Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-35852 Add config option to prevent changes to configexecutable se…

…ttings
  • Loading branch information...
commit 9a2b5e0b4f28aac950934d6e1c9fa1aee3574f5b 1 parent 95190fd
Hugh Davenport authored danmarsden committed
Showing with 21 additions and 0 deletions.
  1. +6 −0 config-dist.php
  2. +1 −0  lang/en/admin.php
  3. +14 −0 lib/adminlib.php
View
6 config-dist.php
@@ -456,6 +456,12 @@
// To ensure they are never used even when available:
// $CFG->svgicons = false;
//
+// Some administration options allow setting the path to executable files. This can
+// potentially cause a security risk. Set this option to true to disable editing
+// those config settings via the web. They will need to be set explicitly in the
+// config.php file
+// $CFG->preventexecpath = true;
+//
//=========================================================================
// 7. SETTINGS FOR DEVELOPMENT SERVERS - not intended for production use!!!
//=========================================================================
View
1  lang/en/admin.php
@@ -513,6 +513,7 @@
$string['errorwithsettings'] = 'Some settings were not changed due to an error.';
$string['everyonewhocan'] = 'Everyone who can \'{$a}\'';
$string['exceptions'] = 'exceptions';
+$string['execpathnotallowed'] = 'Setting executable paths disabled in config.php';
$string['experimental'] = 'Experimental';
$string['experimentalsettings'] = 'Experimental settings';
$string['extendedusernamechars'] = 'Allow extended characters in usernames';
View
14 lib/adminlib.php
@@ -2107,6 +2107,16 @@ public function output_html($data, $query='') {
'<div class="form-file defaultsnext"><input type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
$this->description, true, '', $default, $query);
}
+ /**
+ * checks if execpatch has been disabled in config.php
+ */
+ public function write_setting($data) {
+ global $CFG;
+ if (!empty($CFG->preventexecpath)) {
+ return '';
+ }
+ return parent::write_setting($data);
+ }
}
@@ -2125,6 +2135,7 @@ class admin_setting_configexecutable extends admin_setting_configfile {
* @return string XHTML field
*/
public function output_html($data, $query='') {
+ global $CFG;
$default = $this->get_defaultsetting();
if ($data) {
@@ -2136,6 +2147,9 @@ public function output_html($data, $query='') {
} else {
$executable = '';
}
+ if (!empty($CFG->preventexecpath)) {
+ $this->visiblename .= '<div class="form-overridden">'.get_string('execpathnotallowed', 'admin').'</div>';
+ }
return format_admin_setting($this, $this->visiblename,
'<div class="form-file defaultsnext"><input type="text" size="'.$this->size.'" id="'.$this->get_id().'" name="'.$this->get_full_name().'" value="'.s($data).'" />'.$executable.'</div>',
Please sign in to comment.
Something went wrong with that request. Please try again.