Skip to content
Browse files

MDL-27542 calendar export: fixed the following:

1. changing auth token to use user id instead of username
2. add fall back checking for old url
3. remove yui functionality to generate calendar url
4. add missing variable
5. fixed usercontext instance
  • Loading branch information...
1 parent f08f22c commit bf870f7f2dc99626576bd884e0b473a2533acc99 @rwijaya rwijaya committed Nov 7, 2011
View
18 calendar/export.php
@@ -59,6 +59,7 @@
$day = optional_param('cal_d', 0, PARAM_INT);
$mon = optional_param('cal_m', 0, PARAM_INT);
$yr = optional_param('cal_y', 0, PARAM_INT);
+$generateurl = optional_param('generateurl', 0, PARAM_BOOL);
if ($courseid != SITEID && !empty($courseid)) {
$course = $DB->get_record('course', array('id' => $courseid));
@@ -93,6 +94,7 @@
$calendar->prepare_for_view($course, $courses);
$pagetitle = get_string('export', 'calendar');
+$now = usergetdate(time());
// Print title and header
if ($issite) {
@@ -122,18 +124,28 @@
if (isset($CFG->calendar_weekend)) {
$weekend = intval($CFG->calendar_weekend);
}
- $username = $USER->username;
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
+
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
// Let's populate some vars to let "common tasks" be somewhat smart...
// If today it's weekend, give the "next week" option
$allownextweek = $weekend & (1 << $now['wday']);
// If it's the last week of the month, give the "next month" option
$allownextmonth = calendar_days_in_month($now['mon'], $now['year']) - $now['mday'] < 7;
// If today it's weekend but tomorrow it isn't, do NOT give the "this week" option
$allowthisweek = !(($weekend & (1 << $now['wday'])) && !($weekend & (1 << (($now['wday'] + 1) % 7))));
- echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken);
+ echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $USER->id, $authtoken);
break;
}
+if (!empty($generateurl)) {
+ $params['userid'] = optional_param('userid', 0, PARAM_INT);
+ $params['authtoken'] = optional_param('authtoken', '', PARAM_ALPHANUM);
+ $params['preset_what'] = optional_param('preset_what', 'all', PARAM_ALPHA);
+ $params['preset_time'] = optional_param('preset_time', 'weeknow', PARAM_ALPHA);
+
+ $link = new moodle_url('/calendar/export_execute.php', $params);
+ print html_writer::tag('div', get_string('calendarurl', 'calendar', $link->out()), array('class' => 'generalbox calendarurl'));
+}
+
echo $renderer->complete_layout();
echo $OUTPUT->footer();
View
30 calendar/export_execute.php
@@ -5,21 +5,29 @@
require_once($CFG->dirroot.'/calendar/lib.php');
require_once($CFG->libdir.'/bennu/bennu.inc.php');
-$username = required_param('username', PARAM_TEXT);
+$userid = optional_param('userid', 0, PARAM_INT);
+$username = optional_param('username', '', PARAM_TEXT);
$authtoken = required_param('authtoken', PARAM_ALPHANUM);
+$generateurl = optional_param('generateurl', '', PARAM_TEXT);
if (empty($CFG->enablecalendarexport)) {
die('no export');
}
//Fetch user information
-if (!$user = $DB->get_record('user', array('username' => $username), 'id,password')) {
- //No such user
+$checkuserid = !empty($userid) && $user = $DB->get_record('user', array('id' => $userid), 'id,password');
+//allowing for fallback check of old url - MDL-27542
+$checkusername = !empty($username) && $user = $DB->get_record('user', array('username' => $username), 'id,password');
+if (!$checkuserid && !$checkusername) {
+ //No such user
die('Invalid authentication');
}
//Check authentication token
-if ($authtoken != sha1($username . $user->password . $CFG->calendar_exportsalt)) {
+$authuserid = !empty($userid) && $authtoken == sha1($userid . $user->password . $CFG->calendar_exportsalt);
+//allowing for fallback check of old url - MDL-27542
+$authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt);
+if (!$authuserid && !$authusername) {
die('Invalid authentication');
}
@@ -31,6 +39,20 @@
$allowed_what = array('all', 'courses');
$allowed_time = array('weeknow', 'weeknext', 'monthnow', 'monthnext', 'recentupcoming');
+if (!empty($generateurl)) {
+ $authtoken = sha1($user->id . $user->password . $CFG->calendar_exportsalt);
+ $params = array();
+ $params['preset_what'] = $what;
+ $params['preset_time'] = $time;
+ $params['userid'] = $userid;
+ $params['authtoken'] = $authtoken;
+ $params['generateurl'] = true;
+
+ $link = new moodle_url('/calendar/export.php', $params);
+ redirect($link->out());
+ die;
+}
+
if(!empty($what) && !empty($time)) {
if(in_array($what, $allowed_what) && in_array($time, $allowed_time)) {
$courses = enrol_get_users_courses($user->id, true, 'id, visible, shortname');
View
2 calendar/lib.php
@@ -1806,7 +1806,7 @@ protected function calculate_context(stdClass $data) {
$group = $DB->get_record('groups', array('id'=>$data->groupid));
$context = get_context_instance(CONTEXT_COURSE, $group->courseid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid == $USER->id) {
- $context = get_context_instance(CONTEXT_USER);
+ $context = get_context_instance(CONTEXT_USER, $data->userid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid != $USER->id &&
isset($data->instance) && $data->instance > 0) {
$cm = get_coursemodule_from_instance($data->modulename, $data->instance, 0, false, MUST_EXIST);
View
10 calendar/renderer.php
@@ -34,11 +34,11 @@ class core_calendar_renderer extends plugin_renderer_base {
* @param bool $allowthisweek
* @param bool $allownextweek
* @param bool $allownextmonth
- * @param string $username
+ * @param int $userid
* @param string $authtoken
* @return string
*/
- public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken) {
+ public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $userid, $authtoken) {
$output = html_writer::tag('div', get_string('export', 'calendar'), array('class'=>'header'));
$output .= html_writer::start_tag('fieldset');
@@ -86,10 +86,10 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_d', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_m', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_y', 'value'=>''));
- $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'username', 'value'=>$username));
+ $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'userid', 'value'=>$userid));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'authtoken', 'value'=>$authtoken));
- $output .= html_writer::empty_tag('input', array('type'=>'button', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
+ $output .= html_writer::empty_tag('input', array('type'=>'submit', 'name' => 'generateurl', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
$output .= html_writer::empty_tag('input', array('type'=>'submit', 'value'=>get_string('exportbutton', 'calendar')));
$output .= html_writer::end_tag('div');
@@ -102,8 +102,6 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::tag('div', '', array('id'=>'url', 'style'=>'overflow:scroll;width:650px;'));
$output .= html_writer::end_tag('div');
- $this->page->requires->yui_module('moodle-calendar-eventmanager', 'M.core_calendar.init_basic_export', array($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken));
-
return $output;
}
View
4 calendar/view.php
@@ -150,8 +150,8 @@
if (!empty($CFG->enablecalendarexport)) {
echo $OUTPUT->single_button(new moodle_url('export.php', array('course'=>$courseid)), get_string('exportcalendar', 'calendar'));
if (isloggedin()) {
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
- $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'username'=>$USER->username, 'authtoken'=>$authtoken));
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
+ $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'userid' => $USER->id, 'authtoken'=>$authtoken));
$icon = html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('i/ical'), 'height'=>'14', 'width'=>'36', 'alt'=>get_string('ical', 'calendar'), 'title'=>get_string('quickdownloadcalendar', 'calendar')));
echo html_writer::tag('a', $icon, array('href'=>$link));
}
View
20 calendar/yui/eventmanager/eventmanager.js
@@ -120,26 +120,6 @@ YUI.add('moodle-calendar-eventmanager', function(Y) {
var EVENTMANAGER = {
add_event : function(config) {
new EVENT(config);
- },
- init_basic_export : function(allowthisweek, allownextweek, allownextmonth, username, authtoken) {
- var params = {
- preset_what : (Y.one('#pw_course').get('checked'))?'courses':'all',
- preset_time : 'recentupcoming',
- username : username,
- authtoken : authtoken
-
- }
- if (allowthisweek && Y.one('#pt_wknow').get('checked')) {
- params.presettime = 'weeknow';
- } else if (allownextweek && Y.one('#pt_wknext').get('checked')) {
- params.presettime = 'weeknext';
- } else if (allownextmonth && Y.one('#pt_monnext').get('checked')) {
- params.presettime = 'monthnext';
- } else if (Y.one('#pt_monnow').get('checked')) {
- params.presettime = 'monthnow';
- }
- Y.one('#url').setContent(M.cfg.wwwroot+'/calendar/export_execute.php?'+build_querystring(params));
- Y.one('#urlbox').setStyle('display', 'block');
}
}
View
1 lang/en/calendar.php
@@ -28,6 +28,7 @@
$string['calendar'] = 'Calendar';
$string['calendarheading'] = '{$a} Calendar';
$string['calendarpreferences'] = 'Calendar preferences';
+$string['calendarurl'] = 'Calendar URL: {$a}';
$string['clickhide'] = 'click to hide';
$string['clickshow'] = 'click to show';
$string['commontasks'] = 'Options';

0 comments on commit bf870f7

Please sign in to comment.
Something went wrong with that request. Please try again.