From: skodak <skodak>
Date: Sat, 1 Nov 2008 22:30:18 +0000 (+0000)
Subject: MDL-17027: protect user profile images if $CFG->forcelogin enabled; merged from MOODL... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=cb4709dccdc51a9a4c2d52fbc3d2cd3fd8580fec;p=moodle.git

MDL-17027: protect user profile images if $CFG->forcelogin enabled; merged from MOODLE_19_STABLE
---

diff --git a/user/pix.php b/user/pix.php
index d106c30981..5dfd941af2 100644
--- a/user/pix.php
+++ b/user/pix.php
@@ -3,11 +3,15 @@
       // Syntax:   pix.php/userid/f1.jpg or pix.php/userid/f2.jpg
       //     OR:   ?file=userid/f1.jpg or ?file=userid/f2.jpg
 
-    define('NO_MOODLE_COOKIES', true);                  // session not used here
-
     require_once('../config.php');
     require_once($CFG->libdir.'/filelib.php');
 
+    if (!empty($CFG->forcelogin) and !isloggedin()) {
+        // protect images if login required and not logged in;
+        // do not use require_login() because it is expensive and not suitable here anyway
+        redirect($CFG->pixpath.'/u/f1.png');
+    }
+
     // disable moodle specific debug messages
     disable_debugging();