From 1cc215265820622cf2809430dd04989cefb30af0 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Sat, 28 Aug 2004 23:22:34 +0000
Subject: [PATCH] If we are updating an entry, compare current session user
 with existing entry user to avoid some potential problems if secureforms=off
 Perhaps too much security? Anyway thanks to skodak

(Bug 1823)
(http://moodle.org/bugs/bug.php?op=show&bugid=1823)

Merged from MOODLE_14_STABLE
---
 mod/glossary/edit.php | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php
index 52e03f481d..a6b1e7824f 100644
--- a/mod/glossary/edit.php
+++ b/mod/glossary/edit.php
@@ -88,6 +88,20 @@ if ( $confirm ) {
     }
 
     if ($e) {
+        //We are updating an entry, so we compare current session user with
+        //existing entry user to avoid some potential problems if secureforms=off
+        //Perhaps too much security? Anyway thanks to skodak (Bug 1823)
+        $old = get_record('glossary_entries', 'id', $e);
+        $ineditperiod = ((time() - $old->timecreated <  $CFG->maxeditingtime) || $glossary->editalways);
+        if ( (!$ineditperiod  || $USER->id != $old->userid) and !isteacher($course->id) and $e) {
+            if ( $USER->id != $old->userid ) {
+                error("You can't edit other people's entries!"); 
+            } elseif (!$ineditperiod) {
+                error("You can't edit this. Time expired!"); 
+            }           
+            die;        
+        }
+
         $newentry->id = $e;
 
         $permissiongranted = 1;
@@ -261,13 +275,13 @@ print_header_simple(strip_tags("$glossary->name"), "",
 
 $ineditperiod = ((time() - $newentry->timecreated <  $CFG->maxeditingtime) || $glossary->editalways);
 if ( (!$ineditperiod  || $USER->id != $newentry->userid) and !isteacher($course->id) and $e) {
-                if ( $USER->id != $newentry->userid ) {
-                    error("You can't edit other people's entries!");
-                } elseif (!$ineditperiod) {
-                    error("You can't edit this. Time expired!");
-                }
-                die;
-            }
+    if ( $USER->id != $newentry->userid ) {
+        error("You can't edit other people's entries!");
+    } elseif (!$ineditperiod) {
+        error("You can't edit this. Time expired!");
+    }
+    die;
+}
 
     echo '<p align="center"><font size="3"><b>' . stripslashes_safe($glossary->name);
     echo '</b></font></p>';
-- 
2.39.5