Commit f41bbf8e authored by David Monllao's avatar David Monllao Committed by Eloy Lafuente
Browse files

Merge branch 'MDL-58109-preventexecpath-check' of https://github.com/brendanheywood/moodle

parents 1a22d8d5 f2b7572a
......@@ -89,6 +89,11 @@ Do not make the requirements too strict though, as this can result in users not
$string['check_passwordpolicy_error'] = 'Password policy not set.';
$string['check_passwordpolicy_name'] = 'Password policy';
$string['check_passwordpolicy_ok'] = 'Password policy enabled.';
$string['check_preventexecpath_name'] = 'Executable paths';
$string['check_preventexecpath_ok'] = 'Executable paths only settable in config.php.';
$string['check_preventexecpath_warning'] = 'Executable paths can be set in the Admin GUI.';
$string['check_preventexecpath_details'] = '<p>Allowing executable paths to be set via the Admin GUI is a vector for privilege escalation.</p>';
$string['check_riskadmin_detailsok'] = '<p>Please verify the following list of system administrators:</p>{$a}';
$string['check_riskadmin_detailswarning'] = '<p>Please verify the following list of system administrators:</p>{$a->admins}
<p>It is recommended to assign administrator role in the system context only. The following users have (unsupported) admin role assignments in other contexts:</p>{$a->unsupported}';
......
......@@ -57,6 +57,7 @@ function report_security_get_issue_list() {
'report_security_check_guestrole',
'report_security_check_frontpagerole',
'report_security_check_webcron',
'report_security_check_preventexecpath',
);
}
......@@ -866,4 +867,34 @@ function report_security_check_webcron($detailed = false) {
}
return $result;
}
\ No newline at end of file
}
/**
* Verifies the status of preventexecpath
*
* @param bool $detailed
* @return object result
*/
function report_security_check_preventexecpath($detailed = false) {
global $CFG;
$result = new stdClass();
$result->issue = 'report_security_check_preventexecpath';
$result->name = get_string('check_preventexecpath_name', 'report_security');
$result->details = null;
$result->link = null;
if (empty($CFG->preventexecpath)) {
$result->status = REPORT_SECURITY_WARNING;
$result->info = get_string('check_preventexecpath_warning', 'report_security');
if ($detailed) {
$result->details = get_string('check_preventexecpath_details', 'report_security');
}
} else {
$result->status = REPORT_SECURITY_OK;
$result->info = get_string('check_preventexecpath_ok', 'report_security');
}
return $result;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment