Home
Documentation
Downloads
Demo
Tracker
Development
Translation
Moodle.net
Search
projects
/
moodle.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
ea5c18d
)
MDL-52261 filelib: Do login check for files in blocks
author
Ben Kelada
<ben.kelada@open.edu.au>
Mon, 23 Nov 2015 00:59:56 +0000
(11:59 +1100)
committer
Ben Kelada
<ben.kelada@open.edu.au>
Fri, 4 Dec 2015 00:00:05 +0000
(11:00 +1100)
lib/filelib.php
patch
|
blob
|
blame
|
history
diff --git
a/lib/filelib.php
b/lib/filelib.php
index
4da13f2
..
4b1e7e8
100644
(file)
--- a/
lib/filelib.php
+++ b/
lib/filelib.php
@@
-4506,6
+4506,14
@@
function file_pluginfile($relativepath, $forcedownload, $preview = null) {
send_file_not_found();
}
send_file_not_found();
}
+ if ($context->get_course_context(false)) {
+ // If block is in course context, then check if user has capability to access course.
+ require_course_login($course);
+ } else if ($CFG->forcelogin) {
+ // If user is logged out, bp record will not be visible, even if the user would have access if logged in.
+ require_login();
+ }
+
$bprecord = $DB->get_record('block_positions', array('contextid' => $context->id, 'blockinstanceid' => $context->instanceid));
// User can't access file, if block is hidden or doesn't have block:view capability
if (($bprecord && !$bprecord->visible) || !has_capability('moodle/block:view', $context)) {
$bprecord = $DB->get_record('block_positions', array('contextid' => $context->id, 'blockinstanceid' => $context->instanceid));
// User can't access file, if block is hidden or doesn't have block:view capability
if (($bprecord && !$bprecord->visible) || !has_capability('moodle/block:view', $context)) {
