backup/nopasswords MDL-20383 Backups are now never saved with user passwords unless...

diff --git a/backup/backuplib.php b/backup/backuplib.php
index ead2f318b21f78388bafc48e9d551c58bada9803..25909933a3489a1664ef910fc89c558a063cbb95 100644 (file)
--- a/backup/backuplib.php
+++ b/backup/backuplib.php
@@ -1340,7 +1340,11 @@
                 fwrite ($bf,full_tag("POLICYAGREED",4,false,$user->policyagreed));
                 fwrite ($bf,full_tag("DELETED",4,false,$user->deleted));
                 fwrite ($bf,full_tag("USERNAME",4,false,$user->username));
-                fwrite ($bf,full_tag("PASSWORD",4,false,$user->password));
+                // Prevent user passwords in backup files unless
+                // $CFG->includeuserpasswordsinbackup is defined. MDL-20838
+                if (!empty($CFG->includeuserpasswordsinbackup)) {
+                    fwrite ($bf,full_tag("PASSWORD",4,false,$user->password));
+                }
                 fwrite ($bf,full_tag("IDNUMBER",4,false,$user->idnumber));
                 fwrite ($bf,full_tag("FIRSTNAME",4,false,$user->firstname));
                 fwrite ($bf,full_tag("LASTNAME",4,false,$user->lastname));

diff --git a/config-dist.php b/config-dist.php
index aa09536590df93bd69f3952c896c53d683d693e2..336b6626b31158f4bef51eb4cbf97391bdc92c86 100644 (file)
--- a/config-dist.php
+++ b/config-dist.php
@@ -152,6 +152,13 @@ $CFG->admin = 'admin';
 // Useful for webhost operators who have alternate methods of backups
 //      $CFG->disablescheduledbackups = true;
 //
+// Allow user passwords to be included in backup files. Very dangerous
+// setting as far as it publishes password hashes that can be unencrypted
+// if the backup file is publicy available. Use it only if you can guarantee
+// that all your backup files remain only privacy available and are never
+// shared out from your site/institution!
+//      $CFG->includeuserpasswordsinbackup = true;
+//
 // Prevent stats processing and hide the GUI
 //      $CFG->disablestatsprocessing = true;
 //