Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-18039 META: Security overview report STABLE
  3. MDL-18155

'Email change confirmation' check is misleading


    • Icon: Sub-task Sub-task
    • Resolution: Fixed
    • Icon: Minor Minor
    • 1.9.5
    • 1.9.4
    • Administration
    • None

      The description for the 'Email change confirmation' issue in the security overview is misleading because it states 'Users may enter any email address.' even when that is not really the case. On our Moodle install we have set `allowedemailaddresses` to be a list of email domains that are from the school and school board and therefore contradicts the issue description. We also have the email address field locked in the auth. plugin so users can't change their email addresses anyway.

      Maybe the test could check if allowedemailaddresses is set and whether the email field is locked in all of the auth. plugins to make the test more accurate.

            skodak Petr Skoda (Inactive)
            mnoorenberghe Matthew N
            Tim Hunt Tim Hunt
            0 Vote for this issue
            1 Start watching this issue


                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.