Reviewed: https://reviews.mahara.org/4742 Committed: https://git.mahara.org/mahara/mahara/commit/620b128f307dea160212772298b1b05fffbc2883 Submitter: Son Nguyen ([email protected]) Branch: master
commit 620b128f307dea160212772298b1b05fffbc2883 Author: Robert Lyon <[email protected]> Date: Tue May 5 14:34:49 2015 +1200 Bug 1451636: adding a urlsecret config setting To stop unwarrented access to the lib/cron.php page and to the admin/upgrade.php page behatnotneeded Change-Id: I9eef9e2ddf85bdf8a2424bb9d0972ea4970dfa86 Signed-off-by: Robert Lyon <[email protected]> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1451636 Title: Have the cron and/or upgrade site only run if they are accompanied with secret in url Status in Mahara: In Progress Bug description: Set up a basic secret in config.php like $cfg->urlsecret = 'bunnyslippers'; So that if a user hits /admin/upgrade.php or /lib/cron.php they need to add the ?secret=bunnyslippers to the end of the url or it won't run. This will stop random people hitting those urls and causing potential problems during db upgrade / normal cron runs To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1451636/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
