Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-26389 improve profile and search engine privacy

  • Loading branch information...
commit 81b58cc227cf96a1cd2e002cc210b7b3e376fd17 1 parent d911c72
Petr Skoda skodak authored
15 lib/sessionlib.php
View
@@ -216,19 +216,8 @@ protected function check_user_initialised() {
$user = null;
if (!empty($CFG->opentogoogle) and !NO_MOODLE_COOKIES) {
- if (!empty($_SERVER['HTTP_USER_AGENT'])) {
- // allow web spiders in as guest users
- if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
- $user = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
- $user = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
- $user = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
- $user = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
- $user = guest_user();
- }
+ if (is_web_crawler()) {
+ $user = guest_user();
}
if (!empty($CFG->guestloginbutton) and !$user and !empty($_SERVER['HTTP_REFERER'])) {
// automaticaly log in users coming from search engine results
32 lib/setuplib.php
View
@@ -1123,6 +1123,38 @@ function init_eaccelerator() {
return false;
}
+/**
+ * Checks if current user is a web crawler.
+ *
+ * This list can not be made complete, this is not a security
+ * restriction, we make the list only to help these sites
+ * especially when automatic guest login is disabled.
+ *
+ * If admin needs security they should enable forcelogin
+ * and disable guest access!!
+ *
+ * @return bool
+ */
+function is_web_crawler() {
+ if (!empty($_SERVER['HTTP_USER_AGENT'])) {
+ if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
+ return true;
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
+ return true;
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
+ return true;
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
+ return true;
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
+ return true;
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yandex') !== false ) {
+ return true;
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'AltaVista') !== false ) {
+ return true;
+ }
+ }
+ return false;
+}
/**
* This class solves the problem of how to initialise $OUTPUT.
5 mod/forum/user.php
View
@@ -106,11 +106,10 @@
echo '<div class="user-content">';
if ($course->id == SITEID) {
- if (empty($CFG->forceloginforprofiles) || isloggedin()) {
+ $searchcourse = SITEID;
+ if (empty($CFG->forceloginforprofiles) or (isloggedin() and !isguestuser() and !is_web_crawler())) {
// Search throughout the whole site.
$searchcourse = 0;
- } else {
- $searchcourse = SITEID;
}
} else {
// Search only for posts the user made in this course.
5 user/profile.php
View
@@ -42,9 +42,12 @@
$userid = optional_param('id', 0, PARAM_INT);
$edit = optional_param('edit', null, PARAM_BOOL); // Turn editing on and off
+$PAGE->set_url('/user/profile.php', array('id'=>$userid));
+
if (!empty($CFG->forceloginforprofiles)) {
require_login();
if (isguestuser()) {
+ $SESSION->wantsurl = $PAGE->url->out(false);
redirect(get_login_url());
}
} else if (!empty($CFG->forcelogin)) {
@@ -106,8 +109,6 @@
// Start setting up the page
$strpublicprofile = get_string('publicprofile');
-$params = array('id'=>$userid);
-$PAGE->set_url('/user/profile.php', $params);
$PAGE->blocks->add_region('content');
$PAGE->set_subpage($currentpage->id);
$PAGE->set_title(fullname($user).": $strpublicprofile");
13 user/view.php
View
@@ -40,8 +40,7 @@
redirect($CFG->wwwroot.'/user/profile.php?id='.$id); // Immediate redirect
}
-$url = new moodle_url('/user/view.php', array('id'=>$id,'course'=>$courseid));
-$PAGE->set_url($url);
+$PAGE->set_url('/user/view.php', array('id'=>$id,'course'=>$courseid));
$user = $DB->get_record('user', array('id'=>$id), '*', MUST_EXIST);
$course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST);
@@ -57,6 +56,14 @@
print_error('invaliduserid');
}
+if (!empty($CFG->forceloginforprofiles)) {
+ require_login(); // we can not log in to course due to the parent hack bellow
+ if (isguestuser()) {
+ $SESSION->wantsurl = $PAGE->url->out(false);
+ redirect(get_login_url());
+ }
+}
+
$PAGE->set_context($coursecontext);
$PAGE->set_course($course);
$PAGE->set_pagetype('course-view-' . $course->format); // To get the blocks exactly like the course
@@ -76,7 +83,7 @@
} else {
// normal course
require_login($course);
- // what to do with users temporary accessing this course? shoudl they see the details?
+ // what to do with users temporary accessing this course? should they see the details?
}
$strpersonalprofile = get_string('personalprofile');
Please sign in to comment.
Something went wrong with that request. Please try again.