mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-42834_master' of git://github.com/markn86/moodle

Browse Source
This commit is contained in:
Jake Dallimore 2017-10-23 13:25:35 +08:00
commit 141c4adbb6
60 changed files with 183 additions and 354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin/index.php
View File

@ -875,6 +875,8 @@ if (empty($CFG->disabledevlibdirscheck) && (is_dir($CFG->dirroot.'/vendor') || i
} else {
$devlibdir = false;
}
// Check if the site is being foced onto ssl.
$overridetossl = !empty($CFG->overridetossl);
admin_externalpage_setup('adminnotifications');
@ -883,4 +885,4 @@ $output = $PAGE->get_renderer('core', 'admin');
echo $output->admin_notifications_page($maturity, $insecuredataroot, $errorsdisplayed, $cronoverdue, $dbproblems,
$maintenancemode, $availableupdates, $availableupdatesfetch, $buggyiconvnomb,
$registered, $cachewarnings, $eventshandlers, $themedesignermode, $devlibdir,
$mobileconfigured);
$mobileconfigured, $overridetossl);

19
admin/renderer.php
View File

@ -279,13 +279,15 @@ class core_admin_renderer extends plugin_renderer_base {
* @param bool $themedesignermode Warn about the theme designer mode.
* @param bool $devlibdir Warn about development libs directory presence.
* @param bool $mobileconfigured Whether the mobile web services have been enabled
* @param bool $overridetossl Whether or not ssl is being forced.
*
* @return string HTML to output.
*/
public function admin_notifications_page($maturity, $insecuredataroot, $errorsdisplayed,
$cronoverdue, $dbproblems, $maintenancemode, $availableupdates, $availableupdatesfetch,
$buggyiconvnomb, $registered, array $cachewarnings = array(), $eventshandlers = 0,
$themedesignermode = false, $devlibdir = false, $mobileconfigured = false) {
$themedesignermode = false, $devlibdir = false, $mobileconfigured = false,
$overridetossl = false) {
global $CFG;
$output = '';
@ -301,6 +303,7 @@ class core_admin_renderer extends plugin_renderer_base {
$output .= $this->cron_overdue_warning($cronoverdue);
$output .= $this->db_problems($dbproblems);
$output .= $this->maintenance_mode_warning($maintenancemode);
$output .= $this->overridetossl_warning($overridetossl);
$output .= $this->cache_warnings($cachewarnings);
$output .= $this->events_handlers($eventshandlers);
$output .= $this->registration_warning($registered);
@ -668,6 +671,20 @@ class core_admin_renderer extends plugin_renderer_base {
return $this->warning(get_string('sitemaintenancewarning2', 'admin', $url));
}
/**
* Render a warning that ssl is forced because the site was on loginhttps.
*
* @param bool $overridetossl Whether or not ssl is being forced.
* @return string
*/
protected function overridetossl_warning($overridetossl) {
if (!$overridetossl) {
return '';
}
$warning = get_string('overridetossl', 'core_admin');
return $this->warning($warning, 'warning');
}
/**
* Display a warning about installing development code if necesary.
* @param int $maturity

2
admin/settings/security.php
View File

@ -124,7 +124,7 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
// "httpsecurity" settingpage
$temp = new admin_settingpage('httpsecurity', new lang_string('httpsecurity', 'admin'));
$temp->add(new admin_setting_configcheckbox('loginhttps', new lang_string('loginhttps', 'admin'), new lang_string('configloginhttps', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('cookiesecure', new lang_string('cookiesecure', 'admin'), new lang_string('configcookiesecure', 'admin'), 1));
$temp->add(new admin_setting_configcheckbox('cookiehttponly', new lang_string('cookiehttponly', 'admin'), new lang_string('configcookiehttponly', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('allowframembedding', new lang_string('allowframembedding', 'admin'), new lang_string('allowframembedding_help', 'admin'), 0));

7
admin/settings/users.php
View File

@ -15,15 +15,10 @@ if ($hassiteconfig
or has_capability('moodle/cohort:view', $systemcontext)) { // speedup for non-admins, add all caps used on this page
if (empty($CFG->loginhttps)) {
$securewwwroot = $CFG->wwwroot;
} else {
$securewwwroot = str_replace('http:','https:',$CFG->wwwroot);
}
// stuff under the "accounts" subcategory
$ADMIN->add('accounts', new admin_externalpage('editusers', new lang_string('userlist','admin'), "$CFG->wwwroot/$CFG->admin/user.php", array('moodle/user:update', 'moodle/user:delete')));
$ADMIN->add('accounts', new admin_externalpage('userbulk', new lang_string('userbulk','admin'), "$CFG->wwwroot/$CFG->admin/user/user_bulk.php", array('moodle/user:update', 'moodle/user:delete')));
$ADMIN->add('accounts', new admin_externalpage('addnewuser', new lang_string('addnewuser'), "$securewwwroot/user/editadvanced.php?id=-1", 'moodle/user:create'));
$ADMIN->add('accounts', new admin_externalpage('addnewuser', new lang_string('addnewuser'), "$CFG->wwwroot/user/editadvanced.php?id=-1", 'moodle/user:create'));
// "User default preferences" settingpage.
$temp = new admin_settingpage('userdefaultpreferences', new lang_string('userdefaultpreferences', 'admin'));

