Use the actual group ID on on the interaction delete page, rather than the...

Use the actual group ID on on the interaction delete page, rather than the interaction ID. Fixes #2241. This was potentially a small security hole too - before, it would allow users who had permissions to delete a forum with an ID the same as an interaction they were allowed control over. But it's a terribly blind attack at the best of times.

Use the actual group ID on on the interaction delete page, rather than the...
Use the actual group ID on on the interaction delete page, rather than the interaction ID. Fixes #2241. This was potentially a small security hole too - before, it would allow users who had permissions to delete a forum with an ID the same as an interaction they were allowed control over. But it's a terribly blind attack at the best of times.
d265d0b2 · Nigel McNie · d49f1ab0 · d265d0b2
Commit d265d0b2 authored Jun 06, 2008 by Nigel McNie
--- a/htdocs/interaction/delete.php
+++ b/htdocs/interaction/delete.php
@@ -37,7 +37,7 @@ $id = param_integer('id');

 $instance = interaction_instance_from_id($id);

-if (!$group = get_record('group', 'id', $id, 'deleted', 0)) {
+if (!$group = get_record('group', 'id', $instance->get('group'), 'deleted', 0)) {
    throw new GroupNotFoundException(get_string('groupnotfound', 'group', $id));
 }