Permalink
Browse files

Fix for bug 4627:

Hide "change password" link in admin block if the user is restricted.
Not a security issue, as the script doesn't allow you to change your
password even if you go there by typing in the URL.

Credits for report & patch go to Joseph Rezeau.
  • Loading branch information...
1 parent 67f74d8 commit 5bb82b2c37c46734199c10002c5b77e27e544572 defacer committed Jan 28, 2006
Showing with 2 additions and 2 deletions.
  1. +2 −2 blocks/admin/block_admin.php
@@ -182,10 +182,10 @@ function load_content_for_course() {
}
$this->content->icons[]='<img src="'.$CFG->pixpath.'/i/user.gif" height="16" width="16" alt="" />';
- if (is_internal_auth()) {
+ if (is_internal_auth() && !is_restricted_user($USER->username)) {
$this->content->items[]='<a href="'.$CFG->wwwroot.'/login/change_password.php?id='.$this->instance->pageid.'">'.get_string('changepassword').'</a>';
$this->content->icons[]='<img src="'.$CFG->pixpath.'/i/user.gif" height="16" width="16" alt="" />';
- } else if ($CFG->changepassword) {
+ } else if ($CFG->changepassword && !is_restricted_user($USER->username)) {
$this->content->items[]='<a href="'.$CFG->changepassword.'">'.get_string('changepassword').'</a>';
$this->content->icons[]='<img src="'.$CFG->pixpath.'/i/user.gif" height="16" width="16" alt="" />';
}

0 comments on commit 5bb82b2

Please sign in to comment.