Commit Graph

106 Commits

Author SHA1 Message Date
Safat 001c5361d3 MDL-78778 auth_cas: Uninstall cas & remove dependencies 2025-03-05 12:53:58 +11:00
Paul Holden f4d0fd92e8 MDL-79373 admin: ensure all current password configs are defined.
Ensure the admin preset export tool has an accurate record of each,
to be observed as sensitive settings when creating an export.
2024-08-08 09:21:50 +07:00
David Woloszyn b1df497321 MDL-58353 admin: Logout on password change default to yes 2024-07-09 09:01:19 +10:00
Paul Holden b52132d09d MDL-78961 admin: correct smtppass preset configuration name. 2023-08-28 22:32:56 +01:00
Matt Porritt 668057c3eb MDL-50160 Administration: HTTP only cookies default set to on.
This patch removes the UI setting (cookiehttponly) for HTTP only
cookies. For new installs HTTP only cookies will default to on.
For existing sites teh behaviour will stay as set.
The behaviour can be overriden in config.php
2023-07-31 14:09:30 +10:00
David Woloszyn 23318ebb5e MDL-76755 admin: Blocked hosts defaults improved 2023-02-02 15:16:17 +11:00
Paul Holden a3a473d644 MDL-74489 admin: consider salt configuration as sensitive to site.
The admin preset tool shouldn't export badge/calendar salt configuration
unless explicitely asked for as changing these values on another site
can be potentially destructive.
2022-04-12 16:19:40 +01:00
Sara Arjona 1f47ef1a34 MDL-73397 adminpresets: Move sensiblesettings to core
The sensiblesettings setting has been moved from tool_admin_presets
to adminpresets component where it belongs, in order for being able
to use it from the API to decide whether sensible settings should
be included when exporting them.
2022-01-04 12:13:19 +01:00
Michael Hawkins 18a7f0134d MDL-56873 admin: Set sensible default cURL security settings 2021-06-10 12:01:39 +08:00
Peter Burnett b4623c8975 MDL-68820 web: Added referrer policy header setting 2020-06-03 15:18:19 +10:00
Peter Burnett 59298ccebc MDL-67309 login: Added check for password policy at login time. 2020-02-17 09:55:07 +10:00
Shamim Rezaie 9175a97822 MDL-46317 admin: minor coding style fixes 2019-08-12 14:44:12 +10:00
Shamim Rezaie e945b883fa MDL-46317 admin: convert userquota config from text to filesize widget 2019-08-12 14:44:10 +10:00
Michael Hawkins 76d0192e0b MDL-7339 admin: Replaced "open to google" references to be more generic
AMOS BEGIN
 MOV [configopentogoogle,admin],[configopentowebcrawlers,admin]
 MOV [opentogoogle,admin],[opentowebcrawlers,admin]
 MOV [check_google_details,report_security],[check_crawlers_details,report_security]
 MOV [check_google_error,report_security],[check_crawlers_error,report_security]
 MOV [check_google_info,report_security],[check_crawlers_info,report_security]
 MOV [check_google_name,report_security],[check_crawlers_name,report_security]
 MOV [check_google_ok,report_security],[check_crawlers_ok,report_security]
AMOS END
2019-06-11 10:04:01 +08:00
Andrew Nicols 4f2bc5bc8f MDL-61876 admin: Move forceclean to experimental settings 2018-05-08 13:30:09 +08:00
Andrew Nicols 1144ae255f Revert "MDL-61876 admin: set default forceclean=1"
This reverts commit c182f060fa.
2018-05-08 13:28:12 +08:00
Marina Glancy c182f060fa MDL-61876 admin: set default forceclean=1 2018-04-17 09:39:22 +08:00
David Mudrák 4b82c15cdb MDL-60940 weblib: Introduce an ability to force cleaning of all content
The new configuration flag $CFG->forceclean overrides the noclean
option when calling format_text() so that the text is always
and unconditionally cleaned.
2018-04-11 10:23:45 +02:00
Marina Glancy 1727c939ba MDL-61477 admin: sitepolicy handler API
- Define sitepolicy handler manager class, base class and the core handler
- Allow to set a plugin as sitepolicyhandler that implements the sitepolicy API
- Modify web services to return information from the 3rd party handler instead of core if needed
2018-03-15 11:32:55 +08:00
David Mudrák 0bdc578567 MDL-61477 admin: Allow plugins to act as alternate policy handlers
The patch introduces a new site setting 'sitepolicyhandler' that can be
either empty or contain a plugin component name. If it is empty, the
site policy feature keeps working as before and the core keeps the
control over it.

If a plugin is specified, it is expected to implement the callback
'site_policy_handler' in its lib.php file. The callback should return a
URL to a script where the user can accept the site policies. The plugin
itself is responsible for setting the 'policyagreed' flag in the users
table. The callback may return an empty value, in which case the user
can continue using the site without being redirected.

The patch adds support for a new pre-config flag NO_SITEPOLICY_CHECK.
This constant should be defined and set to true if we should not check
the user's policyagreed status during the require_login().

This is for pages where the user actually accepts the site policies and
helps to avoid the redirect loop.
2018-03-15 09:31:41 +08:00
John Okely b58764ff99 MDL-42834 admin: Remove loginhttps 2017-10-23 12:25:35 +08:00
Juan Leyva 993e817576 MDL-56751 admin: New setting to set user created tokens duration
We were using a hardcoded value for 12 months.
With this change, administrators can change the duration time via a
security setting.
2017-07-14 10:24:53 +01:00
Yair Spielmann 409ad1d60a MDL-57734 admin: New setting for when to use the noindex meta tag 2017-06-26 10:38:25 +08:00
sam marshall 38fa1ca558 MDL-55980 Scheduled tasks: Run individual scheduled tasks from web 2017-02-24 10:42:28 +00:00
Jade Telford 8380658219 MDL-55476 auth: remove loginpasswordautocomplete 2017-01-19 07:24:46 +00:00
Jake Dallimore 067268942c MDL-48498 admin: new setting types for curl host/port restrictions
Two new classes in lib/adminlib. One providing validation for a
newline-delimited textarea supporting domain names, domain wildcards,
IPv4/IPv6 addresses and IPv4/IPv6 ranges. The second providing
validation for a newline-delimited textarea of port numbers.
2016-11-08 15:10:35 +08:00
Juan Leyva 6a09295857 MDL-55923 webservice: Add global setting for forcing token deletion 2016-10-05 20:34:01 +01:00
Brendan Heywood 657ddbf592 MDL-55273 admin: Change $CFG->cookiesecure default to on 2016-08-22 09:20:32 +10:00
Ruslan Kabalin 7d19e0e33d MDL-50887 antivirus_clamav: Move global clamav settings to plugin level.
AMOS BEGIN
 MOV [clamfailureonupload,core],[clamfailureonupload,antivirus_clamav]
 MOV [configclamactlikevirus,core],[configclamactlikevirus,antivirus_clamav]
 MOV [configclamdonothing,core],[configclamdonothing,antivirus_clamav]
 MOV [configclamfailureonupload,core],[configclamfailureonupload,antivirus_clamav]
 MOV [configpathtoclam,core],[configpathtoclam,antivirus_clamav]
 MOV [configquarantinedir,core],[configquarantinedir,antivirus_clamav]
 MOV [configrunclamavonupload,core],[configrunclamavonupload,antivirus_clamav]
 MOV [pathtoclam,core],[pathtoclam,antivirus_clamav]
 MOV [quarantinedir,core],[quarantinedir,antivirus_clamav]
 MOV [runclamavonupload,core],[runclamavonupload,antivirus_clamav]
AMOS END
2016-02-25 09:55:45 +00:00
Dani Palou dbcade703b MDL-51829 admin: Set userquota setting as PARAM_INT 2015-10-20 10:01:11 +02:00
Ankit Agarwal 5254140b0c MDL-48559 cron: Disable web cron by default 2015-01-27 10:14:11 +05:30
Petr Skoda 1d658535b6 MDL-47830 auth: Add pw rotation restrictions 2014-12-01 08:53:52 +13:00
Petr Skoda 866f03de46 MDL-47800 auth: Add option to logout on pw change 2014-11-18 09:51:52 +13:00
Ankit Agarwal 52dc1de746 MDL-42891 administration: Re-implement incorrect login notification, without using the logtable. 2014-04-01 17:18:15 +08:00
Peter Bulmer 2f0dd8d5bd MDL-23692 forgotpw: Coding style tidyups. 2013-10-07 20:54:51 +13:00
Peter Bulmer 92de749fc7 MDL-23692 forgotpw: Simplify forgotpw process. 2013-10-04 22:37:56 +13:00
Adrian Greeve a327f25ef1 MDL-31776 - lib: Alternate name fields
Add support for additional name fields and flexible formating of
user names.
2013-07-09 11:45:50 +08:00
Damyon Wiese c9c01f75b1 MDL-39077 maxbytes - fix warnings for cli install 2013-05-02 12:11:08 +08:00
Damyon Wiese 367b977d4d MDL-39077 max_files does not include current option when it is non-standard
Non-standard means php.ini was set to something not in the default list (like 7MB),
then the config was saved to that specific value, and now the value in php.ini has been changed
again so 7MB does not appear in the list.
2013-05-01 12:40:57 +01:00
Petr Škoda b28247fe90 MDL-21342 add user login lockout 2013-01-04 15:12:31 +01:00
Tim Hunt 9665ecd275 MDL-19125 module restrictions: use a capability
1. This used to use a complex legacy system which was buggy.

