[#MDL-20436] MSA-09-0014 - Some users can put the whole site in maintenance mode when they aren't supposed to - Moodle Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.5
Fix Version/s: None
Component/s: Accessibility, Administration
Labels:
None
Environment:
MySQL 5.0.51, Moodle 1.9.5+, Apache 2.2, PHP 5.2.4, Ubuntu 8.04

Database:

MySQL
Affected Branches:
MOODLE_19_STABLE

Description

This issue has already been reported, but the hyperlink is not active, http://docs.moodle.org/en/Release_Notes#Known_problems_and_regressions. Has this issue been resolved? My company hosts for several school districts. We recently received a complaint regarding this issue. If this issue has not been resolved, is there a way to find out which user is putting the site in maintenance mode?

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Petr Škoda (skodak) added a comment - 10/Oct/09 9:28 PM

That issue was not a security problem in fact, because all the users that are allowed to use course restore feature must be trusted. No user with restore capability should ever try this DoS, if they do you have much bigger problems elsewhere.

It is just a normal bug where some teachers might accidentally send the site to Maintenance mode.

I have fixed the release notes, thanks for the report.

Show

Petr Škoda (skodak) added a comment - 10/Oct/09 9:28 PM That issue was not a security problem in fact, because all the users that are allowed to use course restore feature must be trusted. No user with restore capability should ever try this DoS, if they do you have much bigger problems elsewhere. It is just a normal bug where some teachers might accidentally send the site to Maintenance mode. I have fixed the release notes, thanks for the report.

Hide

Permalink

Thomas Bachert added a comment - 12/Oct/09 8:31 PM

Thank you Petr. I noticed that you tagged this bug as being fixed. Has this bug been fixed? Do you know if the fix has been applied to 1.9.5's codebase?

Show

Thomas Bachert added a comment - 12/Oct/09 8:31 PM Thank you Petr. I noticed that you tagged this bug as being fixed. Has this bug been fixed? Do you know if the fix has been applied to 1.9.5's codebase?

Hide

Permalink

Petr Škoda (skodak) added a comment - 12/Oct/09 8:32 PM

yes, see the link above (MDL-18594)

Show

Petr Škoda (skodak) added a comment - 12/Oct/09 8:32 PM yes, see the link above (MDL-18594)

People

Assignee:

Petr Škoda (skodak)

Reporter:

Thomas Bachert

Tester:

Nobody

Participants:

Petr Škoda (skodak), Thomas Bachert

Vote (0)

Watch (1)

Dates

Created:

06/Oct/09 2:37 AM

Updated:

13/Dec/10 6:40 PM

Resolved:

10/Oct/09 9:28 PM