2
admin/tool/mobile/autologin.php
View File

@ -31,8 +31,6 @@ $urltogo = optional_param('urltogo', $CFG->wwwroot, PARAM_URL); // URL to red
$context = context_system::instance();
$PAGE->set_context($context);
// Force https.
$PAGE->https_required();
// Check if the user is already logged-in.
if (isloggedin() and !isguestuser()) {

2
admin/tool/mobile/classes/api.php
View File

@ -134,7 +134,7 @@ class api {
list($maintenancemessage, $notusedformat) = external_format_text($CFG->maintenance_message, FORMAT_MOODLE, $context->id);
$settings = array(
'wwwroot' => $CFG->wwwroot,
'httpswwwroot' => $CFG->httpswwwroot,
'httpswwwroot' => $CFG->wwwroot,
'sitename' => external_format_string($SITE->fullname, $context->id, true),
'guestlogin' => $CFG->guestloginbutton,
'rememberusername' => $CFG->rememberusername,

1
admin/tool/mobile/tests/externallib_test.php
View File

@ -235,7 +235,6 @@ class tool_mobile_external_testcase extends externallib_advanced_testcase {
// Need to simulate a non HTTPS site here.
$CFG->wwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
$CFG->httpswwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
$this->resetAfterTest(true);
$this->setAdminUser();

10
admin/user.php
View File

@ -38,12 +38,6 @@
$strunlock = get_string('unlockaccount', 'admin');
$strconfirm = get_string('confirm');
if (empty($CFG->loginhttps)) {
$securewwwroot = $CFG->wwwroot;
} else {
$securewwwroot = str_replace('http:','https:',$CFG->wwwroot);
}
$returnurl = new moodle_url('/admin/user.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage, 'page'=>$page));
// The $user variable is also used outside of these if statements.
@ -339,7 +333,7 @@
if (has_capability('moodle/user:update', $sitecontext)) {
// prevent editing of admins by non-admins
if (is_siteadmin($USER) or !is_siteadmin($user)) {
$url = new moodle_url($securewwwroot.'/user/editadvanced.php', array('id'=>$user->id, 'course'=>$site->id));
$url = new moodle_url('/user/editadvanced.php', array('id'=>$user->id, 'course'=>$site->id));
$buttons[] = html_writer::link($url, $OUTPUT->pix_icon('t/edit', $stredit));
}
}
@ -398,7 +392,7 @@
echo $OUTPUT->paging_bar($usercount, $page, $perpage, $baseurl);
}
if (has_capability('moodle/user:create', $sitecontext)) {
$url = new moodle_url($securewwwroot . '/user/editadvanced.php', array('id' => -1));
$url = new moodle_url('/user/editadvanced.php', array('id' => -1));
echo $OUTPUT->single_button($url, get_string('addnewuser'), 'get');
}

4
auth/classes/output/login.php
View File

@ -90,8 +90,8 @@ class login implements renderable, templatable {
$this->autofocusform = !empty($CFG->loginpageautofocus);
$this->rememberusername = isset($CFG->rememberusername) and $CFG->rememberusername == 2;
$this->forgotpasswordurl = new moodle_url($CFG->httpswwwroot . '/login/forgot_password.php');
$this->loginurl = new moodle_url($CFG->httpswwwroot . '/login/index.php');
$this->forgotpasswordurl = new moodle_url('/login/forgot_password.php');
$this->loginurl = new moodle_url('/login/index.php');
$this->signupurl = new moodle_url('/login/signup.php');
// Authentication instructions.

8
auth/ldap/auth.php
View File

@ -1671,8 +1671,8 @@ class auth_plugin_ldap extends auth_plugin_base {
if ($referer &&
$referer != $CFG->wwwroot &&
$referer != $CFG->wwwroot . '/' &&
$referer != $CFG->httpswwwroot . '/login/' &&
$referer != $CFG->httpswwwroot . '/login/index.php') {
$referer != $CFG->wwwroot . '/login/' &&
$referer != $CFG->wwwroot . '/login/index.php') {
$SESSION->wantsurl = $referer;
}
}
@ -1684,7 +1684,7 @@ class auth_plugin_ldap extends auth_plugin_base {
$sesskey = sesskey();
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey);
} else if ($this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESFORM) {
redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1');
redirect($CFG-wwwroot.'/login/index.php?authldap_skipntlmsso=1');
}
}
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
@ -1699,7 +1699,7 @@ class auth_plugin_ldap extends auth_plugin_base {
// we don't want to use at all. As we can't get rid of it, just point
// $SESSION->wantsurl to $CFG->wwwroot (after all, we came from there).
if (empty($SESSION->wantsurl)
&& (get_local_referer() == $CFG->httpswwwroot.'/auth/ldap/ntlmsso_finish.php')) {
&& (get_local_referer() == $CFG->wwwroot.'/auth/ldap/ntlmsso_finish.php')) {
$SESSION->wantsurl = $CFG->wwwroot;
}

