Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.5.11, 3.6.9, 3.7.5, 3.8.2
-
Fix Version/s: 3.8.4
-
Component/s: Administration, Logging
-
Labels:
-
Testing Instructions:
-
Affected Branches:MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
-
Fixed Branches:MOODLE_38_STABLE
-
Pull from Repository:
-
Pull Master Branch:
MDL-68276-replace-logs -
Pull Master Diff URL:
Description
This is a bug in that a compromised admin account can use this to cover it's tracks to some degree.
This was found while testing MDL-68193
1) I did a search and replace, which is now correctly logged (see MDL-68193)
2) But I can use the search and replace to manipulate the logs as well:
3) Showing the now re-written logs:
This isn't confined to this new event, you can replace anything in the logs.