[CONTRIB-8696] Prevent the shared_secret setting from being observed when forced in config.php - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.9.11, 3.10.8, 3.11.3
Fix Version/s: None
Component/s: Module: BigBlueButtonBN
Labels:
- 2.4

Affected Branches:
MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_39_STABLE

Description

When the config setting is forced eg. $CFG->bigbluebuttonbn_shared_secret = 'thesecret'; in config.php, it is possible to view this value on the settings page.

With the implementaion of https://tracker.moodle.org/browse/MDL-63734 in Moodle 3.9, if the setting was of type admin_setting_configpasswordunmask then the value would not be visible and will prevent leaking the secret.

Attachments

Activity

People

Assignee:: Jesus Federico

Reporter:: Jesus Federico

Participants:: Jesus Federico

Component watchers:: Jesus Federico

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Sep/21 11:10 PM

Updated:: 03/Mar/22 12:44 AM

Resolved:: 21/Sep/21 4:27 AM