Moodle
  1. Moodle
  2. MDL-21042

Security overview report always displays warning for riskbackup

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.9.7
    • Fix Version/s: None
    • Component/s: Administration, Backup, Other
    • Labels:
      None
    • Rank:
      5702

      Description

      Selecting 'Users > Permissions > Define roles > Administrator' from the admin block, I've set 'moodle/backup:userinfo' to Prevent, as I want to disable the option for any users of the site (including admins) to include user data in backups.

      I then checked the security overview report, and there was still a warning message displayed, despite there being no roles/overrides/users with that ability (see screenshot).

      1. MDL-21042.diff
        0.8 kB
        Paul Holden
      1. backupuserdatawarning.png
        39 kB

        Activity

        Paul Holden created issue -
        Paul Holden made changes -
        Field Original Value New Value
        Link This issue has been marked as being related by MDL-21043 [ MDL-21043 ]
        Hide
        Paul Holden added a comment -

        Attached patch checks the number of roles returned in the report_security_check_riskbackup() function and sets $result->status accordingly.

        Show
        Paul Holden added a comment - Attached patch checks the number of roles returned in the report_security_check_riskbackup() function and sets $result->status accordingly.
        Paul Holden made changes -
        Attachment MDL-21042.diff [ 19388 ]
        Dan Poltawski made changes -
        Assignee moodle.com [ moodle.com ] Dan Poltawski [ poltawski ]
        Dan Poltawski made changes -
        Assignee Dan Poltawski [ poltawski ] moodle.com [ moodle.com ]
        Martin Dougiamas made changes -
        Workflow jira [ 34380 ] MDL Workflow [ 45676 ]
        Martin Dougiamas made changes -
        Workflow MDL Workflow [ 45676 ] MDL Full Workflow [ 74008 ]
        Hide
        Michael de Raadt added a comment -

        Thanks for reporting this issue.

        We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

        If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

        Michael d;

        lqjjLKA0p6

        Show
        Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
        Hide
        Paul Holden added a comment -

        Hi Michael,

        Current 2.x versions are also affected by this. I've added links to my github that fix it in master.

        Show
        Paul Holden added a comment - Hi Michael, Current 2.x versions are also affected by this. I've added links to my github that fix it in master.
        Paul Holden made changes -
        Pull Master Diff URL https://github.com/paulholden/moodle/compare/master...MDL-21042
        Pull Master Branch MDL-21042
        Testing Instructions Remove 'moodle/backup:userinfo' capability from all roles, etc and make sure that you don't still get a warning in security overview report
        Database MySQL [ 10001 ]
        Pull from Repository git://github.com/paulholden/moodle.git
        Hide
        Michael de Raadt added a comment -

        Thanks for reporting this issue.

        We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

        If you believe that this issue is still relevant to current versions (2.3 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

        Michael d;

        4d6f6f646c6521

        Show
        Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.3 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; 4d6f6f646c6521
        Hide
        Paul Holden added a comment -

        Hi Michael,

        This issue is still present in the 'Security overview report'.

        Show
        Paul Holden added a comment - Hi Michael, This issue is still present in the 'Security overview report'.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: