Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-8696

Prevent the shared_secret setting from being observed when forced in config.php

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • None
    • 3.9.11, 3.10.8, 3.11.3
    • MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_39_STABLE

    Description

      When the config setting is forced eg. $CFG->bigbluebuttonbn_shared_secret = 'thesecret'; in config.php, it is possible to view this value on the settings page.

      With the implementaion of https://tracker.moodle.org/browse/MDL-63734 in Moodle 3.9, if the setting was of type admin_setting_configpasswordunmask then the value would not be visible and will prevent leaking the secret.

      Attachments

        Activity

          People

            jfederico Jesus Federico
            jfederico Jesus Federico
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Clockify

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.