Skip to content

Commit

Permalink
MDL-19882 Add missing require_login-s before require_capability.
Browse files Browse the repository at this point in the history
  • Loading branch information
tjhunt committed Jul 20, 2009
1 parent 9097fa2 commit ebff477
Show file tree
Hide file tree
Showing 11 changed files with 22 additions and 13 deletions.
1 change: 1 addition & 0 deletions admin/uploaduser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
@apache_child_terminate();
}

require_login();
admin_externalpage_setup('uploadusers');
require_capability('moodle/site:uploadusers', get_context_instance(CONTEXT_SYSTEM));

Expand Down
1 change: 1 addition & 0 deletions admin/user/user_bulk_confirm.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

$confirm = optional_param('confirm', 0, PARAM_BOOL);

require_login();
admin_externalpage_setup('userbulk');
require_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM));

Expand Down
1 change: 1 addition & 0 deletions admin/user/user_bulk_delete.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

$confirm = optional_param('confirm', 0, PARAM_BOOL);

require_login();
admin_externalpage_setup('userbulk');
require_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM));

Expand Down
1 change: 1 addition & 0 deletions admin/user/user_bulk_download.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

$format = optional_param('format', '', PARAM_ALPHA);

require_login();
admin_externalpage_setup('userbulk');
require_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM));

Expand Down
1 change: 1 addition & 0 deletions admin/user/user_bulk_enrol.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
$sort = optional_param('sort', 'fullname', PARAM_ALPHA); //Sort by full name
$dir = optional_param('dir', 'asc', PARAM_ALPHA); //Order to sort (ASC)

require_login();
admin_externalpage_setup('userbulk');
require_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM));
$return = $CFG->wwwroot.'/'.$CFG->admin.'/user/user_bulk.php';
Expand Down
1 change: 1 addition & 0 deletions admin/user/user_bulk_message.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
$msg = optional_param('msg', '', PARAM_CLEAN);
$confirm = optional_param('confirm', 0, PARAM_BOOL);

require_login();
admin_externalpage_setup('userbulk');
require_capability('moodle/site:readallmessages', get_context_instance(CONTEXT_SYSTEM));

Expand Down
18 changes: 9 additions & 9 deletions course/category.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,6 @@
$moveto = optional_param('moveto', 0, PARAM_INT);
$resort = optional_param('resort', 0, PARAM_BOOL);

if ($CFG->forcelogin) {
require_login();
}

if (!$site = get_site()) {
print_error('siteisnotdefined', 'debug');
}
Expand All @@ -33,21 +29,25 @@
$context = $PAGE->context;
$category = $PAGE->category;

if (!$category->visible) {
require_capability('moodle/category:viewhiddencategories', $context);
}

if (update_category_button($category->id)) {
if ($categoryedit !== -1) {
$USER->editing = $categoryedit;
}
$editingon = $PAGE->user_is_editing();
require_login();
$navbaritem = update_category_button($category->id); // Must call this again after updating the state.
$editingon = $PAGE->user_is_editing();
} else {
if ($CFG->forcelogin) {
require_login();
}
$navbaritem = print_course_search('', true, 'navbar');
$editingon = false;
}

if (!$category->visible) {
require_capability('moodle/category:viewhiddencategories', $context);
}

// Process any category actions.
if (has_capability('moodle/category:manage', $context)) {
/// Resort the category if requested
Expand Down
8 changes: 4 additions & 4 deletions course/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,6 @@
$moveup = optional_param('moveup',0,PARAM_INT);
$movedown = optional_param('movedown',0,PARAM_INT);

if ($CFG->forcelogin) {
require_login();
}

if (!$site = get_site()) {
print_error('siteisnotdefined', 'debug');
}
Expand All @@ -31,8 +27,12 @@
if ($categoryedit !== -1) {
$USER->editing = $categoryedit;
}
require_login();
$adminediting = $PAGE->user_is_editing();
} else {
if ($CFG->forcelogin) {
require_login();
}
$adminediting = false;
}

Expand Down
1 change: 1 addition & 0 deletions enrol/mnet/allowed_courses.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
$addcourse = optional_param('addcourse', 0, PARAM_BOOL);
$removecourse = optional_param('removecourse', 0, PARAM_BOOL);

require_login();
$sitecontext = get_context_instance(CONTEXT_SYSTEM);
$sesskey = sesskey();
$formerror = array();
Expand Down
1 change: 1 addition & 0 deletions login/change_password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

// do not require change own password cap if change forced
if (!get_user_preferences('auth_forcepasswordchange', false)) {
require_login();
require_capability('moodle/user:changeownpassword', $systemcontext);
}

Expand Down
1 change: 1 addition & 0 deletions mnet/testclient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
}

// Site admins only, thanks.
require_login();
$context = get_context_instance(CONTEXT_SYSTEM);
require_capability('moodle/site:config', $context);

Expand Down

0 comments on commit ebff477

Please sign in to comment.