<?php print_string("configframename") ?>
</td>
</tr>
+<tr valign=top>
+ <td align=right><p>secureforms:</td>
+ <td>
+ <?php
+ unset($options);
+ $options[0] = get_string("no");
+ $options[1] = get_string("yes");
+
+ choose_from_menu ($options, "secureforms", $config->secureforms, "", "", "");
+ ?>
+ </td>
+ <td>
+ <?php print_string("configsecureforms") ?>
+ </td>
+</tr>
<tr>
}
+/// This is to overcome the "insecure forms paradox"
+ if (isset($secureforms) and $secureforms == 0) {
+ $match = "nomatch";
+ } else {
+ $match = "";
+ }
+
/// If data submitted, then process and store.
- if ($config = data_submitted()) {
+ if ($config = data_submitted($match)) {
validate_form($config, $err);
\r
\r
//=========================================================================\r
-// 6. ADMIN LOCATION (most people can just ignore this setting)\r
+// 6. DIRECTORY LOCATION (most people can just ignore this setting)\r
//=========================================================================\r
// A very few webhosts use /admin as a special URL for you to access a \r
// control panel or something. Unfortunately this conflicts with the \r
$CFG->admin = "admin";\r
\r
\r
-//=========================================================================\r
-// 7. TROUBLESHOOTING (most people can just ignore this setting)\r
-//=========================================================================\r
-// A very small percentage of servers have a bug which causes HTTP_REFERER\r
-// not to work. The symptoms of this are that you fill out the configure\r
-// form during Moodle setup but when hit save you find yourself on the \r
-// same form, unable to progress. If this happens to you, come back here\r
-// and set the following to true. Otherwise this should always be false.\r
-\r
-$CFG->buggy_referer = false;\r
-\r
-\r
//=========================================================================\r
// ALL DONE! To continue your setup, visit your Moodle web page.\r
//=========================================================================\r
$string['configdebug'] = "If you turn this on, then PHP's error_reporting will be increased so that more warnings are printed. This is only useful for developers.";
$string['configgdversion'] = "Indicate the version of GD that is installed. The version shown by default is the one that has been auto-detected. Don't change this unless you really know what you're doing.";
$string['configerrorlevel'] = "Choose the amount of PHP warnings that you want to be displayed. Normal is usually the best choice.";
+$string['configsecureforms'] = "Moodle can use an additional level of security when accepting data from web forms. If this is enabled, then the browser's HTTP_REFERER variable is checked against the current form address. In a very few cases this can cause problems if the user is using a firewall (eg Zonealarm) configured to strip HTTP_REFERER from their web traffic. Symptoms are getting 'stuck' on a form. If your users are having problems with the login page (for example) you might want to disable this setting, although it might leave your site more open to brute-force password attacks. If in doubt, leave this set to 'Yes'.";
$string['confightmleditor'] = "Choose whether or not to allow use of the embedded HTML text editor. Even if you choose allow, this editor will only appear when the user is using a compatible browser (IE 5.5 or later). Users can also choose not to use it.";
$string['configintro'] = "On this page you can specify a number of configuration variables that help make Moodle work properly on your server. Don't worry too much about it - the defaults will usually work fine and you can always come back to this page later and change these settings.";
$string['configintroadmin'] = "On this page you should configure your main administrator account which will have complete control over the site. Make sure you give it a secure username and password as well as a valid email address. You can create more admin accounts later on.";
"changepassword" => true,
"country" => "",
"debug" => 7,
+ "secureforms" => true,
"framename" => "_top",
"gdversion" => 1,
"guestloginbutton" => 1,
/// goodreferer is not specified, use qualified_me as the goodreferer
global $CFG;
- if (!empty($CFG->buggy_referer)) {
+ if (empty($CFG->secureforms)) { // Don't bother checking referer
return true;
}
- if ($goodreferer == "nomatch") {
+ if ($goodreferer == "nomatch") { // Don't bother checking referer
return true;
}
projects / moodle.git / commitdiff