📄 lib.php
字号:
AND rc.permission = ".CAP_ALLOW." AND rc.roleid = $frontpage_role->id"; $anythingcount = count_records_sql($sql); // risky caps - usually very dangerous $sql = "SELECT COUNT(DISTINCT rc.contextid) FROM {$CFG->prefix}role_capabilities rc JOIN {$CFG->prefix}capabilities cap ON cap.name = rc.capability WHERE ".sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0 AND rc.permission = ".CAP_ALLOW." AND rc.roleid = $frontpage_role->id"; $riskycount = count_records_sql($sql); // there is no legacy role type for frontpage yet - anyway we can not allow teachers or admins there! $sql = "SELECT rc.capability, 1 FROM {$CFG->prefix}role_capabilities rc WHERE rc.capability LIKE 'moodle/legacy:%' AND rc.permission = ".CAP_ALLOW." AND rc.roleid = $frontpage_role->id"; $legacycaps = get_records_sql($sql); $legacyok = (!isset($legacycaps['moodle/legacy:teacher']) and !isset($legacycaps['moodle/legacy:editingteacher']) and !isset($legacycaps['moodle/legacy:coursecreator']) and !isset($legacycaps['moodle/legacy:admin'])); if ($anythingcount or $riskycount or !$legacyok) { $result->status = REPORT_SECURITY_CRITICAL; $result->info = get_string('check_frontpagerole_error', 'report_security', format_string($frontpage_role->name)); } else { $result->status = REPORT_SECURITY_OK; $result->info = get_string('check_frontpagerole_ok', 'report_security'); } if ($detailed) { $result->details = get_string('check_frontpagerole_details', 'report_security'); } return $result;}/** * Verifies sanity of site default course role. * @param bool $detailed * @return object result */function report_security_check_defaultcourserole($detailed=false) { global $CFG; $problems = array(); $result = new object(); $result->issue = 'report_security_check_defaultcourserole'; $result->name = get_string('check_defaultcourserole_name', 'report_security'); $result->info = null; $result->details = null; $result->status = null; $result->link = "<a href=\"$CFG->wwwroot/$CFG->admin/settings.php?section=userpolicies\">".get_string('userpolicies', 'admin').'</a>';; if ($detailed) { $result->details = get_string('check_defaultcourserole_details', 'report_security'); } if (!$student_role = get_record('role', 'id', $CFG->defaultcourseroleid)) { $result->status = REPORT_SECURITY_WARNING; $result->info = get_string('check_defaultcourserole_notset', 'report_security'); $result->details = get_string('check_defaultcourserole_details', 'report_security'); return $result; } // first test if do anything enabled - that would be really crazy! $sql = "SELECT DISTINCT rc.contextid FROM {$CFG->prefix}role_capabilities rc WHERE rc.capability = 'moodle/site:doanything' AND rc.permission = ".CAP_ALLOW." AND rc.roleid = $student_role->id"; if ($anything_contexts = get_records_sql($sql)) { foreach($anything_contexts as $contextid) { if ($contextid == SYSCONTEXTID) { $a = "$CFG->wwwroot/$CFG->admin/roles/manage.php?action=view&roleid=$CFG->defaultcourseroleid"; } else { $a = "$CFG->wwwroot/$CFG->admin/roles/override.php?contextid=$contextid&roleid=$CFG->defaultcourseroleid"; } $problems[] = get_string('check_defaultcourserole_anything', 'report_security', $a); } } // risky caps - usually very dangerous $sql = "SELECT DISTINCT rc.contextid FROM {$CFG->prefix}role_capabilities rc JOIN {$CFG->prefix}capabilities cap ON cap.name = rc.capability WHERE ".sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0 AND rc.permission = ".CAP_ALLOW." AND rc.roleid = $student_role->id"; if ($riskycontexts = get_records_sql($sql)) { foreach($riskycontexts as $contextid=>$unused) { if ($contextid == SYSCONTEXTID) { $a = "$CFG->wwwroot/$CFG->admin/roles/manage.php?action=view&roleid=$CFG->defaultcourseroleid"; } else { $a = "$CFG->wwwroot/$CFG->admin/roles/override.php?contextid=$contextid&roleid=$CFG->defaultcourseroleid"; } $problems[] = get_string('check_defaultcourserole_risky', 'report_security', $a); } } // course creator or administrator does not make any sense here $sql = "SELECT rc.capability, 1 FROM {$CFG->prefix}role_capabilities rc WHERE rc.capability LIKE 'moodle/legacy:%' AND rc.permission = ".CAP_ALLOW." AND rc.roleid = $student_role->id"; $legacycaps = get_records_sql($sql); if (isset($legacycaps['moodle/legacy:coursecreator']) or isset($legacycaps['moodle/legacy:admin'])) { $problems[] = get_string('check_defaultcourserole_legacy', 'report_security'); } if ($problems) { $result->status = REPORT_SECURITY_CRITICAL; $result->info = get_string('check_defaultcourserole_error', 'report_security', format_string($student_role->name)); if ($detailed) { $result->details .= "<ul>"; foreach ($problems as $problem) { $result->details .= "<li>$problem</li>"; } $result->details .= "</ul>"; } } else { $result->status = REPORT_SECURITY_OK; $result->info = get_string('check_defaultcourserole_ok', 'report_security'); } return $result;}/** * Verifies sanity of default roles in courses. * @param bool $detailed * @return object result */function report_security_check_courserole($detailed=false) { global $CFG, $SITE; $problems = array(); $result = new object(); $result->issue = 'report_security_check_courserole'; $result->name = get_string('check_courserole_name', 'report_security'); $result->info = null; $result->details = null; $result->status = null; $result->link = null; if ($detailed) { $result->details = get_string('check_courserole_details', 'report_security'); } // get list of all student roles selected in courses excluding the default course role $sql = "SELECT r.* FROM {$CFG->prefix}role r JOIN {$CFG->prefix}course c ON c.defaultrole = r.id WHERE c.id <> $SITE->id AND r.id <> $CFG->defaultcourseroleid"; if (!$student_roles = get_records_sql($sql)) { $result->status = REPORT_SECURITY_OK; $result->info = get_string('check_courserole_notyet', 'report_security'); $result->details = get_string('check_courserole_details', 'report_security'); return $result; } $roleids = array_keys($student_roles); $sql = "SELECT DISTINCT rc.roleid FROM {$CFG->prefix}role_capabilities rc WHERE (rc.capability = 'moodle/legacy:coursecreator' OR rc.capability = 'moodle/legacy:admin' OR rc.capability = 'moodle/legacy:teacher' OR rc.capability = 'moodle/legacy:editingteacher') AND rc.permission = ".CAP_ALLOW.""; $riskyroleids = get_records_sql($sql); $riskyroleids = array_keys($riskyroleids); // first test if do anything enabled - that would be really crazy!!!!!! $inroles = implode(',', $roleids); $sql = "SELECT rc.roleid, rc.contextid FROM {$CFG->prefix}role_capabilities rc WHERE rc.capability = 'moodle/site:doanything' AND rc.permission = ".CAP_ALLOW." AND rc.roleid IN ($inroles) GROUP BY rc.roleid, rc.contextid ORDER BY rc.roleid, rc.contextid"; $rs = get_recordset_sql($sql); while ($res = rs_fetch_next_record($rs)) { $roleid = $res->roleid; $contextid = $res->contextid; if ($contextid == SYSCONTEXTID) { $a = "$CFG->wwwroot/$CFG->admin/roles/manage.php?action=view&roleid=$roleid"; } else { $a = "$CFG->wwwroot/$CFG->admin/roles/override.php?contextid=$contextid&roleid=$roleid"; } $problems[] = get_string('check_courserole_anything', 'report_security', $a); } rs_close($rs); // any XSS legacy cap does not make any sense here! $inroles = implode(',', $riskyroleids); $sql = "SELECT DISTINCT c.id, c.shortname FROM {$CFG->prefix}course c WHERE c.defaultrole IN ($inroles) ORDER BY c.sortorder"; if ($courses = get_records_sql($sql)) { foreach ($courses as $course) { $a = (object)array('url'=>"$CFG->wwwroot/course/edit.php?id=$course->id", 'shortname'=>$course->shortname); $problems[] = get_string('check_courserole_riskylegacy', 'report_security', $a); } } // risky caps in any level for roles not marked as risky yet - usually very dangerous!! if ($checkroles = array_diff($roleids, $riskyroleids)) { $inroles = implode(',', $checkroles); $sql = "SELECT rc.roleid, rc.contextid FROM {$CFG->prefix}role_capabilities rc JOIN {$CFG->prefix}capabilities cap ON cap.name = rc.capability WHERE ".sql_bitand('cap.riskbitmask', (RISK_XSS | RISK_CONFIG | RISK_DATALOSS))." <> 0 AND