mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-52261 filelib: Do login check for files in blocks

Browse Source
This commit is contained in:
Ben Kelada 2015-11-23 11:59:56 +11:00
parent ea5c18dfce
commit 288c8cb7f1
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/filelib.php
View File

@ -4506,6 +4506,14 @@ function file_pluginfile($relativepath, $forcedownload, $preview = null) {
send_file_not_found();
}
if ($context->get_course_context(false)) {
// If block is in course context, then check if user has capability to access course.
require_course_login($course);
} else if ($CFG->forcelogin) {
// If user is logged out, bp record will not be visible, even if the user would have access if logged in.
require_login();
}
$bprecord = $DB->get_record('block_positions', array('contextid' => $context->id, 'blockinstanceid' => $context->instanceid));
// User can't access file, if block is hidden or doesn't have block:view capability
if (($bprecord && !$bprecord->visible) || !has_capability('moodle/block:view', $context)) {