In our moodle, the students are able to access to html files which links are hidden. If a student uses the absolute url:
He or she gets access to this file.
This is ok because the resource, the link, is hidden, but this is not true for the html file.
Anyways, another student who did not enrol to this course may use this url to access the same file. This student has no permissions to access to this course.
Is this a configuration issue? file.php is supposed to check students permissions to the courses.
PS: Sorry for my bad English.
Security and privacy
Access to moodledata files
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.