moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'MDL-49360-master' of git://github.com/lameze/moodle

Browse source
This commit is contained in:
Dan Poltawski 2015-07-27 12:08:46 +01:00
commit 5dee13ee92
20 changed files with 72 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

18
auth/ldap/auth.php
View file

@ -1642,7 +1642,7 @@ class auth_plugin_ldap extends auth_plugin_base {
if (($_SERVER['REQUEST_METHOD'] === 'GET' // Only on initial GET of loginpage if (($_SERVER['REQUEST_METHOD'] === 'GET' // Only on initial GET of loginpage
|| ($_SERVER['REQUEST_METHOD'] === 'POST' || ($_SERVER['REQUEST_METHOD'] === 'POST'
&& (get_referer() != strip_querystring(qualified_me())))) && (get_local_referer() != strip_querystring(qualified_me()))))
// Or when POSTed from another place // Or when POSTed from another place
// See MDL-14071 // See MDL-14071
&& !empty($this->config->ntlmsso_enabled) // SSO enabled && !empty($this->config->ntlmsso_enabled) // SSO enabled
@ -1653,13 +1653,15 @@ class auth_plugin_ldap extends auth_plugin_base {
// First, let's remember where we were trying to get to before we got here // First, let's remember where we were trying to get to before we got here
if (empty($SESSION->wantsurl)) { if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER', $_SERVER) && $SESSION->wantsurl = null;
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot && $referer = get_safe_referer(false);
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot.'/' && if ($referer &&
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/' && $referer != $CFG->wwwroot &&
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/index.php' && $referer != $CFG->wwwroot . '/' &&
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '') $referer != $CFG->httpswwwroot . '/login/' &&
? $_SERVER['HTTP_REFERER'] : NULL; $referer != $CFG->httpswwwroot . '/login/index.php') {
$SESSION->wantsurl = $referer;
}
} }
// Now start the whole NTLM machinery. // Now start the whole NTLM machinery.

2
course/togglecompletion.php
View file

@ -78,7 +78,7 @@ if ($courseid) {
} }
// Return to previous page // Return to previous page
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $referer = get_local_referer(false);
if (!empty($referer)) { if (!empty($referer)) {
redirect($referer); redirect($referer);
} else { } else {

4
enrol/index.php
View file

@ -29,7 +29,7 @@ $id = required_param('id', PARAM_INT);
$returnurl = optional_param('returnurl', 0, PARAM_LOCALURL); $returnurl = optional_param('returnurl', 0, PARAM_LOCALURL);
if (!isloggedin()) { if (!isloggedin()) {
$referer = clean_param(get_referer(), PARAM_LOCALURL); $referer = get_local_referer();
if (empty($referer)) { if (empty($referer)) {
// A user that is not logged in has arrived directly on this page, // A user that is not logged in has arrived directly on this page,
// they should be redirected to the course page they are trying to enrol on after logging in. // they should be redirected to the course page they are trying to enrol on after logging in.
@ -108,7 +108,7 @@ if (!$forms) {
} else if ($returnurl) { } else if ($returnurl) {
notice(get_string('notenrollable', 'enrol'), $returnurl); notice(get_string('notenrollable', 'enrol'), $returnurl);
} else { } else {
$url = clean_param(get_referer(false), PARAM_LOCALURL); $url = get_local_referer(false);
if (empty($url)) { if (empty($url)) {
$url = new moodle_url('/index.php'); $url = new moodle_url('/index.php');
} }

2
error/index.php
View file

@ -29,7 +29,7 @@
$site = get_site(); $site = get_site();
$redirecturl = empty($_SERVER['REDIRECT_URL']) ? '' : $_SERVER['REDIRECT_URL']; $redirecturl = empty($_SERVER['REDIRECT_URL']) ? '' : $_SERVER['REDIRECT_URL'];
$httpreferer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; $httpreferer = get_local_referer(false);
$requesturi = empty($_SERVER['REQUEST_URI']) ? '' : $_SERVER['REQUEST_URI']; $requesturi = empty($_SERVER['REQUEST_URI']) ? '' : $_SERVER['REQUEST_URI'];
header("HTTP/1.0 404 Not Found"); header("HTTP/1.0 404 Not Found");

7
lib/classes/session/manager.php
View file

@ -380,11 +380,12 @@ class manager {
if (is_web_crawler()) { if (is_web_crawler()) {
$user = guest_user(); $user = guest_user();
} }
if (!empty($CFG->guestloginbutton) and !$user and !empty($_SERVER['HTTP_REFERER'])) { $referer = get_local_referer(false);
if (!empty($CFG->guestloginbutton) and !$user and !empty($referer)) {
// Automatically log in users coming from search engine results. // Automatically log in users coming from search engine results.
if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) { if (strpos($referer, 'google') !== false ) {
$user = guest_user(); $user = guest_user();
} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) { } else if (strpos($referer, 'altavista') !== false ) {
$user = guest_user(); $user = guest_user();
} }
} }

6
lib/moodlelib.php
View file

@ -2549,8 +2549,10 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
if ($setwantsurltome) { if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me(); $SESSION->wantsurl = qualified_me();
} }
if (!empty($_SERVER['HTTP_REFERER'])) {
$SESSION->fromurl = $_SERVER['HTTP_REFERER']; $referer = get_local_referer(false);
if (!empty($referer)) {
$SESSION->fromurl = $referer;
} }
// Give auth plugins an opportunity to authenticate or redirect to an external login page // Give auth plugins an opportunity to authenticate or redirect to an external login page

19
lib/weblib.php
View file

@ -216,6 +216,25 @@ function is_https() {
return (strpos($CFG->httpswwwroot, 'https://') === 0); return (strpos($CFG->httpswwwroot, 'https://') === 0);
} }
/**
* Returns the cleaned local URL of the HTTP_REFERER less the URL query string parameters if required.
*
* @param bool $stripquery if true, also removes the query part of the url.
* @return string The resulting referer or empty string.
*/
function get_local_referer($stripquery = true) {
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
if ($stripquery) {
return strip_querystring($referer);
} else {
return $referer;
}
} else {
return '';
}
}
/** /**
* Class for creating and manipulating urls. * Class for creating and manipulating urls.
* *

19
login/index.php
View file

@ -258,15 +258,16 @@ if ($session_has_timed_out and !data_submitted()) {
/// First, let's remember where the user was trying to get to before they got here /// First, let's remember where the user was trying to get to before they got here
if (empty($SESSION->wantsurl)) { if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) && $SESSION->wantsurl = null;
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot && $referer = get_local_referer(false);
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' && if ($referer &&
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' && $referer != $CFG->wwwroot &&
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/?') !== 0 && $referer != $CFG->wwwroot . '/' &&
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0 && $referer != $CFG->httpswwwroot . '/login/' &&
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '') strpos($referer, $CFG->httpswwwroot . '/login/?') !== 0 &&
// There might be some extra params such as ?lang=. strpos($referer, $CFG->httpswwwroot . '/login/index.php') !== 0) { // There might be some extra params such as ?lang=.
? $_SERVER["HTTP_REFERER"] : NULL; $SESSION->wantsurl = $referer;
}
} }
/// Redirect to alternative login URL if needed /// Redirect to alternative login URL if needed

2
mod/choice/view.php
View file

@ -178,7 +178,7 @@ if (!$choiceformshown) {
} else if (!is_enrolled($context)) { } else if (!is_enrolled($context)) {
// Only people enrolled can make a choice // Only people enrolled can make a choice
$SESSION->wantsurl = qualified_me(); $SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $SESSION->enrolcancel = get_local_referer(false);
$coursecontext = context_course::instance($course->id); $coursecontext = context_course::instance($course->id);
$courseshortname = format_string($course->shortname, true, array('context' => $coursecontext)); $courseshortname = format_string($course->shortname, true, array('context' => $coursecontext));

