MDL-39570 mod_feedback - Missing privilege check
authorAndreas Grabs <moodle@grabs-edv.de>
Tue, 2 Jul 2013 05:33:34 +0000 (13:33 +0800)
committerDamyon Wiese <damyon@moodle.com>
Tue, 2 Jul 2013 05:35:34 +0000 (13:35 +0800)
mod/feedback/lib.php

index 7cf39cb..d78b744 100644 (file)
@@ -416,7 +416,12 @@ function feedback_get_recent_mod_activity(&$activities, &$index,
         return;
     }
 
-    $cm_context      = get_context_instance(CONTEXT_MODULE, $cm->id);
+    $cm_context = get_context_instance(CONTEXT_MODULE, $cm->id);
+
+    if (!has_capability('mod/feedback:view', $cm_context)) {
+        return;
+    }
+
     $accessallgroups = has_capability('moodle/site:accessallgroups', $cm_context);
     $viewfullnames   = has_capability('moodle/site:viewfullnames', $cm_context);
     $groupmode       = groups_get_activity_groupmode($cm, $course);