-
Bug
-
Resolution: Fixed
-
Minor
-
2.4.7, 2.5.3, 2.6, 2.7
-
Any
-
MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE, MOODLE_27_STABLE
-
MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE
-
master_
MDL-43045 -
Steps to reproduce
- Edit the "Authenticated User" role
- Set a capability that carries XSS, Config or Data loss risk to "Allow". For example "moodle/role:manage".
- View the security overview report at Site Admin > Reports > Security Overview
What happens
You will get a Critical issue with "Default role for all users" but the description will say:
"The default user role "" is incorrectly defined!"
What should happen
The description should say "The default user role "Authenticated User" is incorrectly defined!"
For bonus points, it would be great if the detailed description printed a list of the capabilities that caused the report to fail.
- is a regression caused by
-
MDL-8249 Localised standard role names and descriptions
-
- Closed
-