[MDL-71806] Improved the UX of the Moodle security report - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.11
Fix Version/s: 4.0
Component/s: Reports
Labels:

Affected Branches:
MOODLE_311_STABLE
Fixed Branches:
MOODLE_400_STABLE
Pull from Repository:
https://github.com/brendanheywood/moodle
Pull Master Branch:
~~MDL-71806~~-improve-check-ux
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...brendanheywood:MDL-71806-improve-check-ux
Testing Instructions:
Hide

Note: On a default setup internal paths will be exposed to the public.
If you have customised your Apache configuration for testing of the Security checks report, or included an .htaccess file in the past the nyou will need to remove that configuration before testing.

Navigate to Site administration -> Reports -> Security checks

Confirm that each summary has a 'More info' link

Confirm that the 'Check all public / private paths' check has a summary sentence for the warning state

Add the attached .htaccess to your Moodle root

Refresh the page

Reload the security report

Confirm the 'Check all public / private paths' check still has data in the "Summary" column

Confirm the 'Check all public / private paths' check still has a "More info" link
Show
Note: On a default setup internal paths will be exposed to the public. If you have customised your Apache configuration for testing of the Security checks report, or included an .htaccess file in the past the nyou will need to remove that configuration before testing. Navigate to Site administration -> Reports -> Security checks Confirm that each summary has a 'More info' link Confirm that the 'Check all public / private paths' check has a summary sentence for the warning state Add the attached .htaccess to your Moodle root Refresh the page Reload the security report Confirm the 'Check all public / private paths' check still has data in the "Summary" column Confirm the 'Check all public / private paths' check still has a "More info" link

Description

Version: Moodle 3.11

Moodle was updated from 2.4 (if I remember correctly). My installation runs in German..

Website-Administration -> Berichte -> Sicherheitskontrolle

shows "Alle öffentlichen / privaten Pfade prüfen" with a critical error.

I fixed all of them by redirecting the listed Files to 404 and most of it worked, but 4 entries are still listed, even though they are configured like the other (before) listed entries like composer.json

Here the list of files that are still listed:

readme.txt Dateien sollten nicht öffentlich sein
README Dateien sollten nicht öffentlich sein
/upgrade.txt Dateien sollten nicht öffentlich sein
phpunit.xml Dateien sollten nicht öffentlich sein

I tested the setup by trying to load those files over the webbrowser and got 404 back as expected.

The question is now is this a bug or did I do something wrong? I think in regards to this the documentation would need to be updated, as I couldn't find out, if these files should still be accessible by moodle itself locally.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

.htaccess
0.7 kB
10/Jun/21 11:57 AM
image-2021-05-31-12-58-15-178.png
40 kB
31/May/21 6:58 PM
image-2021-05-31-22-20-26-572.png
48 kB
31/May/21 8:20 PM
image-2021-06-01-10-05-27-750.png
44 kB
01/Jun/21 8:05 AM
MDL-71806.jpg
52 kB
10/Jun/21 2:21 PM

Activity

People

Assignee:: Brendan Heywood

Reporter:: Steffen Jaiser

Peer reviewer:: Dan Marsden

Integrator:: Andrew Lyons

Tester:: Anna Carissa Sadia

Participants:: Andrew Lyons, Anna Carissa Sadia, Brendan Heywood, CiBoT, Dan Marsden, Steffen Jaiser

Component watchers:: Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 30/May/21 8:18 PM

Updated:: 13/Apr/22 2:17 AM

Resolved:: 11/Jun/21 2:44 PM

Fix Release Date:: 19/Apr/22

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

50m