Even more automation: now blocks_execute_url_action() checks if the user

has sufficient rights to execute the action automatically. It's therefore safe to call without ANY checks being done first.
eSrem · Feb 1, 2005 · 3edc57e · 3edc57e
1 parent 0144a0a
commit 3edc57e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/blocklib.php b/lib/blocklib.php
@@ -482,7 +482,7 @@ function blocks_execute_action($page, &$pageblocks, $blockaction, $instanceorid)
 function blocks_execute_url_action(&$PAGE, &$pageblocks) {
     $blockaction = optional_param('blockaction');
 
-    if (empty($blockaction) || !confirm_sesskey()) {
+    if (empty($blockaction) || !$PAGE->user_allowed_editing() || !confirm_sesskey()) {
         return;
     }