]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0144a0a)
Even more automation: now blocks_execute_url_action() checks if the user
authordefacer <defacer>
Tue, 1 Feb 2005 06:55:02 +0000 (06:55 +0000)
committerdefacer <defacer>
Tue, 1 Feb 2005 06:55:02 +0000 (06:55 +0000)
has sufficient rights to execute the action automatically. It's therefore
safe to call without ANY checks being done first.

lib/blocklib.php patch | blob | history

diff --git a/lib/blocklib.php b/lib/blocklib.php
index ea0201bb929b69e69fa6e81c2c37e8c1ea28bcdc..c825a01a6946cba8c015cee9a79d7e4f6fd2940c 100644 (file)
--- a/lib/blocklib.php
+++ b/lib/blocklib.php
@@ -482,7 +482,7 @@ function blocks_execute_action($page, &$pageblocks, $blockaction, $instanceorid)
 function blocks_execute_url_action(&$PAGE, &$pageblocks) {
     $blockaction = optional_param('blockaction');
 
-    if (empty($blockaction) || !confirm_sesskey()) {
+    if (empty($blockaction) || !$PAGE->user_allowed_editing() || !confirm_sesskey()) {
         return;
     }
 
Unnamed repository; edit this file to name it for gitweb.