Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-17797

Misleading Critical security message when moodle/site:mnetlogintoremote is enabled:

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.3
    • Fix Version/s: 1.9.4, 2.0
    • Component/s: Administration
    • Labels:
      None
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      When displaying Security Overview admin report, Moodle shows the following "Critical" message when the Student capability moodle/site:mnetlogintoremote is enabled:

      Site default course role Critical Incorrectly defined default course role "Student" detected!

      The error message is either misleading and too severe since the capability is needed by any students in a Moodle Networked environment.

      Also, the related message

      XSS trusted users Warning RISK_XSS - found 1 users that have to be trusted.

      is generated by the same capability set to on.

        Attachments

          Activity

            People

            • Assignee:
              skodak Petr Skoda
              Reporter:
              andreabix Andrea Bicciolo
              Tester:
              Tim Hunt
              Participants:
              Component watchers:
              Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                28/Jan/09