Permalink
Browse files

MDL-15403: Patch sent by Peter Bulmer, said to have been written by D…

…onal McMullan. Prevents a remotely-triggered mass-unenrolments of users in a

(mnet-enabled) course. (backport from 1.9)
  • Loading branch information...
scyrma
scyrma committed Jul 9, 2008
1 parent 70e5759 commit 73ef9f11ba1f059c399e58ff917da417bab6b17d
Showing with 10 additions and 5 deletions.
  1. +10 −5 enrol/mnet/enrol.php
View
@@ -305,6 +305,9 @@ function enrol_user($user, $courseid) {
$userrecord = get_record('user','username',addslashes($user['username']), 'mnethostid',$MNET_REMOTE_CLIENT->id);
if ($userrecord == false) {
// We should at least be checking that we allow the remote
// site to create users
// TODO: more rigour here thanks!
$userrecord = new stdClass();
$userrecord->username = addslashes($user['username']);
$userrecord->email = addslashes($user['email']);
@@ -342,20 +345,23 @@ function enrol_user($user, $courseid) {
* @param int $courseid The id of the local course
* @return bool Whether the user can login from the remote host
*/
function unenrol_user($user, $courseid) {
function unenrol_user($username, $courseid) {
global $MNET_REMOTE_CLIENT;
$userrecord = get_record('user','username',$user['username'], 'mnethostid',$MNET_REMOTE_CLIENT->id);
$userrecord = get_record('user', 'username', addslashes($username), 'mnethostid', $MNET_REMOTE_CLIENT->id);
if ($userrecord == false) {
return false;
// TODO: Error out
}
if (! $course = get_record('course', 'id', $courseid) ) {
return false;
// TODO: Error out
}
if (! $context = get_context_instance(CONTEXT_COURSE, $course->id)) {
return false;
// TODO: Error out (Invalid context)
}
@@ -566,8 +572,7 @@ function req_unenrol_user($userid, $courseid) {
require_once $CFG->dirroot . '/mnet/xmlrpc/client.php';
// in case the remote host doesn't have it
$user = get_record('user', 'id', $userid, '','','','', 'username, email');
$user = $user->username;
$username = get_field('user', 'username', 'id', $userid);
$course = get_record('mnet_enrol_course', 'id', $courseid);
@@ -578,7 +583,7 @@ function req_unenrol_user($userid, $courseid) {
// set up the RPC request
$mnetrequest = new mnet_xmlrpc_client();
$mnetrequest->set_method('enrol/mnet/enrol.php/unenrol_user');
$mnetrequest->add_param($user);
$mnetrequest->add_param($username);
$mnetrequest->add_param($course->remoteid);
// TODO - prevent removal of enrolments that are not of

0 comments on commit 73ef9f1

Please sign in to comment.