From: defacer <defacer>
Date: Tue, 1 Feb 2005 06:55:02 +0000 (+0000)
Subject: Even more automation: now blocks_execute_url_action() checks if the user
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3edc57e1899b0fc2ca15603b398b11ea8c591e52;p=moodle.git

Even more automation: now blocks_execute_url_action() checks if the user
has sufficient rights to execute the action automatically. It's therefore
safe to call without ANY checks being done first.
---

diff --git a/lib/blocklib.php b/lib/blocklib.php
index ea0201bb92..c825a01a69 100644
--- a/lib/blocklib.php
+++ b/lib/blocklib.php
@@ -482,7 +482,7 @@ function blocks_execute_action($page, &$pageblocks, $blockaction, $instanceorid)
 function blocks_execute_url_action(&$PAGE, &$pageblocks) {
     $blockaction = optional_param('blockaction');
 
-    if (empty($blockaction) || !confirm_sesskey()) {
+    if (empty($blockaction) || !$PAGE->user_allowed_editing() || !confirm_sesskey()) {
         return;
     }