Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-11979 Forum subscriptions loop hole allowing users to subscribe t…

…o forums they should not have access to.
  • Loading branch information...
commit 01cbbbd70a563ecfb4795f13a848497911228991 1 parent 26966d4
dwoolhead authored
Showing with 3 additions and 0 deletions.
  1. +3 −0  mod/forum/subscribe.php
View
3  mod/forum/subscribe.php
@@ -94,6 +94,9 @@
!has_capability('mod/forum:managesubscriptions', $context)) {
error(get_string('disallowsubscribe'),$_SERVER["HTTP_REFERER"]);
}
+ if (!has_capability('mod/forum:viewdiscussion', $context)) {
+ error("Could not subscribe you to that forum", $_SERVER["HTTP_REFERER"]);
+ }
if (forum_subscribe($user->id, $forum->id) ) {
add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
redirect($returnto, get_string("nowsubscribed", "forum", $info), 1);
Please sign in to comment.
Something went wrong with that request. Please try again.