mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 00:12:56 +02:00
Code Issues Projects Releases Wiki Activity

MDL-68486 auth_shibboleth: Reset convert_data if it uses dataroot file

Browse Source 
Upgrade step that resets the 'Data modification API' (convert_data)
setting to its default value if this setting is currently configured
to use a file located within the $CFG->dataroot directory.
This commit is contained in:
Mihail Geshoski 2020-11-27 09:54:37 +08:00 committed by Jake Dallimore
parent 6c51299e30
commit 06a338f00b
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
auth/shibboleth/db/upgrade.php
View File

@ -30,7 +30,7 @@ defined('MOODLE_INTERNAL') || die();
* @return bool result
*/
function xmldb_auth_shibboleth_upgrade($oldversion) {
global $CFG, $DB;
global $CFG, $DB, $OUTPUT;
// Automatically generated Moodle v3.5.0 release upgrade line.
// Put any upgrade step following this.
@ -47,5 +47,27 @@ function xmldb_auth_shibboleth_upgrade($oldversion) {
// Automatically generated Moodle v3.9.0 release upgrade line.
// Put any upgrade step following this.
if ($oldversion < 2021052501) {
// The 'Data modification API' setting in the Shibboleth authentication plugin can no longer be configured
// to use files located within the site data directory, as it exposes the site to security risks. Therefore,
// we need to find every existing case and reset the 'Data modification API' setting to its default value.
$convertdataconfig = get_config('auth_shibboleth', 'convert_data');
if (preg_match('/' . preg_quote($CFG->dataroot, '/') . '/', realpath($convertdataconfig))) {
set_config('convert_data', '', 'auth_shibboleth');
$warn = 'Your \'Data modification API\' setting in the Shibboleth authentication plugin is currently
configured to use a file located within the current site data directory ($CFG->dataroot). You are no
longer able to use files from within this directory for this purpose as it exposes your site to security
risks. This setting has been reset to its default value. Please reconfigure it by providing a path
to a file which is not located within the site data directory.';
echo $OUTPUT->notification($warn, 'notifyproblem');
}
upgrade_plugin_savepoint(true, 2021052501, 'auth', 'shibboleth');
}
return true;
}

2
auth/shibboleth/version.php
View File

@ -25,6 +25,6 @@
defined('MOODLE_INTERNAL') || die();
$plugin->version = 2021052500; // The current plugin version (Date: YYYYMMDDXX)
$plugin->version = 2021052501; // The current plugin version (Date: YYYYMMDDXX)
$plugin->requires = 2021052500; // Requires this Moodle version
$plugin->component = 'auth_shibboleth'; // Full name of the plugin (used for diagnostics)