Permalink
Browse files

This is a first attempt to make moodle frame safe.

I've added the variable CFG->main_frame to config-dist.php, and replaced _top
targets with the variable in all the php files.  HTML files, like those in the
documentation, have not been modified, as they are not (yet) parsed.

The variable should probably get moved into the config table, and get some
documentation.

I've also included, but commented out, a slight change in weblib.php, which
would guarantee that messages would be seen before redirecting the user (unless
delay intentionally set to 0 when redirect is used).
  • Loading branch information...
1 parent 754b76f commit 08b3606390af575d7aa9b9684d01a7ef7cf88160 gregb_cc committed Mar 11, 2003
Showing with 39 additions and 23 deletions.
  1. +1 −1 admin/auth.php
  2. +2 −0 config-dist.php
  3. +14 −4 lib/weblib.php
  4. +14 −10 mod/resource/view.php
  5. +5 −5 mod/survey/report.php
  6. +1 −1 theme/oceanblue/header.html_logo
  7. +2 −2 theme/poweraid/header.html
View
@@ -91,7 +91,7 @@
"<A HREF=\"index.php\">$stradministration</A> -> $strauthenticationoptions", "$focus");
echo "<CENTER><P><B>";
- echo "<form TARGET=\"_top\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
+ echo "<form TARGET=\"{$CFG->main_frame}\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
print_string("chooseauthmethod","auth");
choose_from_menu ($options, "auth", $auth, "","top.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");
View
@@ -113,4 +113,6 @@
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
+
+$CFG->main_frame = '_top';
?>
View
@@ -364,7 +364,7 @@ function popup_form ($common, $options, $formname, $selected="", $nothing="choos
$nothing = get_string("choose")."...";
}
- $output = "<FORM TARGET=_top NAME=$formname>";
+ $output = "<FORM TARGET=\"{$CFG->main_frame}\" NAME=$formname>";
$output .= "<SELECT NAME=popup onChange=\"top.location=document.$formname.popup.options[document.$formname.popup.selectedIndex].value\">\n";
if ($nothing != "") {
@@ -653,10 +653,10 @@ function print_footer ($course=NULL) {
$course = get_site();
$homepage = true;
} else {
- $homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
+ $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
}
} else {
- $homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
+ $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
$course = get_site();
}
@@ -690,7 +690,7 @@ function print_navigation ($navigation) {
if (! $site = get_site()) {
$site->shortname = get_string("home");;
}
- echo "<A TARGET=_top HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
+ echo "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
}
}
@@ -1141,6 +1141,16 @@ function notice_yesno ($message, $linkyes, $linkno) {
print_simple_box_end();
}
+/* This is an alternate beginning to the redirect function
+function redirect($url, $message="", $delay=false) {
+// Uses META tags to redirect the user, after printing a notice
+ if(!empty($message) && $delay == false):
+ $delay = 10;
+ else:
+ $delay = 0;
+ endif;
+*/
+
function redirect($url, $message="", $delay=0) {
// Uses META tags to redirect the user, after printing a notice
View
@@ -23,10 +23,10 @@
if ($course->category) {
require_login($course->id);
- $navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
- <A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
} else {
- $navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
}
@@ -54,7 +54,7 @@
case WEBPAGE:
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname",
- "$navigation <A TARGET=_top HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
+ "$navigation <A TARGET=\"{$CFG->main_frame}\" HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
@@ -69,18 +69,22 @@
break;
case UPLOADEDFILE:
+ if ($CFG->slasharguments) {
+ $ffurl = "file.php/$course->id/$resource->reference";
+ } else {
+ $ffurl = "file.php?file=/$course->id/$resource->reference";
+ }
+
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname", "$navigation $resource->name",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
-
+ echo "<HR><CENTER><FONT SIZE=-2>If you cannot see the file in your
+ browser, and were not prompted to save the file, please try the
+ following link (you may need to right click and choose
+ &quot;Save As&quot;):<a href=\"{$CFG->wwwroot}/$ffurl\">{$resource->name}</FONT></CENTER>";
} else {
add_to_log($course->id, "resource", "view", "view.php?id=$cm->id", "$resource->id");
- if ($CFG->slasharguments) {
- $ffurl = "file.php/$course->id/$resource->reference";
- } else {
- $ffurl = "file.php?file=/$course->id/$resource->reference";
- }
echo "<HEAD><TITLE>$course->shortname: $resource->name</TITLE></HEAD>\n";
echo "<FRAMESET ROWS=$RESOURCE_FRAME_SIZE,*>";
echo "<FRAME SRC=\"view.php?id=$cm->id&frameset=true\">";
View
@@ -61,12 +61,12 @@
switch ($action) {
case "top":
if ($course->category) {
- $navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
- <A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
- <A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
} else {
- $navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
- <A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
}
print_header("$course->shortname: $survey->name", "$course->fullname", "$navigation $strreport");
break;
@@ -14,7 +14,7 @@
<TABLE WIDTH=100% CELLPADDING=10 CELLSPACING=0 BORDER=0>
<TR>
- <TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="_top"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
+ <TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="<?=$CFG->main_frame?>"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
<TD ALIGN=RIGHT VALIGN=TOP><?=$menu ?></TD>
</TR>
</TABLE>
@@ -58,7 +58,7 @@
</tr>
<tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
-<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
+<td align="left" valign="top"><A TARGET=\"{$CFG->main_frame}\" HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">
@@ -99,7 +99,7 @@
</tr>
<tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
-<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
+<td align="left" valign="top"><A TARGET="<?=$CFG->main_frame?>" HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
<td width="6" background="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">

0 comments on commit 08b3606

Please sign in to comment.