Permalink
Browse files

MDL-28720 fix set.php return url handling

  • Loading branch information...
1 parent 9de8774 commit 0d2672748c00181d9cdae2aabbab916cbd64c47d @skodak skodak committed Oct 28, 2011
Showing with 11 additions and 9 deletions.
  1. +1 −1 calendar/lib.php
  2. +5 −5 calendar/renderer.php
  3. +5 −3 calendar/set.php
View
@@ -842,7 +842,7 @@ function calendar_filter_controls(moodle_url $returnurl) {
$id = optional_param( 'id',0,PARAM_INT );
- $seturl = new moodle_url('/calendar/set.php', array('return' => $returnurl));
+ $seturl = new moodle_url('/calendar/set.php', array('return' => base64_encode($returnurl->out(false)), 'sesskey'=>sesskey()));
$content = '<table>';
$content .= '<tr>';
View
@@ -580,7 +580,7 @@ protected function filter_selection_table(calendar_information $calendar, moodle
$output .= html_writer::start_tag('tr');
// Global events
- $link = new moodle_url(CALENDAR_URL.'set.php', array('var' => 'showglobal', 'return' => $returnurl));
+ $link = new moodle_url(CALENDAR_URL.'set.php', array('var' => 'showglobal', 'return' => base64_encode($returnurl->out(false)), 'sesskey'=>sesskey()));
if (calendar_show_event_type(CALENDAR_EVENT_GLOBAL)) {
$output .= html_writer::tag('td', '', array('class'=>'calendar_event_global', 'style'=>'width:8px;'));
$output .= html_writer::tag('td', html_writer::tag('strong', get_string('globalevents', 'calendar')).' '.get_string('shown', 'calendar').' ('.html_writer::link($link, get_string('clickhide', 'calendar')).')');
@@ -590,7 +590,7 @@ protected function filter_selection_table(calendar_information $calendar, moodle
}
// Course events
- $link = new moodle_url(CALENDAR_URL.'set.php', array('var'=>'showcourses', 'return' => $returnurl));
+ $link = new moodle_url(CALENDAR_URL.'set.php', array('var'=>'showcourses', 'return' => base64_encode($returnurl->out(false)), 'sesskey'=>sesskey()));
if (calendar_show_event_type(CALENDAR_EVENT_COURSE)) {
$output .= html_writer::tag('td', '', array('class'=>'calendar_event_course', 'style'=>'width:8px;'));
$output .= html_writer::tag('td', html_writer::tag('strong', get_string('courseevents', 'calendar')).' '.get_string('shown', 'calendar').' ('.html_writer::link($link, get_string('clickhide', 'calendar')).')');
@@ -603,7 +603,7 @@ protected function filter_selection_table(calendar_information $calendar, moodle
if(isloggedin() && !isguestuser()) {
$output .= html_writer::start_tag('tr');
// Group events
- $link = new moodle_url(CALENDAR_URL.'set.php', array('var'=>'showgroups', 'return' => $returnurl));
+ $link = new moodle_url(CALENDAR_URL.'set.php', array('var'=>'showgroups', 'return' => base64_encode($returnurl->out(false)), 'sesskey'=>sesskey()));
if (calendar_show_event_type(CALENDAR_EVENT_GROUP)) {
$output .= html_writer::tag('td', '', array('class'=>'calendar_event_group', 'style'=>'width:8px;'));
$output .= html_writer::tag('td', html_writer::tag('strong', get_string('groupevents', 'calendar')).' '.get_string('shown', 'calendar').' ('.html_writer::link($link, get_string('clickhide', 'calendar')).')');
@@ -612,7 +612,7 @@ protected function filter_selection_table(calendar_information $calendar, moodle
$output .= html_writer::tag('td', html_writer::tag('strong', get_string('groupevents', 'calendar')).' '.get_string('hidden', 'calendar').' ('.html_writer::link($link, get_string('clickshow', 'calendar')).')');
}
// User events
- $link = new moodle_url(CALENDAR_URL.'set.php', array('var'=>'showuser', 'return' => $returnurl));
+ $link = new moodle_url(CALENDAR_URL.'set.php', array('var'=>'showuser', 'return' => base64_encode($returnurl->out(false)), 'sesskey'=>sesskey()));
if (calendar_show_event_type(CALENDAR_EVENT_USER)) {
$output .= html_writer::tag('td', '', array('class'=>'calendar_event_user', 'style'=>'width:8px;'));
$output .= html_writer::tag('td', html_writer::tag('strong', get_string('userevents', 'calendar')).' '.get_string('shown', 'calendar').' ('.html_writer::link($link, get_string('clickhide', 'calendar')).')');
@@ -701,7 +701,7 @@ protected function course_filter_selector(moodle_url $returnurl, $label=null) {
} else {
$selected = '';
}
- $select = new single_select(new moodle_url(CALENDAR_URL.'set.php', array('return' => $returnurl, 'var' => 'setcourse')), 'id', $courseoptions, $selected, null);
+ $select = new single_select(new moodle_url(CALENDAR_URL.'set.php', array('return' => base64_encode($returnurl->out(false)), 'var' => 'setcourse', 'sesskey'=>sesskey())), 'id', $courseoptions, $selected, null);
$select->class = 'cal_courses_flt';
if ($label !== null) {
$select->label = $label;
View
@@ -41,12 +41,14 @@
require_once('../config.php');
require_once($CFG->dirroot.'/calendar/lib.php');
-$return = required_param('return', PARAM_URL);
+require_sesskey();
+
$var = required_param('var', PARAM_ALPHA);
+$return = clean_param(base64_decode(required_param('return', PARAM_RAW)), PARAM_URL);
-$url = new moodle_url('/calendar/set.php', array('return'=>$return,'var'=>$var));
+$url = new moodle_url('/calendar/set.php', array('return'=>base64_encode($return->out(false)),'var'=>$var, 'sesskey'=>sesskey()));
$PAGE->set_url($url);
-$PAGE->set_context(get_context_instance(CONTEXT_SYSTEM)); //TODO: wrong
+$PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
switch($var) {
case 'showgroups':

0 comments on commit 0d26727

Please sign in to comment.