From cb4709dccdc51a9a4c2d52fbc3d2cd3fd8580fec Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Sat, 1 Nov 2008 22:30:18 +0000
Subject: [PATCH] MDL-17027: protect user profile images if $CFG->forcelogin
 enabled; merged from MOODLE_19_STABLE

---
 user/pix.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/user/pix.php b/user/pix.php
index d106c30981..5dfd941af2 100644
--- a/user/pix.php
+++ b/user/pix.php
@@ -3,11 +3,15 @@
       // Syntax:   pix.php/userid/f1.jpg or pix.php/userid/f2.jpg
       //     OR:   ?file=userid/f1.jpg or ?file=userid/f2.jpg
 
-    define('NO_MOODLE_COOKIES', true);                  // session not used here
-
     require_once('../config.php');
     require_once($CFG->libdir.'/filelib.php');
 
+    if (!empty($CFG->forcelogin) and !isloggedin()) {
+        // protect images if login required and not logged in;
+        // do not use require_login() because it is expensive and not suitable here anyway
+        redirect($CFG->pixpath.'/u/f1.png');
+    }
+
     // disable moodle specific debug messages
     disable_debugging();
 
-- 
2.39.5