Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-27542 calendar export: fixed the following:

1. changing auth token to use user id instead of username
2. add fall back checking for old url
3. remove yui functionality to generate calendar url
4. fixed usercontext instance
  • Loading branch information...
commit d3826329f61e849798edaf4d5ef55e6ed75649ee 1 parent 919e659
@rwijaya rwijaya authored
View
2  blocks/calendar_upcoming/block_calendar_upcoming.php
@@ -71,7 +71,7 @@ function get_content() {
$this->content->text = '<div class="post">'.
get_string('noupcomingevents', 'calendar').'</div>';
}
-
+print_object($this->content);
return $this->content;
}
}
View
17 calendar/export.php
@@ -55,6 +55,8 @@
$day = optional_param('cal_d', 0, PARAM_INT);
$mon = optional_param('cal_m', 0, PARAM_INT);
$yr = optional_param('cal_y', 0, PARAM_INT);
+$generateurl = optional_param('generateurl', 0, PARAM_BOOL);
+
if ($courseid = optional_param('course', 0, PARAM_INT)) {
$course = $DB->get_record('course', array('id'=>$courseid));
} else {
@@ -142,8 +144,7 @@
break;
case '':
default:
- $username = $USER->username;
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
// Let's populate some vars to let "common tasks" be somewhat smart...
// If today it's weekend, give the "next week" option
$allownextweek = CALENDAR_WEEKEND & (1 << $now['wday']);
@@ -151,7 +152,17 @@
$allownextmonth = calendar_days_in_month($now['mon'], $now['year']) - $now['mday'] < 7;
// If today it's weekend but tomorrow it isn't, do NOT give the "this week" option
$allowthisweek = !((CALENDAR_WEEKEND & (1 << $now['wday'])) && !(CALENDAR_WEEKEND & (1 << (($now['wday'] + 1) % 7))));
- echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken);
+ echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $USER->id, $authtoken);
+}
+
+if (!empty($generateurl)) {
+ $params['userid'] = optional_param('userid', 0, PARAM_INT);
+ $params['authtoken'] = optional_param('authtoken', '', PARAM_ALPHANUM);
+ $params['preset_what'] = optional_param('preset_what', 'all', PARAM_ALPHA);
+ $params['preset_time'] = optional_param('preset_time', 'weeknow', PARAM_ALPHA);
+ $link = new moodle_url('/calendar/export_execute.php', $params);
+ print html_writer::tag('div', get_string('calendarurl', 'calendar', $link->out()), array('class' => 'generalbox calendarurl'));
}
+
echo $renderer->complete_layout();
echo $OUTPUT->footer();
View
31 calendar/export_execute.php
@@ -5,27 +5,48 @@
require_once($CFG->dirroot.'/calendar/lib.php');
require_once($CFG->libdir.'/bennu/bennu.inc.php');
-$username = required_param('username', PARAM_TEXT);
+$userid = optional_param('userid', 0, PARAM_INT);
+$username = optional_param('username', '', PARAM_TEXT);
$authtoken = required_param('authtoken', PARAM_ALPHANUM);
+$generateurl = optional_param('generateurl', '', PARAM_TEXT);
if (empty($CFG->enablecalendarexport)) {
die('no export');
}
//Fetch user information
-if (!$user = $DB->get_record('user', array('username' => $username), 'id,password')) {
- //No such user
+$checkuserid = !empty($userid) && $user = $DB->get_record('user', array('id' => $userid), 'id,password');
+//allowing for fallback check of old url - MDL-27542
+$checkusername = !empty($username) && $user = $DB->get_record('user', array('username' => $username), 'id,password');
+if (!$checkuserid && !$checkusername) {
+ //No such user
die('Invalid authentication');
}
//Check authentication token
-if ($authtoken != sha1($username . $user->password . $CFG->calendar_exportsalt)) {
+$authuserid = !empty($userid) && $authtoken == sha1($userid . $user->password . $CFG->calendar_exportsalt);
+//allowing for fallback check of old url - MDL-27542
+$authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt);
+if (!$authuserid && !$authusername) {
die('Invalid authentication');
-}
+}
$what = optional_param('preset_what', 'all', PARAM_ALPHA);
$time = optional_param('preset_time', 'weeknow', PARAM_ALPHA);
+if (!empty($generateurl)) {
+ $authtoken = sha1($userid . $user->password . $CFG->calendar_exportsalt);
+ $params = array();
+ $params['preset_what'] = $what;
+ $params['preset_time'] = $time;
+ $params['userid'] = $userid;
+ $params['authtoken'] = $authtoken;
+ $params['generateurl'] = true;
+ $link = new moodle_url('/calendar/export.php', $params);
+ redirect($link->out());
+ die;
+}
+
$now = usergetdate(time());
// Let's see if we have sufficient and correct data
$allowed_what = array('all', 'courses');
View
2  calendar/lib.php
@@ -1884,7 +1884,7 @@ protected function calculate_context(stdClass $data) {
$group = $DB->get_record('groups', array('id'=>$data->groupid));
$context = get_context_instance(CONTEXT_COURSE, $group->courseid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid == $USER->id) {
- $context = get_context_instance(CONTEXT_USER);
+ $context = get_context_instance(CONTEXT_USER, $data->userid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid != $USER->id &&
isset($data->instance) && $data->instance > 0) {
$cm = get_coursemodule_from_instance($data->modulename, $data->instance, 0, false, MUST_EXIST);
View
10 calendar/renderer.php
@@ -34,11 +34,11 @@ class core_calendar_renderer extends plugin_renderer_base {
* @param bool $allowthisweek
* @param bool $allownextweek
* @param bool $allownextmonth
- * @param string $username
+ * @param int $userid
* @param string $authtoken
* @return string
*/
- public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken) {
+ public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $userid, $authtoken) {
$output = html_writer::tag('div', get_string('export', 'calendar'), array('class'=>'header'));
$output .= html_writer::start_tag('fieldset');
@@ -86,10 +86,10 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_d', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_m', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_y', 'value'=>''));
- $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'username', 'value'=>$username));
+ $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'userid', 'value'=>$userid));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'authtoken', 'value'=>$authtoken));
- $output .= html_writer::empty_tag('input', array('type'=>'button', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
+ $output .= html_writer::empty_tag('input', array('type'=>'submit', 'name' => 'generateurl', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
$output .= html_writer::empty_tag('input', array('type'=>'submit', 'value'=>get_string('exportbutton', 'calendar')));
$output .= html_writer::end_tag('div');
@@ -102,8 +102,6 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::tag('div', '', array('id'=>'url', 'style'=>'overflow:scroll;width:650px;'));
$output .= html_writer::end_tag('div');
- $this->page->requires->yui_module('moodle-calendar-eventmanager', 'M.core_calendar.init_basic_export', array($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken));
-
return $output;
}
View
4 calendar/view.php
@@ -183,8 +183,8 @@
if (!empty($CFG->enablecalendarexport)) {
echo $OUTPUT->single_button(new moodle_url('export.php', array('course'=>$courseid)), get_string('exportcalendar', 'calendar'));
if (isloggedin()) {
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
- $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'username'=>$USER->username, 'authtoken'=>$authtoken));
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
+ $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'userid' => $USER->id, 'authtoken'=>$authtoken));
$icon = html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('i/ical'), 'height'=>'14', 'width'=>'36', 'alt'=>get_string('ical', 'calendar'), 'title'=>get_string('quickdownloadcalendar', 'calendar')));
echo html_writer::tag('a', $icon, array('href'=>$link));
}
View
20 calendar/yui/eventmanager/eventmanager.js
@@ -120,26 +120,6 @@ YUI.add('moodle-calendar-eventmanager', function(Y) {
var EVENTMANAGER = {
add_event : function(config) {
new EVENT(config);
- },
- init_basic_export : function(allowthisweek, allownextweek, allownextmonth, username, authtoken) {
- var params = {
- preset_what : (Y.one('#pw_course').get('checked'))?'courses':'all',
- preset_time : 'recentupcoming',
- username : username,
- authtoken : authtoken
-
- }
- if (allowthisweek && Y.one('#pt_wknow').get('checked')) {
- params.presettime = 'weeknow';
- } else if (allownextweek && Y.one('#pt_wknext').get('checked')) {
- params.presettime = 'weeknext';
- } else if (allownextmonth && Y.one('#pt_monnext').get('checked')) {
- params.presettime = 'monthnext';
- } else if (Y.one('#pt_monnow').get('checked')) {
- params.presettime = 'monthnow';
- }
- Y.one('#url').setContent(M.cfg.wwwroot+'/calendar/export_execute.php?'+build_querystring(params));
- Y.one('#urlbox').setStyle('display', 'block');
}
}
View
1  lang/en/calendar.php
@@ -28,6 +28,7 @@
$string['calendar'] = 'Calendar';
$string['calendarheading'] = '{$a} Calendar';
$string['calendarpreferences'] = 'Calendar preferences';
+$string['calendarurl'] = 'Calendar URL: {$a}';
$string['clickhide'] = 'click to hide';
$string['clickshow'] = 'click to show';
$string['commontasks'] = 'Options';
Please sign in to comment.
Something went wrong with that request. Please try again.