Permalink
Browse files

MDL-21788 use session regeneration on all sites by default and improv…

…ed string
  • Loading branch information...
1 parent 2a011db commit 811c2e7575b719138b551a05b973b2d712d4f759 @skodak skodak committed Mar 19, 2010
Showing with 11 additions and 3 deletions.
  1. +1 −1 admin/settings/security.php
  2. +1 −1 lang/en_utf8/admin.php
  3. +8 −0 lib/db/upgrade.php
  4. +1 −1 version.php
@@ -65,7 +65,7 @@
$temp->add(new admin_setting_configcheckbox('loginhttps', get_string('loginhttps', 'admin'), get_string('configloginhttps', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiesecure', get_string('cookiesecure', 'admin'), get_string('configcookiesecure', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiehttponly', get_string('cookiehttponly', 'admin'), get_string('configcookiehttponly', 'admin'), 0));
- $temp->add(new admin_setting_configcheckbox('regenloginsession', get_string('regenloginsession', 'admin'), get_string('configregenloginsession', 'admin'), 0));
+ $temp->add(new admin_setting_configcheckbox('regenloginsession', get_string('regenloginsession', 'admin'), get_string('configregenloginsession', 'admin'), 1));
$temp->add(new admin_setting_configtext('excludeoldflashclients', get_string('excludeoldflashclients', 'admin'), get_string('configexcludeoldflashclients', 'admin'), '10.0.12', PARAM_TEXT));
$ADMIN->add('security', $temp);
View
@@ -210,7 +210,7 @@
$string['configrcachettl'] = 'Time-to-live for cached records, in seconds. Use a short (<15) value here.';
$string['configrecaptchaprivatekey'] = 'String of characters used to communicate between your Moodle server and the recaptcha.net server. Obtain one for this site by visiting http://recaptcha.net';
$string['configrecaptchapublickey'] = 'String of characters used to display the reCAPTCHA element in the signup form. Generated by http://recaptcha.net';
-$string['configregenloginsession'] = 'Regeneration of the session id during each login request is highly recommended. This setting might not be compatible with some authentication plugins.';
+$string['configregenloginsession'] = 'Regeneration of the session id during each login request is highly recommended for security reasons. This setting might not be compatible with some authentication plugins.';
$string['configrequestedstudentname'] = 'Word for student used in requested courses';
$string['configrequestedstudentsname'] = 'Word for students used in requested courses';
$string['configrequestedteachername'] = 'Word for teacher used in requested courses';
View
@@ -3337,6 +3337,14 @@ function xmldb_main_upgrade($oldversion=0) {
upgrade_main_savepoint($result, 2007101571.04);
}
+ if ($result && $oldversion < 2007101571.05) {
+ // make the session regeneration setting enabled by default
+ if (empty($CFG->regenloginsession)) {
+ unset_config('regenloginsession');
+ }
+ upgrade_main_savepoint($result, 2007101571.05);
+ }
+
return $result;
}
View
@@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
- $version = 2007101571.04; // YYYYMMDD = date of the 1.9 branch (don't change)
+ $version = 2007101571.05; // YYYYMMDD = date of the 1.9 branch (don't change)
// X = release number 1.9.[0,1,2,3,4,5...]
// Y.YY = micro-increments between releases

0 comments on commit 811c2e7

Please sign in to comment.