Index: file.php
===================================================================
RCS file: /cvsroot/moodle/moodle/file.php,v
retrieving revision 1.46.2.5
diff -u -r1.46.2.5 file.php
--- file.php	9 Apr 2009 09:30:32 -0000	1.46.2.5
+++ file.php	12 Nov 2010 22:15:04 -0000
@@ -88,6 +88,17 @@
         }
     }
 
+    // security: only editing teachers can access AICC/SCORM packages
+    if ((2 == count($args))
+        and in_array(strtolower(substr(basename($args[1]),strrpos(basename($args[1]),'.'))), array('.pif', '.zip'))) {
+        $scorm = get_record('scorm', 'reference', basename($args[1]));
+        if ($scorm and !has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $course->id))) {
+            error('Access not allowed');
+        } else {
+            $lifetime = 0; //disable browser caching for backups 
+        }
+    }
+
     if (is_dir($pathname)) {
         if (file_exists($pathname.'/index.html')) {
             $pathname = rtrim($pathname, '/').'/index.html';