1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## msa08003_login-as.dpatch by Kees Cook <kees@ubuntu.com>
4
## All lines beginning with `## DP:' are a description of the patch.
5
## DP: Fix insufficient access control in "Login as" feature (MSA-08-0003).
6
## DP: Thanks to Dan Poltawski.
9
diff -Nru moodle-1.8.2/course/loginas.php moodle-1.8.2.dfsg/course/loginas.php
10
--- moodle-1.8.2/course/loginas.php 2007-03-19 19:28:12.000000000 -0700
11
+++ moodle-1.8.2.dfsg/course/loginas.php 2009-02-12 11:09:06.000000000 -0800
13
print_error('nologinas');
15
$context = $systemcontext;
16
- } else if (has_capability('moodle/user:loginas', $coursecontext)) {
18
require_login($course);
19
+ require_capability('moodle/user:loginas', $coursecontext);
20
if (!has_capability('moodle/course:view', $coursecontext, $userid, false)) {
21
error('This user is not in this course!');