2. It now relies on a new mod/...:addinstance capability for each module.

3. All the legacy code has been stripped out.

4. Old restriction data is upgraded by creating the necessary permission
overrides. Similarly, when old backups are restored, the old settings
are converted to be overrides.

5. The required addinstance capabilities will be added as a separate
commit.

6. There is a developer debug warning about modules that are missing the
addinstance capability, unless they are MOD_ARCHETYPE_SYSTEM mods.
2012-03-15 17:11:27 +00:00
Eloy Lafuente (stronk7) bb2308a33a Merge branch 'wip-MDL-26155-m23' of git://github.com/samhemelryk/moodle
Conflicts:
	admin/settings/security.php
2012-01-03 17:26:31 +01:00
Eloy Lafuente 90911c4ff9 MDL-29844 Administration: Added new config for users to login for viewing profile image 2012-01-03 11:53:49 +08:00
Sam Hemelryk e106013f34 MDL-26155 admin: Converted admin settings to use new lang_string 2012-01-03 09:09:40 +13:00
adrian@moodle.com aa30d3e8ce MDL-30336 - login - Added a setting in security that allows auto complete to be set to off in password fields. 2011-12-06 15:50:26 +08:00
Petr Skoda 73b309e6a3 MDL-28627 remove buggy and obsolete KSES cleaning 2011-10-22 09:25:06 +02:00
Marina Glancy 7b5702b681 MDL-19907 rewrote validation for required fields in forms, including support for editor field. Added parameter to use strict (no spaces) required fields validation 2011-07-29 13:51:26 +08:00
Petr Skoda 5c754932e7 MDL-28344 new option to prevent clickjacking via frame embedding 2011-07-14 22:01:23 +02:00
Eloy Lafuente (stronk7) 21ba26e814 Merge branch 'w27_MDL-28158_m22_cookies' of git://github.com/skodak/moodle 2011-07-11 15:33:03 +02:00
Petr Skoda 0342fc3609 MDL-28158 add optional "Remember username" checkbox in login forms 2011-07-10 13:22:55 +02:00