Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

This is a first attempt to make moodle frame safe.

I've added the variable CFG->main_frame to config-dist.php, and replaced _top
targets with the variable in all the php files.  HTML files, like those in the
documentation, have not been modified, as they are not (yet) parsed.

The variable should probably get moved into the config table, and get some
documentation.

I've also included, but commented out, a slight change in weblib.php, which
would guarantee that messages would be seen before redirecting the user (unless
delay intentionally set to 0 when redirect is used).
  • Loading branch information...
commit 08b3606390af575d7aa9b9684d01a7ef7cf88160 1 parent 754b76f
gregb_cc authored
View
2  admin/auth.php
@@ -91,7 +91,7 @@
"<A HREF=\"index.php\">$stradministration</A> -> $strauthenticationoptions", "$focus");
echo "<CENTER><P><B>";
- echo "<form TARGET=\"_top\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
+ echo "<form TARGET=\"{$CFG->main_frame}\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
print_string("chooseauthmethod","auth");
choose_from_menu ($options, "auth", $auth, "","top.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");
View
2  config-dist.php
@@ -113,4 +113,6 @@
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
+
+$CFG->main_frame = '_top';
?>
View
18 lib/weblib.php
@@ -364,7 +364,7 @@ function popup_form ($common, $options, $formname, $selected="", $nothing="choos
$nothing = get_string("choose")."...";
}
- $output = "<FORM TARGET=_top NAME=$formname>";
+ $output = "<FORM TARGET=\"{$CFG->main_frame}\" NAME=$formname>";
$output .= "<SELECT NAME=popup onChange=\"top.location=document.$formname.popup.options[document.$formname.popup.selectedIndex].value\">\n";
if ($nothing != "") {
@@ -653,10 +653,10 @@ function print_footer ($course=NULL) {
$course = get_site();
$homepage = true;
} else {
- $homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
+ $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
}
} else {
- $homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
+ $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
$course = get_site();
}
@@ -690,7 +690,7 @@ function print_navigation ($navigation) {
if (! $site = get_site()) {
$site->shortname = get_string("home");;
}
- echo "<A TARGET=_top HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
+ echo "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
}
}
@@ -1141,6 +1141,16 @@ function notice_yesno ($message, $linkyes, $linkno) {
print_simple_box_end();
}
+/* This is an alternate beginning to the redirect function
+function redirect($url, $message="", $delay=false) {
+// Uses META tags to redirect the user, after printing a notice
+ if(!empty($message) && $delay == false):
+ $delay = 10;
+ else:
+ $delay = 0;
+ endif;
+*/
+
function redirect($url, $message="", $delay=0) {
// Uses META tags to redirect the user, after printing a notice
View
24 mod/resource/view.php
@@ -23,10 +23,10 @@
if ($course->category) {
require_login($course->id);
- $navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
- <A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
} else {
- $navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
}
@@ -54,7 +54,7 @@
case WEBPAGE:
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname",
- "$navigation <A TARGET=_top HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
+ "$navigation <A TARGET=\"{$CFG->main_frame}\" HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
@@ -69,18 +69,22 @@
break;
case UPLOADEDFILE:
+ if ($CFG->slasharguments) {
+ $ffurl = "file.php/$course->id/$resource->reference";
+ } else {
+ $ffurl = "file.php?file=/$course->id/$resource->reference";
+ }
+
if (!empty($frameset)) {
print_header("$course->shortname: $resource->name", "$course->fullname", "$navigation $resource->name",
"", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
-
+ echo "<HR><CENTER><FONT SIZE=-2>If you cannot see the file in your
+ browser, and were not prompted to save the file, please try the
+ following link (you may need to right click and choose
+ &quot;Save As&quot;):<a href=\"{$CFG->wwwroot}/$ffurl\">{$resource->name}</FONT></CENTER>";
} else {
add_to_log($course->id, "resource", "view", "view.php?id=$cm->id", "$resource->id");
- if ($CFG->slasharguments) {
- $ffurl = "file.php/$course->id/$resource->reference";
- } else {
- $ffurl = "file.php?file=/$course->id/$resource->reference";
- }
echo "<HEAD><TITLE>$course->shortname: $resource->name</TITLE></HEAD>\n";
echo "<FRAMESET ROWS=$RESOURCE_FRAME_SIZE,*>";
echo "<FRAME SRC=\"view.php?id=$cm->id&frameset=true\">";
View
10 mod/survey/report.php
@@ -61,12 +61,12 @@
switch ($action) {
case "top":
if ($course->category) {
- $navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
- <A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
- <A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
} else {
- $navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
- <A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
+ $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
+ <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
}
print_header("$course->shortname: $survey->name", "$course->fullname", "$navigation $strreport");
break;
View
2  theme/oceanblue/header.html_logo
@@ -14,7 +14,7 @@
<TABLE WIDTH=100% CELLPADDING=10 CELLSPACING=0 BORDER=0>
<TR>
- <TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="_top"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
+ <TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="<?=$CFG->main_frame?>"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
<TD ALIGN=RIGHT VALIGN=TOP><?=$menu ?></TD>
</TR>
</TABLE>
View
4 theme/poweraid/header.html
@@ -58,7 +58,7 @@
</tr>
<tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
-<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
+<td align="left" valign="top"><A TARGET=\"{$CFG->main_frame}\" HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">
@@ -99,7 +99,7 @@
</tr>
<tr>
<td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
-<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
+<td align="left" valign="top"><A TARGET="<?=$CFG->main_frame?>" HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
<td width="6" background="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
</tr>
</table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">
Please sign in to comment.
Something went wrong with that request. Please try again.