From 4c211e95c41507c0c1d628f9b3b3f5bcbb7980de Mon Sep 17 00:00:00 2001 From: dongsheng Date: Mon, 5 Oct 2009 07:44:45 +0000 Subject: [PATCH] "MDL-20422, check courses category before moving, hideing, showing courses, merged from 1.9" --- course/category.php | 20 ++++++++++++++++++-- lang/en_utf8/error.php | 2 ++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/course/category.php b/course/category.php index 5ca6cfa47f..8b47748d03 100644 --- a/course/category.php +++ b/course/category.php @@ -85,7 +85,17 @@ $courses = array(); foreach ($data as $key => $value) { if (preg_match('/^c\d+$/', $key)) { - array_push($courses, substr($key, 1)); + $courseid = substr($key, 1); + array_push($courses, $courseid); + + // check this course's category + if ($movingcourse = $DB->get_record('course', array('id'=>$courseid))) { + if ($movingcourse->category != $id ) { + print_error('coursedoesnotbelongtocategory'); + } + } else { + print_error('cannotfindcourse'); + } } } move_courses($courses, $data->moveto); @@ -93,7 +103,6 @@ /// Hide or show a course if ((!empty($hide) or !empty($show)) and confirm_sesskey()) { - require_capability('moodle/course:visibility', $context); if (!empty($hide)) { $course = $DB->get_record('course', array('id' => $hide)); $visible = 0; @@ -101,7 +110,10 @@ $course = $DB->get_record('course', array('id' => $show)); $visible = 1; } + if ($course) { + $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); + require_capability('moodle/course:visibility', $coursecontext); if (!$DB->set_field('course', 'visible', $visible, array('id' => $course->id))) { print_error('errorupdatingcoursevisibility'); } @@ -127,6 +139,10 @@ } } if ($swapcourse and $movecourse) { + // check course's category + if ($movecourse->category != $id) { + print_error('coursedoesnotbelongtocategory'); + } $DB->set_field('course', 'sortorder', $swapcourse->sortorder, array('id' => $movecourse->id)); $DB->set_field('course', 'sortorder', $movecourse->sortorder, array('id' => $swapcourse->id)); } diff --git a/lang/en_utf8/error.php b/lang/en_utf8/error.php index e974653499..487dc9d7fc 100644 --- a/lang/en_utf8/error.php +++ b/lang/en_utf8/error.php @@ -59,6 +59,7 @@ $string['cannoteditmasterlang'] = 'You do not have permission to edit the master $string['cannotedityourprofile'] = 'Sorry, you cannot edit own profile'; $string['cannotfindcomponent'] = 'Cannot find component'; $string['cannotfindcontext'] = 'Could not find context'; +$string['cannotfindcourse'] = 'Cannot find course'; $string['cannotfindcategory'] = 'Cannot find category record from database by ID - $a'; $string['cannotfinddocs'] = 'Cannot find \"$a\" language docs files'; $string['cannotfindgradeitem'] = 'Cannot find grade_item'; @@ -148,6 +149,7 @@ $string['confirmsesskeybad'] = 'Sorry, but your session key could not be confirm $string['couldnotassignrole'] = 'A serious but unspecified error occurred while trying to assign a role to you'; $string['couldnotupdatenoexistinguser'] = 'Cannot update the user - user doesn\'t exist'; $string['countriesphpempty'] = 'Error: The file countries.php in language pack $a is empty or missing.'; +$string['coursedoesnotbelongtocategory'] = 'The course doesn\'t belong to this category'; $string['coursegroupunknown'] = 'Course corresponding to group $a not specified'; $string['courseidnotfound'] = 'Course id doesn\'t exist'; $string['coursemisconf'] = 'Course is misconfigured'; -- 2.39.5