mirror of
https://github.com/moodle/moodle.git
synced 2025-01-18 22:08:20 +01:00
39d2c68856
Before this patch, we only checked that the given provider has been configured in the user or system preferences. However, if the provider's component is disabled, it does not even appear in these preferences. Additionally, there was no check that the message / notification provider is among providers allowed to be consumed by the recipient. The patch checks that the message origin is among providers returned by the message_get_providers_for_user() so disabled plugins can't act as sources of messages and users can't receive messages from providers they do not have capability for. This mitigates the risk of abusing a plugin as a source of spam, for example. Unit test is fixed and extended. When the $CFG->messaging is disabled, no messages between users should be sent (I can't understand why the unit test was written in an opposite way). Added assertions for the raised debugging message.