From a7c3953d1cb1ca278bea4522c7431166c13bb35b Mon Sep 17 00:00:00 2001
From: tjhunt <tjhunt>
Date: Sun, 13 Aug 2006 20:39:21 +0000
Subject: [PATCH] SC 289, small, but non-exploitable hole in backup permissions
 checking. Merged from MOODLE_16_STABLE.

---
 backup/backup.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/backup/backup.php b/backup/backup.php
index b3dd830d8b..5a03a715fd 100644
--- a/backup/backup.php
+++ b/backup/backup.php
@@ -17,13 +17,7 @@
 
     if (!empty($id)) {
         if (!isteacheredit($id)) {
-            if (empty($to)) {
-                error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
-            } else {
-                if (!isteacheredit($to)) {
-                    error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
-                }
-            }
+            error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
         }
     } else {
         if (!isadmin()) {
@@ -31,6 +25,12 @@
         }
     }
 
+    if (!empty($to)) {
+        if (!isteacheredit($to)) {
+            error("You need to be a teacher or admin user to use this page.", "$CFG->wwwroot/login/index.php");
+        }
+    }
+
     //Check site
     if (!$site = get_site()) {
         error("Site not found!");
@@ -126,7 +126,7 @@
     }
     print_simple_box_end();
 
-    //Print footer  
+    //Print footer
     print_footer();
 
-?>
+?>
\ No newline at end of file
-- 
2.39.5