Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-18039 META: Security overview report STABLE
  3. MDL-18155

'Email change confirmation' check is misleading

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Fixed
    • Icon: Minor Minor
    • 1.9.5
    • 1.9.4
    • Administration
    • None
    • MOODLE_19_STABLE
    • MOODLE_19_STABLE

      The description for the 'Email change confirmation' issue in the security overview is misleading because it states 'Users may enter any email address.' even when that is not really the case. On our Moodle install we have set `allowedemailaddresses` to be a list of email domains that are from the school and school board and therefore contradicts the issue description. We also have the email address field locked in the auth. plugin so users can't change their email addresses anyway.

      Maybe the test could check if allowedemailaddresses is set and whether the email field is locked in all of the auth. plugins to make the test more accurate.

            skodak Petr Skoda (Inactive)
            mnoorenberghe Matthew N
            Tim Hunt Tim Hunt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.