Note: You are currently viewing documentation for Moodle 3.6. Up-to-date documentation for the latest stable version of Moodle is likely available here: report/security/report security check preventexecpath.

report/security/report security check preventexecpath

From MoodleDocs

Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent administrators from changing these paths by adding the following setting to your config.php file:

$CFG->preventexecpath = true; You should also explicitly set the relevant paths in your config.php file such as: $CFG->pathtodu = 'PATH'; $CFG->pathtounoconv = 'PATH'; $CFG->aspellpath = 'PATH';