in approve/decline/delete.php files, courseid is a required param but not passed to require_login.

[danmarsden]

When you are displaying a page that sits within a course, you should pass the $courseid to the require_login call - the approve/decline/delete files all have a required_param that seems to include the courseid, so you should pass that into the require login call:

eg:

$id = required_param('id', PARAM_INT);
$courseid = required_param('courseid', PARAM_INT);
require_login($courseid);

[danmarsden]

in fact - this is also the case for a few of your other files like details.php edit.php and list.php

[erudisiya]

fixed for all pages. thanks for this great recommendation.