From 0532aec946fbd2e4757bd7cea04fe4842fc19a37 Mon Sep 17 00:00:00 2001 From: martinlanghoff Date: Wed, 19 Sep 2007 06:52:52 +0000 Subject: [PATCH] weblib:update_course_icon() - remove access control from here Access control for the course icon display should happen at the page level, as we'll need to ask "can edit?" quite a few times in the page. The fact that this is weblib should be a good hint that functions that print html should not be doing access control... --- lib/weblib.php | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/weblib.php b/lib/weblib.php index 3fd2e540c9..d66d515444 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -4441,6 +4441,8 @@ function print_editor_config($editorhidebuttons='', $return=false) { * Returns a turn edit on/off button for course in a self contained form. * Used to be an icon, but it's now a simple form button * + * Note that the caller is responsible for capchecks. + * * @uses $CFG * @uses $USER * @param int $courseid The course to update by id as found in 'course' table @@ -4449,23 +4451,21 @@ function print_editor_config($editorhidebuttons='', $return=false) { function update_course_icon($courseid) { global $CFG, $USER; - if (editcourseallowed($courseid)) { - if (!empty($USER->editing)) { - $string = get_string('turneditingoff'); - $edit = '0'; - } else { - $string = get_string('turneditingon'); - $edit = '1'; - } - - return '
frametarget.' method="get" action="'.$CFG->wwwroot.'/course/view.php">'. - '
'. - ''. - ''. - ''. - ''. - '
'; + if (!empty($USER->editing)) { + $string = get_string('turneditingoff'); + $edit = '0'; + } else { + $string = get_string('turneditingon'); + $edit = '1'; } + + return '
frametarget.' method="get" action="'.$CFG->wwwroot.'/course/view.php">'. + '
'. + ''. + ''. + ''. + ''. + '
'; } /** -- 2.39.5