Merge branch 'w02_MDL-43529_m27_globals' of https://github.com/skodak…

…/moodle
moodle · Jan 14, 2014 · 8845799 · 8845799
2 parents 4198f7f + 6a27439
commit 8845799
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 39 deletions.
diff --git a/lib/htaccess b/lib/htaccess
@@ -27,7 +27,6 @@ DirectoryIndex index.php index.html index.htm
 
 ### Thirdly, set up some PHP variables that Moodle needs
 
-php_flag register_globals        0
 php_flag file_uploads            1
 php_flag short_open_tag          1
 php_flag session.auto_start      0

diff --git a/lib/setuplib.php b/lib/setuplib.php
@@ -704,9 +704,6 @@ function ini_get_bool($ini_get_arg) {
 function setup_validate_php_configuration() {
    // this must be very fast - no slow checks here!!!
 
-   if (ini_get_bool('register_globals')) {
-       print_error('globalswarning', 'admin');
-   }
    if (ini_get_bool('session.auto_start')) {
        print_error('sessionautostartwarning', 'admin');
    }

diff --git a/report/security/lang/en/report_security.php b/report/security/lang/en/report_security.php
@@ -61,11 +61,6 @@
 $string['check_frontpagerole_name'] = 'Frontpage role';
 $string['check_frontpagerole_notset'] = 'Frontpage role is not set.';
 $string['check_frontpagerole_ok'] = 'Frontpage role definition is OK.';
-$string['check_globals_details'] = '<p>Register globals is considered to be a highly insecure PHP setting.</p>
-<p><code>register_globals=off</code> must be set in PHP configuration. This setting is controlled by editing your <code>php.ini</code>, Apache/IIS configuration or <code>.htaccess</code> file.</p>';
-$string['check_globals_error'] = 'Register globals MUST be disabled. Please fix the server PHP settings immediately!';
-$string['check_globals_name'] = 'Register globals';
-$string['check_globals_ok'] = 'Register globals are disabled.';
 $string['check_google_details'] = '<p>The Open to Google setting enables search engines to enter courses with guest access. There is no point in enabling this setting if guest login is not allowed.</p>';
 $string['check_google_error'] = 'Search engine access is allowed but guest access is disabled.';
 $string['check_google_info'] = 'Search engines may enter as guests.';

diff --git a/report/security/locallib.php b/report/security/locallib.php
@@ -39,7 +39,6 @@ function report_security_hide_timearning() {
 
 function report_security_get_issue_list() {
     return array(
-        'report_security_check_globals',
         'report_security_check_unsecuredataroot',
         'report_security_check_displayerrors',
         'report_security_check_noauth',
@@ -76,35 +75,6 @@ function report_security_doc_link($issue, $name) {
 ///=============================================
 
 
-/**
- * Verifies register globals PHP setting.
- * @param bool $detailed
- * @return object result
- */
-function report_security_check_globals($detailed=false) {
-    $result = new stdClass();
-    $result->issue   = 'report_security_check_globals';
-    $result->name    = get_string('check_globals_name', 'report_security');
-    $result->info    = null;
-    $result->details = null;
-    $result->status  = null;
-    $result->link    = null;
-
-    if (ini_get_bool('register_globals')) {
-        $result->status = REPORT_SECURITY_CRITICAL;
-        $result->info   = get_string('check_globals_error', 'report_security');
-    } else {
-        $result->status = REPORT_SECURITY_OK;
-        $result->info   = get_string('check_globals_ok', 'report_security');
-    }
-
-    if ($detailed) {
-        $result->details = get_string('check_globals_details', 'report_security');
-    }
-
-    return $result;
-}
-
 /**
  * Verifies unsupported noauth setting
  * @param bool $detailed