Permalink
Browse files

Merge branch 'w07_MDL-26381_20_changepw' of git://github.com/skodak/m…

…oodle
  • Loading branch information...
2 parents c04c06d + 7ea77a5 commit 534f22d14127dc2630af91870d3452cb1954103d @stronk7 stronk7 committed Feb 15, 2011
Showing with 17 additions and 14 deletions.
  1. +17 −14 login/change_password.php
View
31 login/change_password.php
@@ -27,19 +27,29 @@
require('../config.php');
require_once('change_password_form.php');
-$id = optional_param('id', SITEID, PARAM_INT); // current course
+$id = optional_param('id', SITEID, PARAM_INT); // current course
+$return = optional_param('return', 0, PARAM_BOOL); // redirect after password change
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
-$uparams = array();
-if ($id != SITEID) {
- $uparams['id'] = $id;
-}
-$PAGE->set_url('/login/change_password.php', $uparams);
+$PAGE->set_url('/login/change_password.php', array('id'=>$id));
$PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
+if ($return) {
+ // this redirect prevents security warning because https can not POST to http pages
+ if (empty($SESSION->wantsurl)
+ or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php') === 0)) {
+ $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id";
+ } else {
+ $returnto = $SESSION->wantsurl;
+ }
+ unset($SESSION->wantsurl);
+
+ redirect($returnto);
+}
+
$strparticipants = get_string('participants');
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
@@ -115,14 +125,7 @@
$PAGE->set_heading($COURSE->fullname);
echo $OUTPUT->header();
- if (empty($SESSION->wantsurl) or $SESSION->wantsurl == $CFG->httpswwwroot.'/login/change_password.php') {
- $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id";
- } else {
- $returnto = $SESSION->wantsurl;
- }
- unset($SESSION->wantsurl);
-
- notice($strpasswordchanged, $returnto);
+ notice($strpasswordchanged, new moodle_url($PAGE->url, array('return'=>1)));
echo $OUTPUT->footer();
exit;

0 comments on commit 534f22d

Please sign in to comment.