Moderate severityNVD Advisory· Published May 25, 2013· Updated Apr 29, 2026
CVE-2013-2081
CVE-2013-2081
Description
Moodle hub registration form always sends site information (users, courses, etc.) to remote hubs even when administrators have configured 'don't send' settings, due to hardcoded default values in the form.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Moodle hub registration form always sends site information (users, courses, etc.) to remote hubs even when administrators have configured 'don't send' settings, due to hardcoded default values in the form.
Vulnerability
In Moodle hub registration, the definition() method of the hub registration form hardcoded the default value of checkboxes for sending site information to true [3][4]. This meant that even if an administrator had previously set a "don't send" flag for certain data (e.g., user count, course count), the checkboxes remained enabled by default, forcing the site to send that information during hub registration. The bug affects Moodle versions through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 [1].
Exploitation
An attacker controls a malicious Moodle hub and invites a vulnerable Moodle site to register. When the site administrator visits the registration page, the form's checkboxes for site statistics (users, courses, role assignments, posts, etc.) are all pre-checked, regardless of the administrator's prior "don't send" preferences. Unless the administrator manually unchecks every box, the form submission sends the sensitive data to the attacker's hub. No authentication above the site administrator role is required, but the administrator must interact with the registration form.
Impact
An attacker operating a malicious hub can obtain detailed site statistics such as number of users, courses, posts, questions, and other configuration data. This information disclosure can aid in profiling the site for further attacks. The scope is limited to the data sent in the registration form; no code execution or data modification is achieved.
Mitigation
The fix, tracked as MDL-37822, changes setDefault('courses', true) to setDefault('courses', $coursesnumber != -1) and similarly for all other checkboxes [3][4]. This ensures that the checkbox reflects the stored "don't send" configuration. The fix was released in Moodle 2.2.10, 2.3.7, 2.4.4, and 2.5.0. Sites that cannot upgrade should carefully review hub registration forms and manually uncheck any fields they do not wish to send.
References
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 2.2.10 | 2.2.10 |
moodle/moodlePackagist | >= 2.3.0, < 2.3.7 | 2.3.7 |
moodle/moodlePackagist | >= 2.4.0, < 2.4.4 | 2.4.4 |
Affected products
33cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
Patches
10669dee58048bMDL-37822 Moodle send site information to a hub even though it's unchecked
2 files changed · +41 −13
admin/registration/forms.php+14 −12 modified@@ -244,9 +244,11 @@ public function definition() { $postsnumber = get_config('hub', 'site_postsnumber_' . $cleanhuburl); $questionsnumber = get_config('hub', 'site_questionsnumber_' . $cleanhuburl); $resourcesnumber = get_config('hub', 'site_resourcesnumber_' . $cleanhuburl); - $badges = get_config('hub', 'site_badges_' . $cleanhuburl); - $issuedbadges = get_config('hub', 'site_issuedbadges_' . $cleanhuburl); + $badgesnumber = get_config('hub', 'site_badges_' . $cleanhuburl); + $issuedbadgesnumber = get_config('hub', 'site_issuedbadges_' . $cleanhuburl); $mediancoursesize = get_config('hub', 'site_mediancoursesize_' . $cleanhuburl); + $participantnumberaveragecfg = get_config('hub', 'site_participantnumberaverage_' . $cleanhuburl); + $modulenumberaveragecfg = get_config('hub', 'site_modulenumberaverage_' . $cleanhuburl); //hidden parameters $mform->addElement('hidden', 'huburl', $huburl); @@ -387,53 +389,53 @@ public function definition() { if (HUB_MOODLEORGHUBURL != $huburl) { $mform->addElement('checkbox', 'courses', get_string('sendfollowinginfo', 'hub'), " " . get_string('coursesnumber', 'hub', $coursecount)); - $mform->setDefault('courses', 1); + $mform->setDefault('courses', $coursesnumber != -1); $mform->setType('courses', PARAM_INT); $mform->addHelpButton('courses', 'sendfollowinginfo', 'hub'); $mform->addElement('checkbox', 'users', '', " " . get_string('usersnumber', 'hub', $usercount)); - $mform->setDefault('users', 1); + $mform->setDefault('users', $usersnumber != -1); $mform->setType('users', PARAM_INT); $mform->addElement('checkbox', 'roleassignments', '', " " . get_string('roleassignmentsnumber', 'hub', $roleassigncount)); - $mform->setDefault('roleassignments', 1); + $mform->setDefault('roleassignments', $roleassignmentsnumber != -1); $mform->setType('roleassignments', PARAM_INT); $mform->addElement('checkbox', 'posts', '', " " . get_string('postsnumber', 'hub', $postcount)); - $mform->setDefault('posts', 1); + $mform->setDefault('posts', $postsnumber != -1); $mform->setType('posts', PARAM_INT); $mform->addElement('checkbox', 'questions', '', " " . get_string('questionsnumber', 'hub', $questioncount)); - $mform->setDefault('questions', 1); + $mform->setDefault('questions', $questionsnumber != -1); $mform->setType('questions', PARAM_INT); $mform->addElement('checkbox', 'resources', '', " " . get_string('resourcesnumber', 'hub', $resourcecount)); - $mform->setDefault('resources', 1); + $mform->setDefault('resources', $resourcesnumber != -1); $mform->setType('resources', PARAM_INT); $mform->addElement('checkbox', 'badges', '', " " . get_string('badgesnumber', 'hub', $badges)); - $mform->setDefault('badges', 1); + $mform->setDefault('badges', $badgesnumber != -1); $mform->setType('resources', PARAM_INT); $mform->addElement('checkbox', 'issuedbadges', '', " " . get_string('issuedbadgesnumber', 'hub', $issuedbadges)); - $mform->setDefault('issuedbadges', 1); + $mform->setDefault('issuedbadges', $issuedbadgesnumber != -1); $mform->setType('resources', PARAM_INT); $mform->addElement('checkbox', 'participantnumberaverage', '', " " . get_string('participantnumberaverage', 'hub', $participantnumberaverage)); - $mform->setDefault('participantnumberaverage', 1); + $mform->setDefault('participantnumberaverage', $participantnumberaveragecfg != -1); $mform->setType('participantnumberaverage', PARAM_FLOAT); $mform->addElement('checkbox', 'modulenumberaverage', '', " " . get_string('modulenumberaverage', 'hub', $modulenumberaverage)); - $mform->setDefault('modulenumberaverage', 1); + $mform->setDefault('modulenumberaverage', $modulenumberaveragecfg != -1); $mform->setType('modulenumberaverage', PARAM_FLOAT); } else { $mform->addElement('static', 'courseslabel', get_string('sendfollowinginfo', 'hub'),
admin/registration/register.php+27 −1 modified@@ -62,7 +62,18 @@ $fromform = $siteregistrationform->get_data(); if (!empty($fromform) and confirm_sesskey()) { - //save the settings + + // Set to -1 all optional data marked as "don't send" by the admin. + // The function get_site_info() will not calculate the optional data if config is set to -1. + $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', + 'badges', 'issuedbadges', 'modulenumberaverage', 'participantnumberaverage'); + foreach ($inputnames as $inputname) { + if (empty($fromform->{$inputname})) { + $fromform->{$inputname} = -1; + } + } + + // Save the settings. $cleanhuburl = clean_param($huburl, PARAM_ALPHANUMEXT); set_config('site_name_' . $cleanhuburl, $fromform->name, 