[LON-CAPA-cvs] cvs: modules /gerd/loncapa_lernmodule/loncapa studip.pm
www
www at source.lon-capa.org
Thu Aug 30 11:22:29 EDT 2012
www Thu Aug 30 15:22:29 2012 EDT
Modified files:
/modules/gerd/loncapa_lernmodule/loncapa studip.pm
Log:
Make sure the student is really in the course they claim to be in
Index: modules/gerd/loncapa_lernmodule/loncapa/studip.pm
diff -u modules/gerd/loncapa_lernmodule/loncapa/studip.pm:1.5 modules/gerd/loncapa_lernmodule/loncapa/studip.pm:1.6
--- modules/gerd/loncapa_lernmodule/loncapa/studip.pm:1.5 Thu Aug 30 14:25:53 2012
+++ modules/gerd/loncapa_lernmodule/loncapa/studip.pm Thu Aug 30 15:22:29 2012
@@ -7,7 +7,7 @@
#
# Landing point for incoming StudIP requests
#
-# $Id: studip.pm,v 1.5 2012/08/30 14:25:53 www Exp $
+# $Id: studip.pm,v 1.6 2012/08/30 15:22:29 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -157,15 +157,15 @@
my ($r, $params, $query_string) = @_;
if($query_string){
- &Apache::loncommon::get_unprocessed_cgi($query_string, ['token']);
+ &Apache::loncommon::get_unprocessed_cgi($query_string, ['token','courseid','systemid']);
}
if(!$env{'form.token'}){
return &error_msg($r, HTTP_UNAUTHORIZED);
}
- # verify stuidp session
- my($error, $returned) = &make_studip_call('get_session_username', $env{'form.token'});
+ # verify stuidp session and course membership
+ my($error, $returned) = &make_studip_call('validate_seminar_permission',$env{'form.token'},$env{'form.courseid'},'autor');
if($error){
&Apache::loncommon::content_type($r,'text/html');
@@ -182,6 +182,8 @@
#return &error_msg($r, HTTP_UNAUTHORIZED);
}
+
+
my $user = &LONCAPA::clean_username($rawuser);
unless ($user eq $rawuser) {
More information about the LON-CAPA-cvs
mailing list