-
Bug
-
Resolution: Fixed
-
Minor
-
4.3.3, 4.4
-
MOODLE_403_STABLE, MOODLE_404_STABLE
-
MOODLE_403_STABLE
-
MDL-81182_403 -
-
1
-
Team Hedgehog 2024 Sprint 1.3, Team Hedgehog 2024 Sprint 1.4
The require_once in `admin/tool/mfa/factor/email/email.php` is invalid. In some edge-cases, it can cause PHP to require the config.php file twice, since as written, it's including:
Two issues - it has one set of dots too many for the depth.
And {}DIR _does not end in a slash, so if }}{{DIR_ was /app then it results in requires that look like:
/app../../../config.php - which is obviously wrong.{{}}
Steps to reproduce:
For a test system under /var/www/moodle, rename the config.php file, then symlink to it, something like:
mv config.php config.real.php |
ln -s config.real.php config.php |
Restart php-fpm, or apache, to ensure the realpath cache is cleared.
Browse to: admin/tool/mfa/factor/email/email.php?instance=1
You should see an "unauthorised email" message. Without the fix, you may instead see a bunch of errors that indicate config isn't loaded properly.