Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-37852 repository: Prevent undesired access to repositories settings

  • Loading branch information...
commit 4a8da21c6272c7daf6330e2ea8405e716fa92ac2 1 parent 18329cb
Frédéric Massart FMCorz authored stronk7 committed
Showing with 8 additions and 1 deletion.
  1. +1 −1  repository/lib.php
  2. +7 −0 repository/manage_instances.php
2  repository/lib.php
View
@@ -1488,7 +1488,7 @@ public static function display_instances_list($context, $typename = null) {
//want to display only visible instances, but for every type types. The repository::get_instances()
//third parameter displays only visible type.
$params = array();
- $params['context'] = array($context, get_system_context());
+ $params['context'] = array($context);
$params['currentcontext'] = $context;
$params['onlyvisible'] = !$admin;
$params['type'] = $typename;
7 repository/manage_instances.php
View
@@ -150,6 +150,13 @@
if ($instance->readonly) {
throw new repository_exception('readonlyinstance', 'repository');
}
+ // System instances settings should not be accessible here.
+ $repocontext = context::instance_by_id($instance->instance->contextid);
+ if ($repocontext->contextlevel == CONTEXT_SYSTEM) {
+ throw new repository_exception('nopermissiontoaccess', 'repository');
+ }
+ // Check if we can read the content of the repository, if not exception is thrown.
+ $instance->check_capability();
$instancetype = repository::get_type_by_id($instance->options['typeid']);
$classname = 'repository_' . $instancetype->get_typename();
$configs = $instance->get_instance_option_names();
Please sign in to comment.
Something went wrong with that request. Please try again.