From 3edc57e1899b0fc2ca15603b398b11ea8c591e52 Mon Sep 17 00:00:00 2001
From: defacer <defacer>
Date: Tue, 1 Feb 2005 06:55:02 +0000
Subject: [PATCH] Even more automation: now blocks_execute_url_action() checks
 if the user has sufficient rights to execute the action automatically. It's
 therefore safe to call without ANY checks being done first.

---
 lib/blocklib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/blocklib.php b/lib/blocklib.php
index ea0201bb929..c825a01a694 100644
--- a/lib/blocklib.php
+++ b/lib/blocklib.php
@@ -482,7 +482,7 @@ function blocks_execute_action($page, &$pageblocks, $blockaction, $instanceorid)
 function blocks_execute_url_action(&$PAGE, &$pageblocks) {
     $blockaction = optional_param('blockaction');
 
-    if (empty($blockaction) || !confirm_sesskey()) {
+    if (empty($blockaction) || !$PAGE->user_allowed_editing() || !confirm_sesskey()) {
         return;
     }