moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-06 01:16:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-56870 lib: block access to deleted module in require_login

Browse source
This commit is contained in:
Jake Dallimore 2016-11-11 17:18:07 +08:00
parent b4d6669dd0
commit a428cf4ac8
2 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lang/en/error.php
View file

@ -22,6 +22,7 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/ */
$string['activityisscheduledfordeletion'] = 'Activity deletion in progress...';
$string['authnotexisting'] = 'The autorization plugin doesn\'t exist'; $string['authnotexisting'] = 'The autorization plugin doesn\'t exist';
$string['backupcontainexternal'] = 'This backup file contains external Moodle Network Hosts that are not configured locally'; $string['backupcontainexternal'] = 'This backup file contains external Moodle Network Hosts that are not configured locally';
$string['backuptablefail'] = 'Backup tables could NOT be set up successfully!'; $string['backuptablefail'] = 'Backup tables could NOT be set up successfully!';

14
lib/moodlelib.php
View file

@ -2517,6 +2517,7 @@ function get_login_url() {
* @return mixed Void, exit, and die depending on path * @return mixed Void, exit, and die depending on path
* @throws coding_exception * @throws coding_exception
* @throws require_login_exception * @throws require_login_exception
* @throws moodle_exception
*/ */
function require_login($courseorid = null, $autologinguest = true, $cm = null, $setwantsurltome = true, $preventredirect = false) { function require_login($courseorid = null, $autologinguest = true, $cm = null, $setwantsurltome = true, $preventredirect = false) {
global $CFG, $SESSION, $USER, $PAGE, $SITE, $DB, $OUTPUT; global $CFG, $SESSION, $USER, $PAGE, $SITE, $DB, $OUTPUT;
@ -2684,8 +2685,8 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
// Make sure the USER has a sesskey set up. Used for CSRF protection. // Make sure the USER has a sesskey set up. Used for CSRF protection.
sesskey(); sesskey();
// Do not bother admins with any formalities. // Do not bother admins with any formalities, except for activities pending deletion.
if (is_siteadmin()) { if (is_siteadmin() && !($cm && $cm->deletioninprogress)) {
// Set the global $COURSE. // Set the global $COURSE.
if ($cm) { if ($cm) {
$PAGE->set_cm($cm, $course); $PAGE->set_cm($cm, $course);
@ -2873,6 +2874,15 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
} }
} }
// Check whether the activity has been scheduled for deletion. If so, then deny access, even for admins.
if ($cm && $cm->deletioninprogress) {
if ($preventredirect) {
throw new moodle_exception('activityisscheduledfordeletion');
}
require_once($CFG->dirroot . '/course/lib.php');
redirect(course_get_url($course), get_string('activityisscheduledfordeletion', 'error'));
}
// Check visibility of activity to current user; includes visible flag, conditional availability, etc. // Check visibility of activity to current user; includes visible flag, conditional availability, etc.
if ($cm && !$cm->uservisible) { if ($cm && !$cm->uservisible) {
if ($preventredirect) { if ($preventredirect) {