8
auth/ldap/ntlmsso_attempt.php
View File

@ -2,9 +2,6 @@
require(__DIR__.'/../../config.php');
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$PAGE->set_url('/auth/ldap/ntlmsso_attempt.php');
$PAGE->set_context(context_system::instance());
@ -33,9 +30,8 @@ $PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
// $PAGE->https_required() up above takes care of what $CFG->httpswwwroot should be.
$msg = '<p>'.get_string('ntlmsso_attempting', 'auth_ldap').'</p>'
. '<img width="1", height="1" '
. ' src="' . $CFG->httpswwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey='
. ' src="' . $CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey='
. $sesskey . '" />';
redirect($CFG->httpswwwroot . '/auth/ldap/ntlmsso_finish.php', $msg, 3);
redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php', $msg, 3);

5
auth/ldap/ntlmsso_finish.php
View File

@ -2,9 +2,6 @@
require(__DIR__.'/../../config.php');
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$PAGE->set_url('/auth/ldap/ntlmsso_finish.php');
$PAGE->set_context(context_system::instance());
@ -32,6 +29,6 @@ if (!$authplugin->ntlmsso_finish()) {
$PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
redirect($CFG->httpswwwroot . '/login/index.php?authldap_skipntlmsso=1',
redirect($CFG->wwwroot . '/login/index.php?authldap_skipntlmsso=1',
get_string('ntlmsso_failed','auth_ldap'), 3);
}

6
auth/ldap/ntlmsso_magic.php
View File

@ -8,9 +8,6 @@ define('NO_MOODLE_COOKIES', true);
require(__DIR__.'/../../config.php');
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$PAGE->set_context(context_system::instance());
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence
@ -29,8 +26,7 @@ $file = $CFG->dirroot.'/pix/spacer.gif';
if ($authplugin->ntlmsso_magic($sesskey) && file_exists($file)) {
if (!empty($authplugin->config->ntlmsso_ie_fastpath)) {
if (core_useragent::is_ie()) {
// $PAGE->https_required() up above takes care of what $CFG->httpswwwroot should be.
redirect($CFG->httpswwwroot.'/auth/ldap/ntlmsso_finish.php');
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_finish.php');
}
}

2
auth/mnet/auth.php
View File

@ -1073,7 +1073,7 @@ class auth_plugin_mnet extends auth_plugin_base {
global $DB, $CFG;
// strip off wwwroot, since the remote site will prefix it's return url with this
$wantsurl = preg_replace('/(' . preg_quote($CFG->wwwroot, '/') . '|' . preg_quote($CFG->httpswwwroot, '/') . ')/', '', $wantsurl);
$wantsurl = preg_replace('/(' . preg_quote($CFG->wwwroot, '/') . ')/', '', $wantsurl);
$sql = "SELECT DISTINCT h.id, h.wwwroot, h.name, a.sso_jump_url, a.name as application
FROM {mnet_host} h

20
auth/oauth2/classes/auth.php
View File

@ -339,7 +339,7 @@ class auth extends \auth_plugin_base {
$PAGE->set_title($title);
$PAGE->set_heading($PAGE->course->fullname);
echo $OUTPUT->header();
notice($message, "$CFG->httpswwwroot/index.php");
notice($message, "$CFG->wwwroot/index.php");
}
/**
@ -363,7 +363,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('loginerror_nouserinfo', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
if (empty($userinfo['username']) || empty($userinfo['email'])) {
// Trigger login failed event.
@ -375,7 +375,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('loginerror_userincomplete', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
$userinfo['username'] = trim(core_text::strtolower($userinfo['username']));
@ -416,7 +416,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('confirmationpending', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
} else if (!empty($linkedlogin)) {
// Trigger login failed event.
@ -428,7 +428,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('confirmationpending', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
$issuer = $client->get_issuer();
@ -442,7 +442,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('notloggedindebug', 'auth_oauth2', get_string('loginerror_invaliddomain', 'auth_oauth2'));
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
if (!$userwasmapped) {
@ -481,7 +481,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('accountexists', 'auth_oauth2');
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
if (email_is_not_allowed($userinfo['email'])) {
@ -495,7 +495,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('notloggedindebug', 'auth_oauth2', $reason);
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
if (!empty($CFG->authpreventaccountcreation)) {
@ -509,7 +509,7 @@ class auth extends \auth_plugin_base {
$errormsg = get_string('notloggedindebug', 'auth_oauth2', $reason);
$SESSION->loginerrormsg = $errormsg;
$client->log_out();
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
if ($issuer->get('requireconfirmation')) {
@ -542,5 +542,3 @@ class auth extends \auth_plugin_base {
redirect($redirecturl);
}
}