'hub'); set_config('site_description_' . $cleanhuburl, $fromform->description, 'hub'); @@ -115,6 +126,21 @@ if (!empty($fromform) and empty($update) and confirm_sesskey()) { if (!empty($fromform) and confirm_sesskey()) { // if the register button has been clicked + + // Retrieve the optional info (specially course number, user number, module number average...). + $siteinfo = $registrationmanager->get_site_info($huburl); + $fromform->courses = $siteinfo['courses']; + $fromform->users = $siteinfo['users']; + $fromform->enrolments = $siteinfo['enrolments']; + $fromform->posts = $siteinfo['posts']; + $fromform->questions = $siteinfo['questions']; + $fromform->resources = $siteinfo['resources']; + $fromform->badges = $siteinfo['badges']; + $fromform->issuedbadges = $siteinfo['issuedbadges']; + $fromform->modulenumberaverage = $siteinfo['modulenumberaverage']; + $fromform->participantnumberaverage = $siteinfo['participantnumberaverage']; + $fromform->street = $siteinfo['street']; + $params = (array) $fromform; //we are using the form input as the redirection parameters (token, url and name) $unconfirmedhub = $registrationmanager->get_unconfirmedhub($huburl);
a811e8ac56e4MDL-37822 fix checkboxes that were always set to on by default
1 file changed · +10 −8
admin/registration/forms.php+10 −8 modified@@ -243,6 +243,8 @@ public function definition() { $questionsnumber = get_config('hub', 'site_questionsnumber_' . $cleanhuburl); $resourcesnumber = get_config('hub', 'site_resourcesnumber_' . $cleanhuburl); $mediancoursesize = get_config('hub', 'site_mediancoursesize_' . $cleanhuburl); + $participantnumberaveragecfg = get_config('hub', 'site_participantnumberaverage_' . $cleanhuburl); + $modulenumberaveragecfg = get_config('hub', 'site_modulenumberaverage_' . $cleanhuburl); //hidden parameters $mform->addElement('hidden', 'huburl', $huburl); @@ -374,36 +376,36 @@ public function definition() { if (HUB_MOODLEORGHUBURL != $huburl) { $mform->addElement('checkbox', 'courses', get_string('sendfollowinginfo', 'hub'), " " . get_string('coursesnumber', 'hub', $coursecount)); - $mform->setDefault('courses', true); + $mform->setDefault('courses', $coursesnumber != -1); $mform->addHelpButton('courses', 'sendfollowinginfo', 'hub'); $mform->addElement('checkbox', 'users', '', " " . get_string('usersnumber', 'hub', $usercount)); - $mform->setDefault('users', true); + $mform->setDefault('users', $usersnumber != -1); $mform->addElement('checkbox', 'roleassignments', '', " " . get_string('roleassignmentsnumber', 'hub', $roleassigncount)); - $mform->setDefault('roleassignments', true); + $mform->setDefault('roleassignments', $roleassignmentsnumber != -1); $mform->addElement('checkbox', 'posts', '', " " . get_string('postsnumber', 'hub', $postcount)); - $mform->setDefault('posts', true); + $mform->setDefault('posts', $postsnumber != -1); $mform->addElement('checkbox', 'questions', '', " " . get_string('questionsnumber', 'hub', $questioncount)); - $mform->setDefault('questions', true); + $mform->setDefault('questions', $questionsnumber != -1); $mform->addElement('checkbox', 'resources', '', " " . get_string('resourcesnumber', 'hub', $resourcecount)); - $mform->setDefault('resources', true); + $mform->setDefault('resources', $resourcesnumber != -1); $mform->addElement('checkbox', 'participantnumberaverage', '', " " . get_string('participantnumberaverage', 'hub', $participantnumberaverage)); - $mform->setDefault('participantnumberaverage', true); + $mform->setDefault('participantnumberaverage', $participantnumberaveragecfg != -1); $mform->addElement('checkbox', 'modulenumberaverage', '', " " . get_string('modulenumberaverage', 'hub', $modulenumberaverage)); - $mform->setDefault('modulenumberaverage', true); + $mform->setDefault('modulenumberaverage', $modulenumberaveragecfg != -1); } else { $mform->addElement('static', 'courseslabel', get_string('sendfollowinginfo', 'hub'), " " . get_string('coursesnumber', 'hub', $coursecount));
