Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-17155

cURL functions called in adminlib.php without checking disable_functions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.3
    • Fix Version/s: 1.9.4
    • Component/s: Administration
    • Labels:
      None
    • Environment:
      PHP 5.2.6
      Several curl_* functions disabled in disable_functions (PHP INI setting) but cURL extension "loaded" (compiled-in)
      Moodle version 2007101530, release 1.9.3 (Build: 20081015)
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      In lib/adminlib.php, curl_init() and curl_setopt() are called without checking that they are not among the disabled functions of the disable_functions PHP INI setting.

      The error message is hidden via @ for the curl_init() call, but not for the curl_setopt() calls, yielding an error message in the page header inside the admin interface:

      "Warning: curl_setopt() has been disabled for security reasons in /moodle/lib/adminlib.php on line 809"

      It would be good if the availability of the (calling of the) functions would first be checked; see attached patch.

        Attachments

          Activity

            People

            Assignee:
            jerome Jérôme Mouneyrac
            Reporter:
            bwiberg Björn Wiberg
            Tester:
            Eloy Lafuente (stronk7)
            Participants:
            Component watchers:
            Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              28/Jan/09