Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78811

Security overview report shows duplicate column 'contextid' warning in default role user check

    XMLWordPrintable

Details

    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MDL-78811-MOODLE-401
    • MDL-78811-MOODLE-402
    • MDL-78811-Master
    • Hide

      Testing instruction:

      1. Log in as admin
      2. Go to the role editing page for role 'Authenticated user'.
      3. Check 'Allow' permission is checked for tool/dataprivacy:requestdelete capability. If not, tick the 'Allow' checkbox.
      4. Add another 'Allow' permission for a high risk capability for role 'Authenticated user', e.g. mod/assign:editothersubmission.
      5. Go to site administration/Reports/Security checks (<host>/report/security/index.php)
      6. The warning message should be displayed. (Did you remember to make the first column something unique in your call to get_records? Duplicate value '1' found in column 'contextid'.)
      7. Apply the patch.
      8. Reload the security report page, the warning should be disappeared.
      9. Confirm the Default role for all users check status is Critical
      Show
      Testing instruction: Log in as admin Go to the role editing page for role 'Authenticated user'. Check 'Allow' permission is checked for tool/dataprivacy:requestdelete capability. If not, tick the 'Allow' checkbox. Add another 'Allow' permission for a high risk capability for role 'Authenticated user', e.g. mod/assign:editothersubmission. Go to site administration/Reports/Security checks (<host>/report/security/index.php) The warning message should be displayed. (Did you remember to make the first column something unique in your call to get_records? Duplicate value '1' found in column 'contextid'.) Apply the patch. Reload the security report page, the warning should be disappeared. Confirm the Default role for all users check status is Critical

    Description

      Since https://tracker.moodle.org/browse/MDL-67852 merged, the following warning is shown at the security report page if more than one high risk capability was allowed for authenticated user role.

      Did you remember to make the first column something unique in your call to get_records? Duplicate value '1' found in column 'contextid'.
      line 1049 of /lib/dml/pgsql_native_moodle_database.php: call to debugging()
      line 88 of /lib/classes/check/access/defaultuserrole.php: call to pgsql_native_moodle_database->get_records_sql()
      line 111 of /lib/classes/check/table.php: call to core\check\access\defaultuserrole->get_result()
      line 44 of /report/security/index.php: call to core\check\table->render()

      Attachments

        Issue Links

          Activity

            People

              aydevworks Alex Yeung
              aydevworks Alex Yeung
              Paul Holden Paul Holden
              Andrew Lyons Andrew Lyons
              Kim Jared Lucas Kim Jared Lucas
              Votes:
              0 Vote for this issue
              Watchers:
              22 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 5 minutes
                  1h 5m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.