It is recommended to change file permissions of config.php script after installation so that the file can not be modified by web server. -Please note that this measure does not improve security of the server significantly, but on the other hand it might slow down or limit general exploits.
'; +$string['check_configrw_details'] = 'It is recommended that the file permissions of config.php are changed after installation so that the file cannot be modified by the web server. +Please note that this measure does not improve security of the server significantly, though it may slow down or limit general exploits.
'; $string['check_configrw_name'] = 'Writable config.php'; $string['check_configrw_ok'] = 'config.php can not be modified by PHP scripts.'; $string['check_configrw_warning'] = 'PHP scripts may modify config.php.'; -$string['check_cookiesecure_details'] = 'If you enable https communication it is recommended to enable secure cookies. You should also add permanent redirection from http to https.
'; +$string['check_cookiesecure_details'] = 'If you enable https communication it is recommended that you also enable secure cookies. You should also add permanent redirection from http to https.
'; $string['check_cookiesecure_error'] = 'Please enable secure cookies'; $string['check_cookiesecure_name'] = 'Secure cookies'; $string['check_cookiesecure_ok'] = 'Secure cookies enabled.'; -$string['check_courserole_anything'] = 'Do anything capability must not be allowed in this context.'; -$string['check_courserole_details'] = 'Each course has one default enrolment role specified. Please make sure no risky capabilities are allowed in this role.
-The only supported legacy type for course default role is Student.
'; -$string['check_courserole_error'] = 'Incorrectly defined course default roles detected!'; -$string['check_courserole_legacy'] = 'Unsupported legacy type detected in role.'; -$string['check_courserole_name'] = 'Course default roles'; +$string['check_courserole_anything'] = 'The do anything capability must not be allowed in this context.'; +$string['check_courserole_details'] = 'Each course has one default enrolment role specified. Please make sure no risky capabilities are allowed for this role.
+The only supported legacy type for the default course role is Student.
'; +$string['check_courserole_error'] = 'Incorrectly defined default course roles detected!'; +$string['check_courserole_legacy'] = 'Unsupported legacy type detected in the role.'; +$string['check_courserole_name'] = 'Default course roles'; $string['check_courserole_notyet'] = 'Used only default course role.'; -$string['check_courserole_ok'] = 'Course default role definitions ok.'; +$string['check_courserole_ok'] = 'Default course role definitions OK.'; $string['check_courserole_risky'] = 'Risky capabilities detected in context.'; -$string['check_defaultcourserole_anything'] = 'Do anything capability must not be allowed in this context.'; -$string['check_defaultcourserole_details'] = 'Default student role for course enrolment specifies the default role for courses. Please make sure no risky capabilities are allowed in this role.
+$string['check_defaultcourserole_anything'] = 'The do anything capability must not be allowed in this context.'; +$string['check_defaultcourserole_details'] = 'The default student role for course enrolment specifies the default role for courses. Please make sure no risky capabilities are allowed in this role.
The only supported legacy type for default role is Student.
'; $string['check_defaultcourserole_error'] = 'Incorrectly defined default course role \"$a\" detected!'; $string['check_defaultcourserole_legacy'] = 'Unsupported legacy type detected.'; $string['check_defaultcourserole_name'] = 'Site default course role'; $string['check_defaultcourserole_notset'] = 'Default role is not set.'; -$string['check_defaultcourserole_ok'] = 'Site default role definition ok.'; +$string['check_defaultcourserole_ok'] = 'Site default role definition OK.'; $string['check_defaultcourserole_risky'] = 'Risky capabilities detected in context.'; $string['check_defaultuserrole_details'] = 'All logged in users are given capabilities of the default user role. Please make sure no risky capabilities are allowed in this role.
-The only supported legacy type for default user role is Authenticated user. Course view capability must not be enabled.
'; +The only supported legacy type for the default user role is Authenticated user. The course view capability must not be enabled.
'; $string['check_defaultuserrole_error'] = 'Incorrectly defined default user role \"$a\" detected!'; $string['check_defaultuserrole_name'] = 'Registered user role'; $string['check_defaultuserrole_notset'] = 'Default role is not set.'; $string['check_defaultuserrole_ok'] = 'Registered user role definition ok.'; -$string['check_displayerrors_details'] = 'Enabling the PHP setting display_errors is not recommended on production sites because some error messages may reveal sensitive information about your server.
Enabling the PHP setting display_errors is not recommended on production sites because error messages can reveal sensitive information about your server.
It is recommended to require email confirmation step when user enters a new email address in user profile. If disabled spammers might try to exploit server for resending of spam.
'; +$string['check_emailchangeconfirmation_details'] = 'It is recommended that an email confirmation step is required when users change their email address in their profile. If disabled, spammers may try to exploit the server for resending of spam.
'; $string['check_emailchangeconfirmation_error'] = 'Users may enter any email address.'; $string['check_emailchangeconfirmation_name'] = 'Email change confirmation'; -$string['check_emailchangeconfirmation_ok'] = 'Changing of email must be confirmed.'; +$string['check_emailchangeconfirmation_ok'] = 'Confirmation of change of email address in user profile.'; -$string['check_embed_details'] = 'Unlimited object embedding is very dangerous - any registered user may launch XSS attack against other server users. Please disable it on production servers.
'; -$string['check_embed_error'] = 'Unlimited object embedding enabled - this is very dangerous for majority of servers.'; +$string['check_embed_details'] = 'Unlimited object embedding is very dangerous - any registered user may launch an XSS attack against other server users. This setting should be disabled on production servers.
'; +$string['check_embed_error'] = 'Unlimited object embedding enabled - this is very dangerous for the majority of servers.'; $string['check_embed_name'] = 'Allow EMBED and OBJECT'; -$string['check_embed_ok'] = 'Unlimited object embedding not allowed.'; +$string['check_embed_ok'] = 'Unlimited object embedding is not allowed.'; -$string['check_frontpagerole_details'] = 'Frontpage role is give to all registered users on frontpage. Please make sure no risky capabilities are allowed in this role.
-It is recommended to create a special role only for this purpose and not set any legacy type.
'; +$string['check_frontpagerole_details'] = 'The default frontpage role is given to all registered users for frontpage activities. Please make sure no risky capabilities are allowed for this role.
+It is recommended that a special role is created for this purpose and a legacy type role is not used.
'; $string['check_frontpagerole_error'] = 'Incorrectly defined frontpage role \"$a\" detected!'; $string['check_frontpagerole_name'] = 'Frontpage role'; $string['check_frontpagerole_notset'] = 'Frontpage role is not set.'; -$string['check_frontpagerole_ok'] = 'Frontpage role definition ok.'; +$string['check_frontpagerole_ok'] = 'Frontpage role definition OK.'; -$string['check_globals_details'] = 'Register globals is considered to be a highly insecure PHP setting, there is no reason why it should be enabled. Moodle is not compatible with register globals.
+$string['check_globals_details'] = 'Register globals is considered to be a highly insecure PHP setting.
register_globals=off must be set in PHP configuration. This setting is controlled by editing your php.ini, Apache/IIS configuration or .htaccess file.
Open to Google settings helps search engines enter courses with guest access. Please note this settings is not expected to be enabled if guest login not allowed.
'; +$string['check_google_details'] = 'The Open to Google setting enables search engines to enter courses with guest access. There is no point in enabling this setting if guest login not allowed.
'; $string['check_google_error'] = 'Search engines guest access allowed and guest access disabled.'; $string['check_google_info'] = 'Search engines may enter as guests.'; $string['check_google_name'] = 'Open to Google'; $string['check_google_ok'] = 'Search engines guest access not enabled.'; -$string['check_guestrole_details'] = 'Guest role is used for guests, not logged in users and temporary guest course access. Please make sure no risky capabilities are allowed in this role.
+$string['check_guestrole_details'] = 'The guest role is used for guests, not logged in users and temporary guest course access. Please make sure no risky capabilities are allowed in this role.
The only supported legacy type for guest role is Guest.
