Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-27542 calendar export: fixed the following:

1. changing auth token to use user id instead of username
2. add fall back checking for old url
3. remove yui functionality to generate calendar url
4. add missing variable
5. fixed usercontext instance
  • Loading branch information...
commit d52777b48680f2df12c8af24e5c99e90e29090a4 1 parent 735de1c
@rwijaya rwijaya authored
View
18 calendar/export.php
@@ -59,6 +59,7 @@
$day = optional_param('cal_d', 0, PARAM_INT);
$mon = optional_param('cal_m', 0, PARAM_INT);
$yr = optional_param('cal_y', 0, PARAM_INT);
+$generateurl = optional_param('generateurl', 0, PARAM_BOOL);
if ($courseid != SITEID && !empty($courseid)) {
$course = $DB->get_record('course', array('id' => $courseid));
@@ -93,6 +94,7 @@
$calendar->prepare_for_view($course, $courses);
$pagetitle = get_string('export', 'calendar');
+$now = usergetdate(time());
// Print title and header
if ($issite) {
@@ -122,8 +124,8 @@
if (isset($CFG->calendar_weekend)) {
$weekend = intval($CFG->calendar_weekend);
}
- $username = $USER->username;
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
+
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
// Let's populate some vars to let "common tasks" be somewhat smart...
// If today it's weekend, give the "next week" option
$allownextweek = $weekend & (1 << $now['wday']);
@@ -131,9 +133,19 @@
$allownextmonth = calendar_days_in_month($now['mon'], $now['year']) - $now['mday'] < 7;
// If today it's weekend but tomorrow it isn't, do NOT give the "this week" option
$allowthisweek = !(($weekend & (1 << $now['wday'])) && !($weekend & (1 << (($now['wday'] + 1) % 7))));
- echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken);
+ echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $USER->id, $authtoken);
break;
}
+if (!empty($generateurl)) {
+ $params['userid'] = optional_param('userid', 0, PARAM_INT);
+ $params['authtoken'] = optional_param('authtoken', '', PARAM_ALPHANUM);
+ $params['preset_what'] = optional_param('preset_what', 'all', PARAM_ALPHA);
+ $params['preset_time'] = optional_param('preset_time', 'weeknow', PARAM_ALPHA);
+
+ $link = new moodle_url('/calendar/export_execute.php', $params);
+ print html_writer::tag('div', get_string('calendarurl', 'calendar', $link->out()), array('class' => 'generalbox calendarurl'));
+}
+
echo $renderer->complete_layout();
echo $OUTPUT->footer();
View
30 calendar/export_execute.php
@@ -5,21 +5,29 @@
require_once($CFG->dirroot.'/calendar/lib.php');
require_once($CFG->libdir.'/bennu/bennu.inc.php');
-$username = required_param('username', PARAM_TEXT);
+$userid = optional_param('userid', 0, PARAM_INT);
+$username = optional_param('username', '', PARAM_TEXT);
$authtoken = required_param('authtoken', PARAM_ALPHANUM);
+$generateurl = optional_param('generateurl', '', PARAM_TEXT);
if (empty($CFG->enablecalendarexport)) {
die('no export');
}
//Fetch user information
-if (!$user = $DB->get_record('user', array('username' => $username), 'id,password')) {
- //No such user
+$checkuserid = !empty($userid) && $user = $DB->get_record('user', array('id' => $userid), 'id,password');
+//allowing for fallback check of old url - MDL-27542
+$checkusername = !empty($username) && $user = $DB->get_record('user', array('username' => $username), 'id,password');
+if (!$checkuserid && !$checkusername) {
+ //No such user
die('Invalid authentication');
}
//Check authentication token
-if ($authtoken != sha1($username . $user->password . $CFG->calendar_exportsalt)) {
+$authuserid = !empty($userid) && $authtoken == sha1($userid . $user->password . $CFG->calendar_exportsalt);
+//allowing for fallback check of old url - MDL-27542
+$authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt);
+if (!$authuserid && !$authusername) {
die('Invalid authentication');
}
@@ -31,6 +39,20 @@
$allowed_what = array('all', 'courses');
$allowed_time = array('weeknow', 'weeknext', 'monthnow', 'monthnext', 'recentupcoming');
+if (!empty($generateurl)) {
+ $authtoken = sha1($user->id . $user->password . $CFG->calendar_exportsalt);
+ $params = array();
+ $params['preset_what'] = $what;
+ $params['preset_time'] = $time;
+ $params['userid'] = $userid;
+ $params['authtoken'] = $authtoken;
+ $params['generateurl'] = true;
+
+ $link = new moodle_url('/calendar/export.php', $params);
+ redirect($link->out());
+ die;
+}
+
if(!empty($what) && !empty($time)) {
if(in_array($what, $allowed_what) && in_array($time, $allowed_time)) {
$courses = enrol_get_users_courses($user->id, true, 'id, visible, shortname');
View
2  calendar/lib.php
@@ -1806,7 +1806,7 @@ protected function calculate_context(stdClass $data) {
$group = $DB->get_record('groups', array('id'=>$data->groupid));
$context = get_context_instance(CONTEXT_COURSE, $group->courseid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid == $USER->id) {
- $context = get_context_instance(CONTEXT_USER);
+ $context = get_context_instance(CONTEXT_USER, $data->userid);
} else if (isset($data->userid) && $data->userid > 0 && $data->userid != $USER->id &&
isset($data->instance) && $data->instance > 0) {
$cm = get_coursemodule_from_instance($data->modulename, $data->instance, 0, false, MUST_EXIST);
View
10 calendar/renderer.php
@@ -34,11 +34,11 @@ class core_calendar_renderer extends plugin_renderer_base {
* @param bool $allowthisweek
* @param bool $allownextweek
* @param bool $allownextmonth
- * @param string $username
+ * @param int $userid
* @param string $authtoken
* @return string
*/
- public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken) {
+ public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $userid, $authtoken) {
$output = html_writer::tag('div', get_string('export', 'calendar'), array('class'=>'header'));
$output .= html_writer::start_tag('fieldset');
@@ -86,10 +86,10 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_d', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_m', 'value'=>''));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_y', 'value'=>''));
- $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'username', 'value'=>$username));
+ $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'userid', 'value'=>$userid));
$output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'authtoken', 'value'=>$authtoken));
- $output .= html_writer::empty_tag('input', array('type'=>'button', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
+ $output .= html_writer::empty_tag('input', array('type'=>'submit', 'name' => 'generateurl', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
$output .= html_writer::empty_tag('input', array('type'=>'submit', 'value'=>get_string('exportbutton', 'calendar')));
$output .= html_writer::end_tag('div');
@@ -102,8 +102,6 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
$output .= html_writer::tag('div', '', array('id'=>'url', 'style'=>'overflow:scroll;width:650px;'));
$output .= html_writer::end_tag('div');
- $this->page->requires->yui_module('moodle-calendar-eventmanager', 'M.core_calendar.init_basic_export', array($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken));
-
return $output;
}
View
4 calendar/view.php
@@ -150,8 +150,8 @@
if (!empty($CFG->enablecalendarexport)) {
echo $OUTPUT->single_button(new moodle_url('export.php', array('course'=>$courseid)), get_string('exportcalendar', 'calendar'));
if (isloggedin()) {
- $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
- $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'username'=>$USER->username, 'authtoken'=>$authtoken));
+ $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
+ $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'userid' => $USER->id, 'authtoken'=>$authtoken));
$icon = html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('i/ical'), 'height'=>'14', 'width'=>'36', 'alt'=>get_string('ical', 'calendar'), 'title'=>get_string('quickdownloadcalendar', 'calendar')));
echo html_writer::tag('a', $icon, array('href'=>$link));
}
View
20 calendar/yui/eventmanager/eventmanager.js
@@ -120,26 +120,6 @@ YUI.add('moodle-calendar-eventmanager', function(Y) {
var EVENTMANAGER = {
add_event : function(config) {
new EVENT(config);
- },
- init_basic_export : function(allowthisweek, allownextweek, allownextmonth, username, authtoken) {
- var params = {
- preset_what : (Y.one('#pw_course').get('checked'))?'courses':'all',
- preset_time : 'recentupcoming',
- username : username,
- authtoken : authtoken
-
- }
- if (allowthisweek && Y.one('#pt_wknow').get('checked')) {
- params.presettime = 'weeknow';
- } else if (allownextweek && Y.one('#pt_wknext').get('checked')) {
- params.presettime = 'weeknext';
- } else if (allownextmonth && Y.one('#pt_monnext').get('checked')) {
- params.presettime = 'monthnext';
- } else if (Y.one('#pt_monnow').get('checked')) {
- params.presettime = 'monthnow';
- }
- Y.one('#url').setContent(M.cfg.wwwroot+'/calendar/export_execute.php?'+build_querystring(params));
- Y.one('#urlbox').setStyle('display', 'block');
}
}
View
1  lang/en/calendar.php
@@ -28,6 +28,7 @@
$string['calendar'] = 'Calendar';
$string['calendarheading'] = '{$a} Calendar';
$string['calendarpreferences'] = 'Calendar preferences';
+$string['calendarurl'] = 'Calendar URL: {$a}';
$string['clickhide'] = 'click to hide';
$string['clickshow'] = 'click to show';
$string['commontasks'] = 'Options';
Please sign in to comment.
Something went wrong with that request. Please try again.