From: jerome Date: Mon, 8 Sep 2008 02:10:30 +0000 (+0000) Subject: MDL-15402: fixes for tabs.php - now display tab repository only for the current user... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=6c91ce49ff3b1c45bcabc1168803a2f07085acb0;p=moodle.git MDL-15402: fixes for tabs.php - now display tab repository only for the current user, + add some context security --- diff --git a/lang/en_utf8/repository.php b/lang/en_utf8/repository.php index f3b2221b89..bfc932b571 100644 --- a/lang/en_utf8/repository.php +++ b/lang/en_utf8/repository.php @@ -76,3 +76,4 @@ $string['typenotvisible'] = 'Type not visible'; $string['updown'] = 'Display order'; $string['upload'] = 'Upload this file'; $string['uploading'] = 'Uploading...'; +$string['wrongcontext'] = 'You cannot access to this context'; diff --git a/repository/manage_instances.php b/repository/manage_instances.php index 6d8db646a2..9cf361b976 100644 --- a/repository/manage_instances.php +++ b/repository/manage_instances.php @@ -45,6 +45,9 @@ else { //is the user looking at its own repository instances if ($USER->id != $context->instanceid){ print_error('notyourinstances', 'repository'); + } + if ($context->contextlevel != CONTEXT_USER){ + print_error('wrongcontext', 'repository'); } $user = $USER; } diff --git a/user/tabs.php b/user/tabs.php index 4207984e13..6a6f4acfec 100644 --- a/user/tabs.php +++ b/user/tabs.php @@ -249,14 +249,12 @@ } // Repository Tab - if (!empty($user) and $user->id == $USER->id) { + if (!empty($user) and $user->id == $USER->id) { require_once($CFG->dirroot . '/repository/lib.php'); - //$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); $usercontext = get_context_instance(CONTEXT_USER,$user->id); - - //if (repository_get_instances($usercontext, $USER->id)) { + if (!empty($usercontext) && $usercontext->contextlevel == CONTEXT_USER) { $toprow[] = new tabobject('repositories', $CFG->wwwroot .'/repository/manage_instances.php?contextid='.$usercontext->id, get_string('repositories', 'repository')); - //} + } }