Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-18039 META: Security overview report STABLE
  3. MDL-18155

'Email change confirmation' check is misleading

    XMLWordPrintable

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.9.4
    • 1.9.5
    • Administration
    • None
    • MOODLE_19_STABLE
    • MOODLE_19_STABLE

    Description

      The description for the 'Email change confirmation' issue in the security overview is misleading because it states 'Users may enter any email address.' even when that is not really the case. On our Moodle install we have set `allowedemailaddresses` to be a list of email domains that are from the school and school board and therefore contradicts the issue description. We also have the email address field locked in the auth. plugin so users can't change their email addresses anyway.

      Maybe the test could check if allowedemailaddresses is set and whether the email field is locked in all of the auth. plugins to make the test more accurate.

      Attachments

        Activity

          People

            skodak Petr Skoda
            mnoorenberghe Matthew N
            Tim Hunt Tim Hunt
            Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              13/May/09