mirror of
https://github.com/moodle/moodle.git
synced 2025-02-13 12:34:28 +01:00
8d8d0bfaae
This was visible when, for example, unusual role definitions meant that someone could access a forum without being enrolled in a course. Note that one of the places that was previously broken was front page forums. Since subscribers.php does not do paging at all, the fact that I have fixed this bug makes this page dangerous on large sites. A proper solution will have to wait until bug 17550 is fixed in HEAD. This also fixes a minor problem introduced by MDL-12979.
71 lines
2.8 KiB
HTML
71 lines
2.8 KiB
HTML
|
|
<form id="subscriberform" method="post" action="subscribers.php">
|
|
<input type="hidden" name="id" value="<?php echo $id?>" />
|
|
<table align="center" border="0" cellpadding="5" cellspacing="0">
|
|
<tr>
|
|
<td valign="top">
|
|
<?php echo count($subscribers) . " ". $strexistingsubscribers ?>
|
|
</td>
|
|
<td></td>
|
|
<td valign="top">
|
|
<?php echo $strpotentialsubscribers ?>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td valign="top">
|
|
<select name="removeselect[]" size="20" id="removeselect" multiple="multiple"
|
|
onFocus="getElementById('subscriberform').add.disabled=true;
|
|
getElementById('subscriberform').remove.disabled=false;
|
|
getElementById('subscriberform').addselect.selectedIndex=-1;">
|
|
<?php
|
|
foreach ($subscribers as $subscriber) {
|
|
$fullname = fullname($subscriber, true);
|
|
echo "<option value=\"$subscriber->id\">".$fullname.", ".$subscriber->email."</option>\n";
|
|
}
|
|
?>
|
|
|
|
</select></td>
|
|
<td valign="top">
|
|
<br />
|
|
<input name="add" type="submit" id="add" value="←" />
|
|
<br />
|
|
<input name="remove" type="submit" id="remove" value="→" />
|
|
<br />
|
|
</td>
|
|
<td valign="top">
|
|
<select name="addselect[]" size="20" id="addselect" multiple="multiple"
|
|
onFocus="getElementById('subscriberform').add.disabled=false;
|
|
getElementById('subscriberform').remove.disabled=true;
|
|
getElementById('subscriberform').removeselect.selectedIndex=-1;">
|
|
<?php
|
|
if (isset($searchusers)) {
|
|
echo "<optgroup label=\"$strsearchresults (" . count($searchusers) . ")\">\n";
|
|
foreach ($searchusers as $user) {
|
|
$fullname = fullname($user, true);
|
|
echo "<option value=\"$user->id\">".$fullname.", ".$user->email."</option>\n";
|
|
}
|
|
echo "</optgroup>\n";
|
|
}
|
|
if (!empty($users)) {
|
|
foreach ($users as $user) {
|
|
$fullname = fullname($user, true);
|
|
echo "<option value=\"$user->id\">".$fullname.", ".$user->email."</option>\n";
|
|
}
|
|
}
|
|
?>
|
|
</select>
|
|
<br />
|
|
<input type="text" name="searchtext" size="30" value="<?php p($searchtext, true) ?>" />
|
|
<input name="search" id="search" type="submit" value="<?php p($strsearch) ?>" />
|
|
<?php
|
|
if (isset($searchusers)) {
|
|
echo '<input name="showall" id="showall" type="submit" value="'.s($strshowall).'" />'."\n";
|
|
}
|
|
?>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
|
|
|