Howard Miller

I know nothing whatever about Windows, so can't really help with the specifics.

However, when you say "pretty big security hole", is it? It's only a security hole if there are other users about on the server who could benefit. If it's a server dedicated to running Moodle then does this relaxed access *really* present a security risk? I don't know the answer - it's something to consider.

Change to the Boost theme to see if it makes any difference. In your config.php, put the line

$CFG->theme = 'boost';

Are you using a core theme or some optional one?

The error - Call to undefined function get_local_referer() in /home/ymcanorf/learning.ymcanorfolk.org/lib/setuplib.php:575 - is pretty clear. So either the function (or file it's in) is not there / corrupt or hasn't been loaded. The latter would imply a notice for failing to include lib/weblib.php. So, yes, upping Debugging (in config.php) is probably a good move.

get_local_referer() is defined in lib/weblib.php, which is a fundamental library file in Moodle - see https://github.com/moodle/moodle/blob/143c2cd5bef1268751d58bbfc6c66c1d93cb9797/lib/weblib.php#L230

I would start by checking that lib/weblib.php exists and the declaration for get_local_referer is to be found at (exactly) line 230.