rc.permission = ".CAP_ALLOW." AND rc.roleid IN ($inroles) GROUP BY rc.roleid, rc.contextid ORDER BY rc.roleid, rc.contextid"; $rs = get_recordset_sql($sql); while ($res = rs_fetch_next_record($rs)) { $roleid = $res->roleid; $contextid = $res->contextid; if ($contextid == SYSCONTEXTID) { $a = "$CFG->wwwroot/$CFG->admin/roles/manage.php?action=view&roleid=$roleid"; } else { $a = "$CFG->wwwroot/$CFG->admin/roles/override.php?contextid=$contextid&roleid=$roleid"; } $problems[] = get_string('check_courserole_risky', 'report_security', $a); } rs_close($rs); } if ($problems) { $result->status = REPORT_SECURITY_CRITICAL; $result->info = get_string('check_courserole_error', 'report_security'); if ($detailed) { $result->details .= "<ul>"; foreach ($problems as $problem) { $result->details .= "<li>$problem</li>"; } $result->details .= "</ul>"; } } else { $result->status = REPORT_SECURITY_OK; $result->info = get_string('check_courserole_ok', 'report_security'); } return $result;}/** * Lists all admins. * @param bool $detailed * @return object result */function report_security_check_riskadmin($detailed=false) { global $CFG; $result = new object(); $result->issue = 'report_security_check_riskadmin'; $result->name = get_string('check_riskadmin_name', 'report_security'); $result->info = null; $result->details = null; $result->status = null; $result->link = null; $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email FROM {$CFG->prefix}role_capabilities rc JOIN {$CFG->prefix}role_assignments ra ON (ra.contextid = rc.contextid AND ra.roleid = rc.roleid) JOIN {$CFG->prefix}user u ON u.id = ra.userid WHERE rc.capability = 'moodle/site:doanything' AND rc.permission = ".CAP_ALLOW." AND u.deleted = 0 AND rc.contextid = ".SYSCONTEXTID.""; $admins = get_records_sql($sql); $admincount = count($admins); $sqlunsup = "SELECT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, ra.contextid, ra.roleid FROM (SELECT rcx.* FROM {$CFG->prefix}role_capabilities rcx WHERE rcx.capability = 'moodle/site:doanything' AND rcx.permission = ".CAP_ALLOW.") rc, {$CFG->prefix}context c, {$CFG->prefix}context sc, {$CFG->prefix}role_assignments ra, {$CFG->prefix}user u WHERE c.id = rc.contextid AND (sc.path = c.path OR sc.path LIKE ".sql_concat('c.path', "'/%'")." OR c.path LIKE ".sql_concat('sc.path', "'/%'").") AND u.id = ra.userid AND u.deleted = 0 AND ra.contextid = sc.id AND ra.roleid = rc.roleid AND ra.contextid <> ".SYSCONTEXTID." GROUP BY u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, ra.contextid, ra.roleid ORDER BY u.lastname, u.firstname"; $unsupcount = count_records_sql("SELECT COUNT('x') FROM ($sqlunsup) unsup"); if ($detailed) { foreach ($admins as $uid=>$user) { $url = "$CFG->wwwroot/user/view.php?id=$user->id"; $admins[$uid] = '<li><a href="'.$url.'">'.fullname($user).' ('.$user->email.')</a></li>'; } $admins = '<ul>'.implode($admins).'</ul>'; } if (!$unsupcount) { $result->status = REPORT_SECURITY_OK; $result->info = get_string('check_riskadmin_ok', 'report_security', $admincount); if ($detailed) { $result->details = get_string('check_riskadmin_detailsok', 'report_security', $admins); } } else { $result->status = REPORT_SECURITY_WARNING; $a = (object)array('admincount'=>$admincount, 'unsupcount'=>$unsupcount); $result->info = get_string('check_riskadmin_warning', 'report_security', $a); if ($detailed) { $rs = get_recordset_sql($sqlunsup); $users = array(); while ($user = rs_fetch_next_record($rs)) { $url = "$CFG->wwwroot/$CFG->admin/roles/assign.php?contextid=$user->contextid&roleid=$user->roleid"; $a = (object)array('fullname'=>fullname($user), 'url'=>$url, 'email'=>$user->email); $users[] = '<li>'.get_string('check_riskadmin_unassign', 'report_security', $a).'</li>'; } rs_close($rs); $users = '<ul>'.implode($users).'</ul>'; $a = (object)array('admins'=>$admins, 'unsupported'=>$users); $result->details = get_string('check_riskadmin_detailswarning', 'report_security', $a); } } return $result;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -