Skip to content
Browse files

MDL-27542 calendar export: fixed the following:

1. changing auth token to use user id instead of username
2. add fall back checking for old url
3. remove yui functionality to generate calendar url
4. add missing variable
5. fixed usercontext instance
  • Loading branch information...
1 parent 735de1c commit d52777b48680f2df12c8af24e5c99e90e29090a4 @rwijaya rwijaya committed Nov 7, 2011
View
18 calendar/export.php
@@ -59,6 +59,7 @@
$day = optional_param('cal_d', 0, PARAM_INT);
$mon = optional_param('cal_m', 0, PARAM_INT);
$yr = optional_param('cal_y', 0, PARAM_INT);
+$generateurl = optional_param('generateurl', 0, PARAM_BOOL);
if ($courseid != SITEID && !empty($courseid)) {
$course = $DB->get_record('course', array('id' => $courseid));
@@ -93,6 +94,7 @@
$calendar->prepare_for_view($course, $courses);
$pagetitle = get_string('export', 'calendar');
+$now = usergetdate(time());
// Print title and header
if ($issite) {
@@ -122,18 +124,28 @@
if (isset($CFG->calendar_weekend)) {
$weekend = intval($CFG->calendar_weekend);
}
- $username = $USER->username;
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
+
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
// Let's populate some vars to let "common tasks" be somewhat smart...
// If today it's weekend, give the "next week" option
$allownextweek = $weekend & (1 << $now['wday']);
// If it's the last week of the month, give the "next month" option
$allownextmonth = calendar_days_in_month($now['mon'], $now['year']) - $now['mday'] < 7;
// If today it's weekend but tomorrow it isn't, do NOT give the "this week" option
$allowthisweek = !(($weekend & (1 << $now['wday'])) && !($weekend & (1 << (($now['wday'] + 1) % 7))));
- echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken);
+ echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $USER->id, $authtoken);
break;
}
+if (!empty($generateurl)) {
+ $params['userid'] = optional_param('userid', 0, PARAM_INT);
+ $params['authtoken'] = optional_param('authtoken', '', PARAM_ALPHANUM);
+ $params['preset_what'] = optional_param('preset_what', 'all', PARAM_ALPHA);
+ $params['preset_time'] = optional_param('preset_time', 'weeknow', PARAM_ALPHA);
+
+ $link = new moodle_url('/calendar/export_execute.php', $params);
+ print html_writer::tag('div', get_string('calendarurl', 'calendar', $link->out()), array('class' => 'generalbox calendarurl'));
+}
+
echo $renderer->complete_layout();
echo $OUTPUT->footer();
View
30 calendar/export_execute.php
@@ -5,21 +5,29 @@
require_once($CFG->dirroot.'/calendar/lib.php');
require_once($CFG->libdir.'/bennu/bennu.inc.php');
-$username = required_param('username', PARAM_TEXT);
+$userid = optional_param('userid', 0, PARAM_INT);
+$username = optional_param('username', '', PARAM_TEXT);
$authtoken = required_param('authtoken', PARAM_ALPHANUM);
+$generateurl = optional_param('generateurl', '', PARAM_TEXT);
if (empty($CFG->enablecalendarexport)) {
die('no export');
}
//Fetch user information
-if (!$user = $DB->get_record('user', array('username' => $username), 'id,password')) {
- //No such user
+$checkuserid = !empty($userid) && $user = $DB->get_record('user', array('id' => $userid), 'id,password');
+//allowing for fallback check of old url - MDL-27542
+$checkusername = !empty($username) && $user = $DB->get_record('user', array('username' => $username), 'id,password');
+if (!$checkuserid && !$checkusername) {
+ //No such user
die('Invalid authentication');
}
//Check authentication token
-if ($authtoken != sha1($username . $user->password . $CFG->calendar_exportsalt)) {
+$authuserid = !empty($userid) && $authtoken == sha1($userid . $user->password . $CFG->calendar_exportsalt);
+//allowing for fallback check of old url - MDL-27542
+$authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt);
+if (!$authuserid && !$authusername) {
die('Invalid authentication');
}
@@ -31,6 +39,20 @@
$allowed_what = array('all', 'courses');
$allowed_time = array('weeknow', 'weeknext', 'monthnow', 'monthnext', 'recentupcoming');
+if (!empty($generateurl)) {
+ $authtoken = sha1($user->id . $user->password . $CFG->calendar_exportsalt);
+ $params = array();
+ $params['preset_what'] = $what;
+ $params['preset_time'] = $time;
+ $params['userid'] = $userid;
+ $params['authtoken'] = $authtoken;
+ $params['generateurl'] = true;
+
+ $link = new moodle_url('/calendar/export.php', $params);
+ redirect($link->out());
+ die;
+}
+
if(!empty($what) && !empty($time)) {
if(in_array($what, $allowed_what) && in_array($time, $allowed_time)) {
$courses = enrol_get_users_courses($user->id, true, 'id, visible, shortname');
View
2 calendar/lib.php
@@ -1806,7 +1806,7 @@ protected function calculate_context(stdClass $data) {
$group = $DB->get_record('groups', array('id'=>$data->groupid));
$context = get_context_instance(CONTEXT_COURSE, $group->courseid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid == $USER->id) {
- $context = get_context_instance(CONTEXT_USER);
+ $context = get_context_instance(CONTEXT_USER, $data->userid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid != $USER->id &&
isset($data->instance) && $data->instance > 0) {
$cm = get_coursemodule_from_instance($data->modulename, $data->instance, 0, false, MUST_EXIST);
View
10 calendar/renderer.php
@@ -34,11 +34,11 @@ class core_calendar_renderer extends plugin_renderer_base {
* @param bool $allowthisweek
* @param bool $allownextweek
* @param bool $allownextmonth
- * @param string $username
+ * @param int $userid
* @param string $authtoken
* @return string
*/
- public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken) {
+ public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $userid, $authtoken) {
$output = html_writer::tag('div', get_string('export', 'calendar'), array('class'=>'header'));
$output .= html_writer::start_tag('fieldset');
@@ -86,10 +86,10 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_d', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_m', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_y', 'value'=>''));
- $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'username', 'value'=>$username));
+ $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'userid', 'value'=>$userid));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'authtoken', 'value'=>$authtoken));
- $output .= html_writer::empty_tag('input', array('type'=>'button', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
+ $output .= html_writer::empty_tag('input', array('type'=>'submit', 'name' => 'generateurl', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
$output .= html_writer::empty_tag('input', array('type'=>'submit', 'value'=>get_string('exportbutton', 'calendar')));
$output .= html_writer::end_tag('div');
@@ -102,8 +102,6 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::tag('div', '', array('id'=>'url', 'style'=>'overflow:scroll;width:650px;'));
$output .= html_writer::end_tag('div');
- $this->page->requires->yui_module('moodle-calendar-eventmanager', 'M.core_calendar.init_basic_export', array($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken));
-
return $output;
}
View
4 calendar/view.php
@@ -150,8 +150,8 @@
if (!empty($CFG->enablecalendarexport)) {
echo $OUTPUT->single_button(new moodle_url('export.php', array('course'=>$courseid)), get_string('exportcalendar', 'calendar'));
if (isloggedin()) {
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
- $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'username'=>$USER->username, 'authtoken'=>$authtoken));
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
+ $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'userid' => $USER->id, 'authtoken'=>$authtoken));
$icon = html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('i/ical'), 'height'=>'14', 'width'=>'36', 'alt'=>get_string('ical', 'calendar'), 'title'=>get_string('quickdownloadcalendar', 'calendar')));
echo html_writer::tag('a', $icon, array('href'=>$link));
}
View
20 calendar/yui/eventmanager/eventmanager.js
@@ -120,26 +120,6 @@ YUI.add('moodle-calendar-eventmanager', function(Y) {
var EVENTMANAGER = {
add_event : function(config) {
new EVENT(config);
- },
- init_basic_export : function(allowthisweek, allownextweek, allownextmonth, username, authtoken) {
- var params = {
- preset_what : (Y.one('#pw_course').get('checked'))?'courses':'all',
- preset_time : 'recentupcoming',
- username : username,
- authtoken : authtoken
-
- }
- if (allowthisweek && Y.one('#pt_wknow').get('checked')) {
- params.presettime = 'weeknow';
- } else if (allownextweek && Y.one('#pt_wknext').get('checked')) {
- params.presettime = 'weeknext';
- } else if (allownextmonth && Y.one('#pt_monnext').get('checked')) {
- params.presettime = 'monthnext';
- } else if (Y.one('#pt_monnow').get('checked')) {
- params.presettime = 'monthnow';
- }
- Y.one('#url').setContent(M.cfg.wwwroot+'/calendar/export_execute.php?'+build_querystring(params));
- Y.one('#urlbox').setStyle('display', 'block');
}
}
View
1 lang/en/calendar.php
@@ -28,6 +28,7 @@
$string['calendar'] = 'Calendar';
$string['calendarheading'] = '{$a} Calendar';
$string['calendarpreferences'] = 'Calendar preferences';
+$string['calendarurl'] = 'Calendar URL: {$a}';
$string['clickhide'] = 'click to hide';
$string['clickshow'] = 'click to show';
$string['commontasks'] = 'Options';

0 comments on commit d52777b

Please sign in to comment.
Something went wrong with that request. Please try again.