MDL-40949 admin: Fix $CFG->preventexecpath hints

This setting restricts all local paths, not just executables.
2025-03-14 12:40:01 +01:00 · 2014-10-29 10:36:59 +13:00 · 2014-10-29 10:36:59 +13:00 · 5aaac8b2d6
commit 5aaac8b2d6
parent 32a69a7d7a
3 changed files with 41 additions and 5 deletions
--- a/lang/en/admin.php
+++ b/lang/en/admin.php
@ -507,7 +507,7 @@ $string['errorsetting'] = 'Could not save setting:';
 $string['errorwithsettings'] = 'Some settings were not changed due to an error.';
 $string['everyonewhocan'] = 'Everyone who can \'{$a}\'';
 $string['exceptions'] = 'exceptions';
-$string['execpathnotallowed'] = 'Setting executable paths disabled in config.php';
+$string['execpathnotallowed'] = 'Setting executable and local paths disabled in config.php';
 $string['experimental'] = 'Experimental';
 $string['experimentalsettings'] = 'Experimental settings';
 $string['extendedusernamechars'] = 'Allow extended characters in usernames';
--- a/lib/adminlib.php
+++ b/lib/adminlib.php
@ -2425,6 +2425,7 @@ class admin_setting_configfile extends admin_setting_configtext {
     * @return string XHTML field
     */
    public function output_html($data, $query='') {
+        global $CFG;
        $default = $this->get_defaultsetting();

        if ($data) {
@ -2436,9 +2437,14 @@ class admin_setting_configfile extends admin_setting_configtext {
        } else {
            $executable = '';
        }
+        $readonly = '';
+        if (!empty($CFG->preventexecpath)) {
+            $this->visiblename .= '<div class="form-overridden">'.get_string('execpathnotallowed', 'admin').'</div>';
+            $readonly = 'readonly="readonly"';
+        }

        return format_admin_setting($this, $this->visiblename,
-        '<div class="form-file defaultsnext"><input type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
+        '<div class="form-file defaultsnext"><input '.$readonly.' type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
        $this->description, true, '', $default, $query);
    }

@ -2490,12 +2496,14 @@ class admin_setting_configexecutable extends admin_setting_configfile {
        } else {
            $executable = '';
        }
+        $readonly = '';
        if (!empty($CFG->preventexecpath)) {
            $this->visiblename .= '<div class="form-overridden">'.get_string('execpathnotallowed', 'admin').'</div>';
+            $readonly = 'readonly="readonly"';
        }

        return format_admin_setting($this, $this->visiblename,
-        '<div class="form-file defaultsnext"><input type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
+        '<div class="form-file defaultsnext"><input '.$readonly.' type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
        $this->description, true, '', $default, $query);
    }
 }
@ -2516,6 +2524,7 @@ class admin_setting_configdirectory extends admin_setting_configfile {
     * @return string XHTML
     */
    public function output_html($data, $query='') {
+        global $CFG;
        $default = $this->get_defaultsetting();

        if ($data) {
@ -2527,9 +2536,14 @@ class admin_setting_configdirectory extends admin_setting_configfile {
        } else {
            $executable = '';
        }
+        $readonly = '';
+        if (!empty($CFG->preventexecpath)) {
+            $this->visiblename .= '<div class="form-overridden">'.get_string('execpathnotallowed', 'admin').'</div>';
+            $readonly = 'readonly="readonly"';
+        }

        return format_admin_setting($this, $this->visiblename,
-        '<div class="form-file defaultsnext"><input type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
+        '<div class="form-file defaultsnext"><input '.$readonly.' type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
        $this->description, true, '', $default, $query);
    }
 }
--- a/lib/tests/admintree_test.php
+++ b/lib/tests/admintree_test.php
@ -272,7 +272,7 @@ class core_admintree_testcase extends advanced_testcase {
        $setting->write_setting('/mm/nn');
        $this->assertSame('', get_config('abc_cde', 'execpath'));

-        // This also (most probably incorrectly) affects admin_setting_configfile.
+        // This also affects admin_setting_configfile and admin_setting_configdirectory.

        set_config('preventexecpath', 0);
        set_config('execpath', null, 'abc_cde');
@ -297,5 +297,27 @@ class core_admintree_testcase extends advanced_testcase {
        $setting->write_setting('/mm/nn');
        $this->assertSame('', get_config('abc_cde', 'execpath'));

+        set_config('preventexecpath', 0);
+        set_config('execpath', null, 'abc_cde');
+        $this->assertFalse(get_config('abc_cde', 'execpath'));
+        $setting = new admin_setting_configdirectory('abc_cde/execpath', 'some desc', '', '/xx/yy');
+        $setting->write_setting('/oo/pp');
+        $this->assertSame('/oo/pp', get_config('abc_cde', 'execpath'));
+
+        // Prevent changes.
+        set_config('preventexecpath', 1);
+        $setting->write_setting('/mm/nn');
+        $this->assertSame('/oo/pp', get_config('abc_cde', 'execpath'));
+
+        // Use default in install.
+        set_config('execpath', null, 'abc_cde');
+        $setting->write_setting('/mm/nn');
+        $this->assertSame('/xx/yy', get_config('abc_cde', 'execpath'));
+
+        // Use empty value if no default.
+        $setting = new admin_setting_configdirectory('abc_cde/execpath', 'some desc', '', null);
+        set_config('execpath', null, 'abc_cde');
+        $setting->write_setting('/mm/nn');
+        $this->assertSame('', get_config('abc_cde', 'execpath'));
    }
 }