Commit 984de894 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge changes I293c5ac2,I1fb4ed7b

* changes:
  Bug 1595789: More prominent documentation of urlsecret.
  Bug 1595789: Make NULL urlsecret work during installation
parents 2c8444a3 31ab623e
...@@ -40,6 +40,12 @@ To upgrade an existing Mahara installation, follow the instructions here: ...@@ -40,6 +40,12 @@ To upgrade an existing Mahara installation, follow the instructions here:
* https://wiki.mahara.org/wiki/System_Administrator%27s_Guide/Upgrading_Mahara * https://wiki.mahara.org/wiki/System_Administrator%27s_Guide/Upgrading_Mahara
If you are upgrading from Mahara 15.10 or earlier, you will need to add a "urlsecret"
value to your config.php file if you wish to use the web-based upgrade and/or cron
scripts. See:
* https://wiki.mahara.org/wiki/System_Administrator%27s_Guide/Upgrading_Mahara#Q:_I.27m_getting_an_error_about_a_.22urlsecret.22
# SYSTEM REQUIREMENTS # SYSTEM REQUIREMENTS
Here are the system requirements needed to run Mahara 16.10. Here are the system requirements needed to run Mahara 16.10.
......
...@@ -33,8 +33,8 @@ if (param_integer('finished', 0)) { ...@@ -33,8 +33,8 @@ if (param_integer('finished', 0)) {
} }
// Check if we have come via browser and have the right urlsecret // Check if we have come via browser and have the right urlsecret
if (php_sapi_name() != 'cli') { if (php_sapi_name() != 'cli' && get_config('urlsecret') !== null) {
$urlsecret = param_alphanumext('urlsecret', null); $urlsecret = param_alphanumext('urlsecret', -1);
if ($urlsecret !== get_config('urlsecret')) { if ($urlsecret !== get_config('urlsecret')) {
die_info(get_string('accessdeniednourlsecret', 'error')); die_info(get_string('accessdeniednourlsecret', 'error'));
} }
......
...@@ -66,6 +66,15 @@ $cfg->dataroot = '/path/to/uploaddir'; ...@@ -66,6 +66,15 @@ $cfg->dataroot = '/path/to/uploaddir';
// Example: // Example:
// $cfg->wwwroot = 'https://myhost.com/mahara/'; // $cfg->wwwroot = 'https://myhost.com/mahara/';
/**
* urlsecret A secret you need to add to the lib/cron.php or admin/upgrade.php
* URL to run it through the browser rather than the commandline to prevent unauthorised users triggering
* the cron or an upgrade, eg http://example.com/lib/cron.php?urlsecret=mysupersecret.
*
* You can disable this functionality by setting $cfg->urlsecret = null.
*/
// $cfg->urlsecret = 'mysupersecret';
/** /**
* passwordsaltmain: A secret token used for one-way encryption of user account passwords. * passwordsaltmain: A secret token used for one-way encryption of user account passwords.
*/ */
......
...@@ -25,8 +25,8 @@ require_once(get_config('docroot') . 'webservice/lib.php'); ...@@ -25,8 +25,8 @@ require_once(get_config('docroot') . 'webservice/lib.php');
// Check if we have come via browser and have the right urlsecret // Check if we have come via browser and have the right urlsecret
// Note: if your crontab hits this file via curl/http thenyou will need // Note: if your crontab hits this file via curl/http thenyou will need
// to add the urlsecret there for the cron to work. // to add the urlsecret there for the cron to work.
if (php_sapi_name() != 'cli') { if (php_sapi_name() != 'cli' && get_config('urlsecret') !== null) {
$urlsecret = param_alphanumext('urlsecret', null); $urlsecret = param_alphanumext('urlsecret', -1);
if ($urlsecret !== get_config('urlsecret')) { if ($urlsecret !== get_config('urlsecret')) {
die_info(get_string('accessdeniednourlsecret', 'error')); die_info(get_string('accessdeniednourlsecret', 'error'));
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment