if (!$readonly && !confirm_sesskey($this->get('sesskey'))) {
throw new portfolio_exception('confirmsesskeybad');
}
+ if (!$this->caller->check_permissions()) {
+ throw new portfolio_caller_exception('nopermissions', 'portfolio', $this->caller->get_return_url());
+ }
+ error_log("checking permissions after waking");
}
/**
* copies a file from somewhere else in moodle
$linkoutput .= 'ca_' . $key . '=' . $value . '&';
$formoutput .= "\n" . '<input type="hidden" name="ca_' . $key . '" value="' . $value . '" />';
}
+ $formoutput .= "\n" . '<input type="hidden" name="sesskey" value="' . sesskey() . '" />';
+ $linkoutput .= 'sesskey=' . sesskey() . '&';
$formoutput .= "\n" . '<input type="hidden" name="callbackfile" value="' . $this->callbackfile . '" />';
$formoutput .= "\n" . '<input type="hidden" name="callbackclass" value="' . $this->callbackclass . '" />';
$formoutput .= "\n" . '<input type="hidden" name="course" value="' . (!empty($COURSE) ? $COURSE->id : 0) . '" />';
$callbackargs[substr($key, 3)] = $value;
}
}
+ if (!confirm_sesskey()) {
+ throw new portfolio_caller_exception('confirmsesskeybad', 'error');
+ }
// righto, now we have the callback args set up
// load up the caller file and class and tell it to set up all the data
// it needs
require_once($CFG->dirroot . $callbackfile);
+ if (!class_exists($callbackclass) || !is_subclass_of($callbackclass, 'portfolio_caller_base')) {
+ throw new portfolio_caller_exception('callbackclassinvalid', 'portfolio');
+ }
$caller = new $callbackclass($callbackargs);
$caller->set('user', $USER);
$caller->load_data();
projects / moodle.git / commitdiff