From 1d45b0e4691cca6f9d5ff1492e11510588a23fe2 Mon Sep 17 00:00:00 2001
From: Damyon Wiese <damyon@moodle.com>
Date: Fri, 4 Oct 2013 11:29:08 +0800
Subject: [PATCH 1/1] MDL-42131 editpdf: Add missing require_login() to entry
 pages

Also:
* change require_once(config) to require(config)
* always define AJAX_SCRIPT
* Add full crumb trail to navbar for testgs.php
---
 mod/assign/feedback/editpdf/ajax.php   |  8 ++++----
 mod/assign/feedback/editpdf/testgs.php | 18 +++++++++++++-----
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/mod/assign/feedback/editpdf/ajax.php b/mod/assign/feedback/editpdf/ajax.php
index 889b55d63a8..1451d5a7b44 100644
--- a/mod/assign/feedback/editpdf/ajax.php
+++ b/mod/assign/feedback/editpdf/ajax.php
@@ -26,11 +26,9 @@ use \assignfeedback_editpdf\document_services;
 use \assignfeedback_editpdf\page_editor;
 use \assignfeedback_editpdf\comments_quick_list;
 
-if (!defined('AJAX_SCRIPT')) {
-    define('AJAX_SCRIPT', true);
-}
+define('AJAX_SCRIPT', true);
 
-require_once('../../../../config.php');
+require('../../../../config.php');
 require_once($CFG->dirroot . '/mod/assign/locallib.php');
 
 require_sesskey();
@@ -45,6 +43,8 @@ $context = \context_module::instance($cm->id);
 
 $assignment = new \assign($context, null, null);
 
+require_login($assignment->get_course(), false, $cm);
+
 if (!$assignment->can_view_submission($userid)) {
     print_error('nopermission');
 }
diff --git a/mod/assign/feedback/editpdf/testgs.php b/mod/assign/feedback/editpdf/testgs.php
index aa1a2c00fde..49bddd95df9 100644
--- a/mod/assign/feedback/editpdf/testgs.php
+++ b/mod/assign/feedback/editpdf/testgs.php
@@ -22,14 +22,26 @@
  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
-require_once(dirname(__FILE__).'/../../../../config.php');
+require('../../../../config.php');
+
 global $PAGE, $OUTPUT;
 
 $PAGE->set_url(new moodle_url('/mod/assign/feedback/editpdf/testgs.php'));
 $PAGE->set_context(context_system::instance());
 
+require_login();
 require_capability('moodle/site:config', context_system::instance());
 
+$strheading = get_string('testgs', 'assignfeedback_editpdf');
+$PAGE->navbar->add(get_string('administrationsite'));
+$PAGE->navbar->add(get_string('plugins', 'admin'));
+$PAGE->navbar->add(get_string('assignmentplugins', 'mod_assign'));
+$PAGE->navbar->add(get_string('feedbackplugins', 'mod_assign'));
+$PAGE->navbar->add(get_string('pluginname', 'assignfeedback_editpdf'), new moodle_url('/admin/settings.php?section=assignfeedback_editpdf'));
+$PAGE->navbar->add($strheading);
+$PAGE->set_heading($strheading);
+$PAGE->set_title($strheading);
+
 if (optional_param('sendimage', false, PARAM_BOOL)) {
     // Serve the generated test image.
     assignfeedback_editpdf\pdf::send_test_image();
@@ -58,10 +70,6 @@ switch ($result->status) {
 $returl = new moodle_url('/admin/settings.php', array('section' => 'assignfeedback_editpdf'));
 $msg .= $OUTPUT->continue_button($returl);
 
-$strheading = get_string('testgs', 'assignfeedback_editpdf');
-$PAGE->set_heading($strheading);
-$PAGE->set_title($strheading);
-
 echo $OUTPUT->header();
 echo $OUTPUT->box($msg, 'generalbox ');
 echo $OUTPUT->footer();
-- 
2.17.1