Skip to content
Permalink
Browse files

Avoid showing user popup to non authenticated users if user is not a …

…course teacher #security
  • Loading branch information...
ywarnier committed Feb 23, 2019
1 parent 13a8fbf commit e46377515fb33eb573c4bfcbcee173aac60c1393
Showing with 7 additions and 1 deletion.
  1. +7 −1 main/inc/ajax/user_manager.ajax.php
@@ -60,7 +60,13 @@
$userData = '<h3>'.$user_info['complete_name'].'</h3>'.$user_info['mail'].$user_info['official_code'];
if ($isAnonymous) {
echo $userData;
// Only allow anonymous users to see user popup if the popup user
// is a teacher (which might be necessary to illustrate a course)
if ($user_info['status'] === COURSEMANAGER) {
echo $userData;
} else {
echo '<h3>-</h3>';
}
} else {
echo Display::url(
$userData,

0 comments on commit e463775

Please sign in to comment.
You can’t perform that action at this time.