[MDL-52271] Prevent web installer from appearing in search results if abandoned - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.7.11, 2.8.9, 2.9.3, 3.0.1
Fix Version/s: 2.9.4, 3.0.1
Component/s: Installation
Labels:
None

Testing Instructions:
Hide

Try out the installer (you'll need no config.php)

VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en

Ensure installer works
Show
Try out the installer (you'll need no config.php) VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en Ensure installer works
Affected Branches:
MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
Fixed Branches:
MOODLE_29_STABLE, MOODLE_30_STABLE
Documentation link:
https://docs.moodle.org/30/en/Installing_Moodle

Description

Mehdi Dadkhah <dadkhah80@gmail.com> reported:

We found new web vulnerability and your CMS may be vulnerable to it. We prepared a report which introduce this vulnerability. We will public this vulnerability in 1 December 2015. Please patch your CMS.

The report was not particularly clear and mostly spoke about wordpress, however I do think it raised an issue we should do something about:

Googleable installers

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

RIV Vulnerability by Dadkhah.pdf
967 kB
24/Nov/15 2:04 AM
MDL-52271-master.mdk.patch
1 kB
24/Nov/15 2:15 AM
MDL-52271-30.mdk.patch
1 kB
24/Nov/15 2:17 AM
MDL-52271-29.mdk.patch
1 kB
24/Nov/15 2:17 AM
MDL-52271-28.mdk.patch
1 kB
24/Nov/15 2:17 AM
MDL-52271-27.mdk.patch
1 kB
24/Nov/15 2:17 AM

Activity

People

Assignee:

Dan Poltawski

Reporter:

Dan Poltawski

Peer reviewer:

John Okely

Integrator:

David Monllaó

Tester:

Adrian Greeve

Participants:

Adrian Greeve, CiBoT, Dan Poltawski, David Monllaó, Helen Foster, John Okely, Marina Glancy

Component watchers:

Matteo Scaramuccia, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

24/Nov/15 2:03 AM

Updated:

04/Jan/16 6:27 PM

Resolved:

10/Dec/15 6:01 AM

Fix Release Date:

21/Dec/15