Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-2153

wwwroot check in install.php not reliable (probably)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.4.1
    • Fix Version/s: 1.9
    • Component/s: Installation
    • Labels:
      None
    • Environment:
      All
    • Affected Branches:
      MOODLE_14_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      The wwwroot check at line 172 of the install.php file uses the fopen() function to open a file via a URL. There have been a number of recommendations that this is a security hole and that this functionality should be disabled (which it can be in php.ini). In addition this doesn't work at all on Windows unless source access is enabled.

      This is a brick wall for someone installing an new Moodle system.

      Recommend removing or rethinking this check.

        Attachments

          Activity

            People

            Assignee:
            skodak Petr Skoda
            Reporter:
            howardsmiller Howard Miller
            Tester:
            Tim Hunt
            Participants:
            Component watchers:
            Matteo Scaramuccia, Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              3/Mar/08