From: martin <martin>
Date: Tue, 6 Aug 2002 12:17:40 +0000 (+0000)
Subject: Close wide-open hacking hole!  This script wasn't checking for admin
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=ce15d1784c832393d9ad7f9873e9fab877b32445;p=moodle.git

Close wide-open hacking hole!  This script wasn't checking for admin
user in the case where the site has been defined already.  Oops. Fixed now.
---

diff --git a/admin/site.php b/admin/site.php
index 39104d9a6c..e3ea6dd13e 100644
--- a/admin/site.php
+++ b/admin/site.php
@@ -2,7 +2,11 @@
 
 	require("../config.php");
 
-    $course = get_site();
+    if ($course = get_site()) {
+        if (!isadmin()) {
+            error("You need to be admin to edit this page");
+        }
+    }
     $course->format = "social";   // override
 
 /// If data submitted, then process and store.