mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 05:58:34 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-7339-master' of git://github.com/mickhawkins/moodle

Browse Source
This commit is contained in:
Jun Pataleta 2019-06-11 11:49:36 +08:00
commit 79edcde3f6
8 changed files with 41 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/settings/security.php
View File

@ -17,7 +17,7 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
$temp->add(new admin_setting_configcheckbox('forcelogin', new lang_string('forcelogin', 'admin'), new lang_string('configforcelogin', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('forceloginforprofiles', new lang_string('forceloginforprofiles', 'admin'), new lang_string('configforceloginforprofiles', 'admin'), 1));
$temp->add(new admin_setting_configcheckbox('forceloginforprofileimage', new lang_string('forceloginforprofileimage', 'admin'), new lang_string('forceloginforprofileimage_help', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('opentogoogle', new lang_string('opentogoogle', 'admin'), new lang_string('configopentogoogle', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('opentowebcrawlers', new lang_string('opentowebcrawlers', 'admin'), new lang_string('configopentowebcrawlers', 'admin'), 0));
$temp->add(new admin_setting_configselect('allowindexing', new lang_string('allowindexing', 'admin'), new lang_string('allowindexing_desc', 'admin'),
0,
array(0 => new lang_string('allowindexingexceptlogin', 'admin'),

5
admin/upgrade.txt
View File

@ -1,5 +1,10 @@
This files describes API changes in /admin/*.
=== 3.8 ===
* Admin setting "Open to Google" (opentogoogle) has been renamed to the more generic "Open to search engines" (opentowebcrawlers).
This is a more accurate representation of what is being set and the config string has also been moved and updated to reflect this.
=== 3.7 ===
* Admin setting "Allow blocks to use the dock" (allowblockstodock) has been removed & stings deprecated.

4
lang/en/admin.php
View File

@ -299,7 +299,7 @@ $string['confignoreplyaddress'] = 'Emails are sometimes sent out on behalf of a
$string['confignotifyloginfailures'] = 'Send login failure notification messages to these selected users. This requires an internal logstore (eg Standard Logstore) to be enabled.';
$string['confignotifyloginthreshold'] = 'If notifications about failed logins are active, how many failed login attempts by one user or one IP address is it worth notifying about?';
$string['confignotloggedinroleid'] = 'Users who are not logged in to the site will be treated as if they have this role granted to them at the site context. Guest is almost always what you want here, but you might want to create roles that are less or more restrictive. Things like creating posts still require the user to log in properly.';
$string['configopentogoogle'] = 'If you enable this setting, then Google will be allowed to enter your site as a Guest. In addition, people coming in to your site via a Google search will automatically be logged in as a Guest. Note that this only provides transparent access to courses that already allow guest access.';
$string['configopentowebcrawlers'] = 'If you enable this setting, then search engines will be allowed to enter your site as a guest. In addition, people coming in to your site via a search engine will automatically be logged in as a guest. Note that this only provides transparent access to courses that already allow guest access.';
$string['configoverride'] = 'Defined in config.php';
$string['configpasswordpolicy'] = 'If enabled, user passwords will be checked against the password policy as specified in the settings below. Enabling the password policy will not affect existing users until they decide to, or are required to, change their password.';
$string['configpasswordresettime'] = 'This specifies the amount of time people have to validate a password reset request before it expires. Usually 30 minutes is a good value.';
@ -861,7 +861,7 @@ $string['onlynoreply'] = 'Only when from a no-reply address';
$string['opcacherecommended'] = 'PHP opcode caching improves performance and lowers memory requirements, OPcache extension is recommended and fully supported.';
$string['opensslrecommended'] = 'Installing the optional OpenSSL library is highly recommended -- it enables Moodle Networking functionality.';
$string['opensslrequired'] = 'The OpenSSL PHP extension is now required by Moodle to provide stronger cryptographic services.';
$string['opentogoogle'] = 'Open to Google';
$string['opentowebcrawlers'] = 'Open to search engines';
$string['optionalmaintenancemessage'] = 'Optional maintenance message';
$string['order1'] = 'First';
$string['order2'] = 'Second';

2
lib/classes/session/manager.php
View File

@ -428,7 +428,7 @@ class manager {
$user = null;
if (!empty($CFG->opentogoogle)) {
if (!empty($CFG->opentowebcrawlers)) {
if (\core_useragent::is_web_crawler()) {
$user = guest_user();
}