11
auth/shibboleth/login.php
View File

@ -15,9 +15,6 @@
}
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
/// Define variables used in page
$site = get_site();
@ -44,17 +41,17 @@ $PAGE->https_required();
// Redirect to SessionInitiator with entityID as argument
if (isset($IdPs[$selectedIdP][1]) && !empty($IdPs[$selectedIdP][1])) {
// For Shibbolet 1.x Service Providers
header('Location: '.$IdPs[$selectedIdP][1].'?providerId='. urlencode($selectedIdP) .'&target='. urlencode($CFG->httpswwwroot.'/auth/shibboleth/index.php'));
header('Location: '.$IdPs[$selectedIdP][1].'?providerId='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));
// For Shibbolet 2.x Service Providers
// header('Location: '.$IdPs[$selectedIdP][1].'?entityID='. urlencode($selectedIdP) .'&target='. urlencode($CFG->httpswwwroot.'/auth/shibboleth/index.php'));
// header('Location: '.$IdPs[$selectedIdP][1].'?entityID='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));
} else {
// For Shibbolet 1.x Service Providers
header('Location: /Shibboleth.sso?providerId='. urlencode($selectedIdP) .'&target='. urlencode($CFG->httpswwwroot.'/auth/shibboleth/index.php'));
header('Location: /Shibboleth.sso?providerId='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));
// For Shibboleth 2.x Service Providers
// header('Location: /Shibboleth.sso/DS?entityID='. urlencode($selectedIdP) .'&target='. urlencode($CFG->httpswwwroot.'/auth/shibboleth/index.php'));
// header('Location: /Shibboleth.sso/DS?entityID='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));
}
} elseif (isset($_POST['idp']) && !isset($IdPs[$_POST['idp']])) {
$errormsg = get_string('auth_shibboleth_errormsg', 'auth_shibboleth');

8
blocks/login/block_login.php
View File

@ -42,13 +42,7 @@ class block_login extends block_base {
return $this->content;
}
if (empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
} else {
// This actually is not so secure ;-), 'cause we're
// in unencrypted connection...
$wwwroot = str_replace("http://", "https://", $CFG->wwwroot);
}
$wwwroot = $CFG->wwwroot;
if (signup_is_enabled()) {
$signup = $wwwroot . '/login/signup.php';

4
comment/index.php
View File

@ -61,7 +61,7 @@ if ($action === 'delete') {
die;
} else {
if ($manager->delete_comment($commentid)) {
redirect($CFG->httpswwwroot.'/comment/');
redirect($CFG->wwwroot.'/comment/');
} else {
$err = 'cannotdeletecomment';
}
@ -81,7 +81,7 @@ echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('comments'));
echo $OUTPUT->box_start('generalbox commentsreport');
if (!empty($err)) {
print_error($err, 'error', $CFG->httpswwwroot.'/comment/');
print_error($err, 'error', $CFG->wwwroot.'/comment/');
}
if (empty($action)) {
echo '<form method="post">';

8
enrol/paypal/lib.php
View File

@ -203,13 +203,7 @@ class enrol_paypal_plugin extends enrol_plugin {
$cost = format_float($cost, 2, false);
if (isguestuser()) { // force login only for guest user, not real users with guest role
if (empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
} else {
// This actually is not so secure ;-), 'cause we're
// in unencrypted connection...
$wwwroot = str_replace("http://", "https://", $CFG->wwwroot);
}
$wwwroot = $CFG->wwwroot;
echo '<div class="mdl-align"><p>'.get_string('paymentrequired').'</p>';
echo '<p><b>'.get_string('cost').": $instance->currency $localisedcost".'</b></p>';
echo '<p><a href="'.$wwwroot.'/login/">'.get_string('loginsite').'</a></p>';

