mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-07-15 19:36:50 +02:00
Code Issues Projects Releases Wiki Activity
88,742 Commits 37 Branches 540 Tags
c8cc25caba8b00d2bc4390dc55cf19356593b52d
Commit Graph

6 Commits

Author SHA1 Message Date
Cameron Ball
9aa776a848 MDL-61143 core_files: Don't append dot when checking domain names or IP addresses. 
Previously we appended a dot at the end of IP addresses and domain names in the
cURL security helper, but it causes issues with Google OAuth so this patch removes it.
 2018-01-10 15:22:17 +08:00
Cameron Ball
fbe7f1f8ba MDL-61143 core_files: Block hosts that cannot be determined to be an IP address of domain name 
Freaky deaky Unicode/octal/hex domains can be resolved by cURL but are technically not valid.

This patch causes anything that Moodle does not consider to be a valid domain or IP to be blocked
by the cURL security helper.
 2018-01-09 16:54:32 +08:00
Cameron Ball
cae2eb357d MDL-61143 core_files: Check all A records when testing blocked IPs 2018-01-09 16:54:32 +08:00
Jake Dallimore
e858840437 MDL-58057 core_files: properly trim curl whitelist config when fetching 2017-03-07 09:49:22 +08:00
Jake Dallimore
a448a38b1d MDL-57274 upgrade: fix curl security notices during upgrade/install 
Handles the case where $CFG->curlsecurityxxx vars don't yet exist
during install or upgrade by treating not set the same as empty.
 2017-02-20 08:55:57 +08:00
Jake Dallimore
f6d9efefaa MDL-48498 core_files: curl_security_helper_base and implementation 
Base class and core implementation providing a means to check URLs
against the curl security admin settings entries.
 2016-11-08 15:11:15 +08:00