MDL-10198 - Further refinements.

author tjhunt <tjhunt>

Fri, 22 Jun 2007 15:05:42 +0000 (15:05 +0000)

committer tjhunt <tjhunt>

Fri, 22 Jun 2007 15:05:42 +0000 (15:05 +0000)
author tjhunt <tjhunt>
Fri, 22 Jun 2007 15:05:42 +0000 (15:05 +0000)
committer tjhunt <tjhunt>
Fri, 22 Jun 2007 15:05:42 +0000 (15:05 +0000)
diff --git a/question/file.php b/question/file.php

index deb5f818443ef41287b1510cc655bf94fbf70f28..841a317bf5c55a9e8446580314bc07c1b5d70cba 100644 (file)
--- a/question/file.php
+++ b/question/file.php
@@ -29,8 +29,10 @@
  
      // extract relative path components
      $args = explode('/', trim($relativepath, '/'));
-    if (count($args) == 0) { // always at least courseid, may search for index.html in course root
-        error('No valid arguments supplied');
+
+    // check for the right number of directories in the path
+    if (count($args) != 3) {
+        error('Invalid arguments supplied');
      }
  
      // security: require login
@@ -54,6 +56,12 @@
                  $haspermission = $modcheckfileaccess($args[0], $args[1]);
              }
          }
+    } else if ($args[0][0] == 0) {
+        global $USER;
+        $list = explode('_', $args[0]);
+        if ($list[1] == $USER->id) {
+            $haspermission = true;
+        }
      }
  
      if ($haspermission) {