From 522f608d02cb8ab82a2ee8cc3ac9d5717f6ae90c Mon Sep 17 00:00:00 2001 From: moodler Date: Sat, 24 May 2003 06:53:47 +0000 Subject: [PATCH] Important bug fixed! Non-teachers could modify course! --- course/mod.php | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/course/mod.php b/course/mod.php index 53c48ebbe9..982106dae9 100644 --- a/course/mod.php +++ b/course/mod.php @@ -5,6 +5,7 @@ require("../config.php"); require("lib.php"); + require_login(); if (isset($cancel)) { if (!empty($SESSION->returnpage)) { @@ -26,8 +27,6 @@ $mod = (object)$_POST; } - require_login($mod->course); - if (!isteacher($mod->course)) { error("You can't modify this course!"); } @@ -111,6 +110,10 @@ if (! $cm = get_record("course_modules", "id", $id)) { error("This course module doesn't exist"); } + + if (!isteacher($cm->course)) { + error("You can't modify this course!"); + } move_module($cm, $move); @@ -129,6 +132,10 @@ if (! $cm = get_record("course_modules", "id", $hide)) { error("This course module doesn't exist"); } + + if (!isteacher($cm->course)) { + error("You can't modify this course!"); + } hide_course_module($cm->id); @@ -148,6 +155,10 @@ error("This course module doesn't exist"); } + if (!isteacher($cm->course)) { + error("You can't modify this course!"); + } + if (! $section = get_record("course_sections", "id", $cm->section)) { error("This module doesn't exist"); } @@ -180,8 +191,6 @@ error("This course doesn't exist"); } - require_login($course->id); - if (!isteacher($course->id)) { error("You can't modify this course!"); } @@ -227,6 +236,10 @@ error("This course doesn't exist"); } + if (!isteacher($course->id)) { + error("You can't modify this course!"); + } + if (! $module = get_record("modules", "id", $cm->module)) { error("This module doesn't exist"); } @@ -304,8 +317,6 @@ error("No action was specfied"); } - require_login($course->id); - if (!isteacher($course->id)) { error("You can't modify this course!"); } -- 2.39.5