Commit 32b65c72 authored by Robert Lyon's avatar Robert Lyon

Bug 1234615: Check that resized image files are viewable by user

When exporting via Html export process - if not then ignore the file

To test:

1) Add an image block/file to a page and set a width value

2) Go into db block_instance table and change the artefactid to an
image that is owned by another user

3) Reload the page - you should see the image block but not the
attached image

4) Export the page as HTML, either as full or standalone

Before patch - you will end up with image file in the files/extra/
directory

After patch - you should not get the image in the files/extra/
directory and you should get an info warning 'Unable to copy artefact
file ***' on export page.

behatnotneeded

Change-Id: Iaeb9404b3329c4eb3eac59354801b598f7cd5ba8
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent aeb91f9e
......@@ -888,6 +888,7 @@ class HtmlExportOutputFilter {
* will be placed
*/
private function get_export_path_for_file(ArtefactTypeFileBase $file, array $options, $basefolder=null) {
global $SESSION;
if (is_null($basefolder)) {
if ($file->get('owner') == $this->owner) {
$basefolder = '/files/file/' . $this->get_folder_path_for_file($file);
......@@ -898,9 +899,12 @@ class HtmlExportOutputFilter {
}
unset($options['view']);
if (!$this->exporter->get('user')->can_view_artefact($file)) {
$SESSION->add_info_msg(get_string('unabletocopyartefact', 'export', $file->get('title')));
return '';
}
$prefix = '';
$title = PluginExportHtml::sanitise_path($file->get('title'));
if ($options) {
list($size, $prefix) = $this->get_size_from_options($options);
$from = $file->get_path($size);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment