Commit 1678181a authored by Mark Nelson's avatar Mark Nelson
Browse files

MDL-59612 core: removed hard-coded check for referer in modules

See mod/upgrade.txt for explanation.

Part of MDL-59313.
parent 585146f0
......@@ -58,23 +58,25 @@ class activity_navigation implements renderable, templatable {
// Check if there is a previous module to display.
if ($prevmod) {
$linkurl = new \moodle_url($prevmod->url, array('forceview' => 1));
$linkname = $prevmod->name;
if (!$prevmod->visible) {
$linkname .= ' ' . get_string('hiddenwithbrackets');
}
$link = new \action_link($prevmod->url, $OUTPUT->larrow() . ' ' . $linkname);
$link = new \action_link($linkurl, $OUTPUT->larrow() . ' ' . $linkname);
$this->prevlink = $OUTPUT->render($link);
}
// Check if there is a next module to display.
if ($nextmod) {
$linkurl = new \moodle_url($nextmod->url, array('forceview' => 1));
$linkname = $nextmod->name;
if (!$nextmod->visible) {
$linkname .= ' ' . get_string('hiddenwithbrackets');
}
$link = new \action_link($nextmod->url, $linkname . ' ' . $OUTPUT->rarrow());
$link = new \action_link($linkurl, $linkname . ' ' . $OUTPUT->rarrow());
$this->nextlink = $OUTPUT->render($link);
}
}
......
......@@ -157,11 +157,11 @@ if ($mform->is_cancelled()) {
}
if (isset($fromform->submitbutton)) {
$url = new moodle_url("/mod/$module->name/view.php", array('id' => $fromform->coursemodule, 'forceview' => 1));
if (empty($fromform->showgradingmanagement)) {
redirect("$CFG->wwwroot/mod/$module->name/view.php?id=$fromform->coursemodule");
redirect($url);
} else {
$returnurl = new moodle_url("/mod/$module->name/view.php", array('id' => $fromform->coursemodule));
redirect($fromform->gradingman->get_management_url($returnurl));
redirect($fromform->gradingman->get_management_url($url));
}
} else {
redirect(course_get_url($course, $cw->section, array('sr' => $sectionreturn)));
......
......@@ -31,6 +31,7 @@ require_once($CFG->libdir.'/completionlib.php');
$id = optional_param('id', 0, PARAM_INT); // Course Module ID
$r = optional_param('r', 0, PARAM_INT); // Resource instance ID
$redirect = optional_param('redirect', 0, PARAM_BOOL);
$forceview = optional_param('forceview', 0, PARAM_BOOL);
if ($r) {
if (!$resource = $DB->get_record('resource', array('id'=>$r))) {
......@@ -76,12 +77,7 @@ if (count($files) < 1) {
$resource->mainfile = $file->get_filename();
$displaytype = resource_get_final_display_type($resource);
if ($displaytype == RESOURCELIB_DISPLAY_OPEN || $displaytype == RESOURCELIB_DISPLAY_DOWNLOAD) {
// For 'open' and 'download' links, we always redirect to the content - except
// if the user just chose 'save and display' from the form then that would be
// confusing
if (strpos(get_local_referer(false), 'modedit.php') === false) {
$redirect = true;
}
$redirect = true;
}
// Don't redirect teachers, otherwise they can not access course or module settings.
......@@ -91,7 +87,7 @@ if ($redirect && !course_get_format($course)->has_view_page() &&
$redirect = false;
}
if ($redirect) {
if ($redirect && !$forceview) {
// coming from course page or url index page
// this redirect trick solves caching problems when tracking views ;-)
$path = '/'.$context->id.'/mod_resource/content/'.$resource->revision.$file->get_filepath().$file->get_filename();
......
This files describes API changes in /mod/* - activity modules,
information provided here is intended especially for developers.
=== 3.4 ===
* Navigation between activities via a previous and next link was added to Boost, Clean and Bootstrapbase. This
was made possible by a new function core_renderer->activity_navigation(). However, there was an issue when linking
to the mod_resource and mod_url view.php pages where it would automatically download the file, or redirect to
the URL. It was noticed that this was not the case when editing the module and clicking 'Save and display' which would
take you to the pages without downloading the file or redirecting to a link. The reason this worked was because of the
hard-coded check 'if (strpos(get_local_referer(false), 'modedit.php') === false) {' in the view.php files. This check
has been removed in favour of an optional_param('forceview'). If you are using the above hard-coded check in your
plugin it is recommended to remove it and use the optional param as it will prevent the navigation from working as
expected.
=== 3.3 ===
* External functions that were returning file information now return the following additional file fields:
......
......@@ -31,6 +31,7 @@ require_once($CFG->libdir . '/completionlib.php');
$id = optional_param('id', 0, PARAM_INT); // Course module ID
$u = optional_param('u', 0, PARAM_INT); // URL instance id
$redirect = optional_param('redirect', 0, PARAM_BOOL);
$forceview = optional_param('forceview', 0, PARAM_BOOL);
if ($u) { // Two ways to specify the module
$url = $DB->get_record('url', array('id'=>$u), '*', MUST_EXIST);
......@@ -66,14 +67,10 @@ unset($exturl);
$displaytype = url_get_final_display_type($url);
if ($displaytype == RESOURCELIB_DISPLAY_OPEN) {
// For 'open' links, we always redirect to the content - except if the user
// just chose 'save and display' from the form then that would be confusing
if (strpos(get_local_referer(false), 'modedit.php') === false) {
$redirect = true;
}
$redirect = true;
}
if ($redirect) {
if ($redirect && !$forceview) {
// coming from course page or url index page,
// the redirection is needed for completion tracking and logging
$fullurl = str_replace('&amp;', '&', url_get_full_url($url, $cm, $course));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment