Moderate severityNVD Advisory· Published Sep 23, 2006· Updated Apr 16, 2026
CVE-2006-4936
CVE-2006-4936
Description
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 1.6.2 | 1.6.2 |
Affected products
2Patches
10f69811d9800new function get_coursemodule_from_id() is now used for obtaining of valid $cm from coursemodule id SC#283; backported from HEAD
84 files changed · +135 −112
lib/datalib.php+32 −9 modified@@ -2596,22 +2596,45 @@ function get_course_mods($courseid) { /** - * Given an instance of a module, finds the coursemodule description + * Given an id of a course module, finds the coursemodule description * - * @uses $CFG - * @param string $modulename ? - * @param string $instance ? - * @param int $courseid The id of the course as found in the 'course' table. - * @return object - * @todo Finish documenting this function + * @param string $modulename name of module type, eg. resource, assignment,... + * @param int $cmid course module id (id in course_modules table) + * @param int $courseid optional course id for extra validation + * @return object course module instance with instance and module name + */ +function get_coursemodule_from_id($modulename, $cmid, $courseid=0) { + + global $CFG; + + $courseselect = ($courseid) ? "cm.course = '$courseid' AND " : ''; + + return get_record_sql("SELECT cm.*, m.name, md.name as modname + FROM {$CFG->prefix}course_modules cm, + {$CFG->prefix}modules md, + {$CFG->prefix}$modulename m + WHERE $courseselect + cm.id = '$cmid' AND + cm.instance = m.id AND + md.name = '$modulename' AND + md.id = cm.module"); +} + +/** + * Given an instance number of a module, finds the coursemodule description + * + * @param string $modulename name of module type, eg. resource, assignment,... + * @param int $instance module instance number (id in resource, assignment etc. table) + * @param int $courseid optional course id for extra validation + * @return object course module instance with instance and module name */ function get_coursemodule_from_instance($modulename, $instance, $courseid=0) { global $CFG; - + $courseselect = ($courseid) ? "cm.course = '$courseid' AND " : ''; - return get_record_sql("SELECT cm.*, m.name + return get_record_sql("SELECT cm.*, m.name, md.name as modname FROM {$CFG->prefix}course_modules cm, {$CFG->prefix}modules md, {$CFG->prefix}$modulename m
mod/assignment/lib.php+1 −1 modified@@ -53,7 +53,7 @@ function assignment_base($cmid=0, $assignment=NULL, $cm=NULL, $course=NULL) { if ($cmid) { if ($cm) { $this->cm = $cm; - } else if (! $this->cm = get_record('course_modules', 'id', $cmid)) { + } else if (! $this->cm = get_coursemodule_from_id('assignment', $cmid)) { error('Course Module ID was incorrect'); }
mod/assignment/submissions.php+1 −1 modified@@ -8,7 +8,7 @@ $mode = optional_param('mode', 'all', PARAM_ALPHA); // What mode are we in? if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('assignment', $id)) { error("Course Module ID was incorrect"); }
mod/assignment/type/online/file.php+1 −1 modified@@ -7,7 +7,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID $userid = required_param('userid', PARAM_INT); // User ID - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('assignment', $id)) { error("Course Module ID was incorrect"); }
mod/assignment/upload.php+1 −1 modified@@ -7,7 +7,7 @@ $a = optional_param('a', 0, PARAM_INT); // Assignment ID if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('assignment', $id)) { error("Course Module ID was incorrect"); }
mod/assignment/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2005060100; -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 60; ?>
mod/assignment/view.php+1 −1 modified@@ -7,7 +7,7 @@ $a = optional_param('a', 0, PARAM_INT); // Assignment ID if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('assignment', $id)) { error("Course Module ID was incorrect"); }
mod/chat/report.php+1 −1 modified@@ -11,7 +11,7 @@ $deletesession = optional_param('deletesession', 0, PARAM_BOOL); $confirmdelete = optional_param('confirmdelete', 0, PARAM_BOOL); - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('chat', $id)) { error('Course Module ID was incorrect'); } if (! $chat = get_record('chat', 'id', $cm->instance)) {
mod/chat/version.php+2 −2 modified@@ -5,8 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2005031000; // The (date) version of this module -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 300; // How often should cron check this module (seconds)? ?>
mod/chat/view.php+1 −1 modified@@ -12,7 +12,7 @@ $edit = optional_param('edit', -1, PARAM_BOOL); if ($id) { - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('chat', $id)) { error('Course Module ID was incorrect'); }
mod/choice/report.php+1 −1 modified@@ -8,7 +8,7 @@ $download = optional_param('download', '', PARAM_ALPHA); $action = optional_param('action', '', PARAM_ALPHA); - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('choice', $id)) { error("Course Module ID was incorrect"); }
mod/choice/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006020900; -$module->requires = 2005021600; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 0; ?>
mod/choice/view.php+1 −1 modified@@ -7,7 +7,7 @@ $action = optional_param('action', '', PARAM_ALPHA); $attemptids = optional_param('attemptid', array(), PARAM_INT); // array of attempt ids for delete action - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('choice', $id)) { error("Course Module ID was incorrect"); }
mod/data/edit.php+1 −1 modified@@ -33,7 +33,7 @@ $mode ='addtemplate'; //define the mode for this page, only 1 mode available if ($id) { - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('data', $id)) { error('Course Module ID was incorrect'); } if (! $course = get_record('course', 'id', $cm->course)) {
mod/data/import.php+1 −1 modified@@ -35,7 +35,7 @@ $fieldenclosure = optional_param('fieldenclosure', '', PARAM_CLEANHTML); // characters used as record delimiters for csv file import if ($id) { - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('data', $id)) { error('Course Module ID was incorrect'); } if (! $course = get_record('course', 'id', $cm->course)) {
mod/data/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006052400; -$module->requires = 2005060230; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // replace with 2005060241 if you want to use it with latest 1.5.4+ - please note that this version is not supported in 1.5.4+ $module->cron = 60; ?>
mod/data/view.php+1 −1 modified@@ -45,7 +45,7 @@ if ($id) { - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('data', $id)) { error('Course Module ID was incorrect'); } if (! $course = get_record('course', 'id', $cm->course)) {
mod/exercise/assessments.php+1 −1 modified@@ -39,7 +39,7 @@ $userid = optional_param('userid', 0, PARAM_INT); // get some esential stuff... - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('exercise', $id)) { error("Course Module ID was incorrect"); }
mod/exercise/submissions.php+1 −1 modified@@ -31,7 +31,7 @@ $title = optional_param('title', '', PARAM_CLEAN); // get some essential stuff... - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('exercise', $id)) { error("Course Module ID was incorrect"); }
mod/exercise/upload.php+1 −1 modified@@ -10,7 +10,7 @@ $timenow = time(); // get some esential stuff... - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('exercise', $id)) { error("Course Module ID was incorrect"); }
mod/exercise/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2005031000; -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 60; ?>
mod/exercise/view.php+1 −1 modified@@ -24,7 +24,7 @@ $changegroup = optional_param('group', -1, PARAM_INT); // get some esential stuff... - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('exercise', $id)) { error("Course Module ID was incorrect"); }
mod/forum/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006011702; -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 60; ?>
mod/forum/view.php+1 −1 modified@@ -13,7 +13,7 @@ $search = optional_param('search', ''); // search string if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('forum', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/glossary/approve.php+1 −1 modified@@ -9,7 +9,7 @@ $mode = optional_param('mode','approval', PARAM_ALPHA); $hook = optional_param('hook','ALL', PARAM_CLEAN); - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/comment.php+1 −1 modified@@ -14,7 +14,7 @@ global $USER, $CFG; - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error('Course Module ID was incorrect'); }
mod/glossary/comments.php+1 −1 modified@@ -9,7 +9,7 @@ global $USER, $CFG; - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/deleteentry.php+1 −1 modified@@ -16,7 +16,7 @@ $entrydeleted = get_string("entrydeleted","glossary"); - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/editcategories.php+1 −1 modified@@ -16,7 +16,7 @@ $action = strtolower($action); - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/edit.php+1 −1 modified@@ -12,7 +12,7 @@ $mode = optional_param('mode', '', PARAM_ALPHA); // categories if by category? $hook = optional_param('hook', '', PARAM_ALPHANUM); // CategoryID -if (! $cm = get_record("course_modules", "id", $id)) { +if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/exportentry.php+1 −1 modified@@ -13,7 +13,7 @@ $PermissionGranted = 1; - $cm = get_record('course_modules','id',$id); + $cm = get_coursemodule_from_id('glossary', $id); if ( ! $cm ) { $PermissionGranted = 0; } else {
mod/glossary/exportfile.php+1 −1 modified@@ -8,7 +8,7 @@ $l = optional_param('l','', PARAM_ALPHANUM); $cat = optional_param('cat',0, PARAM_ALPHANUM); - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/export.php+1 −1 modified@@ -10,7 +10,7 @@ $l = optional_param('l','', PARAM_ALPHANUM); $cat = optional_param('cat',0, PARAM_ALPHANUM); - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/import.php+1 −1 modified@@ -15,7 +15,7 @@ $mode = optional_param('mode', 'letter', PARAM_ALPHA ); $hook = optional_param('hook', 'ALL', PARAM_ALPHANUM); - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/print.php+1 −1 modified@@ -14,7 +14,7 @@ $hook = optional_param('hook','ALL', PARAM_ALPHANUM); // what to show $sortkey = optional_param('sortkey','UPDATE', PARAM_ALPHA); // Sorting key - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); }
mod/glossary/version.php+2 −4 modified@@ -5,10 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2005041900; -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 0; // Period for cron to check this module (secs) -$release = "1.5 development"; // User-friendly version number - ?>
mod/glossary/view.php+1 −1 modified@@ -20,7 +20,7 @@ $show = optional_param('show', '', PARAM_ALPHA); // [ concept | alias ] => mode=term hook=$show if (!empty($id)) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('glossary', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/hotpot/README.TXT+2 −2 modified@@ -1,11 +1,11 @@ =============================================== -This is v2.1.21 of the HotPot module for Moodle +This is v2.1.22 of the HotPot module for Moodle =============================================== This module allows teachers to administer Hot Potatoes and TexToys quizzes via Moodle. It has been tested on: - Hot Potatoes 6 - - Moodle 1.1 thru 1.7 + - Moodle 1.6.2 (and latest 1.5.4+ with manual editing of version.php) - PHP 4.1 thru 5.1.2 - MySQL 4.x thru 5.0 - PostgreSQL 7.3 thru 8.2
mod/hotpot/report.php+1 −1 modified@@ -9,7 +9,7 @@ $hp = optional_param("hp"); // hotpot ID if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('hotpot', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/hotpot/review.php+1 −1 modified@@ -6,7 +6,7 @@ $hp = optional_param("hp"); // hotpot ID $attempt = required_param("attempt"); // A particular attempt ID for review if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('hotpot', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/hotpot/version.php+3 −2 modified@@ -3,8 +3,9 @@ /// Code fragment to define the version of hotpot /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2006071600; // release date of this version (see note below) -$module->release = 'v2.1.21'; // human-friendly version name (used in mod/hotpot/lib.php) +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->release = 'v2.1.22'; // human-friendly version name (used in mod/hotpot/lib.php) +$module->requires = 2006050512; // replace with 2005060241 if you want to use it with latest 1.5.4+ $module->cron = 0; // period for cron to check this module (secs) // interpretation of YYYYMMDDXY version numbers // YYYY : year
mod/hotpot/view.php+1 −1 modified@@ -12,7 +12,7 @@ $hp = optional_param("hp"); // hotpot ID if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('hotpot', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/journal/edit.php+1 −1 modified@@ -4,7 +4,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('journal', $id)) { error("Course Module ID was incorrect"); }
mod/journal/report.php+1 −1 modified@@ -5,7 +5,7 @@ $id = required_param('id', PARAM_INT); // course module - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('journal', $id)) { error("Course Module ID was incorrect"); }
mod/journal/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006042800; -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 60; ?>
mod/journal/view.php+1 −1 modified@@ -5,7 +5,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('journal', $id)) { error("Course Module ID was incorrect"); }
mod/label/version.php+2 −2 modified@@ -5,8 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2004111200; // The current module version (Date: YYYYMMDDXX) -$module->requires = 2004052505; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 0; // Period for cron to check this module (secs) ?>
mod/label/view.php+1 −1 modified@@ -6,7 +6,7 @@ $l = optional_param('l',0,PARAM_INT); // Label ID if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('label', $id)) { error("Course Module ID was incorrect"); }
mod/lams/version.php+2 −1 modified@@ -5,7 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2005062800; // The current module version (Date: YYYYMMDDXX) +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 0; // Period for cron to check this module (secs) ?>
mod/lams/view.php+1 −1 modified@@ -9,7 +9,7 @@ $id = optional_param('id', 0, PARAM_INT); // Course Module ID, or -if (! $cm = get_record("course_modules", "id", $id)) { +if (! $cm = get_coursemodule_from_id('lams', $id)) { error("Course Module ID was incorrect"); }
mod/lesson/import.php+1 −1 modified@@ -8,7 +8,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID $pageid = optional_param('pageid', '', PARAM_INT); // Page ID - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('lesson', $id)) { error("Course Module ID was incorrect"); }
mod/lesson/importppt.php+1 −1 modified@@ -14,7 +14,7 @@ $pageid = optional_param('pageid', '', PARAM_INT); // Page ID global $matches; - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('lesson', $id)) { error("Course Module ID was incorrect"); }
mod/lesson/lesson.php+1 −1 modified@@ -26,7 +26,7 @@ $action = required_param('action', PARAM_ALPHA); // Action // get some esential stuff... - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('lesson', $id)) { error("Course Module ID was incorrect"); }
mod/lesson/mediafile.php+2 −2 modified@@ -10,7 +10,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID $printclose = optional_param('printclose', 0, PARAM_INT); - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('lesson', $id)) { error('Course Module ID was incorrect'); } @@ -91,7 +91,7 @@ echo "<center><p>"; echo '<object classid="CLSID:22D6f312-B0F6-11D0-94AB-0080C74C7E95"'; echo ' codebase="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701" '; - echo ' standby="Loading Microsoft� Windows� Media Player components..." '; + echo ' standby="Loading Microsoft(R) Windows(R) Media Player components..." '; echo ' id="msplayer" align="" type="application/x-oleobject">'; echo "<param name=\"Filename\" value=\"$fullurl\">"; echo '<param name="ShowControls" value="true" />';
mod/lesson/report.php+1 −1 modified@@ -12,7 +12,7 @@ $action = optional_param('action', 'view', PARAM_ALPHA); // action to take $nothingtodisplay = false; - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('lesson', $id)) { error('Course Module ID was incorrect'); }
mod/lesson/version.php+2 −2 modified@@ -5,8 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2006050101; // The current module version (Date: YYYYMMDDXX) -$module->requires = 2005021600; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 0; // Period for cron to check this module (secs) ?>
mod/lesson/view.php+1 −1 modified@@ -14,7 +14,7 @@ $mode = optional_param('mode', '', PARAM_ALPHA); // for eacherview action todo use user pref - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('lesson', $id)) { error('Course Module ID was incorrect'); }
mod/quiz/attempt.php+1 −1 modified@@ -32,7 +32,7 @@ } if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('quiz', $id)) { error("There is no coursemodule with id $id"); }
mod/quiz/report.php+1 −1 modified@@ -11,7 +11,7 @@ $mode = optional_param('mode', 'overview', PARAM_ALPHA); // Report mode if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('quiz', $id)) { error("There is no coursemodule with id $id"); }
mod/quiz/view.php+1 −1 modified@@ -12,7 +12,7 @@ $edit = optional_param('edit', -1, PARAM_BOOL); if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('quiz', $id)) { error("There is no coursemodule with id $id"); }
mod/resource/fetch.php+1 −1 modified@@ -9,7 +9,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID $url = required_param('url', PARAM_URL); // url to fetch - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('resource', $id)) { error("Course Module ID was incorrect"); }
mod/resource/lib.php+1 −1 modified@@ -86,7 +86,7 @@ function resource_base($cmid=0) { global $course; // Ugly hack, needed for course language ugly hack if ($cmid) { - if (! $this->cm = get_record("course_modules", "id", $cmid)) { + if (! $this->cm = get_coursemodule_from_id('resource', $cmid)) { error("Course Module ID was incorrect"); }
mod/resource/type/ims/deploy.php+1 −1 modified@@ -46,7 +46,7 @@ /// Fetch some records from DB $course = get_record ('course', 'id', $courseid); - $cm = get_record ('course_modules', 'id', $cmid); + $cm = get_coursemodule_from_id('resource', $cmid); $resource = get_record ('resource', 'id', $cm->instance); /// Get some needed strings
mod/resource/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006042800; -$module->requires = 2005021600; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 0; ?>
mod/resource/view.php+1 −1 modified@@ -20,7 +20,7 @@ } } else if ($id) { - if (! $cm = get_record('course_modules', 'id', $id)) { + if (! $cm = get_coursemodule_from_id('resource', $id)) { error('Course Module ID was incorrect'); }
mod/scorm/api.php+1 −1 modified@@ -10,7 +10,7 @@ $attempt = required_param('attempt', PARAM_INT); // new attempt if (!empty($id)) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('scorm', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/scorm/loadSCO.php+1 −1 modified@@ -7,7 +7,7 @@ $scoid = required_param('scoid', PARAM_INT); // sco ID if (!empty($id)) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('scorm', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/scorm/player.php+1 −1 modified@@ -16,7 +16,7 @@ $newattempt = optional_param('newattempt', 'off', PARAM_ALPHA); // the user request to start a new attempt if (!empty($id)) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('scorm', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/scorm/report.php+1 −1 modified@@ -11,7 +11,7 @@ $user = optional_param('user', '', PARAM_INT); // User ID if (!empty($id)) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('scorm', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/scorm/version.php+2 −2 modified@@ -5,8 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2006021401; // The (date) version of this module -$module->requires = 2005060200; // The version of Moodle that is required +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // The version of Moodle that is required $module->cron = 0; // How often should cron check this module (seconds)? ?>
mod/scorm/view.php+1 −1 modified@@ -11,7 +11,7 @@ //$organization = optional_param('organization', '', PARAM_INT); // organization ID if (!empty($id)) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = $cm = get_coursemodule_from_id('scorm', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/survey/graph.php+1 −1 modified@@ -10,7 +10,7 @@ $sid = optional_param('sid', false, PARAM_INT); // Student ID $qid = optional_param('qid', 0, PARAM_INT); // Group ID - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('survey', $id)) { error("Course Module ID was incorrect"); }
mod/survey/report.php+1 −1 modified@@ -11,7 +11,7 @@ $student = optional_param('student', 0, PARAM_INT); // Student ID $notes = optional_param('notes', '', PARAM_RAW); // Save teachers notes - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('survey', $id)) { error("Course Module ID was incorrect"); }
mod/survey/save.php+1 −1 modified@@ -16,7 +16,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('survey', $id)) { error("Course Module ID was incorrect"); }
mod/survey/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006042800; -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 0; ?>
mod/survey/view.php+1 −1 modified@@ -5,7 +5,7 @@ $id = required_param('id', PARAM_INT); // Course Module ID - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('survey', $id)) { error("Course Module ID was incorrect"); }
mod/wiki/admin.php+1 −1 modified@@ -13,7 +13,7 @@ $groupid = optional_param('groupid', 0, PARAM_INT); // Group wiki. if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('wiki', $id)) { error("Course Module ID was incorrect"); }
mod/wiki/version.php+2 −2 modified@@ -5,8 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2006042801; // The current module version (Date: YYYYMMDDXX) -$module->requires = 2005031000; // The current module version (Date: YYYYMMDDXX) +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // The current module version (Date: YYYYMMDDXX) $module->cron = 0; // Period for cron to check this module (secs) ?>
mod/wiki/view.php+1 −1 modified@@ -22,7 +22,7 @@ $editsave = optional_param('thankyou', ''); if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('wiki', $id)) { error("Course Module ID was incorrect"); }
mod/workshop/assessments.php+1 −1 modified@@ -42,7 +42,7 @@ // get some useful stuff... if ($id) { - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('workshop', $id)) { error("Course Module ID was incorrect"); } if (! $workshop = get_record("workshop", "id", $cm->instance)) {
mod/workshop/submissions.php+1 −1 modified@@ -33,7 +33,7 @@ $timenow = time(); // get some useful stuff... - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('workshop', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
mod/workshop/version.php+2 −2 modified@@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2005041200; -$module->requires = 2005031000; // Requires this Moodle version +$module->version = 2006080701; // change only last two digits in 1.6.x!! +$module->requires = 2006050512; // Requires this Moodle version $module->cron = 60; ?>
mod/workshop/view.php+1 −1 modified@@ -26,7 +26,7 @@ $timenow = time(); // get some useful stuff... - if (! $cm = get_record("course_modules", "id", $id)) { + if (! $cm = get_coursemodule_from_id('workshop', $id)) { error("Course Module ID was incorrect"); } if (! $course = get_record("course", "id", $cm->course)) {
version.php+1 −1 modified@@ -6,7 +6,7 @@ // This is compared against the values stored in the database to determine // whether upgrades should be performed (see lib/db/*.php) - $version = 2006050511; // YYYYMMDD = date of the 1.6 branch (don't change) + $version = 2006050512; // YYYYMMDD = date of the 1.6 branch (don't change) // X = release number 1.6.[0,1,2,3...] // Y = micro-increments between releases
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.