services

由“Marina Glancy”.  

Users without capability to add attachment to forum posts were able to do it via Web Services. This Web Service is used in mobile app.


Severity/Risk:Minor
Versions affected:3.2 to 3.2.2 and 3.1 to 3.1.5
Versions fixed:3.2.3 and 3.1.6
Reported by:Juan Leyva
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58259
Tracker issue:MDL-58259 Forum post Web Services should check if the user has permissions to add attachments

Read more https://moodle.org/mod/forum/discuss.php?d=352356&parent=1421790