moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-11979 Forum subscriptions loop hole allowing users to subscribe to forums they should not have access to.

Browse source
This commit is contained in:
dwoolhead 2007-11-16 16:31:00 +00:00
parent 26966d4026
commit 01cbbbd70a
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
mod/forum/subscribe.php
View file

@ -94,6 +94,9 @@
!has_capability('mod/forum:managesubscriptions', $context)) { !has_capability('mod/forum:managesubscriptions', $context)) {
error(get_string('disallowsubscribe'),$_SERVER["HTTP_REFERER"]); error(get_string('disallowsubscribe'),$_SERVER["HTTP_REFERER"]);
} }
if (!has_capability('mod/forum:viewdiscussion', $context)) {
error("Could not subscribe you to that forum", $_SERVER["HTTP_REFERER"]);
}
if (forum_subscribe($user->id, $forum->id) ) { if (forum_subscribe($user->id, $forum->id) ) {
add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id); add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
redirect($returnto, get_string("nowsubscribed", "forum", $info), 1); redirect($returnto, get_string("nowsubscribed", "forum", $info), 1);