Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-36050

Block pluginfile URLs need to be improved so that the correct capability checks can be implemented

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Deferred
    • Icon: Major Major
    • DEV backlog
    • 2.3.2
    • Blocks
    • MOODLE_23_STABLE
    • Hide

      Don't show any secure content on sticky blocks.

      Show
      Don't show any secure content on sticky blocks.

      When a block gets displayed on a given page then a lot of useful information is available in $PAGE that can be used for has_capability checks. When we are serving images or other files that belong to a given block, then the only information we have available is the pluginfile.php URL.

      It seems from MDL-29762 that the pluginfile URL does not always contain all the information that is necessary to perform the correct permission checks.

            moodle.com Moodle HQ
            rajeshtaneja Rajesh Taneja
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.