5
lang/en/admin.php
View File

@ -258,7 +258,6 @@ $string['configlanglist'] = 'Leave this blank to allow users to choose from any
$string['configlangmenu'] = 'Choose whether or not you want to display the general-purpose language menu on the home page, login page etc. This does not affect the user\'s ability to set the preferred language in their own profile.';
$string['configlatinexcelexport'] = 'Choose the encoding for Excel exports.';
$string['configlocale'] = 'Choose a sitewide locale - this will override the format and language of dates for all language packs (though names of days in calendar are not affected). You need to have this locale data installed on your operating system (eg for linux en_US.UTF-8 or es_ES.UTF-8). In most cases this field should be left blank.';
$string['configloginhttps'] = 'Turning this on will make Moodle use a secure https connection just for the login page (providing a secure login), and then afterwards revert back to the normal http URL for general speed. CAUTION: this setting REQUIRES https to be specifically enabled on the web server - if it is not then YOU COULD LOCK YOURSELF OUT OF YOUR SITE.';
$string['configloglifetime'] = 'This specifies the length of time you want to keep logs about user activity. Logs that are older than this age are automatically deleted. It is best to keep logs as long as possible, in case you need them, but if you have a very busy server and are experiencing performance problems, then you may want to lower the log lifetime. Values lower than 30 are not recommended because statistics may not work properly.';
$string['configlookahead'] = 'Days to look ahead';
$string['configmailnewline'] = 'Newline characters used in mail messages. CRLF is required according to RFC 822bis, some mail servers do automatic conversion from LF to CRLF, other mail servers do incorrect conversion from CRLF to CRCRLF, yet others reject mails with bare LF (qmail for example). Try changing this setting if you are having problems with undelivered emails or double newlines.';
@ -680,7 +679,6 @@ $string['lockoutwindow_desc'] = 'Observation time for lockout threshold, if ther
$string['log'] = 'Logs';
$string['logguests'] = 'Log guest access';
$string['logguests_help'] = 'This setting enables logging of actions by guest account and not logged in users. High profile sites may want to disable this logging for performance reasons. It is recommended to keep this setting enabled on production sites.';
$string['loginhttps'] = 'Use HTTPS for logins';
$string['loginpageautofocus'] = 'Autofocus login page form';
$string['loginpageautofocus_help'] = 'Enabling this option improves usability of the login page, but automatically focusing fields may be considered an accessibility issue.';
$string['loglifetime'] = 'Keep logs for';
@ -815,6 +813,7 @@ $string['order2'] = 'Second';
$string['order3'] = 'Third';
$string['order4'] = 'Fourth';
$string['outgoingmailconfig'] = 'Outgoing mail configuration';
$string['overridetossl'] = 'HTTPS for logins has now been deprecated. This instance is now forced to SSL. To remedy this warning change your wwwroot in config.php to https://';
$string['passwordchangelogout'] = 'Log out after password change';
$string['passwordchangelogout_desc'] = 'If enabled, when a password is changed, all browser sessions are terminated, apart from the one in which the new password is specified. (This setting does not affect password changes via bulk user upload.)';
$string['passwordchangetokendeletion'] = 'Remove web service access tokens after password change';
@ -1285,3 +1284,5 @@ $string['unoconvwarning'] = 'The version of unoconv you have installed is not su
// Deprecated since Moodle 3.4
$string['moodleorghubname'] = 'Moodle.net';
$string['hubs'] = 'Hubs';
$string['configloginhttps'] = 'Turning this on will make Moodle use a secure https connection just for the login page (providing a secure login), and then afterwards revert back to the normal http URL for general speed. CAUTION: this setting REQUIRES https to be specifically enabled on the web server - if it is not then YOU COULD LOCK YOURSELF OUT OF YOUR SITE.';
$string['loginhttps'] = 'Use HTTPS for logins';

2
lang/en/deprecated.txt
View File

@ -157,3 +157,5 @@ quickdownloadcalendar,core_calendar
ical,core_calendar
privacy,core_hub
privacy_help,core_hub
configloginhttps,core_admin
loginhttps,core_admin

12
lib/db/upgrade.php
View File

@ -2781,5 +2781,17 @@ function xmldb_main_upgrade($oldversion) {
upgrade_main_savepoint(true, 2017101900.02);
}
if ($oldversion < 2017102100.01) {
// We will need to force them onto ssl if loginhttps is set.
if (!empty($CFG->loginhttps)) {
set_config('overridetossl', 1);
}
// Loginhttps should no longer be set.
unset_config('loginhttps');
// Main savepoint reached.
upgrade_main_savepoint(true, 2017102100.01);
}
return true;
}

7
lib/deprecatedlib.php
View File

@ -501,10 +501,10 @@ function filter_text($text, $courseid = NULL) {
}
/**
* @deprecated use $PAGE->https_required() instead
* @deprecated Loginhttps is no longer supported
*/
function httpsrequired() {
throw new coding_exception('httpsrequired() can not be used any more use $PAGE->https_required() instead.');
throw new coding_exception('httpsrequired() can not be used any more. Loginhttps is no longer supported.');
}
/**
@ -534,9 +534,6 @@ function get_file_url($path, $options=null, $type='coursefile') {
case 'rssfile':
$url = $CFG->wwwroot."/rss/file.php";
break;
case 'httpscoursefile':
$url = $CFG->httpswwwroot."/file.php";
break;
case 'coursefile':
default:
$url = $CFG->wwwroot."/file.php";

10
lib/editor/tinymce/lib.php
View File

@ -80,9 +80,9 @@ class tinymce_texteditor extends texteditor {
global $PAGE, $CFG;
// Note: use full moodle_url instance to prevent standard JS loader, make sure we are using https on profile page if required.
if ($CFG->debugdeveloper) {
$PAGE->requires->js(new moodle_url($CFG->httpswwwroot.'/lib/editor/tinymce/tiny_mce/'.$this->version.'/tiny_mce_src.js'));
$PAGE->requires->js(new moodle_url('/lib/editor/tinymce/tiny_mce/'.$this->version.'/tiny_mce_src.js'));
} else {
$PAGE->requires->js(new moodle_url($CFG->httpswwwroot.'/lib/editor/tinymce/tiny_mce/'.$this->version.'/tiny_mce.js'));
$PAGE->requires->js(new moodle_url('/lib/editor/tinymce/tiny_mce/'.$this->version.'/tiny_mce.js'));
}
$PAGE->requires->js_init_call('M.editor_tinymce.init_editor', array($elementid, $this->get_init_params($elementid, $options)), true);
if ($fpoptions) {
@ -127,8 +127,8 @@ class tinymce_texteditor extends texteditor {
'mode' => "exact",
'elements' => $elementid,
'relative_urls' => false,
'document_base_url' => $CFG->httpswwwroot,
'moodle_plugin_base' => "$CFG->httpswwwroot/lib/editor/tinymce/plugins/",
'document_base_url' => $CFG->wwwroot,
'moodle_plugin_base' => "$CFG->wwwroot/lib/editor/tinymce/plugins/",
'content_css' => $contentcss,
'language' => $lang,
'directionality' => $directionality,
@ -257,7 +257,7 @@ class tinymce_texteditor extends texteditor {
*/
public function get_tinymce_base_url() {
global $CFG;
return new moodle_url("$CFG->httpswwwroot/lib/editor/tinymce/tiny_mce/$this->version/");
return new moodle_url("/lib/editor/tinymce/tiny_mce/$this->version/");
}
}

