Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52271

Prevent web installer from appearing in search results if abandoned

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.9.4, 3.0.1
    • 2.7.11, 2.8.9, 2.9.3, 3.0.1
    • Installation
    • None
    • MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • Hide
      1. Try out the installer (you'll need no config.php)
      2. VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en
      3. Ensure installer works
      Show
      Try out the installer (you'll need no config.php) VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en Ensure installer works

      Mehdi Dadkhah <dadkhah80@gmail.com> reported:

      We found new web vulnerability and your CMS may be vulnerable to it. We prepared a report which introduce this vulnerability. We will public this vulnerability in 1 December 2015. Please patch your CMS.

      The report was not particularly clear and mostly spoke about wordpress, however I do think it raised an issue we should do something about:

      Googleable installers

        1. RIV Vulnerability by Dadkhah.pdf
          967 kB
        2. MDL-52271-master.mdk.patch
          1 kB
        3. MDL-52271-30.mdk.patch
          1 kB
        4. MDL-52271-29.mdk.patch
          1 kB
        5. MDL-52271-28.mdk.patch
          1 kB
        6. MDL-52271-27.mdk.patch
          1 kB

            poltawski Dan Poltawski
            poltawski Dan Poltawski
            John Okely John Okely
            David Monllaó David Monllaó
            Adrian Greeve Adrian Greeve
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.