Skip to content
Permalink
Browse files

backup/nopasswords MDL-20838 Backups are now never saved with user pa…

…sswords unless $CFG->includeuserpasswordsinbackup is turned on in config.php (only)
  • Loading branch information...
moodler committed Nov 17, 2009
1 parent efb9ebe commit 8bcf4b57497a205d88d5b9c6387fd8069ec1798c
Showing with 15 additions and 4 deletions.
  1. +5 −1 backup/backuplib.php
  2. +3 −3 backup/version.php
  3. +7 −0 config-dist.php
@@ -1303,7 +1303,11 @@ function backup_user_info ($bf,$preferences) {
fwrite ($bf,full_tag("POLICYAGREED",4,false,$user->policyagreed));
fwrite ($bf,full_tag("DELETED",4,false,$user->deleted));
fwrite ($bf,full_tag("USERNAME",4,false,$user->username));
fwrite ($bf,full_tag("PASSWORD",4,false,$user->password));
// Prevent user passwords in backup files unless
// $CFG->includeuserpasswordsinbackup is defined. MDL-20838
if (!empty($CFG->includeuserpasswordsinbackup)) {
fwrite ($bf,full_tag("PASSWORD",4,false,$user->password));
}
fwrite ($bf,full_tag("IDNUMBER",4,false,$user->idnumber));
fwrite ($bf,full_tag("FIRSTNAME",4,false,$user->firstname));
fwrite ($bf,full_tag("LASTNAME",4,false,$user->lastname));
@@ -2,11 +2,11 @@
/// This file defines the current version of the
/// backup/restore code that is being used. This can be
/// compared against the values stored in the
/// compared against the values stored in the
/// database (backup_version) to determine whether upgrades should
/// be performed (see db/backup_*.php)
$backup_version = 2009100600; // The current version is a date (YYYYMMDDXX)
$backup_release = '1.9.6'; // User-friendly version number
$backup_version = 2009111300; // The current version is a date (YYYYMMDDXX)
$backup_release = '1.9.7'; // User-friendly version number
?>
@@ -148,6 +148,13 @@
// Useful for webhost operators who have alternate methods of backups
// $CFG->disablescheduledbackups = true;
//
// Allow user passwords to be included in backup files. Very dangerous
// setting as far as it publishes password hashes that can be unencrypted
// if the backup file is publicy available. Use it only if you can guarantee
// that all your backup files remain only privacy available and are never
// shared out from your site/institution!
// $CFG->includeuserpasswordsinbackup = true;
//
// Prevent stats processing and hide the GUI
// $CFG->disablestatsprocessing = true;
//

0 comments on commit 8bcf4b5

Please sign in to comment.
You can’t perform that action at this time.