diff --git a/mod/forum/rsslib.php b/mod/forum/rsslib.php index dc8fbf229c8..fd1f226da94 100644 --- a/mod/forum/rsslib.php +++ b/mod/forum/rsslib.php @@ -43,19 +43,30 @@ function forum_rss_get_feed($context, $args) { return null; } - if (!is_enrolled($context, null, 'mod/forum:viewdiscussion')) { + $forumid = $args[3]; + + $uservalidated = false; + + $cm = get_coursemodule_from_instance('forum', $forumid, 0, false, MUST_EXIST); + if ($cm) { + $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); + + //context id from db should match the submitted one + if ($context->id==$modcontext->id && has_capability('mod/forum:viewdiscussion', $modcontext)) { + $uservalidated = true; + } + } + + if (!$uservalidated) { return null; } - $forumid = $args[3]; $forum = $DB->get_record('forum', array('id' => $forumid), '*', MUST_EXIST); if (!rss_enabled('forum', $forum)) { return null; } - $cm = get_coursemodule_from_instance('forum', $forumid, 0, false, MUST_EXIST); - //the sql that will retreive the data for the feed and be hashed to get the cache filename $sql = forum_rss_get_sql($forum, $cm);