Moodle
  1. Moodle
  2. MDL-2733

Hidden lessons are available vía URL

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.4.4
    • Fix Version/s: None
    • Component/s: Lesson
    • Labels:
      None
    • Environment:
      All
    • Affected Branches:
      MOODLE_14_STABLE
    • Rank:
      10655

      Description

      No check is done inside lesson/view.php at all!

        Activity

        Hide
        Martin Dougiamas added a comment -

        From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 01:00 AM:

        I take it just now!

        From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 01:59 AM:

        They have always been accessible like this. That hidden activities and resources are completely inaccessible is a new feature in Moodle 1.5

        From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 02:05 AM:

        Yeah, I've seen the new requiere_login() code but other activities have been protected (at least partially) before 1.5 too!

        Now, I've applied the pre-1.5 standard protection to 14_STABLE and the standard one to 1.5.

        Is this Ok, or am I missing anything?

        Ciao

        From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 02:26 AM:

        Thanks for fixing that. For some unknown reason Michael Penney changed this on 23 Feb. I will email him to ask him whether he has changed that on other pages as well. Maybe he didn't know why the require_login() had changed.

        Show
        Martin Dougiamas added a comment - From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 01:00 AM: I take it just now! From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 01:59 AM: They have always been accessible like this. That hidden activities and resources are completely inaccessible is a new feature in Moodle 1.5 From Eloy Lafuente (stronk7 at moodle.org) Sunday, 13 March 2005, 02:05 AM: Yeah, I've seen the new requiere_login() code but other activities have been protected (at least partially) before 1.5 too! Now, I've applied the pre-1.5 standard protection to 14_STABLE and the standard one to 1.5. Is this Ok, or am I missing anything? Ciao From Gustav Delius (gwd2 at york.ac.uk) Sunday, 13 March 2005, 02:26 AM: Thanks for fixing that. For some unknown reason Michael Penney changed this on 23 Feb. I will email him to ask him whether he has changed that on other pages as well. Maybe he didn't know why the require_login() had changed.
        Hide
        Michael Blake added a comment -

        assign to a valid user

        Show
        Michael Blake added a comment - assign to a valid user

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: