MDL-14589 added missing require_login()

author skodak <skodak>

Sun, 19 Jul 2009 08:56:45 +0000 (08:56 +0000)

committer skodak <skodak>

Sun, 19 Jul 2009 08:56:45 +0000 (08:56 +0000)
author skodak <skodak>
Sun, 19 Jul 2009 08:56:45 +0000 (08:56 +0000)
committer skodak <skodak>
Sun, 19 Jul 2009 08:56:45 +0000 (08:56 +0000)
diff --git a/mod/assignment/lib.php b/mod/assignment/lib.php

index 96abda7c7bddf18b5a632e130816bb7ce8bbbe5d..85592259ef1dc10bb6a5d119863954f28e37982d 100644 (file)
--- a/mod/assignment/lib.php
+++ b/mod/assignment/lib.php
@@ -2437,7 +2437,7 @@ function assignment_get_participants($assignmentid) {
   */
  function assignment_pluginfile($course, $cminfo, $context, $filearea, $args, $forcedownload) {
      global $CFG, $DB;
-
+    
      if (!$assignment = $DB->get_record('assignment', array('id'=>$cminfo->instance))) {
          return false;
      }
@@ -2445,6 +2445,8 @@ function assignment_pluginfile($course, $cminfo, $context, $filearea, $args, $fo
          return false;
      }
  
+    require_login($course, false, $cm);
+
      require_once($CFG->dirroot.'/mod/assignment/type/'.$assignment->assignmenttype.'/assignment.class.php');
      $assignmentclass = 'assignment_'.$assignment->assignmenttype;
      $assignmentinstance = new $assignmentclass($cm->id, $assignment, $cm, $course);
diff --git a/mod/data/lib.php b/mod/data/lib.php

index b787c1dcfc4ca0ba43365ab2c0733f28afd91c73..ec5f6d16c8406f493e5d7cda17752679d1f09ebb 100755 (executable)
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@@ -2839,6 +2839,12 @@ function data_pluginfile($course, $cminfo, $context, $filearea, $args, $forcedow
      if ($filearea === 'data_content') {
          $contentid = (int)array_shift($args);
  
+        if (!$cm = get_coursemodule_from_instance('data', $cminfo->instance, $course->id)) {
+            return false;
+        }
+        
+        require_course_login($course, true, $cm);
+        
          if (!$content = $DB->get_record('data_content', array('id'=>$contentid))) {
              return false;
          }
@@ -2862,7 +2868,7 @@ function data_pluginfile($course, $cminfo, $context, $filearea, $args, $forcedow
  
          // group access
          if ($record->groupid) {
-            $groupmode = groups_get_activity_groupmode($cminfo, $course);
+            $groupmode = groups_get_activity_groupmode($cm, $course);
              if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
                  if (!groups_is_member($record->groupid)) {
                      return false;
@@ -2870,7 +2876,7 @@ function data_pluginfile($course, $cminfo, $context, $filearea, $args, $forcedow
              }
          }
  
-        $fieldobj = data_get_field($field, $data, $cminfo);
+        $fieldobj = data_get_field($field, $data, $cm);
  
          $relativepath = '/'.implode('/', $args);
          $fullpath = $context->id.'data_content'.$content->id.$relativepath;
diff --git a/mod/forum/lib.php b/mod/forum/lib.php

index 52d5006c80abc6fb395b6c7ebce2ec06a632338b..e9aa0c9d1eb4ddd829a8874157335e8595bd4844 100644 (file)
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@@ -4381,6 +4381,12 @@ function forum_pluginfile($course, $cminfo, $context, $filearea, $args, $forcedo
  
      $postid = (int)array_shift($args);
  
+    if (!$cm = get_coursemodule_from_instance('forum', $cminfo->instance, $course->id)) {
+        return false;
+    }
+    
+    require_course_login($course, true, $cm);
+    
      if (!$post = $DB->get_record('forum_posts', array('id'=>$postid))) {
          return false;
      }
diff --git a/mod/glossary/lib.php b/mod/glossary/lib.php

index 9eb76dc5121f163d4c0327342e3b53900db7909a..b324216548d1f9947b0e1912412bdabb20cb8674 100644 (file)
--- a/mod/glossary/lib.php
+++ b/mod/glossary/lib.php
@@ -1322,6 +1322,12 @@ function glossary_pluginfile($course, $cminfo, $context, $filearea, $args, $forc
      if ($filearea === 'glossary_attachment' or $filearea === 'glossary_entry') {
          $entryid = (int)array_shift($args);
  
+        if (!$cm = get_coursemodule_from_instance('glossary', $cminfo->instance, $course->id)) {
+            return false;
+        }
+
+        require_course_login($course, true, $cm);
+        
          if (!$entry = $DB->get_record('glossary_entries', array('id'=>$entryid))) {
              return false;
          }
diff --git a/mod/scorm/lib.php b/mod/scorm/lib.php

index 22eb8b1ad32d8785d81d8ce46b5017cf6dc7adb9..d082069482926f260d50a4ef438a2bc1207e7bb2 100755 (executable)
--- a/mod/scorm/lib.php
+++ b/mod/scorm/lib.php
@@ -864,6 +864,12 @@ function scorm_pluginfile($course, $cminfo, $context, $filearea, $args, $forcedo
  
      $lifetime = isset($CFG->filelifetime) ? $CFG->filelifetime : 86400;
  
+    if (!$cm = get_coursemodule_from_instance('scorm', $cminfo->instance, $course->id)) {
+        return false;
+    }
+    
+    require_login($course, true, $cm);
+
      if ($filearea === 'scorm_content') {
          $revision = (int)array_shift($args); // prevents caching problems - ignored here
          $relativepath = '/'.implode('/', $args);
author	skodak <skodak>
	Sun, 19 Jul 2009 08:56:45 +0000 (08:56 +0000)
committer	skodak <skodak>
	Sun, 19 Jul 2009 08:56:45 +0000 (08:56 +0000)
mod/assignment/lib.php		patch \| blob \| history
mod/data/lib.php		patch \| blob \| history
mod/forum/lib.php		patch \| blob \| history
mod/glossary/lib.php		patch \| blob \| history
mod/scorm/lib.php		patch \| blob \| history