}
}
// security: teachers can view all assignments, students only their own
if (count($args) >= 3 and strtolower($args[1]) == 'moddata' and strtolower($args[2]) == 'assignment') {
$lifetime = 0;
// do not cache assignments, students may reupload them
if (!has_capability('mod/assignment:grade', get_context_instance(CONTEXT_COURSE, $course->id)) and $args[4] != $USER->id) {
print_error('Access not allowed');
}
}
// Antoni Mas: eMail Security
if (strtolower($args[3]) == 'email') {
// Get mail
$email = new eMail();
$email->set_email($args[5]);
if (!$email->can_readmail($USER)) {
print_error('Access not allowed');
}
}
// security: force download of all attachments submitted by students
if (count($args) >= 3 and strtolower($args[1]) == 'moddata' and (strtolower($args[2]) == 'forum' or strtolower($args[2]) == 'assignment' or strtolower($args[2]) == 'data' or strtolower($args[2]) == 'glossary' or strtolower($args[2]) == 'wiki' or strtolower($args[2]) == 'exercise' or strtolower($args[2]) == 'workshop')) {
$forcedownload = 1;
// force download of all attachments
}
if ($args[0] == 'blog') {
$forcedownload = 1;
// force download of all attachments
}
// security: some protection of hidden resource files
// warning: it may break backwards compatibility
if (!empty($CFG->preventaccesstohiddenfiles) and count($args) >= 2 and !(strtolower($args[1]) == 'moddata' and strtolower($args[2]) != 'resource') and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_COURSE, $course->id))) {
