mahara-contributors team mailing list archive

Thread
Date

[Bug 1451636] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1451636@xxxxxxxxxxxxxxxxxx>
Date: Mon, 21 Mar 2016 23:21:03 -0000
Reply-to: Bug 1451636 <1451636@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/4742
Committed: https://git.mahara.org/mahara/mahara/commit/620b128f307dea160212772298b1b05fffbc2883
Submitter: Son Nguyen (son.nguyen@xxxxxxxxxxxxxxx)
Branch:    master

commit 620b128f307dea160212772298b1b05fffbc2883
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Tue May 5 14:34:49 2015 +1200

Bug 1451636: adding a urlsecret config setting

To stop unwarrented access to the lib/cron.php page
and to the admin/upgrade.php page

behatnotneeded

Change-Id: I9eef9e2ddf85bdf8a2424bb9d0972ea4970dfa86
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1451636

Title:
  Have the cron and/or upgrade site only run if they are accompanied
  with secret in url

Status in Mahara:
  In Progress

Bug description:
  Set up a basic secret in config.php like $cfg->urlsecret =
  'bunnyslippers';

  So that if a user hits /admin/upgrade.php or /lib/cron.php they need
  to add the ?secret=bunnyslippers to the end of the url or it won't
  run.

  This will stop random people hitting those urls and causing potential
  problems during db upgrade / normal cron runs

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1451636/+subscriptions

References

[Bug 1451636] [NEW] Have the cron and/or upgrade site only run if they are accompanied with secret in url
From: Robert Lyon, 2015-05-05