Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Most of the time, don't rely on HTTP_REFERER

  • Loading branch information...
commit 8575cd3233a584bf1a70e6651900e0e3df8897a8 1 parent 840c178
moodler authored
Showing with 11 additions and 7 deletions.
  1. +11 −7 mod/forum/rate.php
View
18 mod/forum/rate.php
@@ -20,31 +20,35 @@
if ($data = data_submitted("$CFG->wwwroot/mod/forum/discuss.php")) { // form submitted
- foreach ($data as $post => $rating) {
- if ($post == "id") {
+ foreach ($data as $postid => $rating) {
+ if ($postid == "id") {
continue;
}
- if ($oldrating = get_record("forum_ratings", "userid", $USER->id, "post", $post)) {
+ if ($oldrating = get_record("forum_ratings", "userid", $USER->id, "post", $postid)) {
if ($rating != $oldrating->rating) {
$oldrating->rating = $rating;
$oldrating->time = time();
if (! update_record("forum_ratings", $oldrating)) {
- error("Could not update an old rating ($post = $rating)");
+ error("Could not update an old rating ($postid = $rating)");
}
}
} else if ($rating) {
unset($newrating);
$newrating->userid = $USER->id;
$newrating->time = time();
- $newrating->post = $post;
+ $newrating->post = $postid;
$newrating->rating = $rating;
if (! insert_record("forum_ratings", $newrating)) {
- error("Could not insert a new rating ($post = $rating)");
+ error("Could not insert a new rating ($postid = $rating)");
}
}
}
- redirect($_SERVER["HTTP_REFERER"], get_string("ratingssaved", "forum"));
+ if ($post = get_record('forum_posts', 'id', $postid)) {
+ redirect("$CFG->wwwroot/mod/forum/discuss.php?d=$post->discussion", get_string("ratingssaved", "forum"));
+ } else {
+ redirect($_SERVER["HTTP_REFERER"], get_string("ratingssaved", "forum"));
+ }
} else {
error("This page was not accessed correctly");
Please sign in to comment.
Something went wrong with that request. Please try again.