MDL-48559 reports: security report checks for web cron

moodle · Jan 27, 2015 · 9e01886 · 9e01886
1 parent 5254140
commit 9e01886
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/report/security/lang/en/report_security.php b/report/security/lang/en/report_security.php
@@ -116,6 +116,10 @@
 $string['check_unsecuredataroot_name'] = 'Insecure dataroot';
 $string['check_unsecuredataroot_ok'] = 'Dataroot directory must not be accessible via the web.';
 $string['check_unsecuredataroot_warning'] = 'Your dataroot directory <code>{$a}</code> is in the wrong location and might be exposed to the web.';
+$string['check_webcron_details'] = '<p>Web cron can expose priviedged information to anonymous users. It is recommended to use CLI cron or protect the cron page with a passphrase.</p>';
+$string['check_webcron_warning'] = 'Anonymous users can access cron.';
+$string['check_webcron_name'] = 'Web cron';
+$string['check_webcron_ok'] = 'Anonymous users can not access cron.';
 $string['issue'] = 'Issue';
 $string['pluginname'] = 'Security overview';
 $string['security:view'] = 'View security report';

diff --git a/report/security/locallib.php b/report/security/locallib.php
@@ -56,6 +56,7 @@ function report_security_get_issue_list() {
         'report_security_check_defaultuserrole',
         'report_security_check_guestrole',
         'report_security_check_frontpagerole',
+        'report_security_check_webcron',
 
     );
 }
@@ -830,3 +831,37 @@ function report_security_check_riskbackup($detailed=false) {
 
     return $result;
 }
+
+/**
+ * Verifies the status of web cron
+ *
+ * @param bool $detailed
+ * @return object result
+ */
+function report_security_check_webcron($detailed = false) {
+    global $CFG;
+
+    $croncli = $CFG->cronclionly;
+    $cronremotepassword = $CFG->cronremotepassword;
+
+    $result = new stdClass();
+    $result->issue   = 'report_security_check_webcron';
+    $result->name    = get_string('check_webcron_name', 'report_security');
+    $result->details = null;
+    $result->link    = "<a href=\"$CFG->wwwroot/$CFG->admin/settings.php?section=sitepolicies\">"
+            .get_string('sitepolicies', 'admin').'</a>';
+
+    if (empty($croncli) && empty($cronremotepassword)) {
+        $result->status = REPORT_SECURITY_WARNING;
+        $result->info   = get_string('check_webcron_warning', 'report_security');
+    } else {
+        $result->status = REPORT_SECURITY_OK;
+        $result->info   = get_string('check_webcron_ok', 'report_security');
+    }
+
+    if ($detailed) {
+        $result->details = get_string('check_webcron_details', 'report_security');
+    }
+
+    return $result;
+}