mahara-contributors team mailing list archive

Thread
Date

[Bug 1185297] Re: Document more $cfg options

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1185297@xxxxxxxxxxxxxxxxxx>
Date: Wed, 29 May 2013 23:10:41 -0000
Reply-to: Bug 1185297 <1185297@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Summary changed:

- Document more $cfg options in config-dist.php
+ Document more $cfg options

** Description changed:

  In the forum discussion
  https://mahara.org/interaction/forum/topic.php?id=5458 , I discovered
  the $cfg->sitethemeprefs config.php option I was completely unfamiliar
  with, which allows users to set their own personal theme. It is
  mentioned in the manual section about account settings, but there's no
  one central location where all the config options are listed.
  
  I think it would be a great idea if we went through the code, found as
  many of the config options as we can (by searching for $CFG and
- get_config()), and documented them in the config-dist.php file. This can
- be in the form of comments, in a section below the minimum/recommended
- config settings. And as an on-going thing, when people add new
- config.php settings, they can add them to config-dist.php
+ get_config()), and made sure they were properly documented in one of
+ three ways:
+ 
+ 1. If it's a setting that should be hard-coded and most users will
+ want/need to set it, put it in config-dist.php
+ 
+ 2. If it's a setting that should be hard-coded but is experimental,
+ advanced, or less likely to be used, put it in lib/config-defaults.php
+ 
+ 3. Or give it a UI front-end setting on the Admin pages. But keep in
+ mind possible security implications -- anything settable by the UI can
+ be abused by XSS, so for instance filesystem paths should not be set in
+ the UI because that makes a handy escalation from XSS to filesystem.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1185297

Title:
  Document more $cfg options

Status in Mahara ePortfolio:
  Triaged

Bug description:
  I think it would be a great idea if we went through the code, found as
  many of the config options as we can (by searching for $CFG and
  get_config()), and made sure they were properly documented in one of
  three ways:

  1. If it's a setting that should be hard-coded and most users will
  want/need to set it, put it in config-dist.php

  2. If it's a setting that should be hard-coded but is experimental,
  advanced, or less likely to be used, put it in lib/config-defaults.php

  3. Or give it a UI front-end setting on the Admin pages. But keep in
  mind possible security implications -- anything settable by the UI can
  be abused by XSS, so for instance filesystem paths should not be set
  in the UI because that makes a handy escalation from XSS to
  filesystem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1185297/+subscriptions

References

[Bug 1185297] [NEW] Document more $cfg options in config-dist.php
From: Aaron Wells, 2013-05-29