moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 17:06:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'MDL-48559-master' of git://github.com/ankitagarwal/moodle

Browse source
This commit is contained in:
David Monllao 2015-02-16 16:51:51 +08:00
commit a27b8c9b3b
5 changed files with 45 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
report/security/lang/en/report_security.php
View file

@ -116,6 +116,10 @@ $string['check_unsecuredataroot_error'] = 'Your dataroot directory <code>{$a}</c
$string['check_unsecuredataroot_name'] = 'Insecure dataroot';
$string['check_unsecuredataroot_ok'] = 'Dataroot directory must not be accessible via the web.';
$string['check_unsecuredataroot_warning'] = 'Your dataroot directory <code>{$a}</code> is in the wrong location and might be exposed to the web.';
$string['check_webcron_details'] = '<p>Web cron can expose priviedged information to anonymous users. It is recommended to use CLI cron or protect the cron page with a passphrase.</p>';
$string['check_webcron_warning'] = 'Anonymous users can access cron.';
$string['check_webcron_name'] = 'Web cron';
$string['check_webcron_ok'] = 'Anonymous users can not access cron.';
$string['issue'] = 'Issue';
$string['pluginname'] = 'Security overview';
$string['security:view'] = 'View security report';

35
report/security/locallib.php
View file

@ -56,6 +56,7 @@ function report_security_get_issue_list() {
'report_security_check_defaultuserrole',
'report_security_check_guestrole',
'report_security_check_frontpagerole',
'report_security_check_webcron',
);
}
@ -830,3 +831,37 @@ function report_security_check_riskbackup($detailed=false) {
return $result;
}
/**
* Verifies the status of web cron
*
* @param bool $detailed
* @return object result
*/
function report_security_check_webcron($detailed = false) {
global $CFG;
$croncli = $CFG->cronclionly;
$cronremotepassword = $CFG->cronremotepassword;
$result = new stdClass();
$result->issue = 'report_security_check_webcron';
$result->name = get_string('check_webcron_name', 'report_security');
$result->details = null;
$result->link = "<a href=\"$CFG->wwwroot/$CFG->admin/settings.php?section=sitepolicies\">"
.get_string('sitepolicies', 'admin').'</a>';
if (empty($croncli) && empty($cronremotepassword)) {
$result->status = REPORT_SECURITY_WARNING;
$result->info = get_string('check_webcron_warning', 'report_security');
} else {
$result->status = REPORT_SECURITY_OK;
$result->info = get_string('check_webcron_ok', 'report_security');
}
if ($detailed) {
$result->details = get_string('check_webcron_details', 'report_security');
}
return $result;
}