MDL-9764 Require_course_login() should check cm visibility in frontpage course too...

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index a4729150ff04edecd1a6cc961618ea7f1eff0c4f..104d501cb5597589412e98a27e4ee92360cc74ec 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1873,9 +1873,16 @@ function require_course_login($courseorid, $autologinguest=true, $cm=null) {
     if (!empty($CFG->forcelogin)) {
         // login required for both SITE and courses
         require_login($courseorid, $autologinguest, $cm);
+
+    } else if (!empty($cm) and !$cm->visible) {
+        // always login for hidden activities
+        require_login($courseorid, $autologinguest, $cm);
+
     } else if ((is_object($courseorid) and $courseorid->id == SITEID)
           or (!is_object($courseorid) and $courseorid == SITEID)) {
         //login for SITE not required
+        return;
+
     } else {
         // course login always required
         require_login($courseorid, $autologinguest, $cm);