2
lib/editor/tinymce/plugins/spellchecker/lib.php
View File

@ -55,7 +55,7 @@ class tinymce_spellchecker extends editor_tinymce_plugin {
// Add JS file, which uses default name.
$this->add_js_plugin($params);
$params['spellchecker_rpc_url'] = $CFG->httpswwwroot .
$params['spellchecker_rpc_url'] = $CFG->wwwroot .
'/lib/editor/tinymce/plugins/spellchecker/rpc.php';
$params['spellchecker_languages'] = $spelllanguagelist;
}

2
lib/editor/tinymce/tests/editor_test.php
View File

@ -74,7 +74,7 @@ class editor_tinymce_testcase extends advanced_testcase {
'xhtmlxtras,template,pagebreak',
'gecko_spellcheck' => true,
'theme_advanced_font_sizes' => "1,2,3,4,5,6,7",
'moodle_plugin_base' => "$CFG->httpswwwroot/lib/editor/tinymce/plugins/",
'moodle_plugin_base' => "$CFG->wwwroot/lib/editor/tinymce/plugins/",
'theme_advanced_font_sizes' => "1,2,3,4,5,6,7",
'theme_advanced_layout_manager' => "SimpleLayout",
'theme_advanced_buttons1' => 'one,two,|,three,four',

2
lib/filelib.php
View File

@ -436,7 +436,7 @@ function file_prepare_draft_area(&$draftitemid, $contextid, $component, $fileare
// at this point there should not be any draftfile links yet,
// because this is a new text from database that should still contain the @@pluginfile@@ links
// this happens when developers forget to post process the text
$text = str_replace("\"$CFG->httpswwwroot/draftfile.php", "\"$CFG->httpswwwroot/brokenfile.php#", $text);
$text = str_replace("\"$CFG->wwwroot/draftfile.php", "\"$CFG->wwwroot/brokenfile.php#", $text);
}
} else {
// nothing to do

2
lib/filterlib.php
View File

@ -1527,7 +1527,7 @@ function filter_add_javascript($text) {
<script type=\"text/javascript\">
<!--
function openpopup(url,name,options,fullscreen) {
fullurl = \"".$CFG->httpswwwroot."\" + url;
fullurl = \"".$CFG->wwwroot."\" + url;
windowobj = window.open(fullurl,name,options);
if (fullscreen) {
windowobj.moveTo(0,0);

28
lib/moodlelib.php
View File

@ -1051,19 +1051,12 @@ function clean_param($param, $type) {
$param = clean_param($param, PARAM_URL);
if (!empty($param)) {
// Simulate the HTTPS version of the site.
$httpswwwroot = str_replace('http://', 'https://', $CFG->wwwroot);
if ($param === $CFG->wwwroot) {
// Exact match;
} else if (!empty($CFG->loginhttps) && $param === $httpswwwroot) {
// Exact match;
} else if (preg_match(':^/:', $param)) {
// Root-relative, ok!
} else if (preg_match('/^' . preg_quote($CFG->wwwroot . '/', '/') . '/i', $param)) {
// Absolute, and matches our wwwroot.
} else if (!empty($CFG->loginhttps) && preg_match('/^' . preg_quote($httpswwwroot . '/', '/') . '/i', $param)) {
// Absolute, and matches our httpswwwroot.
} else {
// Relative - let's make sure there are no tricks.
if (validateUrlSyntax('/' . $param, 's-u-P-a-p-f+q?r?')) {
@ -2491,13 +2484,7 @@ function dayofweek($day, $month, $year) {
function get_login_url() {
global $CFG;
$url = "$CFG->wwwroot/login/index.php";
if (!empty($CFG->loginhttps)) {
$url = str_replace('http:', 'https:', $url);
}
return $url;
return "$CFG->wwwroot/login/index.php";
}
/**
@ -2662,12 +2649,7 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
redirect($changeurl);
} else {
// Use moodle internal method.
if (empty($CFG->loginhttps)) {
redirect($CFG->wwwroot .'/login/change_password.php');
} else {
$wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
redirect($wwwroot .'/login/change_password.php');
}
redirect($CFG->wwwroot .'/login/change_password.php');
}
} else if ($userauth->can_change_password()) {
throw new moodle_exception('forcepasswordchangenotice');
@ -4463,7 +4445,7 @@ function complete_user_login($user) {
} else {
require_once($CFG->dirroot . '/login/lib.php');
$SESSION->wantsurl = core_login_get_return_url();
redirect($CFG->httpswwwroot.'/login/change_password.php');
redirect($CFG->wwwroot.'/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
@ -6178,7 +6160,7 @@ function reset_password_and_mail($user) {
$a->sitename = format_string($site->fullname);
$a->username = $user->username;
$a->newpassword = $newpassword;
$a->link = $CFG->httpswwwroot .'/login/change_password.php';
$a->link = $CFG->wwwroot .'/login/change_password.php';
$a->signoff = generate_email_signoff();
$message = get_string('newpasswordtext', '', $a);
@ -6259,7 +6241,7 @@ function send_password_change_confirmation_email($user, $resetrecord) {
$data->lastname = $user->lastname;
$data->username = $user->username;
$data->sitename = format_string($site->fullname);
$data->link = $CFG->httpswwwroot .'/login/forgot_password.php?token='. $resetrecord->token;
$data->link = $CFG->wwwroot .'/login/forgot_password.php?token='. $resetrecord->token;
$data->admin = generate_email_signoff();
$data->resetminutes = $pwresetmins;

