Moodle 1.9 security holes - Help to seal them.
It has recently come to our attention that our moodle installation is not as secure as it could be.
We have realised that XSS (Cross site scripting) can be run on our moodle install by typin code into the ilp text boxes and saving it. Detailed here on moodle.org
What i need is to know what we can do to stop it. Anyone have any good advice or easy to follow instructions on how we can disable it?
I also want to be able to restrict what file types the users can upload to moodle. Is there a way to just have a white list of accepted file types and block everything else?