moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'MDL-7339-master' of git://github.com/mickhawkins/moodle

Browse source
This commit is contained in:
Jun Pataleta 2019-06-11 11:49:36 +08:00
commit 79edcde3f6
8 changed files with 41 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

10
report/security/lang/en/report_security.php
View file

@ -61,11 +61,11 @@ $string['check_frontpagerole_error'] = 'Incorrectly defined frontpage role "{$a}
$string['check_frontpagerole_name'] = 'Frontpage role';
$string['check_frontpagerole_notset'] = 'Frontpage role is not set.';
$string['check_frontpagerole_ok'] = 'Frontpage role definition is OK.';
$string['check_google_details'] = '<p>The Open to Google setting enables search engines to enter courses with guest access. There is no point in enabling this setting if guest login is not allowed.</p>';
$string['check_google_error'] = 'Search engine access is allowed but guest access is disabled.';
$string['check_google_info'] = 'Search engines may enter as guests.';
$string['check_google_name'] = 'Open to Google';
$string['check_google_ok'] = 'Search engine access is not enabled.';
$string['check_crawlers_details'] = '<p>The "Open to search engines" setting enables search engines to enter courses with guest access. There is no point in enabling this setting if guest login is not allowed.</p>';
$string['check_crawlers_error'] = 'Search engine access is allowed but guest access is disabled.';
$string['check_crawlers_info'] = 'Search engines may enter as guests.';
$string['check_crawlers_name'] = 'Open to search engines';
$string['check_crawlers_ok'] = 'Search engine access is not enabled.';
$string['check_guestrole_details'] = '<p>The guest role is used for guests, not logged in users and temporary guest course access. Please make sure no risky capabilities are allowed in this role.</p>
<p>The only supported legacy type for guest role is <em>Guest</em>.</p>';
$string['check_guestrole_error'] = 'The guest role "{$a}" is incorrectly defined!';

20
report/security/locallib.php
View file

@ -47,7 +47,7 @@ function report_security_get_issue_list() {
'report_security_check_embed',
'report_security_check_mediafilterswf',
'report_security_check_openprofiles',
'report_security_check_google',
'report_security_check_crawlers',
'report_security_check_passwordpolicy',
'report_security_check_emailchangeconfirmation',
'report_security_check_cookiesecure',
@ -308,35 +308,35 @@ function report_security_check_openprofiles($detailed=false) {
}
/**
* Verifies google access not combined with disabled guest access
* Verifies web crawler (search engine) access not combined with disabled guest access
* because attackers might gain guest access by modifying browser signature.
* @param bool $detailed
* @return object result
*/
function report_security_check_google($detailed=false) {
function report_security_check_crawlers($detailed=false) {
global $CFG;
$result = new stdClass();
$result->issue = 'report_security_check_google';
$result->name = get_string('check_google_name', 'report_security');
$result->issue = 'report_security_check_crawlers';
$result->name = get_string('check_crawlers_name', 'report_security');
$result->info = null;
$result->details = null;
$result->status = null;
$result->link = "<a href=\"$CFG->wwwroot/$CFG->admin/settings.php?section=sitepolicies\">".get_string('sitepolicies', 'admin').'</a>';
if (empty($CFG->opentogoogle)) {
if (empty($CFG->opentowebcrawlers)) {
$result->status = REPORT_SECURITY_OK;
$result->info = get_string('check_google_ok', 'report_security');
$result->info = get_string('check_crawlers_ok', 'report_security');
} else if (!empty($CFG->guestloginbutton)) {
$result->status = REPORT_SECURITY_INFO;
$result->info = get_string('check_google_info', 'report_security');
$result->info = get_string('check_crawlers_info', 'report_security');
} else {
$result->status = REPORT_SECURITY_SERIOUS;
$result->info = get_string('check_google_error', 'report_security');
$result->info = get_string('check_crawlers_error', 'report_security');
}
if ($detailed) {
$result->details = get_string('check_google_details', 'report_security');
$result->details = get_string('check_crawlers_details', 'report_security');
}
return $result;