Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-29805 add REQUIRE_CORRECT_ACCESS define + return error code when …

…AJAX_SCRIPT fails
  • Loading branch information...
commit e9e567f33ce45a46c5245e5772cde8dc5e444c5b 1 parent 0395306
@mouneyrac mouneyrac authored
Showing with 20 additions and 3 deletions.
  1. +1 −0  lang/en/error.php
  2. +18 −3 lib/setuplib.php
  3. +1 −0  login/token.php
View
1  lang/en/error.php
@@ -435,6 +435,7 @@
$string['remotedownloaderror'] = 'Download of component to your server failed, please verify proxy settings, PHP cURL extension is highly recommended.<br /><br />You must download the <a href="{$a->url}">{$a->url}</a> file manually, copy it to "{$a->dest}" in your server and unzip it there.';
$string['remotedownloadnotallowed'] = 'Download of components to your server isn\'t allowed (allow_url_fopen is disabled).<br /><br />You must download the <a href="{$a->url}">{$a->url}</a> file manually, copy it to "{$a->dest}" in your server and unzip it there.';
$string['reportnotavailable'] = 'This type of report is only available for the site course';
+$string['requirecorrectaccess'] = 'Invalid url or port.';
$string['requireloginerror'] = 'Course or activity not accessible.';
$string['restorechecksumfailed'] = 'Some problem happened with the restore information stored in your session. Please check your PHP memory/DB package size limits. Restore stopped.';
$string['restore_path_element_missingmethod'] = 'Restore method {$a} is missing. It must be defined by a developer.';
View
21 lib/setuplib.php
@@ -356,7 +356,7 @@ function default_exception_handler($ex) {
}
if (is_early_init($info->backtrace)) {
- echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
+ echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo, $info->errorcode);
} else {
try {
if ($DB) {
@@ -370,7 +370,7 @@ function default_exception_handler($ex) {
// so we just print at least something instead of "Exception thrown without a stack frame in Unknown on line 0":-(
if (CLI_SCRIPT or AJAX_SCRIPT) {
// just ignore the error and send something back using the safest method
- echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
+ echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo, $info->errorcode);
} else {
echo bootstrap_renderer::early_error_content($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
$outinfo = get_exception_info($out_ex);
@@ -761,6 +761,20 @@ function initialise_fullme() {
if (!defined('NO_MOODLE_COOKIES')) {
define('NO_MOODLE_COOKIES', true);
}
+ // The login/token.php script should call the correct url/port.
+ if (defined('REQUIRE_CORRECT_ACCESS')) {
+ $wwwrootport = empty($wwwroot['port'])?'':$wwwroot['port'];
+ $calledurl = $rurl['host'];
+ if (!empty($rurl['port'])) {
+ $calledurl .= ':'. $rurl['port'];
+ }
+ $correcturl = $wwwroot['host'];
+ if (!empty($wwwrootport)) {
+ $correcturl .= ':'. $wwwrootport;
+ }
+ throw new moodle_exception('requirecorrectaccess', 'error', '', null,
+ 'You called ' . $calledurl .', you should have called ' . $correcturl);
+ }
redirect($CFG->wwwroot, get_string('wwwrootmismatch', 'error', $CFG->wwwroot), 3);
}
}
@@ -1473,7 +1487,7 @@ public static function early_error_content($message, $moreinfourl, $link, $backt
* @param string $debuginfo extra information for developers
* @return string
*/
- public static function early_error($message, $moreinfourl, $link, $backtrace, $debuginfo = null) {
+ public static function early_error($message, $moreinfourl, $link, $backtrace, $debuginfo = null, $errorcode = null) {
global $CFG;
if (CLI_SCRIPT) {
@@ -1501,6 +1515,7 @@ public static function early_error($message, $moreinfourl, $link, $backtrace, $d
$e->stacktrace = format_backtrace($backtrace, true);
}
}
+ $e->errorcode = $errorcode;
@header('Content-Type: application/json; charset=utf-8');
echo json_encode($e);
return;
View
1  login/token.php
@@ -22,6 +22,7 @@
*/
define('AJAX_SCRIPT', true);
+define('REQUIRE_CORRECT_ACCESS', true);
define('NO_MOODLE_COOKIES', true);
require_once(dirname(dirname(__FILE__)) . '/config.php');
Please sign in to comment.
Something went wrong with that request. Please try again.