we cannot edit courses, add new ones, the HTML editor is not functioning. I contacted my host provider they said it was an internal Moodle error. Then I come here and this site is barely functioning. Does anyone know what is going on. Thanks.
I should also note that I am currently using 1.9.3. And everything was fine until yesterday.
Check your php files - mine have a lot of ugly code at the top - I guess its a new security vulnerability if you have 1.9.3.
Just looked - it seems you have to have 1.9.4 to escape this vulnerability
http://moodle.org/mod/forum/discuss.php?d=114943
The following Moodle branches and corresponding versions are affected:
1.9.x: prior to 1.9.4
1.8.x: prior to 1.8.8
1.7.x: prior to 1.7.7
1.6.x: prior to 1.6.9
Just looked - it seems you have to have 1.9.4 to escape this vulnerability
http://moodle.org/mod/forum/discuss.php?d=114943
The following Moodle branches and corresponding versions are affected:
1.9.x: prior to 1.9.4
1.8.x: prior to 1.8.8
1.7.x: prior to 1.7.7
1.6.x: prior to 1.6.9
Not a new vulnerablility... it really does not matter what version of moodle you have if you allow writing or executing for web accessible files or if settings of php are not correct (for example register_globals is on)
Checking and replacing files is not enough - you must also check permissions and settings.
Jeri,
http://moodle.org/mod/forum/discuss.php?d=116104
Checking and replacing files is not enough - you must also check permissions and settings.
Jeri,
http://moodle.org/mod/forum/discuss.php?d=116104
One addition however to avoid confusion. The latest upgraded stable weekly version is of course the best choice and Petr has added Security overview report to moodle 1.9.4+ - it warns about most common mistakes and moodle 1.9.4+ does not let you anymore install moodle if register_globals is on...
Read also http://docs.moodle.org/en/Security and http://docs.moodle.org/en/Security_overview
Read also http://docs.moodle.org/en/Security and http://docs.moodle.org/en/Security_overview
Thanks for the input. The screen shot above...is it from 1.9.4. I don't have a link for security overview under the reports area. Is this new or something I need to turn on. Thanks.
Yes - the security overview report is available in Moodle 1.9.4 onwards.
Update: The security overview report has just been backported to MOODLE_18_STABLE (MDL-18039 - thanks to Petr 
) so you will be able to make use of it on your 1.8 site by upgrading to Moodle 1.8.8+ (available from http://download.moodle.org/) from Wednesday 18 February 2009 onwards.
) so you will be able to make use of it on your 1.8 site by upgrading to Moodle 1.8.8+ (available from http://download.moodle.org/) from Wednesday 18 February 2009 onwards.
This last code in config.php is for what?
if ($CFG->wwwroot == 'http://example.com/moodle') {
echo "<p>Error detected in configuration file</p>";
echo "<p>Your server address can not be: \$CFG->wwwroot = 'http://example.com/moodle';</p>;";
die;
}
if (file_exists("$CFG->dirroot/lib/setup.php")) { // Do not edit
include_once("$CFG->dirroot/lib/setup.php");
} else {
if ($CFG->dirroot == dirname(__FILE__)) {
echo "<p>Could not find this file: $CFG->dirroot/lib/setup.php</p>";
echo "<p>Are you sure all your files have been uploaded?</p>";
} else {
echo "<p>Error detected in config.php</p>";
echo "<p>Error in: \$CFG->dirroot = '$CFG->dirroot';</p>";
echo "<p>Try this: \$CFG->dirroot = '".dirname(__FILE__)."';</p>";
}
die;
}
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
?>
if ($CFG->wwwroot == 'http://example.com/moodle') {
echo "<p>Error detected in configuration file</p>";
echo "<p>Your server address can not be: \$CFG->wwwroot = 'http://example.com/moodle';</p>;";
die;
}
if (file_exists("$CFG->dirroot/lib/setup.php")) { // Do not edit
include_once("$CFG->dirroot/lib/setup.php");
} else {
if ($CFG->dirroot == dirname(__FILE__)) {
echo "<p>Could not find this file: $CFG->dirroot/lib/setup.php</p>";
echo "<p>Are you sure all your files have been uploaded?</p>";
} else {
echo "<p>Error detected in config.php</p>";
echo "<p>Error in: \$CFG->dirroot = '$CFG->dirroot';</p>";
echo "<p>Try this: \$CFG->dirroot = '".dirname(__FILE__)."';</p>";
}
die;
}
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
?>
Did you read http://moodle.org/mod/forum/discuss.php?d=111710#p555354 , António?
Those lines come from file config-dist and moodle uses them as examples but you don't need all the rows of config-dist - usually moodle creates the actual config.php automatically when you install moodle and config.php needs only the corresponding lines as this example:
<?php /// Moodle Configuration File
unset($CFG);
$CFG->dbtype = 'mysql';
$CFG->dbhost = 'localhost';
$CFG->dbname = 'xxx';
$CFG->dbuser = 'xxx';
$CFG->dbpass = 'xxx';
$CFG->dbpersist = false;
$CFG->prefix = 'mdl_';
$CFG->wwwroot = 'http://xxx';
$CFG->dirroot = '/xxx/xxx';
$CFG->dataroot = '/xxx/xxx';
$CFG->admin = 'admin';
$CFG->directorypermissions = 00777; // try 02777 on a server in Safe Mode
require_once("$CFG->dirroot/lib/setup.php");
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
?>
--------------------------
Just check the settings after $CFG->...
Yes I have, but I am not an expert on this php code thing, so I don't understand where is moodle going to get html editor, can I install another editor? Thanks By Antntónio