edx-platform icon indicating copy to clipboard operation
edx-platform copied to clipboard

Published 20 hours ago verified publisher icon openedx

fix: studio submit handler (nutmeg backport)

Open connorhaugh opened this issue 2 years ago • 0 comments

Description

This solves https://2u-internal.atlassian.net/browse/TNL-10162 for olive. Backport to Olive also coming. You can see the change in master here: https://github.com/openedx/edx-platform/pull/31218

It appears that it’s possible for a student with no special studio access rights to POST to the studio_submit_edits xblock handler on the CMS with no restrictions. This is what we fix here. Being terse as this is newly public security fix we will post about more widely once these backports have been merged.

connorhaugh avatar Oct 27 '22 16:10 connorhaugh