Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
moodle
moodle
Commits
1678181a
Commit
1678181a
authored
Jul 28, 2017
by
Mark Nelson
Browse files
MDL-59612 core: removed hard-coded check for referer in modules
See mod/upgrade.txt for explanation. Part of MDL-59313.
parent
585146f0
Changes
5
Hide whitespace changes
Inline
Side-by-side
course/classes/output/activity_navigation.php
View file @
1678181a
...
...
@@ -58,23 +58,25 @@ class activity_navigation implements renderable, templatable {
// Check if there is a previous module to display.
if
(
$prevmod
)
{
$linkurl
=
new
\
moodle_url
(
$prevmod
->
url
,
array
(
'forceview'
=>
1
));
$linkname
=
$prevmod
->
name
;
if
(
!
$prevmod
->
visible
)
{
$linkname
.
=
' '
.
get_string
(
'hiddenwithbrackets'
);
}
$link
=
new
\
action_link
(
$
prevmod
->
url
,
$OUTPUT
->
larrow
()
.
' '
.
$linkname
);
$link
=
new
\
action_link
(
$
link
url
,
$OUTPUT
->
larrow
()
.
' '
.
$linkname
);
$this
->
prevlink
=
$OUTPUT
->
render
(
$link
);
}
// Check if there is a next module to display.
if
(
$nextmod
)
{
$linkurl
=
new
\
moodle_url
(
$nextmod
->
url
,
array
(
'forceview'
=>
1
));
$linkname
=
$nextmod
->
name
;
if
(
!
$nextmod
->
visible
)
{
$linkname
.
=
' '
.
get_string
(
'hiddenwithbrackets'
);
}
$link
=
new
\
action_link
(
$
nextmod
->
url
,
$linkname
.
' '
.
$OUTPUT
->
rarrow
());
$link
=
new
\
action_link
(
$
link
url
,
$linkname
.
' '
.
$OUTPUT
->
rarrow
());
$this
->
nextlink
=
$OUTPUT
->
render
(
$link
);
}
}
...
...
course/modedit.php
View file @
1678181a
...
...
@@ -157,11 +157,11 @@ if ($mform->is_cancelled()) {
}
if
(
isset
(
$fromform
->
submitbutton
))
{
$url
=
new
moodle_url
(
"/mod/
$module->name
/view.php"
,
array
(
'id'
=>
$fromform
->
coursemodule
,
'forceview'
=>
1
));
if
(
empty
(
$fromform
->
showgradingmanagement
))
{
redirect
(
"
$CFG->wwwroot
/mod/
$module->name
/view.php?id=
$fromform->coursemodule
"
);
redirect
(
$url
);
}
else
{
$returnurl
=
new
moodle_url
(
"/mod/
$module->name
/view.php"
,
array
(
'id'
=>
$fromform
->
coursemodule
));
redirect
(
$fromform
->
gradingman
->
get_management_url
(
$returnurl
));
redirect
(
$fromform
->
gradingman
->
get_management_url
(
$url
));
}
}
else
{
redirect
(
course_get_url
(
$course
,
$cw
->
section
,
array
(
'sr'
=>
$sectionreturn
)));
...
...
mod/resource/view.php
View file @
1678181a
...
...
@@ -31,6 +31,7 @@ require_once($CFG->libdir.'/completionlib.php');
$id
=
optional_param
(
'id'
,
0
,
PARAM_INT
);
// Course Module ID
$r
=
optional_param
(
'r'
,
0
,
PARAM_INT
);
// Resource instance ID
$redirect
=
optional_param
(
'redirect'
,
0
,
PARAM_BOOL
);
$forceview
=
optional_param
(
'forceview'
,
0
,
PARAM_BOOL
);
if
(
$r
)
{
if
(
!
$resource
=
$DB
->
get_record
(
'resource'
,
array
(
'id'
=>
$r
)))
{
...
...
@@ -76,12 +77,7 @@ if (count($files) < 1) {
$resource
->
mainfile
=
$file
->
get_filename
();
$displaytype
=
resource_get_final_display_type
(
$resource
);
if
(
$displaytype
==
RESOURCELIB_DISPLAY_OPEN
||
$displaytype
==
RESOURCELIB_DISPLAY_DOWNLOAD
)
{
// For 'open' and 'download' links, we always redirect to the content - except
// if the user just chose 'save and display' from the form then that would be
// confusing
if
(
strpos
(
get_local_referer
(
false
),
'modedit.php'
)
===
false
)
{
$redirect
=
true
;
}
$redirect
=
true
;
}
// Don't redirect teachers, otherwise they can not access course or module settings.
...
...
@@ -91,7 +87,7 @@ if ($redirect && !course_get_format($course)->has_view_page() &&
$redirect
=
false
;
}
if
(
$redirect
)
{
if
(
$redirect
&&
!
$forceview
)
{
// coming from course page or url index page
// this redirect trick solves caching problems when tracking views ;-)
$path
=
'/'
.
$context
->
id
.
'/mod_resource/content/'
.
$resource
->
revision
.
$file
->
get_filepath
()
.
$file
->
get_filename
();
...
...
mod/upgrade.txt
View file @
1678181a
This files describes API changes in /mod/* - activity modules,
information provided here is intended especially for developers.
=== 3.4 ===
* Navigation between activities via a previous and next link was added to Boost, Clean and Bootstrapbase. This
was made possible by a new function core_renderer->activity_navigation(). However, there was an issue when linking
to the mod_resource and mod_url view.php pages where it would automatically download the file, or redirect to
the URL. It was noticed that this was not the case when editing the module and clicking 'Save and display' which would
take you to the pages without downloading the file or redirecting to a link. The reason this worked was because of the
hard-coded check 'if (strpos(get_local_referer(false), 'modedit.php') === false) {' in the view.php files. This check
has been removed in favour of an optional_param('forceview'). If you are using the above hard-coded check in your
plugin it is recommended to remove it and use the optional param as it will prevent the navigation from working as
expected.
=== 3.3 ===
* External functions that were returning file information now return the following additional file fields:
...
...
mod/url/view.php
View file @
1678181a
...
...
@@ -31,6 +31,7 @@ require_once($CFG->libdir . '/completionlib.php');
$id
=
optional_param
(
'id'
,
0
,
PARAM_INT
);
// Course module ID
$u
=
optional_param
(
'u'
,
0
,
PARAM_INT
);
// URL instance id
$redirect
=
optional_param
(
'redirect'
,
0
,
PARAM_BOOL
);
$forceview
=
optional_param
(
'forceview'
,
0
,
PARAM_BOOL
);
if
(
$u
)
{
// Two ways to specify the module
$url
=
$DB
->
get_record
(
'url'
,
array
(
'id'
=>
$u
),
'*'
,
MUST_EXIST
);
...
...
@@ -66,14 +67,10 @@ unset($exturl);
$displaytype
=
url_get_final_display_type
(
$url
);
if
(
$displaytype
==
RESOURCELIB_DISPLAY_OPEN
)
{
// For 'open' links, we always redirect to the content - except if the user
// just chose 'save and display' from the form then that would be confusing
if
(
strpos
(
get_local_referer
(
false
),
'modedit.php'
)
===
false
)
{
$redirect
=
true
;
}
$redirect
=
true
;
}
if
(
$redirect
)
{
if
(
$redirect
&&
!
$forceview
)
{
// coming from course page or url index page,
// the redirection is needed for completion tracking and logging
$fullurl
=
str_replace
(
'&'
,
'&'
,
url_get_full_url
(
$url
,
$cm
,
$course
));
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment