diff --git a/blocks/tags/block_tags.php b/blocks/tags/block_tags.php
index 4aff6fc9fea..71b97244614 100644
--- a/blocks/tags/block_tags.php
+++ b/blocks/tags/block_tags.php
@@ -75,8 +75,8 @@ class block_tags extends block_base {
require_once($CFG->dirroot.'/tag/coursetagslib.php');
// Permissions and page awareness
- $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
- $isguest = has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false);
+ $systemcontext = get_context_instance(CONTEXT_SYSTEM);
+ $isguest = has_capability('moodle/legacy:guest', $systemcontext, $USER->id, false);
$loggedin = isloggedin() && !$isguest;
$coursepage = $canedit = false;
$coursepage = (isset($COURSE->id) && $COURSE->id != SITEID);
@@ -84,7 +84,7 @@ class block_tags extends block_base {
$sitepage = (isset($COURSE->id) && $COURSE->id == SITEID && !$mymoodlepage);
$coursecontext = get_context_instance(CONTEXT_COURSE, $COURSE->id);
if ($coursepage) {
- $canedit = has_capability('moodle/tag:create', $sitecontext);
+ $canedit = has_capability('moodle/tag:create', $systemcontext);
}
// Check rss feed - temporarily removed until Dublin Core tags added
@@ -237,6 +237,7 @@ class block_tags extends block_base {
+
diff --git a/tag/coursetags_add.php b/tag/coursetags_add.php
index 6154c9a21cd..268f6e74685 100644
--- a/tag/coursetags_add.php
+++ b/tag/coursetags_add.php
@@ -6,12 +6,21 @@
require_once('../config.php');
+require_login();
+
+$systemcontext = get_context_instance(CONTEXT_SYSTEM);
+require_capability('moodle/tag:create', $systemcontext);
+
+if (empty($CFG->usetags)) {
+ print_error('tagsaredisabled', 'tag');
+}
+
$keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);
$courseid = optional_param('entryid', 0, PARAM_INT);
$userid = optional_param('userid', 0, PARAM_INT);
$keyword = trim(strip_tags($keyword)); //better cleanup of user input is done later
-if ($keyword) {
+if ($keyword and confirm_sesskey()) {
require_once($CFG->dirroot.'/tag/coursetagslib.php');
diff --git a/tag/coursetags_edit.php b/tag/coursetags_edit.php
index 68375cbeb86..36c8efbff75 100644
--- a/tag/coursetags_edit.php
+++ b/tag/coursetags_edit.php
@@ -14,6 +14,12 @@ $courseid = optional_param('courseid', 0, PARAM_INT);
$keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);
$deltag = optional_param('del_tag', 0, PARAM_INT);
+require_login();
+
+if (empty($CFG->usetags)) {
+ print_error('tagsaredisabled', 'tag');
+}
+
if ($courseid != SITEID) {
if (! ($course = $DB->get_record('course', array('id' => $courseid), '*')) ) {
print_error('invalidcourse');
diff --git a/tag/coursetags_more.php b/tag/coursetags_more.php
index 22cab395eab..0c34b131a9a 100644
--- a/tag/coursetags_more.php
+++ b/tag/coursetags_more.php
@@ -13,6 +13,10 @@ $sort = optional_param('sort', 'alpha', PARAM_TEXT); //alpha, date or popularity
$show = optional_param('show', 'all', PARAM_TEXT); //all, my, official, community or course
$courseid = optional_param('courseid', 0, PARAM_INT);
+if (empty($CFG->usetags)) {
+ print_error('tagsaredisabled', 'tag');
+}
+
// Some things require logging in
if ($CFG->forcelogin or $show == 'my') {
require_login();
diff --git a/tag/search.php b/tag/search.php
index 92afd87afe5..2b563c8cf5c 100644
--- a/tag/search.php
+++ b/tag/search.php
@@ -3,12 +3,10 @@
require_once('../config.php');
require_once('lib.php');
require_once('locallib.php');
-require_once($CFG->dirroot.'/lib/weblib.php');
-global $CFG;
require_login();
-if( empty($CFG->usetags)) {
+if (empty($CFG->usetags)) {
print_error('tagsaredisabled', 'tag');
}