mahara-contributors team mailing list archive

Thread
Date

[Bug 1185297] Re: Document more $cfg options

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1185297@xxxxxxxxxxxxxxxxxx>
Date: Wed, 29 May 2013 23:16:02 -0000
Reply-to: Bug 1185297 <1185297@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

- In the forum discussion
- https://mahara.org/interaction/forum/topic.php?id=5458 , I discovered
- the $cfg->sitethemeprefs config.php option I was completely unfamiliar
- with, which allows users to set their own personal theme. It is
- mentioned in the manual section about account settings, but there's no
- one central location where all the config options are listed.
- 
  I think it would be a great idea if we went through the code, found as
  many of the config options as we can (by searching for $CFG and
  get_config()), and made sure they were properly documented in one of
  three ways:
  
  1. If it's a setting that should be hard-coded and most users will
  want/need to set it, put it in config-dist.php
  
  2. If it's a setting that should be hard-coded but is experimental,
  advanced, or less likely to be used, put it in lib/config-defaults.php
  
  3. Or give it a UI front-end setting on the Admin pages. But keep in
  mind possible security implications -- anything settable by the UI can
  be abused by XSS, so for instance filesystem paths should not be set in
  the UI because that makes a handy escalation from XSS to filesystem.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1185297

Title:
  Document more $cfg options

Status in Mahara ePortfolio:
  Triaged

Bug description:
  I think it would be a great idea if we went through the code, found as
  many of the config options as we can (by searching for $CFG and
  get_config()), and made sure they were properly documented in one of
  three ways:

  1. If it's a setting that should be hard-coded and most users will
  want/need to set it, put it in config-dist.php

  2. If it's a setting that should be hard-coded but is experimental,
  advanced, or less likely to be used, put it in lib/config-defaults.php

  3. Or give it a UI front-end setting on the Admin pages. But keep in
  mind possible security implications -- anything settable by the UI can
  be abused by XSS, so for instance filesystem paths should not be set
  in the UI because that makes a handy escalation from XSS to
  filesystem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1185297/+subscriptions

References

[Bug 1185297] [NEW] Document more $cfg options in config-dist.php
From: Aaron Wells, 2013-05-29