From e512dd24114971af9add5b34207ea2aafbfcda8f Mon Sep 17 00:00:00 2001
From: NicoDucou <nicolas@ldd.fr>
Date: Wed, 3 Jan 2024 12:03:46 +0100
Subject: [PATCH] Session: Block access for all to session's about page -refs
 BT#21298

---
 main/install/configuration.dist.php | 3 +++
 main/session/about.php              | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
index 4471f76534..0868bb712c 100644
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@@ -2521,3 +2521,6 @@ INSERT INTO extra_field_options (field_id, option_value, display_text, priority,
 // login/passwords in the main login form. Browsers might choose not to
 // support this feature.
 //$_configuration['security_login_autocomplete_disable'] = false;
+
+// Block session about page access for all users
+// $_configuration['session_about_block_all_access'] = false;
diff --git a/main/session/about.php b/main/session/about.php
index 46b0d0241f..0761e2987f 100644
--- a/main/session/about.php
+++ b/main/session/about.php
@@ -20,7 +20,7 @@ $cidReset = true;
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-if (api_get_setting('course_catalog_published') != 'true' && api_is_anonymous()) {
+if ((api_get_setting('course_catalog_published') != 'true' && api_is_anonymous()) || api_get_configuration_value('session_about_block_all_access') == 'true') {
     api_not_allowed(true);
 }