mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 16:32:18 +02:00
Code Issues Projects Releases Wiki Activity

MDL-40818 calendar: Require login to calendar pages

Browse Source 
* Make sure that the course ID being passed points to an existing course
* Require user to login before granting access to calendar pages.
This commit is contained in:
Jun Pataleta 2017-06-22 15:16:53 +08:00
parent f4a2d69631
commit fb1a615dfe
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
calendar/export.php
View File

@ -77,7 +77,8 @@ if (!empty($day) && !empty($mon) && !empty($year)) {
}
if ($courseid != SITEID && !empty($courseid)) {
$course = $DB->get_record('course', array('id' => $courseid));
// Course ID must be valid and existing.
$course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
$courses = array($course->id => $course);
$issite = false;
} else {
@ -85,7 +86,7 @@ if ($courseid != SITEID && !empty($courseid)) {
$courses = calendar_get_default_courses();
$issite = true;
}
require_course_login($course);
require_login($course, false);
$url = new moodle_url('/calendar/export.php', array('time' => $time));

6
calendar/managesubscriptions.php
View File

@ -45,13 +45,15 @@ $PAGE->set_pagelayout('admin');
$PAGE->navbar->add(get_string('managesubscriptions', 'calendar'));
if ($courseid != SITEID && !empty($courseid)) {
$course = $DB->get_record('course', array('id' => $courseid));
// Course ID must be valid and existing.
$course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
$courses = array($course->id => $course);
} else {
$course = get_site();
$courses = calendar_get_default_courses();
}
require_course_login($course);
require_login($course, false);
if (!calendar_user_can_add_event($course)) {
print_error('errorcannotimport', 'calendar');
}

5
calendar/view.php
View File

@ -85,7 +85,8 @@ $url->param('time', $time);
$PAGE->set_url($url);
if ($courseid != SITEID && !empty($courseid)) {
$course = $DB->get_record('course', array('id' => $courseid));
// Course ID must be valid and existing.
$course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
$courses = array($course->id => $course);
$issite = false;
navigation_node::override_active_url(new moodle_url('/course/view.php', array('id' => $course->id)));
@ -95,7 +96,7 @@ if ($courseid != SITEID && !empty($courseid)) {
$issite = true;
}
require_course_login($course);
require_login($course, false);
$calendar = new calendar_information(0, 0, 0, $time);
$calendar->prepare_for_view($course, $courses);