} } // security: teachers can view all assignments, students only their own if (count($args) >= 3 and strtolower($args[1]) == 'moddata' and strtolower($args[2]) == 'assignment') { $lifetime = 0; // do not cache assignments, students may reupload them if (!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_COURSE, $course->id)) and $args[4] != $USER->id) { print_error('Access not allowed'); } } // Antoni Mas: eMail Security if (strtolower($args[3]) == 'email') { // Get mail $email = new eMail(); $email->set_email($args[5]); if (!$email->can_readmail($USER)) { print_error('Access not allowed'); } } // security: force download of all attachments submitted by students if (count($args) >= 3 and strtolower($args[1]) == 'moddata' and (strtolower($args[2]) == 'forum' or strtolower($args[2]) == 'assignment' or strtolower($args[2]) == 'data' or strtolower($args[2]) == 'glossary' or strtolower($args[2]) == 'wiki' or strtolower($args[2]) == 'exercise' or strtolower($args[2]) == 'workshop')) { $forcedownload = 1; // force download of all attachments } if ($args[0] == 'blog') { $forcedownload = 1; // force download of all attachments } // security: some protection of hidden resource files // warning: it may break backwards compatibility if (!empty($CFG->preventaccesstohiddenfiles) and count($args) >= 2 and !(strtolower($args[1]) == 'moddata' and strtolower($args[2]) != 'resource') and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_COURSE, $course->id))) {