From eccf8784d1e57f1d7d6f76329bb0c45a266bf2e7 Mon Sep 17 00:00:00 2001 From: Dan Marsden Date: Mon, 22 May 2017 12:37:11 +1200 Subject: [PATCH] Sanity check - make sure session id is for this attendance. --- take.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/take.php b/take.php index 72877de..8355f3a 100644 --- a/take.php +++ b/take.php @@ -40,6 +40,9 @@ $pageparams->perpage = optional_param('perpage', get_config('attendance', 're $cm = get_coursemodule_from_id('attendance', $id, 0, false, MUST_EXIST); $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST); $att = $DB->get_record('attendance', array('id' => $cm->instance), '*', MUST_EXIST); +// Check this is a valid session for this attendance. +$session = $DB->get_record('attendance_sessions', array('id' => $pageparams->sessionid, 'attendanceid' => $att->id), + '*', MUST_EXIST); require_login($course, true, $cm); $context = context_module::instance($cm->id);