mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 21:49:15 +01:00
Code Issues Projects Releases Wiki Activity

MDL-16159 implemented missing access control and security code in course tags

Browse Source
This commit is contained in:
skodak 2008-08-21 20:29:42 +00:00
parent d352141e60
commit e562ecdc4b
5 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
blocks/tags/block_tags.php
View File

@ -75,8 +75,8 @@ class block_tags extends block_base {
require_once($CFG->dirroot.'/tag/coursetagslib.php');
// Permissions and page awareness
$sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
$isguest = has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false);
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
$isguest = has_capability('moodle/legacy:guest', $systemcontext, $USER->id, false);
$loggedin = isloggedin() && !$isguest;
$coursepage = $canedit = false;
$coursepage = (isset($COURSE->id) && $COURSE->id != SITEID);
@ -84,7 +84,7 @@ class block_tags extends block_base {
$sitepage = (isset($COURSE->id) && $COURSE->id == SITEID && !$mymoodlepage);
$coursecontext = get_context_instance(CONTEXT_COURSE, $COURSE->id);
if ($coursepage) {
$canedit = has_capability('moodle/tag:create', $sitecontext);
$canedit = has_capability('moodle/tag:create', $systemcontext);
}
// Check rss feed - temporarily removed until Dublin Core tags added
@ -237,6 +237,7 @@ class block_tags extends block_base {
<div style="display: none;">
<input type="hidden" name="entryid" value="$COURSE->id" />
<input type="hidden" name="userid" value="$USER->id" />
<input type="hidden" name="sesskey" value="$USER->sesskey" />
</div>
<div><label for="coursetag_new_tag">$tagthisunit</label></div>
<div class="coursetag_form_wrapper">

11
tag/coursetags_add.php
View File

@ -6,12 +6,21 @@
require_once('../config.php');
require_login();
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
require_capability('moodle/tag:create', $systemcontext);
if (empty($CFG->usetags)) {
print_error('tagsaredisabled', 'tag');
}
$keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);
$courseid = optional_param('entryid', 0, PARAM_INT);
$userid = optional_param('userid', 0, PARAM_INT);
$keyword = trim(strip_tags($keyword)); //better cleanup of user input is done later
if ($keyword) {
if ($keyword and confirm_sesskey()) {
require_once($CFG->dirroot.'/tag/coursetagslib.php');

6
tag/coursetags_edit.php
View File

@ -14,6 +14,12 @@ $courseid = optional_param('courseid', 0, PARAM_INT);
$keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);
$deltag = optional_param('del_tag', 0, PARAM_INT);
require_login();
if (empty($CFG->usetags)) {
print_error('tagsaredisabled', 'tag');
}
if ($courseid != SITEID) {
if (! ($course = $DB->get_record('course', array('id' => $courseid), '*')) ) {
print_error('invalidcourse');

4
tag/coursetags_more.php
View File

@ -13,6 +13,10 @@ $sort = optional_param('sort', 'alpha', PARAM_TEXT); //alpha, date or popularity
$show = optional_param('show', 'all', PARAM_TEXT); //all, my, official, community or course
$courseid = optional_param('courseid', 0, PARAM_INT);
if (empty($CFG->usetags)) {
print_error('tagsaredisabled', 'tag');
}
// Some things require logging in
if ($CFG->forcelogin or $show == 'my') {
require_login();

4
tag/search.php
View File

@ -3,12 +3,10 @@
require_once('../config.php');
require_once('lib.php');
require_once('locallib.php');
require_once($CFG->dirroot.'/lib/weblib.php');
global $CFG;
require_login();
if( empty($CFG->usetags)) {
if (empty($CFG->usetags)) {
print_error('tagsaredisabled', 'tag');
}