mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-22 00:42:54 +02:00
Code Issues Projects Releases Wiki Activity

MDL-56870 lib: block access to deleted module in require_login

Browse Source
This commit is contained in:
Jake Dallimore 2016-11-11 17:18:07 +08:00
parent b4d6669dd0
commit a428cf4ac8
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lang/en/error.php
View File

@ -22,6 +22,7 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['activityisscheduledfordeletion'] = 'Activity deletion in progress...';
$string['authnotexisting'] = 'The autorization plugin doesn\'t exist';
$string['backupcontainexternal'] = 'This backup file contains external Moodle Network Hosts that are not configured locally';
$string['backuptablefail'] = 'Backup tables could NOT be set up successfully!';

14
lib/moodlelib.php
View File

@ -2517,6 +2517,7 @@ function get_login_url() {
* @return mixed Void, exit, and die depending on path
* @throws coding_exception
* @throws require_login_exception
* @throws moodle_exception
*/
function require_login($courseorid = null, $autologinguest = true, $cm = null, $setwantsurltome = true, $preventredirect = false) {
global $CFG, $SESSION, $USER, $PAGE, $SITE, $DB, $OUTPUT;
@ -2684,8 +2685,8 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
// Make sure the USER has a sesskey set up. Used for CSRF protection.
sesskey();
// Do not bother admins with any formalities.
if (is_siteadmin()) {
// Do not bother admins with any formalities, except for activities pending deletion.
if (is_siteadmin() && !($cm && $cm->deletioninprogress)) {
// Set the global $COURSE.
if ($cm) {
$PAGE->set_cm($cm, $course);
@ -2873,6 +2874,15 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
}
}
// Check whether the activity has been scheduled for deletion. If so, then deny access, even for admins.
if ($cm && $cm->deletioninprogress) {
if ($preventredirect) {
throw new moodle_exception('activityisscheduledfordeletion');
}
require_once($CFG->dirroot . '/course/lib.php');
redirect(course_get_url($course), get_string('activityisscheduledfordeletion', 'error'));
}
// Check visibility of activity to current user; includes visible flag, conditional availability, etc.
if ($cm && !$cm->uservisible) {
if ($preventredirect) {