]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 12c55f3)
Important bug fixed! Non-teachers could modify course!
authormoodler <moodler>
Sat, 24 May 2003 06:53:47 +0000 (06:53 +0000)
committermoodler <moodler>
Sat, 24 May 2003 06:53:47 +0000 (06:53 +0000)
course/mod.php patch | blob | history

diff --git a/course/mod.php b/course/mod.php
index 53c48ebbe9c71f550287d3ab4791ca7d8e389b3e..982106dae9ec51d5b620eaadb275e0cec47fd478 100644 (file)
--- a/course/mod.php
+++ b/course/mod.php
@@ -5,6 +5,7 @@
     require("../config.php");
     require("lib.php");
 
+    require_login();
 
     if (isset($cancel)) {  
         if (!empty($SESSION->returnpage)) {
@@ -26,8 +27,6 @@
             $mod = (object)$_POST;
         }
 
-        require_login($mod->course);
-
         if (!isteacher($mod->course)) {
             error("You can't modify this course!");
         }
@@ -111,6 +110,10 @@
         if (! $cm = get_record("course_modules", "id", $id)) {
             error("This course module doesn't exist");
         }
+
+        if (!isteacher($cm->course)) {
+            error("You can't modify this course!");
+        }
     
         move_module($cm, $move);
 
@@ -129,6 +132,10 @@
         if (! $cm = get_record("course_modules", "id", $hide)) {
             error("This course module doesn't exist");
         }
+
+        if (!isteacher($cm->course)) {
+            error("You can't modify this course!");
+        }
    
         hide_course_module($cm->id);
 
@@ -148,6 +155,10 @@
             error("This course module doesn't exist");
         }
 
+        if (!isteacher($cm->course)) {
+            error("You can't modify this course!");
+        }
+
         if (! $section = get_record("course_sections", "id", $cm->section)) {
             error("This module doesn't exist");
         }
@@ -180,8 +191,6 @@
             error("This course doesn't exist");
         }
 
-        require_login($course->id);
-
         if (!isteacher($course->id)) {
             error("You can't modify this course!");
         }
@@ -227,6 +236,10 @@
             error("This course doesn't exist");
         }
 
+        if (!isteacher($course->id)) {
+            error("You can't modify this course!");
+        }
+
         if (! $module = get_record("modules", "id", $cm->module)) {
             error("This module doesn't exist");
         }
@@ -304,8 +317,6 @@
         error("No action was specfied");
     }
 
-    require_login($course->id);
-
     if (!isteacher($course->id)) {
         error("You can't modify this course!");
     }
Unnamed repository; edit this file to name it for gitweb.