diff --git a/admin/roles/manage.html b/admin/roles/manage.html
index 41efee245e6..f8260fdb7cd 100755
--- a/admin/roles/manage.html
+++ b/admin/roles/manage.html
@@ -18,6 +18,7 @@ Role short name (ASCII): name; ?>" VALUE="1" permission) && $localoverride->permission==1){ echo 'checked="checked"'; }?>>
| permission) && $localoverride->permission==-1){ echo 'checked="checked"'; }?>> |
permission) && $localoverride->permission==-1000){ echo 'checked="checked"'; }?>> |
+ riskbitmask) {
+ echo "T";
+ }
+ if (RISK_ADMIN & (int)$capability->riskbitmask) {
+ echo "A";
+ }
+ if (RISK_XSS & (int)$capability->riskbitmask) {
+ echo "X";
+ }
+ if (RISK_PERSONAL & (int)$capability->riskbitmask) {
+ echo "P";
+ }
+ if (RISK_SPAM & (int)$capability->riskbitmask) {
+ echo "S";
+ }
+ ?> |
diff --git a/admin/roles/override.html b/admin/roles/override.html
index 03c1144fa08..9db29bb2c03 100755
--- a/admin/roles/override.html
+++ b/admin/roles/override.html
@@ -15,6 +15,7 @@ if ($courseid) {
|
|
|
+ |
>
+ riskbitmask) {
+ echo "T";
+ }
+ if (RISK_ADMIN & (int)$capability->riskbitmask) {
+ echo "A";
+ }
+ if (RISK_XSS & (int)$capability->riskbitmask) {
+ echo "X";
+ }
+ if (RISK_PERSONAL & (int)$capability->riskbitmask) {
+ echo "P";
+ }
+ if (RISK_SPAM & (int)$capability->riskbitmask) {
+ echo "S";
+ }
+ ?> |
diff --git a/lib/accesslib.php b/lib/accesslib.php
index 2860e872663..a08efde48b9 100755
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -30,6 +30,14 @@ define('CONTEXT_GROUP', 60);
define('CONTEXT_MODULE', 70);
define('CONTEXT_BLOCK', 80);
+// capability risks - see http://docs.moodle.org/en/Hardening_new_Roles_system
+define('RISK_MANAGETRUST', 0x0001);
+define('RISK_ADMIN', 0x0002);
+define('RISK_XSS', 0x0004);
+define('RISK_PERSONAL', 0x0008);
+define('RISK_SPAM', 0x0010);
+
+
$context_cache = array(); // Cache of all used context objects for performance (by level and instance)
$context_cache_id = array(); // Index to above cache by id
diff --git a/lib/db/access.php b/lib/db/access.php
index 1dd45d9081c..f641d260fd7 100644
--- a/lib/db/access.php
+++ b/lib/db/access.php
@@ -34,6 +34,7 @@
$moodle_capabilities = array(
'moodle/site:doanything' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_ADMIN,
'captype' => 'admin',
'contextlevel' => CONTEXT_SYSTEM
),
@@ -45,30 +46,35 @@ $moodle_capabilities = array(
'moodle/legacy:student' => array(
+ 'riskbitmask' => RISK_SPAM,
'captype' => 'legacy',
'contextlevel' => CONTEXT_SYSTEM
),
'moodle/legacy:teacher' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
'captype' => 'legacy',
'contextlevel' => CONTEXT_SYSTEM
),
'moodle/legacy:editingteacher' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
'captype' => 'legacy',
'contextlevel' => CONTEXT_SYSTEM
),
'moodle/legacy:coursecreator' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
'captype' => 'legacy',
'contextlevel' => CONTEXT_SYSTEM
),
'moodle/legacy:admin' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_ADMIN,
'captype' => 'legacy',
'contextlevel' => CONTEXT_SYSTEM
),
@@ -76,6 +82,8 @@ $moodle_capabilities = array(
'moodle/site:config' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_ADMIN,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -118,6 +126,8 @@ $moodle_capabilities = array(
'moodle/site:import' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -132,6 +142,8 @@ $moodle_capabilities = array(
'moodle/site:backup' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -146,6 +158,8 @@ $moodle_capabilities = array(
'moodle/site:restore' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -160,6 +174,8 @@ $moodle_capabilities = array(
'moodle/site:manageblocks' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -216,6 +232,8 @@ $moodle_capabilities = array(
'moodle/site:viewreports' => array(
+ 'riskbitmask' => RISK_PERSONAL,
+
'captype' => 'read',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -230,6 +248,8 @@ $moodle_capabilities = array(
'moodle/site:trustcontent' => array(
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -244,6 +264,8 @@ $moodle_capabilities = array(
'moodle/user:create' => array(
+ 'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -272,6 +294,8 @@ $moodle_capabilities = array(
'moodle/user:update' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -300,6 +324,8 @@ $moodle_capabilities = array(
'moodle/user:viewhiddendetails' => array(
+ 'riskbitmask' => RISK_PERSONAL,
+
'captype' => 'read',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -438,6 +464,8 @@ $moodle_capabilities = array(
'moodle/course:create' => array(
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
@@ -466,6 +494,8 @@ $moodle_capabilities = array(
'moodle/course:update' => array(
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
@@ -494,6 +524,8 @@ $moodle_capabilities = array(
'moodle/course:viewhiddenuserfields' => array(
+ 'riskbitmask' => RISK_PERSONAL,
+
'captype' => 'read',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
@@ -536,6 +568,8 @@ $moodle_capabilities = array(
'moodle/course:managefiles' => array(
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
@@ -550,6 +584,8 @@ $moodle_capabilities = array(
'moodle/course:managequestions' => array(
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
@@ -564,6 +600,8 @@ $moodle_capabilities = array(
'moodle/course:manageactivities' => array(
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
@@ -704,6 +742,8 @@ $moodle_capabilities = array(
'moodle/blog:create' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -718,6 +758,8 @@ $moodle_capabilities = array(
'moodle/blog:manageofficialtags' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -732,6 +774,8 @@ $moodle_capabilities = array(
'moodle/blog:managepersonaltags' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -746,6 +790,8 @@ $moodle_capabilities = array(
'moodle/blog:manageentries' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -760,6 +806,8 @@ $moodle_capabilities = array(
'moodle/calendar:manageownentries' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -774,6 +822,8 @@ $moodle_capabilities = array(
'moodle/calendar:manageentries' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_SYSTEM,
'legacy' => array(
@@ -828,6 +878,9 @@ $moodle_capabilities = array(
),
'moodle/user:editprofile' => array(
+
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'read',
'contextlevel' => CONTEXT_USER,
'legacy' => array(
@@ -841,6 +894,9 @@ $moodle_capabilities = array(
),
'moodle/question:import' => array(
+
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
@@ -880,6 +936,9 @@ $moodle_capabilities = array(
),
'moodle/question:manage' => array(
+
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_COURSE,
'legacy' => array(
diff --git a/mod/chat/db/access.php b/mod/chat/db/access.php
index f3b7238ddc3..b8d8a33a310 100644
--- a/mod/chat/db/access.php
+++ b/mod/chat/db/access.php
@@ -35,6 +35,8 @@ $mod_chat_capabilities = array(
'mod/chat:chat' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
diff --git a/mod/chat/version.php b/mod/chat/version.php
index 98b7acb691c..01bbd01f6b9 100644
--- a/mod/chat/version.php
+++ b/mod/chat/version.php
@@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
-$module->version = 2006091201; // The (date) version of this module
+$module->version = 2006091800; // The (date) version of this module
$module->requires = 2006080900; // Requires this Moodle version
$module->cron = 300; // How often should cron check this module (seconds)?
diff --git a/mod/data/db/access.php b/mod/data/db/access.php
index fde55f1da4e..90625ba5d24 100644
--- a/mod/data/db/access.php
+++ b/mod/data/db/access.php
@@ -63,6 +63,8 @@ $mod_data_capabilities = array(
'mod/data:writeentry' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
@@ -77,6 +79,8 @@ $mod_data_capabilities = array(
'mod/data:comment' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
@@ -161,6 +165,8 @@ $mod_data_capabilities = array(
'mod/data:managetemplates' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
diff --git a/mod/data/version.php b/mod/data/version.php
index a0ad66ace07..5fe726bab38 100644
--- a/mod/data/version.php
+++ b/mod/data/version.php
@@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
-$module->version = 2006091201;
+$module->version = 2006091800;
$module->requires = 2006080900; // Requires this Moodle version
$module->cron = 60;
diff --git a/mod/forum/db/access.php b/mod/forum/db/access.php
index a0525701d8a..819e5089b9b 100644
--- a/mod/forum/db/access.php
+++ b/mod/forum/db/access.php
@@ -77,7 +77,9 @@ $mod_forum_capabilities = array(
'mod/forum:startdiscussion' => array(
- 'captype' => 'read',
+ 'riskbitmask' => RISK_SPAM,
+
+ 'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
@@ -91,7 +93,9 @@ $mod_forum_capabilities = array(
'mod/forum:replypost' => array(
- 'captype' => 'read',
+ 'riskbitmask' => RISK_SPAM,
+
+ 'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
@@ -133,7 +137,7 @@ $mod_forum_capabilities = array(
'mod/forum:rate' => array(
- 'captype' => 'read',
+ 'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
@@ -147,7 +151,9 @@ $mod_forum_capabilities = array(
'mod/forum:createattachment' => array(
- 'captype' => 'read',
+ 'riskbitmask' => RISK_SPAM,
+
+ 'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
@@ -217,7 +223,9 @@ $mod_forum_capabilities = array(
'mod/forum:editanypost' => array(
- 'captype' => 'read',
+ 'riskbitmask' => RISK_SPAM,
+
+ 'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
'guest' => CAP_PREVENT,
diff --git a/mod/forum/version.php b/mod/forum/version.php
index 61defdbcc4a..a797f5d48ac 100644
--- a/mod/forum/version.php
+++ b/mod/forum/version.php
@@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
-$module->version = 2006091201;
+$module->version = 2006091800;
$module->requires = 2006082600; // Requires this Moodle version
$module->cron = 60;
diff --git a/mod/glossary/db/access.php b/mod/glossary/db/access.php
index 6f7423ced7c..a39cd21d8ba 100644
--- a/mod/glossary/db/access.php
+++ b/mod/glossary/db/access.php
@@ -49,6 +49,8 @@ $mod_glossary_capabilities = array(
'mod/glossary:write' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
@@ -91,6 +93,8 @@ $mod_glossary_capabilities = array(
'mod/glossary:comment' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
@@ -119,6 +123,8 @@ $mod_glossary_capabilities = array(
'mod/glossary:import' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
diff --git a/mod/glossary/version.php b/mod/glossary/version.php
index 6dff8bef431..2a5427ad79c 100644
--- a/mod/glossary/version.php
+++ b/mod/glossary/version.php
@@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
-$module->version = 2006091201;
+$module->version = 2006091800;
$module->requires = 2006082600; // Requires this Moodle version
$module->cron = 0; // Period for cron to check this module (secs)
diff --git a/mod/lesson/db/access.php b/mod/lesson/db/access.php
index 747eac2380d..e7e71b258e2 100644
--- a/mod/lesson/db/access.php
+++ b/mod/lesson/db/access.php
@@ -22,6 +22,8 @@ $mod_lesson_capabilities = array(
'mod/lesson:edit' => array(
+ 'riskbitmask' => RISK_XSS,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
diff --git a/mod/lesson/version.php b/mod/lesson/version.php
index 1d6a3ab3d08..b722ead2df9 100644
--- a/mod/lesson/version.php
+++ b/mod/lesson/version.php
@@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
-$module->version = 2006091202; // The current module version (Date: YYYYMMDDXX)
+$module->version = 2006091801; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2006080900; // Requires this Moodle version
$module->cron = 0; // Period for cron to check this module (secs)
diff --git a/mod/wiki/db/access.php b/mod/wiki/db/access.php
index f480bef5f1b..bb48107eb4c 100644
--- a/mod/wiki/db/access.php
+++ b/mod/wiki/db/access.php
@@ -22,6 +22,8 @@ $mod_wiki_capabilities = array(
'mod/wiki:participate' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
@@ -36,6 +38,8 @@ $mod_wiki_capabilities = array(
'mod/wiki:manage' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
diff --git a/mod/wiki/version.php b/mod/wiki/version.php
index cb7b70f397b..87b1847a9d0 100644
--- a/mod/wiki/version.php
+++ b/mod/wiki/version.php
@@ -5,7 +5,7 @@
/// This fragment is called by moodle_needs_upgrading() and /admin/index.php
/////////////////////////////////////////////////////////////////////////////////
-$module->version = 2006091202; // The current module version (Date: YYYYMMDDXX)
+$module->version = 2006091800; // The current module version (Date: YYYYMMDDXX)
$module->requires = 2006080900; // The current module version (Date: YYYYMMDDXX)
$module->cron = 0; // Period for cron to check this module (secs)
diff --git a/mod/workshop/db/access.php b/mod/workshop/db/access.php
index b50387ab97a..c16de6759ff 100644
--- a/mod/workshop/db/access.php
+++ b/mod/workshop/db/access.php
@@ -22,6 +22,8 @@ $mod_workshop_capabilities = array(
'mod/workshop:participate' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
@@ -36,6 +38,8 @@ $mod_workshop_capabilities = array(
'mod/workshop:manage' => array(
+ 'riskbitmask' => RISK_SPAM,
+
'captype' => 'write',
'contextlevel' => CONTEXT_MODULE,
'legacy' => array(
diff --git a/mod/workshop/version.php b/mod/workshop/version.php
index a0ad66ace07..5fe726bab38 100644
--- a/mod/workshop/version.php
+++ b/mod/workshop/version.php
@@ -5,7 +5,7 @@
// This fragment is called by /admin/index.php
////////////////////////////////////////////////////////////////////////////////
-$module->version = 2006091201;
+$module->version = 2006091800;
$module->requires = 2006080900; // Requires this Moodle version
$module->cron = 60;
diff --git a/version.php b/version.php
index 4a70d7c39a6..459f2478f18 100644
--- a/version.php
+++ b/version.php
@@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
- $version = 2006091804; // YYYYMMDD = date
+ $version = 2006091807; // YYYYMMDD = date
// XY = increments within a single day
$release = '1.7 dev'; // Human-friendly version name