SC 289, small, but non-exploitable hole in backup permissions checking. Merged from...

author tjhunt <tjhunt>

Sun, 13 Aug 2006 20:39:21 +0000 (20:39 +0000)

committer tjhunt <tjhunt>

Sun, 13 Aug 2006 20:39:21 +0000 (20:39 +0000)
author tjhunt <tjhunt>
Sun, 13 Aug 2006 20:39:21 +0000 (20:39 +0000)
committer tjhunt <tjhunt>
Sun, 13 Aug 2006 20:39:21 +0000 (20:39 +0000)
diff --git a/backup/backup.php b/backup/backup.php

index b3dd830d8ba8ad77d298b869e5503733903b1bee..5a03a715fda9804ef960db68e20f9d0d5ec72da7 100644 (file)
--- a/backup/backup.php
+++ b/backup/backup.php
@@ -17,13 +17,7 @@
  
      if (!empty($id)) {
          if (!isteacheredit($id)) {
-            if (empty($to)) {
-                error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
-            } else {
-                if (!isteacheredit($to)) {
-                    error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
-                }
-            }
+            error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
          }
      } else {
          if (!isadmin()) {
@@ -31,6 +25,12 @@
          }
      }
  
+    if (!empty($to)) {
+        if (!isteacheredit($to)) {
+            error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
+        }
+    }
+
      //Check site
      if (!$site = get_site()) {
          error("Site not found!");
@@ -126,7 +126,7 @@
      }
      print_simple_box_end();
  
-    //Print footer  
+    //Print footer
      print_footer();
  
-?>
+?>
+\ No newline at end of file
author	tjhunt <tjhunt>
	Sun, 13 Aug 2006 20:39:21 +0000 (20:39 +0000)
committer	tjhunt <tjhunt>
	Sun, 13 Aug 2006 20:39:21 +0000 (20:39 +0000)