-
Sub-task
-
Resolution: Won't Fix
-
Minor
-
None
-
1.9.4
-
None
-
MOODLE_19_STABLE
If the purpose of this report is to reduce security risks opening admin's eyes to the web security and on the weakness of their installation,
I think that this plugin should report also each misalignment of each file of each non standard plugin (block/module/theme/course format/glossary format/etc, etc, etc, ...) from the guidelines provided in http://docs.moodle.org/en/Development:Coding.
For instance:
A user asks to an admin for a feature found in a plug-in found in "Modules and plug-in" database. The admin, trusting the source of the information, installs the plug in that, maybe, is very old or was written without security in mind. For instance, pages of the php source are missing some points among: 6, 9, 11 or 12 of the General rules described in the mentioned docs page... and this may create a hole in the security.
In these cases, this report in should alert the admin about "unsecure" installed plugin with a message describing the misalignment from Moodle development coding guidelines.