Moodle
  1. Moodle
  2. MDL-2733

Hidden lessons are available vía URL

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.4.4
    • Fix Version/s: None
    • Component/s: Lesson
    • Labels:
      None
    • Environment:
      All
    • Affected Branches:
      MOODLE_14_STABLE

      Description

      No check is done inside lesson/view.php at all!

        Gliffy Diagrams

          Activity

          Hide
          Martin Dougiamas added a comment -

          From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 01:00 AM:

          I take it just now!

          From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 01:59 AM:

          They have always been accessible like this. That hidden activities and resources are completely inaccessible is a new feature in Moodle 1.5

          From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 02:05 AM:

          Yeah, I've seen the new requiere_login() code but other activities have been protected (at least partially) before 1.5 too!

          Now, I've applied the pre-1.5 standard protection to 14_STABLE and the standard one to 1.5.

          Is this Ok, or am I missing anything?

          Ciao

          From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 02:26 AM:

          Thanks for fixing that. For some unknown reason Michael Penney changed this on 23 Feb. I will email him to ask him whether he has changed that on other pages as well. Maybe he didn't know why the require_login() had changed.

          Show
          Martin Dougiamas added a comment - From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 01:00 AM: I take it just now! From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 01:59 AM: They have always been accessible like this. That hidden activities and resources are completely inaccessible is a new feature in Moodle 1.5 From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 02:05 AM: Yeah, I've seen the new requiere_login() code but other activities have been protected (at least partially) before 1.5 too! Now, I've applied the pre-1.5 standard protection to 14_STABLE and the standard one to 1.5. Is this Ok, or am I missing anything? Ciao From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 02:26 AM: Thanks for fixing that. For some unknown reason Michael Penney changed this on 23 Feb. I will email him to ask him whether he has changed that on other pages as well. Maybe he didn't know why the require_login() had changed.
          Hide
          Michael Blake added a comment -

          assign to a valid user

          Show
          Michael Blake added a comment - assign to a valid user

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: