Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78811

Security overview report shows duplicate column 'contextid' warning in default role user check

XMLWordPrintable

    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MDL-78811-MOODLE-401
    • MDL-78811-MOODLE-402
    • MDL-78811-Master
    • Hide

      Testing instruction:

      1. Log in as admin
      2. Go to the role editing page for role 'Authenticated user'.
      3. Check 'Allow' permission is checked for tool/dataprivacy:requestdelete capability. If not, tick the 'Allow' checkbox.
      4. Add another 'Allow' permission for a high risk capability for role 'Authenticated user', e.g. mod/assign:editothersubmission.
      5. Go to site administration/Reports/Security checks (<host>/report/security/index.php)
      6. The warning message should be displayed. (Did you remember to make the first column something unique in your call to get_records? Duplicate value '1' found in column 'contextid'.)
      7. Apply the patch.
      8. Reload the security report page, the warning should be disappeared.
      9. Confirm the Default role for all users check status is Critical
      Show
      Testing instruction: Log in as admin Go to the role editing page for role 'Authenticated user'. Check 'Allow' permission is checked for tool/dataprivacy:requestdelete capability. If not, tick the 'Allow' checkbox. Add another 'Allow' permission for a high risk capability for role 'Authenticated user', e.g. mod/assign:editothersubmission. Go to site administration/Reports/Security checks (<host>/report/security/index.php) The warning message should be displayed. (Did you remember to make the first column something unique in your call to get_records? Duplicate value '1' found in column 'contextid'.) Apply the patch. Reload the security report page, the warning should be disappeared. Confirm the Default role for all users check status is Critical

      Since https://tracker.moodle.org/browse/MDL-67852 merged, the following warning is shown at the security report page if more than one high risk capability was allowed for authenticated user role.

      Did you remember to make the first column something unique in your call to get_records? Duplicate value '1' found in column 'contextid'.
      line 1049 of /lib/dml/pgsql_native_moodle_database.php: call to debugging()
      line 88 of /lib/classes/check/access/defaultuserrole.php: call to pgsql_native_moodle_database->get_records_sql()
      line 111 of /lib/classes/check/table.php: call to core\check\access\defaultuserrole->get_result()
      line 44 of /report/security/index.php: call to core\check\table->render()

            aydevworks Alex Yeung
            aydevworks Alex Yeung
            Paul Holden Paul Holden
            Andrew Lyons Andrew Lyons
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            0 Vote for this issue
            Watchers:
            22 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 5 minutes
                1h 5m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.