This is a first attempt to make moodle frame safe.

I've added the variable CFG->main_frame to config-dist.php, and replaced _top
targets with the variable in all the php files.  HTML files, like those in the
documentation, have not been modified, as they are not (yet) parsed.

The variable should probably get moved into the config table, and get some
documentation.

I've also included, but commented out, a slight change in weblib.php, which
would guarantee that messages would be seen before redirecting the user (unless
delay intentionally set to 0 when redirect is used).
This commit is contained in:
gregb_cc 2003-03-11 21:35:12 +00:00
parent 754b76fe65
commit 08b3606390
7 changed files with 39 additions and 23 deletions

View file

@ -91,7 +91,7 @@
"<A HREF=\"index.php\">$stradministration</A> -> $strauthenticationoptions", "$focus");
echo "<CENTER><P><B>";
echo "<form TARGET=\"_top\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
echo "<form TARGET=\"{$CFG->main_frame}\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
print_string("chooseauthmethod","auth");
choose_from_menu ($options, "auth", $auth, "","top.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");

View file

@ -113,4 +113,6 @@ require_once("$CFG->dirroot/lib/setup.php"); // Do not change this
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
$CFG->main_frame = '_top';
?>

View file

@ -364,7 +364,7 @@ function popup_form ($common, $options, $formname, $selected="", $nothing="choos
$nothing = get_string("choose")."...";
}
$output = "<FORM TARGET=_top NAME=$formname>";
$output = "<FORM TARGET=\"{$CFG->main_frame}\" NAME=$formname>";
$output .= "<SELECT NAME=popup onChange=\"top.location=document.$formname.popup.options[document.$formname.popup.selectedIndex].value\">\n";
if ($nothing != "") {
@ -653,10 +653,10 @@ function print_footer ($course=NULL) {
$course = get_site();
$homepage = true;
} else {
$homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
$homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
}
} else {
$homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
$homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
$course = get_site();
}
@ -690,7 +690,7 @@ function print_navigation ($navigation) {
if (! $site = get_site()) {
$site->shortname = get_string("home");;
}
echo "<A TARGET=_top HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
echo "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
}
}
@ -1141,6 +1141,16 @@ function notice_yesno ($message, $linkyes, $linkno) {
print_simple_box_end();
}
/* This is an alternate beginning to the redirect function
function redirect($url, $message="", $delay=false) {
// Uses META tags to redirect the user, after printing a notice
if(!empty($message) && $delay == false):
$delay = 10;
else:
$delay = 0;
endif;
*/
function redirect($url, $message="", $delay=0) {
// Uses META tags to redirect the user, after printing a notice

View file

@ -23,10 +23,10 @@
if ($course->category) {
require_login($course->id);
$navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
} else {
$navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
}
@ -54,7 +54,7 @@
case WEBPAGE:
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname",
"$navigation <A TARGET=_top HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
"$navigation <A TARGET=\"{$CFG->main_frame}\" HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
@ -69,18 +69,22 @@
break;
case UPLOADEDFILE:
if ($CFG->slasharguments) {
$ffurl = "file.php/$course->id/$resource->reference";
} else {
$ffurl = "file.php?file=/$course->id/$resource->reference";
}
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname", "$navigation $resource->name",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
echo "<HR><CENTER><FONT SIZE=-2>If you cannot see the file in your
browser, and were not prompted to save the file, please try the
following link (you may need to right click and choose
&quot;Save As&quot;):<a href=\"{$CFG->wwwroot}/$ffurl\">{$resource->name}</FONT></CENTER>";
} else {
add_to_log($course->id, "resource", "view", "view.php?id=$cm->id", "$resource->id");
if ($CFG->slasharguments) {
$ffurl = "file.php/$course->id/$resource->reference";
} else {
$ffurl = "file.php?file=/$course->id/$resource->reference";
}
echo "<HEAD><TITLE>$course->shortname: $resource->name</TITLE></HEAD>\n";
echo "<FRAMESET ROWS=$RESOURCE_FRAME_SIZE,*>";
echo "<FRAME SRC=\"view.php?id=$cm->id&frameset=true\">";

View file

@ -61,12 +61,12 @@
switch ($action) {
case "top":
if ($course->category) {
$navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
} else {
$navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
$navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
<A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
}
print_header("$course->shortname: $survey->name", "$course->fullname", "$navigation $strreport");
break;

View file

@ -14,7 +14,7 @@
<TABLE WIDTH=100% CELLPADDING=10 CELLSPACING=0 BORDER=0>
<TR>
<TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="_top"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
<TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="<?=$CFG->main_frame?>"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
<TD ALIGN=RIGHT VALIGN=TOP><?=$menu ?></TD>
</TR>
</TABLE>

View file

@ -58,7 +58,7 @@
</tr>
<tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
<td align="left" valign="top"><A TARGET=\"{$CFG->main_frame}\" HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">
@ -99,7 +99,7 @@
</tr>
<tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
<td align="left" valign="top"><A TARGET="<?=$CFG->main_frame?>" HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
<td width="6" background="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">