From 172ab48445a5aa25ba4816c5d5ebbf9bc1807ad3 Mon Sep 17 00:00:00 2001
From: Petr Skoda <skodak@moodle.org>
Date: Wed, 18 Aug 2010 22:29:40 +0000
Subject: [PATCH] MDL-23856 fixed invalid section restriction test

---
 pluginfile.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pluginfile.php b/pluginfile.php
index c62b413219526..36f75ea82371c 100644
--- a/pluginfile.php
+++ b/pluginfile.php
@@ -494,7 +494,11 @@
 
         $sectionid = (int)array_shift($args);
 
-        if ($course->numsections < $sectionid) {
+        if (!$section = $DB->get_record('course_sections', array('id'=>$sectionid, 'course'=>$course->id))) {
+            send_file_not_found();
+        }
+
+        if ($course->numsections < $section->section) {
             if (!has_capability('moodle/course:update', $context)) {
                 // disable access to invisible sections if can not edit course
                 // this is going to break some ugly hacks, but is necessary