diff --git a/lib/accesslib.php b/lib/accesslib.php index 7047e4fadd0..5afc5391aea 100755 --- a/lib/accesslib.php +++ b/lib/accesslib.php @@ -356,20 +356,8 @@ function has_capability($capability, $context, $userid=NULL, $doanything=true) { /// Some sanity checks if (debugging('',DEBUG_DEVELOPER)) { - static $capsnames = null; // one request per page only - - if (is_null($capsnames)) { - if ($caps = $DB->get_records('capabilities', null, '', 'id, name')) { - $capsnames = array(); - foreach ($caps as $cap) { - $capsnames[$cap->name] = true; - } - } - } - if ($capsnames) { // ignore if can not fetch caps - if (!isset($capsnames[$capability])) { - debugging('Capability "'.$capability.'" was not found! This should be fixed in code.'); - } + if (!is_valid_capability($capability)) { + debugging('Capability "'.$capability.'" was not found! This should be fixed in code.'); } if (!is_bool($doanything)) { debugging('Capability parameter "doanything" is wierd ("'.$doanything.'"). This should be fixed in code.'); @@ -3665,6 +3653,17 @@ function get_related_contexts_string($context) { } } +function is_valid_capability($capabilityname) { + static $capsnames = null; // one request per page only + + if (is_null($capsnames)) { + global $DB; + $capsnames = $DB->get_records_menu('capabilities', null, '', 'name, 1'); + } + + return array_key_exists($capabilityname, $capsnames); +} + /** * Returns the human-readable, translated version of the capability. * Basically a big switch statement. diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 97839e77ef6..78c9fb49022 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -240,6 +240,11 @@ define('PARAM_PEM', 0x10000); */ define('PARAM_BASE64', 0x20000); +/** + * PARAM_CAPABILITY - A capability name, like 'moodle/role:manage'. Actually + * checked against the list of capabilties in the database. + */ +define('PARAM_CAPABILITY', 0x40000); /// Page types /// /** @@ -600,6 +605,13 @@ function clean_param($param, $type) { return ''; } + case PARAM_CAPABILITY: + if (is_valid_capability($param)) { + return $param; + } else { + return ''; + } + default: // throw error, switched parameters in optional_param or another serious problem print_error("unknowparamtype", '', '', $type); }