Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-1110

Printable Version of schedule is insecure

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.1.0
    • Component/s: Calendar
    • Labels:
      None

      Description

      For a site, I went into schedule and created a printable version of the calendar, which opened a new window displaying the PDF file and the following URL:

      http://sakai-stable.mit.edu:2003/access/PrintFileGeneration?scheduleType=3&calendar0=/calendar/calendar/7a80e6e3-9dbf-4282-00ba-bcba1839ff7b/main&timeRange=20050501040000000-20050605030000000&user=Michael%20Beasley&dailyStartTime=20050531120000000-20050531220000000

      I was then able to open a different browser and paste in this URL, and was able to generate the PDF. I then changed the URL to display a different month, and then entered that URL. I was able to pull up a calendar of a different month from my site. I then tried to replace the site id with the site id from another site, and was able to pull up a schedule from that site as well.

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                mikebeasley Michael Beasley (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration