Commit dcee0b94 authored by Simey Lameze's avatar Simey Lameze
Browse files

MDL-49360 core_lib: add new method get_local_referer()

This commit also replace all usages of $_SERVER['HTTP_REFERER'] and get_referer().
parent d8462543
......@@ -1642,7 +1642,7 @@ class auth_plugin_ldap extends auth_plugin_base {
if (($_SERVER['REQUEST_METHOD'] === 'GET' // Only on initial GET of loginpage
|| ($_SERVER['REQUEST_METHOD'] === 'POST'
&& (get_referer() != strip_querystring(qualified_me()))))
&& (get_local_referer() != strip_querystring(qualified_me()))))
// Or when POSTed from another place
// See MDL-14071
&& !empty($this->config->ntlmsso_enabled) // SSO enabled
......@@ -1653,13 +1653,15 @@ class auth_plugin_ldap extends auth_plugin_base {
// First, let's remember where we were trying to get to before we got here
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER', $_SERVER) &&
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot &&
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot.'/' &&
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/' &&
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/index.php' &&
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '')
? $_SERVER['HTTP_REFERER'] : NULL;
$SESSION->wantsurl = null;
$referer = get_safe_referer(false);
if ($referer &&
$referer != $CFG->wwwroot &&
$referer != $CFG->wwwroot . '/' &&
$referer != $CFG->httpswwwroot . '/login/' &&
$referer != $CFG->httpswwwroot . '/login/index.php') {
$SESSION->wantsurl = $referer;
}
}
// Now start the whole NTLM machinery.
......
......@@ -78,7 +78,7 @@ if ($courseid) {
}
// Return to previous page
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$referer = get_local_referer(false);
if (!empty($referer)) {
redirect($referer);
} else {
......
......@@ -29,7 +29,7 @@ $id = required_param('id', PARAM_INT);
$returnurl = optional_param('returnurl', 0, PARAM_LOCALURL);
if (!isloggedin()) {
$referer = clean_param(get_referer(), PARAM_LOCALURL);
$referer = get_local_referer();
if (empty($referer)) {
// A user that is not logged in has arrived directly on this page,
// they should be redirected to the course page they are trying to enrol on after logging in.
......@@ -108,7 +108,7 @@ if (!$forms) {
} else if ($returnurl) {
notice(get_string('notenrollable', 'enrol'), $returnurl);
} else {
$url = clean_param(get_referer(false), PARAM_LOCALURL);
$url = get_local_referer(false);
if (empty($url)) {
$url = new moodle_url('/index.php');
}
......
......@@ -29,7 +29,7 @@
$site = get_site();
$redirecturl = empty($_SERVER['REDIRECT_URL']) ? '' : $_SERVER['REDIRECT_URL'];
$httpreferer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
$httpreferer = get_local_referer(false);
$requesturi = empty($_SERVER['REQUEST_URI']) ? '' : $_SERVER['REQUEST_URI'];
header("HTTP/1.0 404 Not Found");
......
......@@ -380,11 +380,12 @@ class manager {
if (is_web_crawler()) {
$user = guest_user();
}
if (!empty($CFG->guestloginbutton) and !$user and !empty($_SERVER['HTTP_REFERER'])) {
$referer = get_local_referer(false);
if (!empty($CFG->guestloginbutton) and !$user and !empty($referer)) {
// Automatically log in users coming from search engine results.
if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
if (strpos($referer, 'google') !== false ) {
$user = guest_user();
} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
} else if (strpos($referer, 'altavista') !== false ) {
$user = guest_user();
}
}
......
......@@ -2549,8 +2549,10 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
if (!empty($_SERVER['HTTP_REFERER'])) {
$SESSION->fromurl = $_SERVER['HTTP_REFERER'];
$referer = get_local_referer(false);
if (!empty($referer)) {
$SESSION->fromurl = $referer;
}
// Give auth plugins an opportunity to authenticate or redirect to an external login page
......
......@@ -234,6 +234,25 @@ function is_https() {
return (strpos($CFG->httpswwwroot, 'https://') === 0);
}
/**
* Returns the cleaned local URL of the HTTP_REFERER less the URL query string parameters if required.
*
* @param bool $stripquery if true, also removes the query part of the url.
* @return string The resulting referer or empty string.
*/
function get_local_referer($stripquery = true) {
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
if ($stripquery) {
return strip_querystring($referer);
} else {
return $referer;
}
} else {
return '';
}
}
/**
* Class for creating and manipulating urls.
*
......
......@@ -258,15 +258,16 @@ if ($session_has_timed_out and !data_submitted()) {
/// First, let's remember where the user was trying to get to before they got here
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/?') !== 0 &&
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0 &&
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '')
// There might be some extra params such as ?lang=.
? $_SERVER["HTTP_REFERER"] : NULL;
$SESSION->wantsurl = null;
$referer = get_local_referer(false);
if ($referer &&
$referer != $CFG->wwwroot &&
$referer != $CFG->wwwroot . '/' &&
$referer != $CFG->httpswwwroot . '/login/' &&
strpos($referer, $CFG->httpswwwroot . '/login/?') !== 0 &&
strpos($referer, $CFG->httpswwwroot . '/login/index.php') !== 0) { // There might be some extra params such as ?lang=.
$SESSION->wantsurl = $referer;
}
}
/// Redirect to alternative login URL if needed
......
......@@ -178,7 +178,7 @@ if (!$choiceformshown) {
} else if (!is_enrolled($context)) {
// Only people enrolled can make a choice
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$SESSION->enrolcancel = get_local_referer(false);
$coursecontext = context_course::instance($course->id);
$courseshortname = format_string($course->shortname, true, array('context' => $coursecontext));
......
......@@ -3930,7 +3930,7 @@ function forum_set_return() {
global $CFG, $SESSION;
if (! isset($SESSION->fromdiscussion)) {
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$referer = get_local_referer(false);
// If the referer is NOT a login screen then save it.
if (! strncasecmp("$CFG->wwwroot/login", $referer, 300)) {
$SESSION->fromdiscussion = $referer;
......
......@@ -98,7 +98,7 @@ if ($mark == 'read') {
// if (forum_tp_start_tracking($forum->id, $user->id)) {
// redirect($returnto, get_string("nowtracking", "forum", $info), 1);
// } else {
// print_error("Could not start tracking that forum", $_SERVER["HTTP_REFERER"]);
// print_error("Could not start tracking that forum", get_local_referer());
// }
}
......
......@@ -53,7 +53,7 @@ $sitecontext = context_system::instance();
if (!isloggedin() or isguestuser()) {
if (!isloggedin() and !get_referer()) {
if (!isloggedin() and !get_local_referer()) {
// No referer+not logged in - probably coming in via email See MDL-9052
require_login();
}
......@@ -87,7 +87,7 @@ if (!isloggedin() or isguestuser()) {
$PAGE->set_context($modcontext);
$PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname);
$referer = clean_param(get_referer(false), PARAM_LOCALURL);
$referer = get_local_referer(false);
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('noguestpost', 'forum').'<br /><br />'.get_string('liketologin'), get_login_url(), $referer);
......@@ -117,7 +117,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
if (!is_enrolled($coursecontext)) {
if (enrol_selfenrol_available($course->id)) {
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$SESSION->enrolcancel = get_local_referer(false);
redirect(new moodle_url('/enrol/index.php', array('id' => $course->id,
'returnurl' => '/mod/forum/view.php?f=' . $forum->id)),
get_string('youneedtoenrol'));
......@@ -131,11 +131,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
print_error("activityiscurrentlyhidden");
}
if (isset($_SERVER["HTTP_REFERER"])) {
$SESSION->fromurl = $_SERVER["HTTP_REFERER"];
} else {
$SESSION->fromurl = '';
}
$SESSION->fromurl = get_local_referer(false);
// Load up the $post variable.
......@@ -188,7 +184,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
if (!isguestuser()) {
if (!is_enrolled($coursecontext)) { // User is a guest here!
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$SESSION->enrolcancel = get_local_referer(false);
redirect(new moodle_url('/enrol/index.php', array('id' => $course->id,
'returnurl' => '/mod/forum/view.php?f=' . $forum->id)),
get_string('youneedtoenrol'));
......
......@@ -66,7 +66,7 @@ if (forum_tp_is_tracked($forum) ) {
$event->trigger();
redirect($returnto, get_string("nownottracking", "forum", $info), 1);
} else {
print_error('cannottrack', '', $_SERVER["HTTP_REFERER"]);
print_error('cannottrack', '', get_local_referer(false));
}
} else { // subscribe
......@@ -75,7 +75,7 @@ if (forum_tp_is_tracked($forum) ) {
$event->trigger();
redirect($returnto, get_string("nowtracking", "forum", $info), 1);
} else {
print_error('cannottrack', '', $_SERVER["HTTP_REFERER"]);
print_error('cannottrack', '', get_local_referer(false));
}
}
......
......@@ -176,23 +176,23 @@ if ($issubscribed) {
if (\mod_forum\subscriptions::unsubscribe_user($user->id, $forum, $context, true)) {
redirect($returnto, get_string("nownotsubscribed", "forum", $info), 1);
} else {
print_error('cannotunsubscribe', 'forum', $_SERVER["HTTP_REFERER"]);
print_error('cannotunsubscribe', 'forum', get_local_referer(false));
}
} else {
if (\mod_forum\subscriptions::unsubscribe_user_from_discussion($user->id, $discussion, $context)) {
$info->discussion = $discussion->name;
redirect($returnto, get_string("discussionnownotsubscribed", "forum", $info), 1);
} else {
print_error('cannotunsubscribe', 'forum', $_SERVER["HTTP_REFERER"]);
print_error('cannotunsubscribe', 'forum', get_local_referer(false));
}
}
} else { // subscribe
if (\mod_forum\subscriptions::subscription_disabled($forum) && !has_capability('mod/forum:managesubscriptions', $context)) {
print_error('disallowsubscribe', 'forum', $_SERVER["HTTP_REFERER"]);
print_error('disallowsubscribe', 'forum', get_local_referer(false));
}
if (!has_capability('mod/forum:viewdiscussion', $context)) {
print_error('noviewdiscussionspermission', 'forum', $_SERVER["HTTP_REFERER"]);
print_error('noviewdiscussionspermission', 'forum', get_local_referer(false));
}
if (is_null($sesskey)) {
// We came here via link in email.
......
......@@ -850,7 +850,7 @@ class mod_quiz_renderer extends plugin_renderer_base {
$output .= $this->view_information($quiz, $cm, $context, $messages);
$guestno = html_writer::tag('p', get_string('guestsno', 'quiz'));
$liketologin = html_writer::tag('p', get_string('liketologin'));
$referer = clean_param(get_referer(false), PARAM_LOCALURL);
$referer = get_local_referer(false);
$output .= $this->confirm($guestno."\n\n".$liketologin."\n", get_login_url(), $referer);
return $output;
}
......
......@@ -89,7 +89,7 @@ if ($displaytype == RESOURCELIB_DISPLAY_OPEN || $displaytype == RESOURCELIB_DISP
// For 'open' and 'download' links, we always redirect to the content - except
// if the user just chose 'save and display' from the form then that would be
// confusing
if (!isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], 'modedit.php') === false) {
if (strpos(get_local_referer(false), 'modedit.php') === false) {
$redirect = true;
}
}
......
......@@ -70,7 +70,7 @@
echo $OUTPUT->heading($survey->name);
if (survey_already_done($survey->id, $USER->id)) {
notice(get_string("alreadysubmitted", "survey"), clean_param($_SERVER["HTTP_REFERER"], PARAM_LOCALURL));
notice(get_string("alreadysubmitted", "survey"), get_local_referer(false));
exit;
}
......
......@@ -68,7 +68,7 @@ $displaytype = url_get_final_display_type($url);
if ($displaytype == RESOURCELIB_DISPLAY_OPEN) {
// For 'open' links, we always redirect to the content - except if the user
// just chose 'save and display' from the form then that would be confusing
if (!isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], 'modedit.php') === false) {
if (strpos(get_local_referer(false), 'modedit.php') === false) {
$redirect = true;
}
}
......
......@@ -60,7 +60,7 @@ if (!wiki_user_can_view($subwiki, $wiki)) {
require_capability('mod/wiki:managefiles', $context);
if (empty($returnurl)) {
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$referer = get_local_referer(false);
if (!empty($referer)) {
$returnurl = $referer;
} else {
......
......@@ -112,7 +112,7 @@ if ($currentuser) {
// Need to have full access to a course to see the rest of own info.
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$referer = get_local_referer(false);
if (!empty($referer)) {
echo $OUTPUT->continue_button($referer);
}
......@@ -144,7 +144,7 @@ if ($currentuser) {
$PAGE->navbar->add($struser);
echo $OUTPUT->heading(get_string('notenrolledprofile'));
}
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$referer = get_local_referer(false);
if (!empty($referer)) {
echo $OUTPUT->continue_button($referer);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment