From dc1fd03d6d492d9d59577a139ef15d14fa0d3412 Mon Sep 17 00:00:00 2001
From: tjhunt <tjhunt>
Date: Fri, 22 Jun 2007 15:05:42 +0000
Subject: [PATCH] MDL-10198 - Further refinements.

---
 question/file.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/question/file.php b/question/file.php
index deb5f81844..841a317bf5 100644
--- a/question/file.php
+++ b/question/file.php
@@ -29,8 +29,10 @@
 
     // extract relative path components
     $args = explode('/', trim($relativepath, '/'));
-    if (count($args) == 0) { // always at least courseid, may search for index.html in course root
-        error('No valid arguments supplied');
+
+    // check for the right number of directories in the path
+    if (count($args) != 3) {
+        error('Invalid arguments supplied');
     }
 
     // security: require login
@@ -54,6 +56,12 @@
                 $haspermission = $modcheckfileaccess($args[0], $args[1]);
             }
         }
+    } else if ($args[0][0] == 0) {
+        global $USER;
+        $list = explode('_', $args[0]);
+        if ($list[1] == $USER->id) {
+            $haspermission = true;
+        }
     }
 
     if ($haspermission) {
-- 
2.39.5