From 915f801546a5c3618feab897072c985abfce57df Mon Sep 17 00:00:00 2001 From: Marina Glancy Date: Thu, 29 Jun 2017 15:00:31 +0800 Subject: [PATCH] MDL-59409 admin: check access to every setting in category --- admin/category.php | 2 +- lib/adminlib.php | 12 ++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/admin/category.php b/admin/category.php index cb83e0d09b0..0a803940335 100644 --- a/admin/category.php +++ b/admin/category.php @@ -89,7 +89,7 @@ if ($PAGE->user_allowed_editing()) { $savebutton = false; $outputhtml = ''; foreach ($settingspage->children as $childpage) { - if ($childpage->is_hidden()) { + if ($childpage->is_hidden() || !$childpage->check_access()) { continue; } if ($childpage instanceof admin_externalpage) { diff --git a/lib/adminlib.php b/lib/adminlib.php index 7fc7d302fca..53866698d66 100644 --- a/lib/adminlib.php +++ b/lib/adminlib.php @@ -8122,21 +8122,25 @@ function admin_find_write_settings($node, $data) { } if ($node instanceof admin_category) { - $entries = array_keys($node->children); - foreach ($entries as $entry) { - $return = array_merge($return, admin_find_write_settings($node->children[$entry], $data)); + if ($node->check_access()) { + $entries = array_keys($node->children); + foreach ($entries as $entry) { + $return = array_merge($return, admin_find_write_settings($node->children[$entry], $data)); + } } } else if ($node instanceof admin_settingpage) { + if ($node->check_access()) { foreach ($node->settings as $setting) { $fullname = $setting->get_full_name(); if (array_key_exists($fullname, $data)) { $return[$fullname] = $setting; } } - } + } + return $return; } -- 2.43.0