Mahara

Display the Mahara major version to non-admins

Bug #1384497 reported by Aaron Wells
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Medium
Aaron Wells
Mahara 15.04.0
1.10
Fix Released
Medium
Unassigned
Mahara 1.10.1
1.8
Fix Released
Medium
Unassigned
Mahara 1.8.6
1.9
Fix Released
Medium
Unassigned
Mahara 1.9.4

Bug Description

We purposefully chose *not* to display the Mahara minor version number on the bottom of the page, as part of the general security practice of not giving out unnecessary information. (That said, we may accidentally leak it in some places.)

It'd be useful to know the Mahara *major* version, though, when looking at a site. And since this is easy to detect due to the addition of new features in each major release, it would not have any security ramifications.

Revision history for this message
Aaron Wells (u-aaronw) wrote :

I think the best way to do this would be with a meta "generator" tag: http://www.w3.org/wiki/HTML/Elements/meta

Drupal does this, for instance:

<meta name="generator" content="Drupal 7 (http://drupal.org)" />

Revision history for this message
Aaron Wells (u-aaronw) wrote :

Patch for master branch: https://reviews.mahara.org/#/c/3858/

Revision history for this message
Aaron Wells (u-aaronw) wrote :

See also the related bug 1384481 about patching one of the big release number leaks.

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/3858
Committed: http://gitorious.org/mahara/mahara/commit/847754aaacade1430aac99c40c6378b642cf3c1b
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 847754aaacade1430aac99c40c6378b642cf3c1b
Author: Aaron Wells <email address hidden>
Date: Thu Oct 23 12:48:17 2014 +1300

Add a <meta name="generator"> tag with the Mahara major version number

Bug 1384497. This also adds a new $config->series to lib/version.php,
which stores the major version (or as we sometimes call it, "the series")
of the current release. It seemed better to store this separately rather
than to try to parse it from $config->release, because we may change
our release numbering strategy in the future.

Change-Id: If4c0d7352e9433cdaf54a03bb922356d6c950e7d

Robert Lyon (robertl-9)
Changed in mahara:
status: In Progress → Fix Committed
Kristina Hoeppner (kris-hoeppner)
tags: added: usermanualupdate
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "1.10_STABLE" branch: https://reviews.mahara.org/3919

Revision history for this message
Robert Lyon (robertl-9) wrote :

Need to backport this change as it is needed by one of the patches for https://bugs.launchpad.net/mahara/+bug/1384481

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/3919
Committed: http://gitorious.org/mahara/mahara/commit/c164732f59ddfcb8125c75448f979e1dfb85157a
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.10_STABLE

commit c164732f59ddfcb8125c75448f979e1dfb85157a
Author: Aaron Wells <email address hidden>
Date: Thu Oct 23 12:48:17 2014 +1300

Add a <meta name="generator"> tag with the Mahara major version number

Bug 1384497. This also adds a new $config->series to lib/version.php,
which stores the major version (or as we sometimes call it, "the series")
of the current release. It seemed better to store this separately rather
than to try to parse it from $config->release, because we may change
our release numbering strategy in the future.

Change-Id: If4c0d7352e9433cdaf54a03bb922356d6c950e7d

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "1.9_STABLE" branch: https://reviews.mahara.org/3920

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/3920
Committed: http://gitorious.org/mahara/mahara/commit/9b449bf7a05b7b1804a7002d32d845d19ce6873d
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.9_STABLE

commit 9b449bf7a05b7b1804a7002d32d845d19ce6873d
Author: Aaron Wells <email address hidden>
Date: Thu Oct 23 12:48:17 2014 +1300

Add a <meta name="generator"> tag with the Mahara major version number

Bug 1384497. This also adds a new $config->series to lib/version.php,
which stores the major version (or as we sometimes call it, "the series")
of the current release. It seemed better to store this separately rather
than to try to parse it from $config->release, because we may change
our release numbering strategy in the future.

Change-Id: If4c0d7352e9433cdaf54a03bb922356d6c950e7d

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "1.8_STABLE" branch: https://reviews.mahara.org/3923

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/3923
Committed: http://gitorious.org/mahara/mahara/commit/713816adedef85f1e76aa0ccdc4e1f220d266b5e
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.8_STABLE

commit 713816adedef85f1e76aa0ccdc4e1f220d266b5e
Author: Aaron Wells <email address hidden>
Date: Thu Oct 23 12:48:17 2014 +1300

Add a <meta name="generator"> tag with the Mahara major version number

Bug 1384497. This also adds a new $config->series to lib/version.php,
which stores the major version (or as we sometimes call it, "the series")
of the current release. It seemed better to store this separately rather
than to try to parse it from $config->release, because we may change
our release numbering strategy in the future.

Change-Id: If4c0d7352e9433cdaf54a03bb922356d6c950e7d

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "1.8_STABLE" branch: https://reviews.mahara.org/3930

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "1.9_STABLE" branch: https://reviews.mahara.org/3931

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/3930
Committed: http://gitorious.org/mahara/mahara/commit/bfe6a69eadda27f0204db0832f5ea8863c6a061b
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.8_STABLE

commit bfe6a69eadda27f0204db0832f5ea8863c6a061b
Author: Robert Lyon <email address hidden>
Date: Thu Nov 6 13:19:07 2014 +1300

Fixing a backporting mistake (Bug #1384497)

Older versions handle the check_upgrades() output
differently

Change-Id: I7b847d814a504ea4a15f1c7b8a1a9e5d008299bf
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/3931
Committed: http://gitorious.org/mahara/mahara/commit/393796b0974f56a7551d1aacd1fc596a00ed5650
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.9_STABLE

commit 393796b0974f56a7551d1aacd1fc596a00ed5650
Author: Robert Lyon <email address hidden>
Date: Thu Nov 6 13:19:07 2014 +1300

Fixing a backporting mistake (Bug #1384497)

Older versions handle the check_upgrades() output
differently

Change-Id: I7b847d814a504ea4a15f1c7b8a1a9e5d008299bf
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.