-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
3.2
-
None
-
MOODLE_32_STABLE
Originally discovered when working on MDL-57274, just creating this issue for discussion. In short, any curl security settings (blocked hosts, ports) are currently left in place during the core and non core upgrade calls and in the plugin update checker. This means that an admin may block '*.moodle.org' (for whatever reason) and break language pack upgrades and plugin update checks.
My original proposal was to disable the security checks when upgrading (reinstating after upgrade), as my feeling was that these restrictions were in place to stop users from abusing things like the url downloader, and not to block things like core upgrades. However, I'm no expert on how users expect this setting to work, and when they expect it to be honoured, hence I'm raising this issue.
Here's a test branch demonstrating the changes which would disable the checks during upgrade and when checking for plugin updates:
https://github.com/moodle/moodle/compare/7a3b115d374...snake:MDL-57983-master
- has a non-specific relationship to
-
MDL-57274 Moodle 3.2 notices during installation
- Closed