Moodle

All files containing PHP code should have a .php extension not .html

Details

  • Type: Improvement Improvement
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 1.9.5
  • Fix Version/s: None
  • Component/s: Other
  • Labels:
    None
  • Affected Branches:
    MOODLE_19_STABLE

Description

If a file in Moodle has any php code in it at all it should not have a .html extension. This has proved unsettling for security conscious users. For example, go to

http://moodle.site/backup/backup_form.html

and you get a screen full of code. This is perceived as a possible security issue even if it actually isn't. It would be better if code could not be readily viewed through the web interface.

Activity

There are no comments yet on this issue.

People

Vote (1)
Watch (0)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.