be6281e2cbc2MDL-37822 fix checkboxes that were always set to on by default
1 file changed · +10 −8
admin/registration/forms.php+10 −8 modified@@ -244,6 +244,8 @@ public function definition() { $questionsnumber = get_config('hub', 'site_questionsnumber_' . $cleanhuburl); $resourcesnumber = get_config('hub', 'site_resourcesnumber_' . $cleanhuburl); $mediancoursesize = get_config('hub', 'site_mediancoursesize_' . $cleanhuburl); + $participantnumberaveragecfg = get_config('hub', 'site_participantnumberaverage_' . $cleanhuburl); + $modulenumberaveragecfg = get_config('hub', 'site_modulenumberaverage_' . $cleanhuburl); //hidden parameters $mform->addElement('hidden', 'huburl', $huburl); @@ -376,36 +378,36 @@ public function definition() { if (HUB_MOODLEORGHUBURL != $huburl) { $mform->addElement('checkbox', 'courses', get_string('sendfollowinginfo', 'hub'), " " . get_string('coursesnumber', 'hub', $coursecount)); - $mform->setDefault('courses', true); + $mform->setDefault('courses', $coursesnumber != -1); $mform->addHelpButton('courses', 'sendfollowinginfo', 'hub'); $mform->addElement('checkbox', 'users', '', " " . get_string('usersnumber', 'hub', $usercount)); - $mform->setDefault('users', true); + $mform->setDefault('users', $usersnumber != -1); $mform->addElement('checkbox', 'roleassignments', '', " " . get_string('roleassignmentsnumber', 'hub', $roleassigncount)); - $mform->setDefault('roleassignments', true); + $mform->setDefault('roleassignments', $roleassignmentsnumber != -1); $mform->addElement('checkbox', 'posts', '', " " . get_string('postsnumber', 'hub', $postcount)); - $mform->setDefault('posts', true); + $mform->setDefault('posts', $postsnumber != -1); $mform->addElement('checkbox', 'questions', '', " " . get_string('questionsnumber', 'hub', $questioncount)); - $mform->setDefault('questions', true); + $mform->setDefault('questions', $questionsnumber != -1); $mform->addElement('checkbox', 'resources', '', " " . get_string('resourcesnumber', 'hub', $resourcecount)); - $mform->setDefault('resources', true); + $mform->setDefault('resources', $resourcesnumber != -1); $mform->addElement('checkbox', 'participantnumberaverage', '', " " . get_string('participantnumberaverage', 'hub', $participantnumberaverage)); - $mform->setDefault('participantnumberaverage', true); + $mform->setDefault('participantnumberaverage', $participantnumberaveragecfg != -1); $mform->addElement('checkbox', 'modulenumberaverage', '', " " . get_string('modulenumberaverage', 'hub', $modulenumberaverage)); - $mform->setDefault('modulenumberaverage', true); + $mform->setDefault('modulenumberaverage', $modulenumberaveragecfg != -1); } else { $mform->addElement('static', 'courseslabel', get_string('sendfollowinginfo', 'hub'), " " . get_string('coursesnumber', 'hub', $coursecount));
1d79b726d762MDL-37822 fix checkboxes that were always set to on by default
1 file changed · +10 −8
admin/registration/forms.php+10 −8 modified@@ -244,6 +244,8 @@ public function definition() { $questionsnumber = get_config('hub', 'site_questionsnumber_' . $cleanhuburl); $resourcesnumber = get_config('hub', 'site_resourcesnumber_' . $cleanhuburl); $mediancoursesize = get_config('hub', 'site_mediancoursesize_' . $cleanhuburl); + $participantnumberaveragecfg = get_config('hub', 'site_participantnumberaverage_' . $cleanhuburl); + $modulenumberaveragecfg = get_config('hub', 'site_modulenumberaverage_' . $cleanhuburl); //hidden parameters $mform->addElement('hidden', 'huburl', $huburl); @@ -376,36 +378,36 @@ public function definition() { if (HUB_MOODLEORGHUBURL != $huburl) { $mform->addElement('checkbox', 'courses', get_string('sendfollowinginfo', 'hub'), " " . get_string('coursesnumber', 'hub', $coursecount)); - $mform->setDefault('courses', true); + $mform->setDefault('courses', $coursesnumber != -1); $mform->addHelpButton('courses', 'sendfollowinginfo', 'hub'); $mform->addElement('checkbox', 'users', '', " " . get_string('usersnumber', 'hub', $usercount)); - $mform->setDefault('users', true); + $mform->setDefault('users', $usersnumber != -1); $mform->addElement('checkbox', 'roleassignments', '', " " . get_string('roleassignmentsnumber', 'hub', $roleassigncount)); - $mform->setDefault('roleassignments', true); + $mform->setDefault('roleassignments', $roleassignmentsnumber != -1); $mform->addElement('checkbox', 'posts', '', " " . get_string('postsnumber', 'hub', $postcount)); - $mform->setDefault('posts', true); + $mform->setDefault('posts', $postsnumber != -1); $mform->addElement('checkbox', 'questions', '', " " . get_string('questionsnumber', 'hub', $questioncount)); - $mform->setDefault('questions', true); + $mform->setDefault('questions', $questionsnumber != -1); $mform->addElement('checkbox', 'resources', '', " " . get_string('resourcesnumber', 'hub', $resourcecount)); - $mform->setDefault('resources', true); + $mform->setDefault('resources', $resourcesnumber != -1); $mform->addElement('checkbox', 'participantnumberaverage', '', " " . get_string('participantnumberaverage', 'hub', $participantnumberaverage)); - $mform->setDefault('participantnumberaverage', true); + $mform->setDefault('participantnumberaverage', $participantnumberaveragecfg != -1); $mform->addElement('checkbox', 'modulenumberaverage', '', " " . get_string('modulenumberaverage', 'hub', $modulenumberaverage)); - $mform->setDefault('modulenumberaverage', true); + $mform->setDefault('modulenumberaverage', $modulenumberaveragecfg != -1); } else { $mform->addElement('static', 'courseslabel', get_string('sendfollowinginfo', 'hub'), " " . get_string('coursesnumber', 'hub', $coursecount));
fd469033fa2cMDL-37822 move the default code above the set_config to not make the code less confusing
1 file changed · +12 −11
admin/registration/register.php+12 −11 modified@@ -62,7 +62,18 @@ $fromform = $siteregistrationform->get_data(); if (!empty($fromform) and confirm_sesskey()) { - //save the settings + + // Set to -1 all optional data marked as "don't send" by the admin. + // The function get_site_info() will not calculate the optional data if config is set to -1. + $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', + 'modulenumberaverage', 'participantnumberaverage'); + foreach ($inputnames as $inputname) { + if (empty($fromform->{$inputname})) { + $fromform->{$inputname} = -1; + } + } + + // Save the settings. $cleanhuburl = clean_param($huburl, PARAM_ALPHANUMEXT); set_config('site_name_' . $cleanhuburl, $fromform->name, 'hub'); set_config('site_description_' . $cleanhuburl, $fromform->description, 'hub'); @@ -78,16 +89,6 @@ set_config('site_geolocation_' . $cleanhuburl, $fromform->geolocation, 'hub'); set_config('site_contactable_' . $cleanhuburl, $fromform->contactable, 'hub'); set_config('site_emailalert_' . $cleanhuburl, $fromform->emailalert, 'hub'); - - // Set to -1 all optional data marked as "don't send" by the admin. - // The function get_site_info() will not calculate the optional data if config is set to -1. - $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', - 'modulenumberaverage', 'participantnumberaverage'); - foreach ($inputnames as $inputname) { - if (empty($fromform->{$inputname})) { - $fromform->{$inputname} = -1; - } - } set_config('site_coursesnumber_' . $cleanhuburl, $fromform->courses, 'hub'); set_config('site_usersnumber_' . $cleanhuburl, $fromform->users, 'hub'); set_config('site_roleassignmentsnumber_' . $cleanhuburl, $fromform->roleassignments, 'hub');
