chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Minor - validate that course and user exists.

Browse Source
pull/3766/head^2
Julio Montoya 5 years ago
parent 2345661c50
commit 95de4c894b
1 changed files with 8 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      main/inc/lib/auth.lib.php

10
main/inc/lib/auth.lib.php
Unescape View File

@ -309,14 +309,18 @@ class Auth
// protect variables // protect variables
$current_user_id = api_get_user_id(); $current_user_id = api_get_user_id();
$course_code = Database::escape_string($course_code); $course_code = Database::escape_string($course_code);
$result = true;
$courseInfo = api_get_course_info($course_code); $courseInfo = api_get_course_info($course_code);
// Check if course can be unsubscribe if (empty($courseInfo) || empty($current_user_id)) {
return false;
}
// Check if course can be unsubscribe.
if ('1' !== $courseInfo['unsubscribe']) { if ('1' !== $courseInfo['unsubscribe']) {
return false; return false;
} }
$courseId = $courseInfo['real_id']; $courseId = $courseInfo['real_id'];
// we check (once again) if the user is not course administrator // we check (once again) if the user is not course administrator
@ -329,6 +333,8 @@ class Auth
status='1' "; status='1' ";
$result_check = Database::query($sql); $result_check = Database::query($sql);
$number_of_rows = Database::num_rows($result_check); $number_of_rows = Database::num_rows($result_check);
$result = true;
if ($number_of_rows > 0) { if ($number_of_rows > 0) {
$result = false; $result = false;
} }

Write Preview
Loading…
Cancel
Save