Skip to content

Commit

Permalink
MDL-66377 user: Only allow active users to retrieve files via tokenpl…
Browse files Browse the repository at this point in the history 
…uginfile.php
  • Loading branch information
@jleyva
jleyva authored and Jenkins committed Nov 5, 2019
1 parent 6330d48 commit 6d51e13
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions lib/moodlelib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3258,6 +3258,8 @@ function require_user_key_login($script, $instance = null, $keyvalue = null) {
print_error('invaliduserid');
}

core_user::require_active_user($user, true, true);

// Emulate normal session.
enrol_check_plugins($user);
\core\session\manager::set_user($user);
Expand Down
1 change: 1 addition & 0 deletions tokenpluginfile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
$relativepath = ltrim($relativepath, '/');
$pathparts = explode('/', $relativepath, 2);
$token = $pathparts[0];
$token = clean_param($token, PARAM_ALPHANUM);
$relativepath = "/{$pathparts[1]}";
}

Expand Down

0 comments on commit 6d51e13

Please sign in to comment.