From 3f08e9b98a4ef39a5ce4aca110aecaa3bc873b7c Mon Sep 17 00:00:00 2001
From: David Monllao <davidm@moodle.com>
Date: Wed, 9 Sep 2015 13:42:57 +0800
Subject: [PATCH] MDL-51000 editor_atto: No autosave for guests

---
 lib/editor/atto/autosave-ajax.php | 8 ++++++++
 lib/editor/atto/lib.php           | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/lib/editor/atto/autosave-ajax.php b/lib/editor/atto/autosave-ajax.php
index 65915310a5e..6626075a9fb 100644
--- a/lib/editor/atto/autosave-ajax.php
+++ b/lib/editor/atto/autosave-ajax.php
@@ -44,6 +44,14 @@ $PAGE->set_context($context);
 require_login($course, false, $cm);
 require_sesskey();
 
+if (isguestuser()) {
+    print_error('accessdenied', 'admin');
+}
+
+if (!in_array('atto', explode(',', get_config('core', 'texteditors')))) {
+    print_error('accessdenied', 'admin');
+}
+
 $action = required_param('action', PARAM_ALPHA);
 
 $response = array();
diff --git a/lib/editor/atto/lib.php b/lib/editor/atto/lib.php
index f09653d9549..9cc6d755f06 100644
--- a/lib/editor/atto/lib.php
+++ b/lib/editor/atto/lib.php
@@ -166,6 +166,10 @@ class atto_texteditor extends texteditor {
         }
         $contentcss     = $PAGE->theme->editor_css_url()->out(false);
 
+        // Autosave disabled for guests.
+        if (isguestuser()) {
+            $autosave = false;
+        }
         // Note <> is a safe separator, because it will not appear in the output of s().
         $pagehash = sha1($PAGE->url . '<>' . s($this->get_text()));
         $params = array(
-- 
2.11.4.GIT