moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

This is a first attempt to make moodle frame safe.

Browse source 
I've added the variable CFG->main_frame to config-dist.php, and replaced _top
targets with the variable in all the php files.  HTML files, like those in the
documentation, have not been modified, as they are not (yet) parsed.

The variable should probably get moved into the config table, and get some
documentation.

I've also included, but commented out, a slight change in weblib.php, which
would guarantee that messages would be seen before redirecting the user (unless
delay intentionally set to 0 when redirect is used).
This commit is contained in:
gregb_cc 2003-03-11 21:35:12 +00:00
parent 754b76fe65
commit 08b3606390
7 changed files with 39 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/auth.php
View file

@ -91,7 +91,7 @@
"<A HREF=\"index.php\">$stradministration</A> -> $strauthenticationoptions", "$focus"); "<A HREF=\"index.php\">$stradministration</A> -> $strauthenticationoptions", "$focus");
echo "<CENTER><P><B>"; echo "<CENTER><P><B>";
echo "<form TARGET=\"_top\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">"; echo "<form TARGET=\"{$CFG->main_frame}\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
print_string("chooseauthmethod","auth"); print_string("chooseauthmethod","auth");
choose_from_menu ($options, "auth", $auth, "","top.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", ""); choose_from_menu ($options, "auth", $auth, "","top.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");

2
config-dist.php
View file

@ -113,4 +113,6 @@ require_once("$CFG->dirroot/lib/setup.php"); // Do not change this
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES, // MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE. // RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
$CFG->main_frame = '_top';
?> ?>

18
lib/weblib.php
View file

@ -364,7 +364,7 @@ function popup_form ($common, $options, $formname, $selected="", $nothing="choos
$nothing = get_string("choose")."..."; $nothing = get_string("choose")."...";
} }
$output = "<FORM TARGET=_top NAME=$formname>"; $output = "<FORM TARGET=\"{$CFG->main_frame}\" NAME=$formname>";
$output .= "<SELECT NAME=popup onChange=\"top.location=document.$formname.popup.options[document.$formname.popup.selectedIndex].value\">\n"; $output .= "<SELECT NAME=popup onChange=\"top.location=document.$formname.popup.options[document.$formname.popup.selectedIndex].value\">\n";
if ($nothing != "") { if ($nothing != "") {
@ -653,10 +653,10 @@ function print_footer ($course=NULL) {
$course = get_site(); $course = get_site();
$homepage = true; $homepage = true;
} else { } else {
$homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>"; $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
} }
} else { } else {
$homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot\">".get_string("home")."</A>"; $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
$course = get_site(); $course = get_site();
} }
@ -690,7 +690,7 @@ function print_navigation ($navigation) {
if (! $site = get_site()) { if (! $site = get_site()) {
$site->shortname = get_string("home");; $site->shortname = get_string("home");;
} }
echo "<A TARGET=_top HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation"; echo "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
} }
} }
@ -1141,6 +1141,16 @@ function notice_yesno ($message, $linkyes, $linkno) {
print_simple_box_end(); print_simple_box_end();
} }
/* This is an alternate beginning to the redirect function
function redirect($url, $message="", $delay=false) {
// Uses META tags to redirect the user, after printing a notice
if(!empty($message) && $delay == false):
$delay = 10;
else:
$delay = 0;
endif;
*/
function redirect($url, $message="", $delay=0) { function redirect($url, $message="", $delay=0) {
// Uses META tags to redirect the user, after printing a notice // Uses META tags to redirect the user, after printing a notice

24
mod/resource/view.php
View file

@ -23,10 +23,10 @@
if ($course->category) { if ($course->category) {
require_login($course->id); require_login($course->id);
$navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> -> $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->"; <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
} else { } else {
$navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->"; $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
} }
@ -54,7 +54,7 @@
case WEBPAGE: case WEBPAGE:
if (!empty($frameset)) { if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname", print_header("$course->shortname: $resource->name", "$course->fullname",
"$navigation <A TARGET=_top HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>", "$navigation <A TARGET=\"{$CFG->main_frame}\" HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm)); "", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>"; echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
@ -69,18 +69,22 @@
break; break;
case UPLOADEDFILE: case UPLOADEDFILE:
if ($CFG->slasharguments) {
$ffurl = "file.php/$course->id/$resource->reference";
} else {
$ffurl = "file.php?file=/$course->id/$resource->reference";
}
if (!empty($frameset)) { if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname", "$navigation $resource->name", print_header("$course->shortname: $resource->name", "$course->fullname", "$navigation $resource->name",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm)); "", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>"; echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
echo "<HR><CENTER><FONT SIZE=-2>If you cannot see the file in your
browser, and were not prompted to save the file, please try the
following link (you may need to right click and choose
&quot;Save As&quot;):<a href=\"{$CFG->wwwroot}/$ffurl\">{$resource->name}</FONT></CENTER>";
} else { } else {
add_to_log($course->id, "resource", "view", "view.php?id=$cm->id", "$resource->id"); add_to_log($course->id, "resource", "view", "view.php?id=$cm->id", "$resource->id");
if ($CFG->slasharguments) {
$ffurl = "file.php/$course->id/$resource->reference";
} else {
$ffurl = "file.php?file=/$course->id/$resource->reference";
}
echo "<HEAD><TITLE>$course->shortname: $resource->name</TITLE></HEAD>\n"; echo "<HEAD><TITLE>$course->shortname: $resource->name</TITLE></HEAD>\n";
echo "<FRAMESET ROWS=$RESOURCE_FRAME_SIZE,*>"; echo "<FRAMESET ROWS=$RESOURCE_FRAME_SIZE,*>";
echo "<FRAME SRC=\"view.php?id=$cm->id&frameset=true\">"; echo "<FRAME SRC=\"view.php?id=$cm->id&frameset=true\">";

10
mod/survey/report.php
View file

@ -61,12 +61,12 @@
switch ($action) { switch ($action) {
case "top": case "top":
if ($course->category) { if ($course->category) {
$navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> -> $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> -> <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> "; <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
} else { } else {
$navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> -> $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> "; <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
} }
print_header("$course->shortname: $survey->name", "$course->fullname", "$navigation $strreport"); print_header("$course->shortname: $survey->name", "$course->fullname", "$navigation $strreport");
break; break;

2
theme/oceanblue/header.html_logo
View file

@ -14,7 +14,7 @@
<TABLE WIDTH=100% CELLPADDING=10 CELLSPACING=0 BORDER=0> <TABLE WIDTH=100% CELLPADDING=10 CELLSPACING=0 BORDER=0>
<TR> <TR>
<TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="_top"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD> <TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="<?=$CFG->main_frame?>"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
<TD ALIGN=RIGHT VALIGN=TOP><?=$menu ?></TD> <TD ALIGN=RIGHT VALIGN=TOP><?=$menu ?></TD>
</TR> </TR>
</TABLE> </TABLE>

4
theme/poweraid/header.html
View file

@ -58,7 +58,7 @@
</tr> </tr>
<tr> <tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td> <td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td> <td align="left" valign="top"><A TARGET=\"{$CFG->main_frame}\" HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td> <td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr> </tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>"> </table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">
@ -99,7 +99,7 @@
</tr> </tr>
<tr> <tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td> <td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td> <td align="left" valign="top"><A TARGET="<?=$CFG->main_frame?>" HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
<td width="6" background="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td> <td width="6" background="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr> </tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>"> </table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">