Commit 06a338f0 authored by Mihail Geshoski's avatar Mihail Geshoski Committed by Jake Dallimore

MDL-68486 auth_shibboleth: Reset convert_data if it uses dataroot file

Upgrade step that resets the 'Data modification API' (convert_data)
setting to its default value if this setting is currently configured
to use a file located within the $CFG->dataroot directory.
parent 6c51299e
......@@ -30,7 +30,7 @@ defined('MOODLE_INTERNAL') || die();
* @return bool result
*/
function xmldb_auth_shibboleth_upgrade($oldversion) {
global $CFG, $DB;
global $CFG, $DB, $OUTPUT;
// Automatically generated Moodle v3.5.0 release upgrade line.
// Put any upgrade step following this.
......@@ -47,5 +47,27 @@ function xmldb_auth_shibboleth_upgrade($oldversion) {
// Automatically generated Moodle v3.9.0 release upgrade line.
// Put any upgrade step following this.
if ($oldversion < 2021052501) {
// The 'Data modification API' setting in the Shibboleth authentication plugin can no longer be configured
// to use files located within the site data directory, as it exposes the site to security risks. Therefore,
// we need to find every existing case and reset the 'Data modification API' setting to its default value.
$convertdataconfig = get_config('auth_shibboleth', 'convert_data');
if (preg_match('/' . preg_quote($CFG->dataroot, '/') . '/', realpath($convertdataconfig))) {
set_config('convert_data', '', 'auth_shibboleth');
$warn = 'Your \'Data modification API\' setting in the Shibboleth authentication plugin is currently
configured to use a file located within the current site data directory ($CFG->dataroot). You are no
longer able to use files from within this directory for this purpose as it exposes your site to security
risks. This setting has been reset to its default value. Please reconfigure it by providing a path
to a file which is not located within the site data directory.';
echo $OUTPUT->notification($warn, 'notifyproblem');
}
upgrade_plugin_savepoint(true, 2021052501, 'auth', 'shibboleth');
}
return true;
}
......@@ -25,6 +25,6 @@
defined('MOODLE_INTERNAL') || die();
$plugin->version = 2021052500; // The current plugin version (Date: YYYYMMDDXX)
$plugin->version = 2021052501; // The current plugin version (Date: YYYYMMDDXX)
$plugin->requires = 2021052500; // Requires this Moodle version
$plugin->component = 'auth_shibboleth'; // Full name of the plugin (used for diagnostics)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment