From: tjhunt Date: Mon, 20 Jul 2009 08:57:18 +0000 (+0000) Subject: MDL-19882 Add missing require_login-s before require_capability. X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=ebff4779955be0601b20de05cd31501b329efe9c;p=moodle.git MDL-19882 Add missing require_login-s before require_capability. --- diff --git a/admin/uploaduser.php b/admin/uploaduser.php index af7290c120..07baf3c959 100755 --- a/admin/uploaduser.php +++ b/admin/uploaduser.php @@ -27,6 +27,7 @@ if (function_exists('apache_child_terminate')) { @apache_child_terminate(); } +require_login(); admin_externalpage_setup('uploadusers'); require_capability('moodle/site:uploadusers', get_context_instance(CONTEXT_SYSTEM)); diff --git a/admin/user/user_bulk_confirm.php b/admin/user/user_bulk_confirm.php index df433f7d1b..2935ad4adf 100755 --- a/admin/user/user_bulk_confirm.php +++ b/admin/user/user_bulk_confirm.php @@ -8,6 +8,7 @@ require_once($CFG->libdir.'/adminlib.php'); $confirm = optional_param('confirm', 0, PARAM_BOOL); +require_login(); admin_externalpage_setup('userbulk'); require_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM)); diff --git a/admin/user/user_bulk_delete.php b/admin/user/user_bulk_delete.php index 8278f8307e..099d288676 100755 --- a/admin/user/user_bulk_delete.php +++ b/admin/user/user_bulk_delete.php @@ -8,6 +8,7 @@ require_once($CFG->libdir.'/adminlib.php'); $confirm = optional_param('confirm', 0, PARAM_BOOL); +require_login(); admin_externalpage_setup('userbulk'); require_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM)); diff --git a/admin/user/user_bulk_download.php b/admin/user/user_bulk_download.php index 96a59bee80..34cbe3ccaa 100755 --- a/admin/user/user_bulk_download.php +++ b/admin/user/user_bulk_download.php @@ -8,6 +8,7 @@ require_once($CFG->libdir.'/adminlib.php'); $format = optional_param('format', '', PARAM_ALPHA); +require_login(); admin_externalpage_setup('userbulk'); require_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM)); diff --git a/admin/user/user_bulk_enrol.php b/admin/user/user_bulk_enrol.php index 0bee217204..36c5a84061 100644 --- a/admin/user/user_bulk_enrol.php +++ b/admin/user/user_bulk_enrol.php @@ -8,6 +8,7 @@ $processed = optional_param('processed', '', PARAM_CLEAN); $sort = optional_param('sort', 'fullname', PARAM_ALPHA); //Sort by full name $dir = optional_param('dir', 'asc', PARAM_ALPHA); //Order to sort (ASC) +require_login(); admin_externalpage_setup('userbulk'); require_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM)); $return = $CFG->wwwroot.'/'.$CFG->admin.'/user/user_bulk.php'; diff --git a/admin/user/user_bulk_message.php b/admin/user/user_bulk_message.php index 4c7f2d54c3..3b9b2d0a22 100755 --- a/admin/user/user_bulk_message.php +++ b/admin/user/user_bulk_message.php @@ -7,6 +7,7 @@ require_once('user_message_form.php'); $msg = optional_param('msg', '', PARAM_CLEAN); $confirm = optional_param('confirm', 0, PARAM_BOOL); +require_login(); admin_externalpage_setup('userbulk'); require_capability('moodle/site:readallmessages', get_context_instance(CONTEXT_SYSTEM)); diff --git a/course/category.php b/course/category.php index b61310710b..ba3848e7de 100644 --- a/course/category.php +++ b/course/category.php @@ -17,10 +17,6 @@ $moveto = optional_param('moveto', 0, PARAM_INT); $resort = optional_param('resort', 0, PARAM_BOOL); - if ($CFG->forcelogin) { - require_login(); - } - if (!$site = get_site()) { print_error('siteisnotdefined', 'debug'); } @@ -33,21 +29,25 @@ $context = $PAGE->context; $category = $PAGE->category; - if (!$category->visible) { - require_capability('moodle/category:viewhiddencategories', $context); - } - if (update_category_button($category->id)) { if ($categoryedit !== -1) { $USER->editing = $categoryedit; } - $editingon = $PAGE->user_is_editing(); + require_login(); $navbaritem = update_category_button($category->id); // Must call this again after updating the state. + $editingon = $PAGE->user_is_editing(); } else { + if ($CFG->forcelogin) { + require_login(); + } $navbaritem = print_course_search('', true, 'navbar'); $editingon = false; } + if (!$category->visible) { + require_capability('moodle/category:viewhiddencategories', $context); + } + // Process any category actions. if (has_capability('moodle/category:manage', $context)) { /// Resort the category if requested diff --git a/course/index.php b/course/index.php index c1e28068e2..be6ecb9014 100644 --- a/course/index.php +++ b/course/index.php @@ -14,10 +14,6 @@ $moveup = optional_param('moveup',0,PARAM_INT); $movedown = optional_param('movedown',0,PARAM_INT); - if ($CFG->forcelogin) { - require_login(); - } - if (!$site = get_site()) { print_error('siteisnotdefined', 'debug'); } @@ -31,8 +27,12 @@ if ($categoryedit !== -1) { $USER->editing = $categoryedit; } + require_login(); $adminediting = $PAGE->user_is_editing(); } else { + if ($CFG->forcelogin) { + require_login(); + } $adminediting = false; } diff --git a/enrol/mnet/allowed_courses.php b/enrol/mnet/allowed_courses.php index 144aac42ae..aa264bc65d 100644 --- a/enrol/mnet/allowed_courses.php +++ b/enrol/mnet/allowed_courses.php @@ -19,6 +19,7 @@ $removecategory = optional_param('removecategory', 0, PARAM_BOOL); $addcourse = optional_param('addcourse', 0, PARAM_BOOL); $removecourse = optional_param('removecourse', 0, PARAM_BOOL); +require_login(); $sitecontext = get_context_instance(CONTEXT_SYSTEM); $sesskey = sesskey(); $formerror = array(); diff --git a/login/change_password.php b/login/change_password.php index 5775936942..f557a55e0c 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -26,6 +26,7 @@ // do not require change own password cap if change forced if (!get_user_preferences('auth_forcepasswordchange', false)) { + require_login(); require_capability('moodle/user:changeownpassword', $systemcontext); } diff --git a/mnet/testclient.php b/mnet/testclient.php index 9c0bb57121..95c810a454 100644 --- a/mnet/testclient.php +++ b/mnet/testclient.php @@ -18,6 +18,7 @@ if ($CFG->mnet_dispatcher_mode === 'off') { } // Site admins only, thanks. +require_login(); $context = get_context_instance(CONTEXT_SYSTEM); require_capability('moodle/site:config', $context);