3
lib/outputcomponents.php
View File

@ -432,7 +432,6 @@ class user_picture implements renderable {
// If the currently requested page is https then we'll return an
// https gravatar page.
if (is_https()) {
$gravatardefault = str_replace($CFG->wwwroot, $CFG->httpswwwroot, $gravatardefault); // Replace by secure url.
return new moodle_url("https://secure.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault));
} else {
return new moodle_url("http://www.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault));
@ -520,7 +519,7 @@ class help_icon implements renderable, templatable {
$data->icon = (new pix_icon('help', $alt, 'core', ['class' => 'iconhelp']))->export_for_template($output);
$data->linktext = $this->linktext;
$data->title = get_string('helpprefix2', '', trim($title, ". \t"));
$data->url = (new moodle_url($CFG->httpswwwroot . '/help.php', [
$data->url = (new moodle_url('/help.php', [
'component' => $this->component,
'identifier' => $this->identifier,
'lang' => current_language()

16
lib/outputlib.php
View File

@ -894,7 +894,7 @@ class theme_config {
global $CFG;
$rev = theme_get_revision();
if ($rev > -1) {
$url = new moodle_url("$CFG->httpswwwroot/theme/styles.php");
$url = new moodle_url("/theme/styles.php");
if (!empty($CFG->slasharguments)) {
$url->set_slashargument('/'.$this->name.'/'.$rev.'/editor', 'noparam', true);
} else {
@ -902,7 +902,7 @@ class theme_config {
}
} else {
$params = array('theme'=>$this->name, 'type'=>'editor');
$url = new moodle_url($CFG->httpswwwroot.'/theme/styles_debug.php', $params);
$url = new moodle_url('/theme/styles_debug.php', $params);
}
return $url;
}
@ -966,7 +966,7 @@ class theme_config {
if ($rev > -1) {
$filename = right_to_left() ? 'all-rtl' : 'all';
$url = new moodle_url("$CFG->httpswwwroot/theme/styles.php");
$url = new moodle_url("/theme/styles.php");
$themesubrevision = theme_get_sub_revision_for_theme($this->name);
// Provide the sub revision to allow us to invalidate cached theme CSS
@ -1002,7 +1002,7 @@ class theme_config {
$urls[] = $url;
} else {
$baseurl = new moodle_url($CFG->httpswwwroot.'/theme/styles_debug.php');
$baseurl = new moodle_url('/theme/styles_debug.php');
$css = $this->get_css_files(true);
if (!$svg) {
@ -1686,11 +1686,11 @@ class theme_config {
}
if (!empty($CFG->slasharguments) and $rev > 0) {
$url = new moodle_url("$CFG->httpswwwroot/theme/javascript.php");
$url = new moodle_url("/theme/javascript.php");
$url->set_slashargument('/'.$this->name.'/'.$rev.'/'.$params['type'], 'noparam', true);
return $url;
} else {
return new moodle_url($CFG->httpswwwroot.'/theme/javascript.php', $params);
return new moodle_url('/theme/javascript.php', $params);
}
}
@ -1922,7 +1922,7 @@ class theme_config {
$params['image'] = $imagename;
$url = new moodle_url("$CFG->httpswwwroot/theme/image.php");
$url = new moodle_url("/theme/image.php");
if (!empty($CFG->slasharguments) and $rev > 0) {
$path = '/'.$params['theme'].'/'.$params['component'].'/'.$params['rev'].'/'.$params['image'];
if (!$svg) {
@ -1968,7 +1968,7 @@ class theme_config {
$params['font'] = $font;
$url = new moodle_url("$CFG->httpswwwroot/theme/font.php");
$url = new moodle_url("/theme/font.php");
if (!empty($CFG->slasharguments) and $rev > 0) {
$path = '/'.$params['theme'].'/'.$params['component'].'/'.$params['rev'].'/'.$params['font'];
$url->set_slashargument($path, 'noparam', true);

