MDL-11979 Forum subscriptions loop hole allowing users to subscribe to forums they...

diff --git a/mod/forum/subscribe.php b/mod/forum/subscribe.php
index d2ea8ca693c487f06b46b9c59d5c8e11d197e04d..3fbcfebc8e483fcca71393ae0367d35e68f0478b 100644 (file)
--- a/mod/forum/subscribe.php
+++ b/mod/forum/subscribe.php
@@ -94,6 +94,9 @@
                     !has_capability('mod/forum:managesubscriptions', $context)) {
             error(get_string('disallowsubscribe'),$_SERVER["HTTP_REFERER"]);
         }
+        if (!has_capability('mod/forum:viewdiscussion', $context)) {
+            error("Could not subscribe you to that forum", $_SERVER["HTTP_REFERER"]);
+        }
         if (forum_subscribe($user->id, $forum->id) ) {
             add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
             redirect($returnto, get_string("nowsubscribed", "forum", $info), 1);