← Back to branch summary

~ubuntu-branches/ubuntu/quantal/moodle/quantal

« back to all changes in this revision

Viewing changes to lib/filelib.php

  • Committer: Package Import Robot
  • Author(s): Didier Raboud
  • Date: 2012-09-28 12:52:21 UTC
  • mfrom: (3.1.22 sid)
  • Revision ID: package-import@ubuntu.com-20120928125221-uen8li1x8ynbmit2
Tags: 2.2.3.dfsg-2.3
http://bugs.debian.org/687924
* Non-maintainer upload.

* Backport multiple security issues from upstream's MOODLE_22_STABLE
  branch. (Closes: #687924)
  - MSA-12-0051: MDL-30792 - File upload size constraint issue
    Fixes CVE-2012-4400
  - MSA-12-0052: MDL-28207 - Course topics permission issue
    Fixes CVE-2012-4401
  - MSA-12-0053: MDL-34585 - Blog file access issue
    Fixes CVE-2012-4407
  - MSA-12-0054: MDL-34519 - Course reset permission issue
    Fixes CVE-2012-4408
  - MSA-12-0055: MDL-34368 - Web service access token issue
    Fixes CVE-2012-4402

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/filelib.php
3230
3230
            }
3231
3231
        }
3232
3232
 
3233
 
        if ('publishstate' === 'public') {
 
3233
        if ($entry->publishstate === 'public') {
3234
3234
            if ($CFG->forcelogin) {
3235
3235
                require_login();
3236
3236
            }
3237
3237
 
3238
 
        } else if ('publishstate' === 'site') {
 
3238
        } else if ($entry->publishstate === 'site') {
3239
3239
            require_login();
3240
3240
            //ok
3241
 
        } else if ('publishstate' === 'draft') {
 
3241
        } else if ($entry->publishstate === 'draft') {
3242
3242
            require_login();
3243
3243
            if ($USER->id != $entry->userid) {
3244
3244
                send_file_not_found();