mirror of
https://github.com/moodle/moodle.git
synced 2025-08-05 00:46:50 +02:00
Merge branch 'MDL-49360-master' of git://github.com/lameze/moodle
This commit is contained in:
Dan Poltawski
commit
5dee13ee92
20 changed files with 72 additions and 51 deletions
|
|
@ -1642,7 +1642,7 @@ class auth_plugin_ldap extends auth_plugin_base {
|
|||
|
||||
if (($_SERVER['REQUEST_METHOD'] === 'GET' // Only on initial GET of loginpage
|
||||
|| ($_SERVER['REQUEST_METHOD'] === 'POST'
|
||||
&& (get_referer() != strip_querystring(qualified_me()))))
|
||||
&& (get_local_referer() != strip_querystring(qualified_me()))))
|
||||
// Or when POSTed from another place
|
||||
// See MDL-14071
|
||||
&& !empty($this->config->ntlmsso_enabled) // SSO enabled
|
||||
|
|
@ -1653,13 +1653,15 @@ class auth_plugin_ldap extends auth_plugin_base {
|
|||
|
||||
// First, let's remember where we were trying to get to before we got here
|
||||
if (empty($SESSION->wantsurl)) {
|
||||
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER', $_SERVER) &&
|
||||
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot &&
|
||||
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot.'/' &&
|
||||
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/' &&
|
||||
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/index.php' &&
|
||||
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '')
|
||||
? $_SERVER['HTTP_REFERER'] : NULL;
|
||||
$SESSION->wantsurl = null;
|
||||
$referer = get_safe_referer(false);
|
||||
if ($referer &&
|
||||
$referer != $CFG->wwwroot &&
|
||||
$referer != $CFG->wwwroot . '/' &&
|
||||
$referer != $CFG->httpswwwroot . '/login/' &&
|
||||
$referer != $CFG->httpswwwroot . '/login/index.php') {
|
||||
$SESSION->wantsurl = $referer;
|
||||
}
|
||||
}
|
||||
|
||||
// Now start the whole NTLM machinery.
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ if ($courseid) {
|
|||
}
|
||||
|
||||
// Return to previous page
|
||||
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$referer = get_local_referer(false);
|
||||
if (!empty($referer)) {
|
||||
redirect($referer);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ $id = required_param('id', PARAM_INT);
|
|||
$returnurl = optional_param('returnurl', 0, PARAM_LOCALURL);
|
||||
|
||||
if (!isloggedin()) {
|
||||
$referer = clean_param(get_referer(), PARAM_LOCALURL);
|
||||
$referer = get_local_referer();
|
||||
if (empty($referer)) {
|
||||
// A user that is not logged in has arrived directly on this page,
|
||||
// they should be redirected to the course page they are trying to enrol on after logging in.
|
||||
|
|
@ -108,7 +108,7 @@ if (!$forms) {
|
|||
} else if ($returnurl) {
|
||||
notice(get_string('notenrollable', 'enrol'), $returnurl);
|
||||
} else {
|
||||
$url = clean_param(get_referer(false), PARAM_LOCALURL);
|
||||
$url = get_local_referer(false);
|
||||
if (empty($url)) {
|
||||
$url = new moodle_url('/index.php');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@
|
|||
|
||||
$site = get_site();
|
||||
$redirecturl = empty($_SERVER['REDIRECT_URL']) ? '' : $_SERVER['REDIRECT_URL'];
|
||||
$httpreferer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
|
||||
$httpreferer = get_local_referer(false);
|
||||
$requesturi = empty($_SERVER['REQUEST_URI']) ? '' : $_SERVER['REQUEST_URI'];
|
||||
|
||||
header("HTTP/1.0 404 Not Found");
|
||||
|
|
|
|||
|
|
@ -380,11 +380,12 @@ class manager {
|
|||
if (is_web_crawler()) {
|
||||
$user = guest_user();
|
||||
}
|
||||
if (!empty($CFG->guestloginbutton) and !$user and !empty($_SERVER['HTTP_REFERER'])) {
|
||||
$referer = get_local_referer(false);
|
||||
if (!empty($CFG->guestloginbutton) and !$user and !empty($referer)) {
|
||||
// Automatically log in users coming from search engine results.
|
||||
if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
|
||||
if (strpos($referer, 'google') !== false ) {
|
||||
$user = guest_user();
|
||||
} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
|
||||
} else if (strpos($referer, 'altavista') !== false ) {
|
||||
$user = guest_user();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2549,8 +2549,10 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
|
|||
if ($setwantsurltome) {
|
||||
$SESSION->wantsurl = qualified_me();
|
||||
}
|
||||
if (!empty($_SERVER['HTTP_REFERER'])) {
|
||||
$SESSION->fromurl = $_SERVER['HTTP_REFERER'];
|
||||
|
||||
$referer = get_local_referer(false);
|
||||
if (!empty($referer)) {
|
||||
$SESSION->fromurl = $referer;
|
||||
}
|
||||
|
||||
// Give auth plugins an opportunity to authenticate or redirect to an external login page
|
||||
|
|
|
|||
|
|
@ -216,6 +216,25 @@ function is_https() {
|
|||
return (strpos($CFG->httpswwwroot, 'https://') === 0);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the cleaned local URL of the HTTP_REFERER less the URL query string parameters if required.
|
||||
*
|
||||
* @param bool $stripquery if true, also removes the query part of the url.
|
||||
* @return string The resulting referer or empty string.
|
||||
*/
|
||||
function get_local_referer($stripquery = true) {
|
||||
if (isset($_SERVER['HTTP_REFERER'])) {
|
||||
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
if ($stripquery) {
|
||||
return strip_querystring($referer);
|
||||
} else {
|
||||
return $referer;
|
||||
}
|
||||
} else {
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Class for creating and manipulating urls.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -258,15 +258,16 @@ if ($session_has_timed_out and !data_submitted()) {
|
|||
/// First, let's remember where the user was trying to get to before they got here
|
||||
|
||||
if (empty($SESSION->wantsurl)) {
|
||||
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
|
||||
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
|
||||
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
|
||||
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
|
||||
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/?') !== 0 &&
|
||||
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0 &&
|
||||
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '')
|
||||
// There might be some extra params such as ?lang=.
|
||||
? $_SERVER["HTTP_REFERER"] : NULL;
|
||||
$SESSION->wantsurl = null;
|
||||
$referer = get_local_referer(false);
|
||||
if ($referer &&
|
||||
$referer != $CFG->wwwroot &&
|
||||
$referer != $CFG->wwwroot . '/' &&
|
||||
$referer != $CFG->httpswwwroot . '/login/' &&
|
||||
strpos($referer, $CFG->httpswwwroot . '/login/?') !== 0 &&
|
||||
strpos($referer, $CFG->httpswwwroot . '/login/index.php') !== 0) { // There might be some extra params such as ?lang=.
|
||||
$SESSION->wantsurl = $referer;
|
||||
}
|
||||
}
|
||||
|
||||
/// Redirect to alternative login URL if needed
|
||||
|
|
|
|||
|
|
@ -178,7 +178,7 @@ if (!$choiceformshown) {
|
|||
} else if (!is_enrolled($context)) {
|
||||
// Only people enrolled can make a choice
|
||||
$SESSION->wantsurl = qualified_me();
|
||||
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$SESSION->enrolcancel = get_local_referer(false);
|
||||
|
||||
$coursecontext = context_course::instance($course->id);
|
||||
$courseshortname = format_string($course->shortname, true, array('context' => $coursecontext));
|
||||
|
|
|
|||
|
|
@ -3930,7 +3930,7 @@ function forum_set_return() {
|
|||
global $CFG, $SESSION;
|
||||
|
||||
if (! isset($SESSION->fromdiscussion)) {
|
||||
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$referer = get_local_referer(false);
|
||||
// If the referer is NOT a login screen then save it.
|
||||
if (! strncasecmp("$CFG->wwwroot/login", $referer, 300)) {
|
||||
$SESSION->fromdiscussion = $referer;
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ if ($mark == 'read') {
|
|||
// if (forum_tp_start_tracking($forum->id, $user->id)) {
|
||||
// redirect($returnto, get_string("nowtracking", "forum", $info), 1);
|
||||
// } else {
|
||||
// print_error("Could not start tracking that forum", $_SERVER["HTTP_REFERER"]);
|
||||
// print_error("Could not start tracking that forum", get_local_referer());
|
||||
// }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ $sitecontext = context_system::instance();
|
|||
|
||||
if (!isloggedin() or isguestuser()) {
|
||||
|
||||
if (!isloggedin() and !get_referer()) {
|
||||
if (!isloggedin() and !get_local_referer()) {
|
||||
// No referer+not logged in - probably coming in via email See MDL-9052
|
||||
require_login();
|
||||
}
|
||||
|
|
@ -87,7 +87,7 @@ if (!isloggedin() or isguestuser()) {
|
|||
$PAGE->set_context($modcontext);
|
||||
$PAGE->set_title($course->shortname);
|
||||
$PAGE->set_heading($course->fullname);
|
||||
$referer = clean_param(get_referer(false), PARAM_LOCALURL);
|
||||
$referer = get_local_referer(false);
|
||||
|
||||
echo $OUTPUT->header();
|
||||
echo $OUTPUT->confirm(get_string('noguestpost', 'forum').'<br /><br />'.get_string('liketologin'), get_login_url(), $referer);
|
||||
|
|
@ -117,7 +117,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
|
|||
if (!is_enrolled($coursecontext)) {
|
||||
if (enrol_selfenrol_available($course->id)) {
|
||||
$SESSION->wantsurl = qualified_me();
|
||||
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$SESSION->enrolcancel = get_local_referer(false);
|
||||
redirect(new moodle_url('/enrol/index.php', array('id' => $course->id,
|
||||
'returnurl' => '/mod/forum/view.php?f=' . $forum->id)),
|
||||
get_string('youneedtoenrol'));
|
||||
|
|
@ -131,11 +131,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
|
|||
print_error("activityiscurrentlyhidden");
|
||||
}
|
||||
|
||||
if (isset($_SERVER["HTTP_REFERER"])) {
|
||||
$SESSION->fromurl = $_SERVER["HTTP_REFERER"];
|
||||
} else {
|
||||
$SESSION->fromurl = '';
|
||||
}
|
||||
$SESSION->fromurl = get_local_referer(false);
|
||||
|
||||
// Load up the $post variable.
|
||||
|
||||
|
|
@ -188,7 +184,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
|
|||
if (!isguestuser()) {
|
||||
if (!is_enrolled($coursecontext)) { // User is a guest here!
|
||||
$SESSION->wantsurl = qualified_me();
|
||||
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$SESSION->enrolcancel = get_local_referer(false);
|
||||
redirect(new moodle_url('/enrol/index.php', array('id' => $course->id,
|
||||
'returnurl' => '/mod/forum/view.php?f=' . $forum->id)),
|
||||
get_string('youneedtoenrol'));
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ if (forum_tp_is_tracked($forum) ) {
|
|||
$event->trigger();
|
||||
redirect($returnto, get_string("nownottracking", "forum", $info), 1);
|
||||
} else {
|
||||
print_error('cannottrack', '', $_SERVER["HTTP_REFERER"]);
|
||||
print_error('cannottrack', '', get_local_referer(false));
|
||||
}
|
||||
|
||||
} else { // subscribe
|
||||
|
|
@ -75,7 +75,7 @@ if (forum_tp_is_tracked($forum) ) {
|
|||
$event->trigger();
|
||||
redirect($returnto, get_string("nowtracking", "forum", $info), 1);
|
||||
} else {
|
||||
print_error('cannottrack', '', $_SERVER["HTTP_REFERER"]);
|
||||
print_error('cannottrack', '', get_local_referer(false));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -176,23 +176,23 @@ if ($issubscribed) {
|
|||
if (\mod_forum\subscriptions::unsubscribe_user($user->id, $forum, $context, true)) {
|
||||
redirect($returnto, get_string("nownotsubscribed", "forum", $info), 1);
|
||||
} else {
|
||||
print_error('cannotunsubscribe', 'forum', $_SERVER["HTTP_REFERER"]);
|
||||
print_error('cannotunsubscribe', 'forum', get_local_referer(false));
|
||||
}
|
||||
} else {
|
||||
if (\mod_forum\subscriptions::unsubscribe_user_from_discussion($user->id, $discussion, $context)) {
|
||||
$info->discussion = $discussion->name;
|
||||
redirect($returnto, get_string("discussionnownotsubscribed", "forum", $info), 1);
|
||||
} else {
|
||||
print_error('cannotunsubscribe', 'forum', $_SERVER["HTTP_REFERER"]);
|
||||
print_error('cannotunsubscribe', 'forum', get_local_referer(false));
|
||||
}
|
||||
}
|
||||
|
||||
} else { // subscribe
|
||||
if (\mod_forum\subscriptions::subscription_disabled($forum) && !has_capability('mod/forum:managesubscriptions', $context)) {
|
||||
print_error('disallowsubscribe', 'forum', $_SERVER["HTTP_REFERER"]);
|
||||
print_error('disallowsubscribe', 'forum', get_local_referer(false));
|
||||
}
|
||||
if (!has_capability('mod/forum:viewdiscussion', $context)) {
|
||||
print_error('noviewdiscussionspermission', 'forum', $_SERVER["HTTP_REFERER"]);
|
||||
print_error('noviewdiscussionspermission', 'forum', get_local_referer(false));
|
||||
}
|
||||
if (is_null($sesskey)) {
|
||||
// We came here via link in email.
|
||||
|
|
|
|||
|
|
@ -850,7 +850,7 @@ class mod_quiz_renderer extends plugin_renderer_base {
|
|||
$output .= $this->view_information($quiz, $cm, $context, $messages);
|
||||
$guestno = html_writer::tag('p', get_string('guestsno', 'quiz'));
|
||||
$liketologin = html_writer::tag('p', get_string('liketologin'));
|
||||
$referer = clean_param(get_referer(false), PARAM_LOCALURL);
|
||||
$referer = get_local_referer(false);
|
||||
$output .= $this->confirm($guestno."\n\n".$liketologin."\n", get_login_url(), $referer);
|
||||
return $output;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ if ($displaytype == RESOURCELIB_DISPLAY_OPEN || $displaytype == RESOURCELIB_DISP
|
|||
// For 'open' and 'download' links, we always redirect to the content - except
|
||||
// if the user just chose 'save and display' from the form then that would be
|
||||
// confusing
|
||||
if (!isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], 'modedit.php') === false) {
|
||||
if (strpos(get_local_referer(false), 'modedit.php') === false) {
|
||||
$redirect = true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@
|
|||
echo $OUTPUT->heading($survey->name);
|
||||
|
||||
if (survey_already_done($survey->id, $USER->id)) {
|
||||
notice(get_string("alreadysubmitted", "survey"), clean_param($_SERVER["HTTP_REFERER"], PARAM_LOCALURL));
|
||||
notice(get_string("alreadysubmitted", "survey"), get_local_referer(false));
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ $displaytype = url_get_final_display_type($url);
|
|||
if ($displaytype == RESOURCELIB_DISPLAY_OPEN) {
|
||||
// For 'open' links, we always redirect to the content - except if the user
|
||||
// just chose 'save and display' from the form then that would be confusing
|
||||
if (!isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], 'modedit.php') === false) {
|
||||
if (strpos(get_local_referer(false), 'modedit.php') === false) {
|
||||
$redirect = true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ if (!wiki_user_can_view($subwiki, $wiki)) {
|
|||
require_capability('mod/wiki:managefiles', $context);
|
||||
|
||||
if (empty($returnurl)) {
|
||||
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$referer = get_local_referer(false);
|
||||
if (!empty($referer)) {
|
||||
$returnurl = $referer;
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ if ($currentuser) {
|
|||
// Need to have full access to a course to see the rest of own info.
|
||||
echo $OUTPUT->header();
|
||||
echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
|
||||
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$referer = get_local_referer(false);
|
||||
if (!empty($referer)) {
|
||||
echo $OUTPUT->continue_button($referer);
|
||||
}
|
||||
|
|
@ -144,7 +144,7 @@ if ($currentuser) {
|
|||
$PAGE->navbar->add($struser);
|
||||
echo $OUTPUT->heading(get_string('notenrolledprofile'));
|
||||
}
|
||||
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
|
||||
$referer = get_local_referer(false);
|
||||
if (!empty($referer)) {
|
||||
echo $OUTPUT->continue_button($referer);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue