From 01cbbbd70a563ecfb4795f13a848497911228991 Mon Sep 17 00:00:00 2001
From: dwoolhead <dwoolhead>
Date: Fri, 16 Nov 2007 16:31:00 +0000
Subject: [PATCH] MDL-11979 Forum subscriptions loop hole allowing users to
 subscribe to forums they should not have access to.

---
 mod/forum/subscribe.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mod/forum/subscribe.php b/mod/forum/subscribe.php
index d2ea8ca693..3fbcfebc8e 100644
--- a/mod/forum/subscribe.php
+++ b/mod/forum/subscribe.php
@@ -94,6 +94,9 @@
                     !has_capability('mod/forum:managesubscriptions', $context)) {
             error(get_string('disallowsubscribe'),$_SERVER["HTTP_REFERER"]);
         }
+        if (!has_capability('mod/forum:viewdiscussion', $context)) {
+            error("Could not subscribe you to that forum", $_SERVER["HTTP_REFERER"]);
+        }
         if (forum_subscribe($user->id, $forum->id) ) {
             add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
             redirect($returnto, get_string("nowsubscribed", "forum", $info), 1);
-- 
2.39.5