moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

This is a first attempt to make moodle frame safe.

Browse source 
I've added the variable CFG->main_frame to config-dist.php, and replaced _top
targets with the variable in all the php files.  HTML files, like those in the
documentation, have not been modified, as they are not (yet) parsed.

The variable should probably get moved into the config table, and get some
documentation.

I've also included, but commented out, a slight change in weblib.php, which
would guarantee that messages would be seen before redirecting the user (unless
delay intentionally set to 0 when redirect is used).
This commit is contained in:
gregb_cc 2003-03-11 21:35:12 +00:00
parent 754b76fe65
commit 08b3606390
7 changed files with 39 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

24
mod/resource/view.php
View file

@ -23,10 +23,10 @@
if ($course->category) {
require_login($course->id);
$navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
} else {
$navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
}
@ -54,7 +54,7 @@
case WEBPAGE:
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname",
"$navigation <A TARGET=_top HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
"$navigation <A TARGET=\"{$CFG->main_frame}\" HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
@ -69,18 +69,22 @@
break;
case UPLOADEDFILE:
if ($CFG->slasharguments) {
$ffurl = "file.php/$course->id/$resource->reference";
} else {
$ffurl = "file.php?file=/$course->id/$resource->reference";
}
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname", "$navigation $resource->name",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
echo "<HR><CENTER><FONT SIZE=-2>If you cannot see the file in your
browser, and were not prompted to save the file, please try the
following link (you may need to right click and choose
&quot;Save As&quot;):<a href=\"{$CFG->wwwroot}/$ffurl\">{$resource->name}</FONT></CENTER>";
} else {
add_to_log($course->id, "resource", "view", "view.php?id=$cm->id", "$resource->id");
if ($CFG->slasharguments) {
$ffurl = "file.php/$course->id/$resource->reference";
} else {
$ffurl = "file.php?file=/$course->id/$resource->reference";
}
echo "<HEAD><TITLE>$course->shortname: $resource->name</TITLE></HEAD>\n";
echo "<FRAMESET ROWS=$RESOURCE_FRAME_SIZE,*>";
echo "<FRAME SRC=\"view.php?id=$cm->id&frameset=true\">";

10
mod/survey/report.php
View file

@ -61,12 +61,12 @@
switch ($action) {
case "top":
if ($course->category) {
$navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
} else {
$navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
}
print_header("$course->shortname: $survey->name", "$course->fullname", "$navigation $strreport");
break;