mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 00:12:56 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-82231' of https://github.com/paulholden/moodle

Browse Source
This commit is contained in:
Huong Nguyen 2024-09-27 09:51:14 +07:00
commit ea4336279b
No known key found for this signature in database
GPG Key ID: 40D88AB693A3E72A
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/classes/check/environment/publicpaths.php
View File

@ -83,6 +83,7 @@ class publicpaths extends check {
'.git/HEAD',
'.github/FUNDING.yml',
'.stylelintrc',
'.upgradenotes/',
],
],
[
@ -140,11 +141,15 @@ class publicpaths extends check {
],
],
[
'pattern' => '/upgrade.txt',
'pattern' => '\/(upgrade\.txt|UPGRADING\.md|UPGRADING\-CURRENT\.md)',
'404' => [
'auth/manual/upgrade.txt',
'lib/upgrade.txt',
'UPGRADING.md',
'UPGRADING-CURRENT.md',
'reportbuilder/UPGRADING.md',
],
'summary' => get_string('check_upgradefile_info', 'report_security'),
],
[
'pattern' => 'phpunit.xml',

1
report/security/lang/en/report_security.php
View File

@ -131,6 +131,7 @@ $string['check_unsecuredataroot_error'] = 'Your dataroot directory <code>{$a}</c
$string['check_unsecuredataroot_name'] = 'Insecure dataroot';
$string['check_unsecuredataroot_ok'] = 'Dataroot directory must not be accessible via the web.';
$string['check_unsecuredataroot_warning'] = 'Your dataroot directory <code>{$a}</code> is in the wrong location and might be exposed to the web.';
$string['check_upgradefile_info'] = 'Upgrade note files should not be public';
$string['check_vendordir_details'] = '<p>The directory <code>{$a->path}</code> contains various third-party libraries and their dependencies, typically installed by the PHP Composer. These libraries may be needed for local Moodle development, such as for installing the PHPUnit framework. They are not needed to run a Moodle site in production and they can contain potentially dangerous code exposing your site to remote attacks.</p><p>It is strongly recommended to remove the directory if the site is available via a public URL, or at least prohibit web access to it in your webserver configuration.</p>';
$string['check_vendordir_info'] = 'The vendor directory should not be present on public sites.';
$string['check_vendordir_name'] = 'Vendor directory';