2
mod/forum/lib.php
View file

@ -3930,7 +3930,7 @@ function forum_set_return() {
global $CFG, $SESSION; global $CFG, $SESSION;
if (! isset($SESSION->fromdiscussion)) { if (! isset($SESSION->fromdiscussion)) {
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $referer = get_local_referer(false);
// If the referer is NOT a login screen then save it. // If the referer is NOT a login screen then save it.
if (! strncasecmp("$CFG->wwwroot/login", $referer, 300)) { if (! strncasecmp("$CFG->wwwroot/login", $referer, 300)) {
$SESSION->fromdiscussion = $referer; $SESSION->fromdiscussion = $referer;

2
mod/forum/markposts.php
View file

@ -98,7 +98,7 @@ if ($mark == 'read') {
// if (forum_tp_start_tracking($forum->id, $user->id)) { // if (forum_tp_start_tracking($forum->id, $user->id)) {
// redirect($returnto, get_string("nowtracking", "forum", $info), 1); // redirect($returnto, get_string("nowtracking", "forum", $info), 1);
// } else { // } else {
// print_error("Could not start tracking that forum", $_SERVER["HTTP_REFERER"]); // print_error("Could not start tracking that forum", get_local_referer());
// } // }
} }

14
mod/forum/post.php
View file

@ -53,7 +53,7 @@ $sitecontext = context_system::instance();
if (!isloggedin() or isguestuser()) { if (!isloggedin() or isguestuser()) {
if (!isloggedin() and !get_referer()) { if (!isloggedin() and !get_local_referer()) {
// No referer+not logged in - probably coming in via email See MDL-9052 // No referer+not logged in - probably coming in via email See MDL-9052
require_login(); require_login();
} }
@ -87,7 +87,7 @@ if (!isloggedin() or isguestuser()) {
$PAGE->set_context($modcontext); $PAGE->set_context($modcontext);
$PAGE->set_title($course->shortname); $PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname); $PAGE->set_heading($course->fullname);
$referer = clean_param(get_referer(false), PARAM_LOCALURL); $referer = get_local_referer(false);
echo $OUTPUT->header(); echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('noguestpost', 'forum').'<br /><br />'.get_string('liketologin'), get_login_url(), $referer); echo $OUTPUT->confirm(get_string('noguestpost', 'forum').'<br /><br />'.get_string('liketologin'), get_login_url(), $referer);
@ -117,7 +117,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
if (!is_enrolled($coursecontext)) { if (!is_enrolled($coursecontext)) {
if (enrol_selfenrol_available($course->id)) { if (enrol_selfenrol_available($course->id)) {
$SESSION->wantsurl = qualified_me(); $SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $SESSION->enrolcancel = get_local_referer(false);
redirect(new moodle_url('/enrol/index.php', array('id' => $course->id, redirect(new moodle_url('/enrol/index.php', array('id' => $course->id,
'returnurl' => '/mod/forum/view.php?f=' . $forum->id)), 'returnurl' => '/mod/forum/view.php?f=' . $forum->id)),
get_string('youneedtoenrol')); get_string('youneedtoenrol'));
@ -131,11 +131,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
print_error("activityiscurrentlyhidden"); print_error("activityiscurrentlyhidden");
} }
if (isset($_SERVER["HTTP_REFERER"])) { $SESSION->fromurl = get_local_referer(false);
$SESSION->fromurl = $_SERVER["HTTP_REFERER"];
} else {
$SESSION->fromurl = '';
}
// Load up the $post variable. // Load up the $post variable.
@ -188,7 +184,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
if (!isguestuser()) { if (!isguestuser()) {
if (!is_enrolled($coursecontext)) { // User is a guest here! if (!is_enrolled($coursecontext)) { // User is a guest here!
$SESSION->wantsurl = qualified_me(); $SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $SESSION->enrolcancel = get_local_referer(false);
redirect(new moodle_url('/enrol/index.php', array('id' => $course->id, redirect(new moodle_url('/enrol/index.php', array('id' => $course->id,
'returnurl' => '/mod/forum/view.php?f=' . $forum->id)), 'returnurl' => '/mod/forum/view.php?f=' . $forum->id)),
get_string('youneedtoenrol')); get_string('youneedtoenrol'));

4
mod/forum/settracking.php
View file

@ -66,7 +66,7 @@ if (forum_tp_is_tracked($forum) ) {
$event->trigger(); $event->trigger();
redirect($returnto, get_string("nownottracking", "forum", $info), 1); redirect($returnto, get_string("nownottracking", "forum", $info), 1);
} else { } else {
print_error('cannottrack', '', $_SERVER["HTTP_REFERER"]); print_error('cannottrack', '', get_local_referer(false));
} }
} else { // subscribe } else { // subscribe
@ -75,7 +75,7 @@ if (forum_tp_is_tracked($forum) ) {
$event->trigger(); $event->trigger();
redirect($returnto, get_string("nowtracking", "forum", $info), 1); redirect($returnto, get_string("nowtracking", "forum", $info), 1);
} else { } else {
print_error('cannottrack', '', $_SERVER["HTTP_REFERER"]); print_error('cannottrack', '', get_local_referer(false));
} }
} }

8
mod/forum/subscribe.php
View file

@ -176,23 +176,23 @@ if ($issubscribed) {
if (\mod_forum\subscriptions::unsubscribe_user($user->id, $forum, $context, true)) { if (\mod_forum\subscriptions::unsubscribe_user($user->id, $forum, $context, true)) {
redirect($returnto, get_string("nownotsubscribed", "forum", $info), 1); redirect($returnto, get_string("nownotsubscribed", "forum", $info), 1);
} else { } else {
print_error('cannotunsubscribe', 'forum', $_SERVER["HTTP_REFERER"]); print_error('cannotunsubscribe', 'forum', get_local_referer(false));
} }
} else { } else {
if (\mod_forum\subscriptions::unsubscribe_user_from_discussion($user->id, $discussion, $context)) { if (\mod_forum\subscriptions::unsubscribe_user_from_discussion($user->id, $discussion, $context)) {
$info->discussion = $discussion->name; $info->discussion = $discussion->name;
redirect($returnto, get_string("discussionnownotsubscribed", "forum", $info), 1); redirect($returnto, get_string("discussionnownotsubscribed", "forum", $info), 1);
} else { } else {
print_error('cannotunsubscribe', 'forum', $_SERVER["HTTP_REFERER"]); print_error('cannotunsubscribe', 'forum', get_local_referer(false));
} }
} }
} else { // subscribe } else { // subscribe
if (\mod_forum\subscriptions::subscription_disabled($forum) && !has_capability('mod/forum:managesubscriptions', $context)) { if (\mod_forum\subscriptions::subscription_disabled($forum) && !has_capability('mod/forum:managesubscriptions', $context)) {
print_error('disallowsubscribe', 'forum', $_SERVER["HTTP_REFERER"]); print_error('disallowsubscribe', 'forum', get_local_referer(false));
} }
if (!has_capability('mod/forum:viewdiscussion', $context)) { if (!has_capability('mod/forum:viewdiscussion', $context)) {
print_error('noviewdiscussionspermission', 'forum', $_SERVER["HTTP_REFERER"]); print_error('noviewdiscussionspermission', 'forum', get_local_referer(false));
} }
if (is_null($sesskey)) { if (is_null($sesskey)) {
// We came here via link in email. // We came here via link in email.

2
mod/quiz/renderer.php
View file

@ -850,7 +850,7 @@ class mod_quiz_renderer extends plugin_renderer_base {
$output .= $this->view_information($quiz, $cm, $context, $messages); $output .= $this->view_information($quiz, $cm, $context, $messages);
$guestno = html_writer::tag('p', get_string('guestsno', 'quiz')); $guestno = html_writer::tag('p', get_string('guestsno', 'quiz'));
$liketologin = html_writer::tag('p', get_string('liketologin')); $liketologin = html_writer::tag('p', get_string('liketologin'));
$referer = clean_param(get_referer(false), PARAM_LOCALURL); $referer = get_local_referer(false);
$output .= $this->confirm($guestno."\n\n".$liketologin."\n", get_login_url(), $referer); $output .= $this->confirm($guestno."\n\n".$liketologin."\n", get_login_url(), $referer);
return $output; return $output;
} }

2
mod/resource/view.php
View file

@ -89,7 +89,7 @@ if ($displaytype == RESOURCELIB_DISPLAY_OPEN || $displaytype == RESOURCELIB_DISP
// For 'open' and 'download' links, we always redirect to the content - except // For 'open' and 'download' links, we always redirect to the content - except
// if the user just chose 'save and display' from the form then that would be // if the user just chose 'save and display' from the form then that would be
// confusing // confusing
if (!isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], 'modedit.php') === false) { if (strpos(get_local_referer(false), 'modedit.php') === false) {
$redirect = true; $redirect = true;
} }
} }

2
mod/survey/save.php
View file

@ -70,7 +70,7 @@
echo $OUTPUT->heading($survey->name); echo $OUTPUT->heading($survey->name);
if (survey_already_done($survey->id, $USER->id)) { if (survey_already_done($survey->id, $USER->id)) {
notice(get_string("alreadysubmitted", "survey"), clean_param($_SERVER["HTTP_REFERER"], PARAM_LOCALURL)); notice(get_string("alreadysubmitted", "survey"), get_local_referer(false));
exit; exit;
} }

2
mod/url/view.php
View file

@ -68,7 +68,7 @@ $displaytype = url_get_final_display_type($url);
if ($displaytype == RESOURCELIB_DISPLAY_OPEN) { if ($displaytype == RESOURCELIB_DISPLAY_OPEN) {
// For 'open' links, we always redirect to the content - except if the user // For 'open' links, we always redirect to the content - except if the user
// just chose 'save and display' from the form then that would be confusing // just chose 'save and display' from the form then that would be confusing
if (!isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], 'modedit.php') === false) { if (strpos(get_local_referer(false), 'modedit.php') === false) {
$redirect = true; $redirect = true;
} }
} }

2
mod/wiki/filesedit.php
View file

@ -60,7 +60,7 @@ if (!wiki_user_can_view($subwiki, $wiki)) {
require_capability('mod/wiki:managefiles', $context); require_capability('mod/wiki:managefiles', $context);
if (empty($returnurl)) { if (empty($returnurl)) {
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $referer = get_local_referer(false);
if (!empty($referer)) { if (!empty($referer)) {
$returnurl = $referer; $returnurl = $referer;
} else { } else {

4
user/view.php
View file

@ -112,7 +112,7 @@ if ($currentuser) {
// Need to have full access to a course to see the rest of own info. // Need to have full access to a course to see the rest of own info.
echo $OUTPUT->header(); echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('notenrolled', '', $fullname)); echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $referer = get_local_referer(false);
if (!empty($referer)) { if (!empty($referer)) {
echo $OUTPUT->continue_button($referer); echo $OUTPUT->continue_button($referer);
} }
@ -144,7 +144,7 @@ if ($currentuser) {
$PAGE->navbar->add($struser); $PAGE->navbar->add($struser);
echo $OUTPUT->heading(get_string('notenrolledprofile')); echo $OUTPUT->heading(get_string('notenrolledprofile'));
} }
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); $referer = get_local_referer(false);
if (!empty($referer)) { if (!empty($referer)) {
echo $OUTPUT->continue_button($referer); echo $OUTPUT->continue_button($referer);
} }