I'm working on my Moodle site settings and need some help blocking access to my http://www.mydomain.com/tag/search.php. For some reason when someone is searching a user\profile they can access /tag/search.php and view the entire folder structure. Any idea how I can block access?
Interesting ... first ... which version of Moodle?
Are you allowing guest access to anything?
What happens if one doesn't login and goes directly to http://site/tag/search.php ... does it show auto logged on as guest user? (upper right hand corner of screen)
What does 'view the entire folder structure' look like? You are not saying it list files are you? Or does it show icons for users who may have used the same tag? That does disclose their full name with mouse over.
As far as permissions on tag:
A search of capability overview for 'tag' shows that
Create new tagsmoodle/tag:create is allowed for Manager and Authenticated User.
Guest is an authenticated user. However, attempting to go directly via URL without logging on to any of the scripts located in /tag (other than search.php) results in user being prompted to login.
Check the following settings: http://yoursite//admin/search.php?query=profiles
or http://yoursite//admin/settings.php?section=sitepolicies
'spirit of sharing', Ken