1fc34e37fdc5MDL-37822 move the default code above the set_config to not make the code less confusing
1 file changed · +12 −11
admin/registration/register.php+12 −11 modified@@ -62,7 +62,18 @@ $fromform = $siteregistrationform->get_data(); if (!empty($fromform) and confirm_sesskey()) { - //save the settings + + // Set to -1 all optional data marked as "don't send" by the admin. + // The function get_site_info() will not calculate the optional data if config is set to -1. + $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', + 'modulenumberaverage', 'participantnumberaverage'); + foreach ($inputnames as $inputname) { + if (empty($fromform->{$inputname})) { + $fromform->{$inputname} = -1; + } + } + + // Save the settings. $cleanhuburl = clean_param($huburl, PARAM_ALPHANUMEXT); set_config('site_name_' . $cleanhuburl, $fromform->name, 'hub'); set_config('site_description_' . $cleanhuburl, $fromform->description, 'hub'); @@ -78,16 +89,6 @@ set_config('site_geolocation_' . $cleanhuburl, $fromform->geolocation, 'hub'); set_config('site_contactable_' . $cleanhuburl, $fromform->contactable, 'hub'); set_config('site_emailalert_' . $cleanhuburl, $fromform->emailalert, 'hub'); - - // Set to -1 all optional data marked as "don't send" by the admin. - // The function get_site_info() will not calculate the optional data if config is set to -1. - $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', - 'modulenumberaverage', 'participantnumberaverage'); - foreach ($inputnames as $inputname) { - if (empty($fromform->{$inputname})) { - $fromform->{$inputname} = -1; - } - } set_config('site_coursesnumber_' . $cleanhuburl, $fromform->courses, 'hub'); set_config('site_usersnumber_' . $cleanhuburl, $fromform->users, 'hub'); set_config('site_roleassignmentsnumber_' . $cleanhuburl, $fromform->roleassignments, 'hub');
4d65904bc132MDL-37822 move the default code above the set_config to not make the code less confusing
1 file changed · +12 −11
admin/registration/register.php+12 −11 modified@@ -60,7 +60,18 @@ $fromform = $siteregistrationform->get_data(); if (!empty($fromform) and confirm_sesskey()) { - //save the settings + + // Set to -1 all optional data marked as "don't send" by the admin. + // The function get_site_info() will not calculate the optional data if config is set to -1. + $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', + 'modulenumberaverage', 'participantnumberaverage'); + foreach ($inputnames as $inputname) { + if (empty($fromform->{$inputname})) { + $fromform->{$inputname} = -1; + } + } + + // Save the settings. $cleanhuburl = clean_param($huburl, PARAM_ALPHANUMEXT); set_config('site_name_' . $cleanhuburl, $fromform->name, 'hub'); set_config('site_description_' . $cleanhuburl, $fromform->description, 'hub'); @@ -76,16 +87,6 @@ set_config('site_geolocation_' . $cleanhuburl, $fromform->geolocation, 'hub'); set_config('site_contactable_' . $cleanhuburl, $fromform->contactable, 'hub'); set_config('site_emailalert_' . $cleanhuburl, $fromform->emailalert, 'hub'); - - // Set to -1 all optional data marked as "don't send" by the admin. - // The function get_site_info() will not calculate the optional data if config is set to -1. - $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', - 'modulenumberaverage', 'participantnumberaverage'); - foreach ($inputnames as $inputname) { - if (empty($fromform->{$inputname})) { - $fromform->{$inputname} = -1; - } - } set_config('site_coursesnumber_' . $cleanhuburl, $fromform->courses, 'hub'); set_config('site_usersnumber_' . $cleanhuburl, $fromform->users, 'hub'); set_config('site_roleassignmentsnumber_' . $cleanhuburl, $fromform->roleassignments, 'hub');
667eaec4d267MDL-37822 Moodle send site information to a hub even though it's unchecked
1 file changed · +23 −0
admin/registration/register.php+23 −0 modified@@ -78,6 +78,16 @@ set_config('site_geolocation_' . $cleanhuburl, $fromform->geolocation, 'hub'); set_config('site_contactable_' . $cleanhuburl, $fromform->contactable, 'hub'); set_config('site_emailalert_' . $cleanhuburl, $fromform->emailalert, 'hub'); + + // Set to -1 all optional data marked as "don't send" by the admin. + // The function get_site_info() will not calculate the optional data if config is set to -1. + $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', + 'modulenumberaverage', 'participantnumberaverage'); + foreach ($inputnames as $inputname) { + if (empty($fromform->{$inputname})) { + $fromform->{$inputname} = -1; + } + } set_config('site_coursesnumber_' . $cleanhuburl, $fromform->courses, 'hub'); set_config('site_usersnumber_' . $cleanhuburl, $fromform->users, 'hub'); set_config('site_roleassignmentsnumber_' . $cleanhuburl, $fromform->roleassignments, 'hub'); @@ -113,6 +123,19 @@ if (!empty($fromform) and empty($update) and confirm_sesskey()) { if (!empty($fromform) and confirm_sesskey()) { // if the register button has been clicked + + // Retrieve the optional info (specially course number, user number, module number average...). + $siteinfo = $registrationmanager->get_site_info($huburl); + $fromform->courses = $siteinfo['courses']; + $fromform->users = $siteinfo['users']; + $fromform->enrolments = $siteinfo['enrolments']; + $fromform->posts = $siteinfo['posts']; + $fromform->questions = $siteinfo['questions']; + $fromform->resources = $siteinfo['resources']; + $fromform->modulenumberaverage = $siteinfo['modulenumberaverage']; + $fromform->participantnumberaverage = $siteinfo['participantnumberaverage']; + $fromform->street = $siteinfo['street']; + $params = (array) $fromform; //we are using the form input as the redirection parameters (token, url and name) $unconfirmedhub = $registrationmanager->get_unconfirmedhub($huburl);
54a3ce69e9caMDL-37822 Moodle send site information to a hub even though it's unchecked
1 file changed · +23 −0
admin/registration/register.php+23 −0 modified@@ -78,6 +78,16 @@ set_config('site_geolocation_' . $cleanhuburl, $fromform->geolocation, 'hub'); set_config('site_contactable_' . $cleanhuburl, $fromform->contactable, 'hub'); set_config('site_emailalert_' . $cleanhuburl, $fromform->emailalert, 'hub'); + + // Set to -1 all optional data marked as "don't send" by the admin. + // The function get_site_info() will not calculate the optional data if config is set to -1. + $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', + 'modulenumberaverage', 'participantnumberaverage'); + foreach ($inputnames as $inputname) { + if (empty($fromform->{$inputname})) { + $fromform->{$inputname} = -1; + } + } set_config('site_coursesnumber_' . $cleanhuburl, $fromform->courses, 'hub'); set_config('site_usersnumber_' . $cleanhuburl, $fromform->users, 'hub'); set_config('site_roleassignmentsnumber_' . $cleanhuburl, $fromform->roleassignments, 'hub'); @@ -113,6 +123,19 @@ if (!empty($fromform) and empty($update) and confirm_sesskey()) { if (!empty($fromform) and confirm_sesskey()) { // if the register button has been clicked + + // Retrieve the optional info (specially course number, user number, module number average...). + $siteinfo = $registrationmanager->get_site_info($huburl); + $fromform->courses = $siteinfo['courses']; + $fromform->users = $siteinfo['users']; + $fromform->enrolments = $siteinfo['enrolments']; + $fromform->posts = $siteinfo['posts']; + $fromform->questions = $siteinfo['questions']; + $fromform->resources = $siteinfo['resources']; + $fromform->modulenumberaverage = $siteinfo['modulenumberaverage']; + $fromform->participantnumberaverage = $siteinfo['participantnumberaverage']; + $fromform->street = $siteinfo['street']; + $params = (array) $fromform; //we are using the form input as the redirection parameters (token, url and name) $unconfirmedhub = $registrationmanager->get_unconfirmedhub($huburl);
60c468bcb3b6MDL-37822 Moodle send site information to a hub even though it's unchecked
1 file changed · +23 −0
admin/registration/register.php+23 −0 modified@@ -76,6 +76,16 @@ set_config('site_geolocation_' . $cleanhuburl, $fromform->geolocation, 'hub'); set_config('site_contactable_' . $cleanhuburl, $fromform->contactable, 'hub'); set_config('site_emailalert_' . $cleanhuburl, $fromform->emailalert, 'hub'); + + // Set to -1 all optional data marked as "don't send" by the admin. + // The function get_site_info() will not calculate the optional data if config is set to -1. + $inputnames = array('courses', 'users', 'roleassignments', 'posts', 'questions', 'resources', + 'modulenumberaverage', 'participantnumberaverage'); + foreach ($inputnames as $inputname) { + if (empty($fromform->{$inputname})) { + $fromform->{$inputname} = -1; + } + } set_config('site_coursesnumber_' . $cleanhuburl, $fromform->courses, 'hub'); set_config('site_usersnumber_' . $cleanhuburl, $fromform->users, 'hub'); set_config('site_roleassignmentsnumber_' . $cleanhuburl, $fromform->roleassignments, 'hub'); @@ -111,6 +121,19 @@ if (!empty($fromform) and empty($update) and confirm_sesskey()) { if (!empty($fromform) and confirm_sesskey()) { // if the register button has been clicked + + // Retrieve the optional info (specially course number, user number, module number average...). + $siteinfo = $registrationmanager->get_site_info($huburl); + $fromform->courses = $siteinfo['courses']; + $fromform->users = $siteinfo['users']; + $fromform->enrolments = $siteinfo['enrolments']; + $fromform->posts = $siteinfo['posts']; + $fromform->questions = $siteinfo['questions']; + $fromform->resources = $siteinfo['resources']; + $fromform->modulenumberaverage = $siteinfo['modulenumberaverage']; + $fromform->participantnumberaverage = $siteinfo['participantnumberaverage']; + $fromform->street = $siteinfo['street']; + $params = (array) $fromform; //we are using the form input as the redirection parameters (token, url and name) $unconfirmedhub = $registrationmanager->get_unconfirmedhub($huburl);
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
17- github.com/advisories/GHSA-x3x8-fjw6-hccxghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2013-2081ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.htmlnvdWEB
- openwall.com/lists/oss-security/2013/05/21/1nvdWEB
- github.com/moodle/moodle/commit/1d79b726d762bcc629c1a2a74cfa3eca5a7c5da7ghsaWEB
- github.com/moodle/moodle/commit/1fc34e37fdc57b4ec303cb942dc5d5535b953ed7ghsaWEB
- github.com/moodle/moodle/commit/4d65904bc132548a2ef4c2a40bf5ba2cffb5f68fghsaWEB
- github.com/moodle/moodle/commit/54a3ce69e9ca751fffd0b3e0eb5be4add50de113ghsaWEB
- github.com/moodle/moodle/commit/60c468bcb3b6f867a70f2f30427b52e0362e93d1ghsaWEB
- github.com/moodle/moodle/commit/667eaec4d2679a8bc1fcd9f0ff17a1be2babccb0ghsaWEB
- github.com/moodle/moodle/commit/669dee58048b18d9034a7b2367b97a50b498b0e0ghsaWEB
- github.com/moodle/moodle/commit/a811e8ac56e49a174b68ceade81197c80be4b325ghsaWEB
- github.com/moodle/moodle/commit/be6281e2cbc2fb40b96a48c07c80883fa80cd1b7ghsaWEB
- github.com/moodle/moodle/commit/fd469033fa2c860647e48f3d543346503a37faa0ghsaWEB
News mentions
0No linked articles in our index yet.