chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Avoid showing user popup to non authenticated users if user is not a course teacher #security

Browse Source
pull/2821/head
Yannick Warnier 7 years ago
parent 13a8fbf516
commit e46377515f
1 changed files with 7 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/inc/ajax/user_manager.ajax.php

8
main/inc/ajax/user_manager.ajax.php
Unescape View File

@ -60,7 +60,13 @@ switch ($action) {
$userData = '<h3>'.$user_info['complete_name'].'</h3>'.$user_info['mail'].$user_info['official_code'];
if ($isAnonymous) {
echo $userData;
// Only allow anonymous users to see user popup if the popup user
// is a teacher (which might be necessary to illustrate a course)
if ($user_info['status'] === COURSEMANAGER) {
echo $userData;
} else {
echo '<h3>-</h3>';
}
} else {
echo Display::url(
$userData,

Write Preview
Loading…
Cancel
Save