mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-15516 prvent access to deleted profiles and other user areas

Browse Source
This commit is contained in:
skodak 2008-07-05 14:52:39 +00:00
parent d6ace123f0
commit f5fc83e818
8 changed files with 60 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
blog/index.php
View File

@ -122,6 +122,13 @@ switch ($filtertype) {
if (!$user = $DB->get_record('user', array('id'=>$filterselect))) {
print_error('invaliduserid');
}
if ($user->deleted) {
print_header();
print_heading(get_string('userdeleted'));
print_footer();
die;
}
if ($USER->id == $filterselect) {
if (!has_capability('moodle/blog:create', $sitecontext)
and !has_capability('moodle/blog:view', $sitecontext)) {

9
course/user.php
View File

@ -21,9 +21,16 @@
print_error('invaliduserid', 'error');
}
//require_login($course);
require_login();
$COURSE = clone($course);
if ($user->deleted) {
print_header();
print_heading(get_string('userdeleted'));
print_footer();
die;
}
$coursecontext = get_context_instance(CONTEXT_COURSE, $id);
$personalcontext = get_context_instance(CONTEXT_USER, $user->id);

7
message/discussion.php
View File

@ -22,6 +22,13 @@
print_error('invaliduserid');
}
if ($user->deleted) {
print_header();
print_heading(get_string('userdeleted'));
print_footer();
die;
}
/// Check if frame&jsless mode selected
if (!get_user_preferences('message_noframesjs', 0) and !$noframesjs) {

7
mod/forum/user.php
View File

@ -33,6 +33,13 @@
require_course_login($course);
}
if ($user->deleted) {
print_header();
print_heading(get_string('userdeleted'));
print_footer($course);
die;
}
add_to_log($course->id, "forum", "user report",
"user.php?course=$course->id&id=$user->id&mode=$mode", "$user->id");

8
notes/index.php
View File

@ -37,6 +37,14 @@
}
$filtertype = 'user';
$filterselect = $user->id;
if ($user->deleted) {
print_header();
print_heading(get_string('userdeleted'));
print_footer();
die;
}
} else {
$filtertype = 'course';
$filterselect = $course->id;

7
user/edit.php
View File

@ -89,6 +89,13 @@
}
}
if ($user->deleted) {
print_header();
print_heading(get_string('userdeleted'));
print_footer($course);
die;
}
//load user preferences
useredit_load_preferences($user);

7
user/editadvanced.php
View File

@ -52,6 +52,13 @@
print_error('guestnoeditprofileother');
}
if ($user->deleted) {
print_header();
print_heading(get_string('userdeleted'));
print_footer($course);
die;
}
//load user preferences
useredit_load_preferences($user);

12
user/view.php
View File

@ -142,6 +142,10 @@
if ($user->deleted) {
print_heading(get_string('userdeleted'));
if (!has_capability('moodle/user:update', $coursecontext)) {
print_footer($course);
die;
}
}
/// OK, security out the way, now we are showing the user
@ -171,7 +175,9 @@
$currenttab = 'profile';
$showroles = 1;
include('tabs.php');
if (!$user->deleted) {
include('tabs.php');
}
if (is_mnet_remote_user($user)) {
$sql = "
@ -458,7 +464,7 @@
}
}
if ($USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $coursecontext) &&
if (!$user->deleted and $USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $coursecontext) &&
! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
echo '<div>';
@ -470,7 +476,7 @@
echo '</form>';
}
if (!empty($CFG->messaging) and !isguest() and has_capability('moodle/site:sendmessage', get_context_instance(CONTEXT_SYSTEM))) {
if (!$user->deleted and !empty($CFG->messaging) and !isguest() and has_capability('moodle/site:sendmessage', get_context_instance(CONTEXT_SYSTEM))) {
if (!empty($USER->id) and ($USER->id == $user->id)) {
if ($countmessages = $DB->count_records('message', array('useridto'=>$user->id))) {
$messagebuttonname = get_string("messages", "message")."($countmessages)";