From: dwoolhead <dwoolhead>
Date: Fri, 16 Nov 2007 16:31:00 +0000 (+0000)
Subject: MDL-11979 Forum subscriptions loop hole allowing users to subscribe to forums they... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=01cbbbd70a563ecfb4795f13a848497911228991;p=moodle.git

MDL-11979 Forum subscriptions loop hole allowing users to subscribe to forums they should not have access to.
---

diff --git a/mod/forum/subscribe.php b/mod/forum/subscribe.php
index d2ea8ca693..3fbcfebc8e 100644
--- a/mod/forum/subscribe.php
+++ b/mod/forum/subscribe.php
@@ -94,6 +94,9 @@
                     !has_capability('mod/forum:managesubscriptions', $context)) {
             error(get_string('disallowsubscribe'),$_SERVER["HTTP_REFERER"]);
         }
+        if (!has_capability('mod/forum:viewdiscussion', $context)) {
+            error("Could not subscribe you to that forum", $_SERVER["HTTP_REFERER"]);
+        }
         if (forum_subscribe($user->id, $forum->id) ) {
             add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
             redirect($returnto, get_string("nowsubscribed", "forum", $info), 1);