Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-17797

Misleading Critical security message when moodle/site:mnetlogintoremote is enabled:

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.3
    • Fix Version/s: 1.9.4, 2.0
    • Component/s: Administration
    • Labels:
      None
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      When displaying Security Overview admin report, Moodle shows the following "Critical" message when the Student capability moodle/site:mnetlogintoremote is enabled:

      Site default course role Critical Incorrectly defined default course role "Student" detected!

      The error message is either misleading and too severe since the capability is needed by any students in a Moodle Networked environment.

      Also, the related message

      XSS trusted users Warning RISK_XSS - found 1 users that have to be trusted.

      is generated by the same capability set to on.

        Attachments

          Activity

            People

            Assignee:
            skodak Petr Skoda
            Reporter:
            andreabix Andrea Bicciolo
            Tester:
            Tim Hunt
            Participants:
            Component watchers:
            Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              28/Jan/09