16
lib/db/upgrade.php
View File

@ -3378,5 +3378,21 @@ function xmldb_main_upgrade($oldversion) {
// Automatically generated Moodle v3.7.0 release upgrade line.
// Put any upgrade step following this.
if ($oldversion < 2019060600.02) {
// Renaming 'opentogoogle' config to 'opentowebcrawlers'.
$opentogooglevalue = get_config('core', 'opentogoogle');
// Move the value over if it was previously configured.
if ($opentogooglevalue !== false) {
set_config('opentowebcrawlers', $opentogooglevalue);
}
// Remove the now unused value.
unset_config('opentogoogle');
// Main savepoint reached.
upgrade_main_savepoint(true, 2019060600.02);
}
return true;
}

10
report/security/lang/en/report_security.php
View File

@ -61,11 +61,11 @@ $string['check_frontpagerole_error'] = 'Incorrectly defined frontpage role "{$a}
$string['check_frontpagerole_name'] = 'Frontpage role';
$string['check_frontpagerole_notset'] = 'Frontpage role is not set.';
$string['check_frontpagerole_ok'] = 'Frontpage role definition is OK.';
$string['check_google_details'] = '<p>The Open to Google setting enables search engines to enter courses with guest access. There is no point in enabling this setting if guest login is not allowed.</p>';
$string['check_google_error'] = 'Search engine access is allowed but guest access is disabled.';
$string['check_google_info'] = 'Search engines may enter as guests.';
$string['check_google_name'] = 'Open to Google';
$string['check_google_ok'] = 'Search engine access is not enabled.';
$string['check_crawlers_details'] = '<p>The "Open to search engines" setting enables search engines to enter courses with guest access. There is no point in enabling this setting if guest login is not allowed.</p>';
$string['check_crawlers_error'] = 'Search engine access is allowed but guest access is disabled.';
$string['check_crawlers_info'] = 'Search engines may enter as guests.';
$string['check_crawlers_name'] = 'Open to search engines';
$string['check_crawlers_ok'] = 'Search engine access is not enabled.';
$string['check_guestrole_details'] = '<p>The guest role is used for guests, not logged in users and temporary guest course access. Please make sure no risky capabilities are allowed in this role.</p>
<p>The only supported legacy type for guest role is <em>Guest</em>.</p>';
$string['check_guestrole_error'] = 'The guest role "{$a}" is incorrectly defined!';

20
report/security/locallib.php
View File

@ -47,7 +47,7 @@ function report_security_get_issue_list() {
'report_security_check_embed',
'report_security_check_mediafilterswf',
'report_security_check_openprofiles',
'report_security_check_google',
'report_security_check_crawlers',
'report_security_check_passwordpolicy',
'report_security_check_emailchangeconfirmation',
'report_security_check_cookiesecure',
@ -308,35 +308,35 @@ function report_security_check_openprofiles($detailed=false) {
}
/**
* Verifies google access not combined with disabled guest access
* Verifies web crawler (search engine) access not combined with disabled guest access
* because attackers might gain guest access by modifying browser signature.
* @param bool $detailed
* @return object result
*/
function report_security_check_google($detailed=false) {
function report_security_check_crawlers($detailed=false) {
global $CFG;
$result = new stdClass();
$result->issue = 'report_security_check_google';
$result->name = get_string('check_google_name', 'report_security');
$result->issue = 'report_security_check_crawlers';
$result->name = get_string('check_crawlers_name', 'report_security');
$result->info = null;
$result->details = null;
$result->status = null;
$result->link = "<a href=\"$CFG->wwwroot/$CFG->admin/settings.php?section=sitepolicies\">".get_string('sitepolicies', 'admin').'</a>';
if (empty($CFG->opentogoogle)) {
if (empty($CFG->opentowebcrawlers)) {
$result->status = REPORT_SECURITY_OK;
$result->info = get_string('check_google_ok', 'report_security');
$result->info = get_string('check_crawlers_ok', 'report_security');
} else if (!empty($CFG->guestloginbutton)) {
$result->status = REPORT_SECURITY_INFO;
$result->info = get_string('check_google_info', 'report_security');
$result->info = get_string('check_crawlers_info', 'report_security');
} else {
$result->status = REPORT_SECURITY_SERIOUS;
$result->info = get_string('check_google_error', 'report_security');
$result->info = get_string('check_crawlers_error', 'report_security');
}
if ($detailed) {
$result->details = get_string('check_google_details', 'report_security');
$result->details = get_string('check_crawlers_details', 'report_security');
}
return $result;

2
version.php
View File

@ -29,7 +29,7 @@
defined('MOODLE_INTERNAL') || die();
$version = 2019060600.01; // YYYYMMDD = weekly release date of this DEV branch.
$version = 2019060600.02; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.