Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58391

"is_moodle_cookie_secure()" is buggy

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Not a bug
    • 3.0.9, 3.2.2
    • None
    • Authentication
    • None
    • MOODLE_30_STABLE, MOODLE_32_STABLE

    Description

      "is_moodle_cookie_secure()" function returns wrong result. It cause wrong report at moodle security review page.

      https://github.com/moodle/moodle/blob/master/lib/sessionlib.php#L99

      orisinal

      if (!empty($CFG->loginhttps)) {
      		 
          return false;
      		 
      }

      correct

      if (empty($CFG->loginhttps)) {
      		 
          return false;
      		 
      }

      Attachments

        Issue Links

          will be (partly) resolved by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-55836 Warn about loginhttps

          • Major - Major loss of function, incorrect output
          • Closed

          Activity

            People

              Unassigned Unassigned
              papillon326 Mitsuru Udagawa
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: