Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16458

Remove support for old-style config.html files in authentication plugins

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 2.0, 2.7.11, 2.8.1, 3.0, 3.2
    • MOODLE_20_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_30_STABLE, MOODLE_32_STABLE

      config.html files were removed from all the plugin types back in Moodle 2 but the authentication plugins were missed. Occasionally we get reports in the tracker (usually from people running the Acunetix automated security checking tool) claiming that we have a source code disclosure vulnerability because of these files - they don't present a real security risk as all Moodle code is available due to the nature of open source and they do not disclose any private information. But... it is some pretty average code and one day it might be nice to get rid of it!

            stronk7 Eloy Lafuente (stronk7)
            timhunt Tim Hunt
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.