'; $string['check_guestrole_error'] = 'Incorrectly defined guest role \"$a\" detected!'; $string['check_guestrole_name'] = 'Guest role'; $string['check_guestrole_notset'] = 'Guest role is not set.'; -$string['check_guestrole_ok'] = 'Guest role definition ok.'; +$string['check_guestrole_ok'] = 'Guest role definition OK.'; -$string['check_mediafilterswf_details'] = 'Automatic swf embedding is very dangerous - any registered user may launch XSS attack against other server users. Please disable it on production servers.
'; -$string['check_mediafilterswf_error'] = 'Flash media filter is enabled - this is very dangerous for majority of servers.'; +$string['check_mediafilterswf_details'] = 'Automatic swf embedding is very dangerous - any registered user may launch an XSS attack against other server users. Please disable it on production servers.
'; +$string['check_mediafilterswf_error'] = 'Flash media filter is enabled - this is very dangerous for the majority of servers.'; $string['check_mediafilterswf_name'] = 'Enabled .swf media filter'; $string['check_mediafilterswf_ok'] = 'Flash media filter is not enabled.'; -$string['check_noauth_details'] = 'No authentication plugin is not intended for any production sites. Please disable it unless this is a development test site.
'; -$string['check_noauth_error'] = 'No authentication pluing can not be used on production sites.'; +$string['check_noauth_details'] = 'The No authentication plugin is not intended for production sites. Please disable it unless this is a development test site.
'; +$string['check_noauth_error'] = 'The No authentication plugin cannot be used on production sites.'; $string['check_noauth_name'] = 'No authentication'; $string['check_noauth_ok'] = 'No authentication plugin is disabled.'; -$string['check_openprofiles_details'] = 'Open user profiles are often abused by spammers, it is usually recommended to enable Force users to login for profiles or Force users to login if you require login before any access.
Open user profiles can be abused by spammers. It is recommended that either Force users to login for profiles or Force users to login are enabled.
It is recommended to enforce user password policy because password guessing is very often the easiest way to gain unauthorised access. -Do not make the requirements too strict, because users would not be able to remember their passwords and would keep forgetting them or write them down.
'; +$string['check_passwordpolicy_details'] = 'It is recommended that a password policy is set, since password guessing is very often the easiest way to gain unauthorised access. +Do not make the requirements too strict though, as this can result in users not being able to remember their passwords and either forgetting them or writing them down.
'; $string['check_passwordpolicy_error'] = 'Password policy not set.'; $string['check_passwordpolicy_name'] = 'Password policy'; $string['check_passwordpolicy_ok'] = 'Password policy enabled.'; -$string['check_riskadmin_detailsok'] = 'Please verify following list of administrators.
$a
Please verify following list of administrators:
$a->admins
It is recommended to assign administrator role in system context only. Following users have unsuported admin role assignments:
$a->unsupported
Please verify the following list of administrators:
$a
Please verify the following list of administrators:
$a->admins
It is recommended to assign administrator role in system context only. Following users have unsupported admin role assignments:
$a->unsupported
RISK_XSS marks all dangerous capabilities that only trusted users may use.
+$string['check_riskxss_details'] = 'RISK_XSS denotes all dangerous capabilities that only trusted users may use.
Please verify following list of users and make sure that you trust them completely on this server:
$a
Dataroot directory must not be accessible via web. The best way to make sure the directory is not accessible is to use directory outside of public web directory.
-If you move the directory you need to update \$CFG->dataroot setting in config.php accordingly.
The dataroot directory must not be accessible via web. The best way to make sure the directory is not accessible is to use a directory outside the public web directory.
+If you move the directory, you need to update the \$CFG->dataroot setting in config.php accordingly.
$a is in the wrong location and is exposed to the web!';
-$string['check_unsecuredataroot_name'] = 'Unsecure dataroot';
-$string['check_unsecuredataroot_ok'] = 'Dataroot directory must not be accessible via web.';
+$string['check_unsecuredataroot_name'] = 'Insecure dataroot';
+$string['check_unsecuredataroot_ok'] = 'Dataroot directory must not be accessible via the web.';
$string['check_unsecuredataroot_warning'] = 'Your dataroot directory $a is in the wrong location and might be exposed to the web.';
-
-?>
+?>
\ No newline at end of file