37
lib/outputrequirementslib.php
View File

@ -187,8 +187,8 @@ class page_requirements_manager {
}
// Set up some loader options.
$this->yui3loader->local_base = $CFG->httpswwwroot . '/lib/yuilib/'. $CFG->yui3version . '/';
$this->yui3loader->local_comboBase = $CFG->httpswwwroot . '/theme/yui_combo.php'.$sep;
$this->yui3loader->local_base = $CFG->wwwroot . '/lib/yuilib/'. $CFG->yui3version . '/';
$this->yui3loader->local_comboBase = $CFG->wwwroot . '/theme/yui_combo.php'.$sep;
if (!empty($CFG->useexternalyui)) {
$this->yui3loader->base = 'http://yui.yahooapis.com/' . $CFG->yui3version . '/';
@ -220,8 +220,8 @@ class page_requirements_manager {
$configname = $this->YUI_config->set_config_source('lib/yui/config/yui2.js');
$this->YUI_config->add_group('yui2', array(
// Loader configuration for our 2in3, for now ignores $CFG->useexternalyui.
'base' => $CFG->httpswwwroot . '/lib/yuilib/2in3/' . $CFG->yui2version . '/build/',
'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php'.$sep,
'base' => $CFG->wwwroot . '/lib/yuilib/2in3/' . $CFG->yui2version . '/build/',
'comboBase' => $CFG->wwwroot . '/theme/yui_combo.php'.$sep,
'combine' => $this->yui3loader->combine,
'ext' => false,
'root' => '2in3/' . $CFG->yui2version .'/build/',
@ -235,9 +235,9 @@ class page_requirements_manager {
$configname = $this->YUI_config->set_config_source('lib/yui/config/moodle.js');
$this->YUI_config->add_group('moodle', array(
'name' => 'moodle',
'base' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep . 'm/' . $jsrev . '/',
'base' => $CFG->wwwroot . '/theme/yui_combo.php' . $sep . 'm/' . $jsrev . '/',
'combine' => $this->yui3loader->combine,
'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php'.$sep,
'comboBase' => $CFG->wwwroot . '/theme/yui_combo.php'.$sep,
'ext' => false,
'root' => 'm/'.$jsrev.'/', // Add the rev to the root path so that we can control caching.
'patterns' => array(
@ -250,9 +250,9 @@ class page_requirements_manager {
$this->YUI_config->add_group('gallery', array(
'name' => 'gallery',
'base' => $CFG->httpswwwroot . '/lib/yuilib/gallery/',
'base' => $CFG->wwwroot . '/lib/yuilib/gallery/',
'combine' => $this->yui3loader->combine,
'comboBase' => $CFG->httpswwwroot . '/theme/yui_combo.php' . $sep,
'comboBase' => $CFG->wwwroot . '/theme/yui_combo.php' . $sep,
'ext' => false,
'root' => 'gallery/' . $jsrev . '/',
'patterns' => array(
@ -309,9 +309,6 @@ class page_requirements_manager {
global $CFG;
if (empty($this->M_cfg)) {
// JavaScript should always work with $CFG->httpswwwroot rather than $CFG->wwwroot.
// Otherwise, in some situations, users will get warnings about insecure content
// on secure pages from their web browser.
$iconsystem = \core\output\icon_system::instance();
@ -322,7 +319,7 @@ class page_requirements_manager {
}
$this->M_cfg = array(
'wwwroot' => $CFG->httpswwwroot, // Yes, really. See above.
'wwwroot' => $CFG->wwwroot,
'sesskey' => sesskey(),
'themerev' => theme_get_revision(),
'slasharguments' => (int)(!empty($CFG->slasharguments)),
@ -554,14 +551,14 @@ class page_requirements_manager {
continue;
}
if (!empty($CFG->slasharguments)) {
$url = new moodle_url("$CFG->httpswwwroot/theme/jquery.php");
$url = new moodle_url("/theme/jquery.php");
$url->set_slashargument("/$component/$file");
} else {
// This is not really good, we need slasharguments for relative links, this means no caching...
$path = realpath("$componentdir/jquery/$file");
if (strpos($path, $CFG->dirroot) === 0) {
$url = $CFG->httpswwwroot.preg_replace('/^'.preg_quote($CFG->dirroot, '/').'/', '', $path);
$url = $CFG->wwwroot.preg_replace('/^'.preg_quote($CFG->dirroot, '/').'/', '', $path);
// Replace all occurences of backslashes characters in url to forward slashes.
$url = str_replace('\\', '/', $url);
$url = new moodle_url($url);
@ -708,14 +705,14 @@ class page_requirements_manager {
if (substr($url, -3) === '.js') {
$jsrev = $this->get_jsrev();
if (empty($CFG->slasharguments)) {
return new moodle_url($CFG->httpswwwroot.'/lib/javascript.php', array('rev'=>$jsrev, 'jsfile'=>$url));
return new moodle_url('/lib/javascript.php', array('rev'=>$jsrev, 'jsfile'=>$url));
} else {
$returnurl = new moodle_url($CFG->httpswwwroot.'/lib/javascript.php');
$returnurl = new moodle_url('/lib/javascript.php');
$returnurl->set_slashargument('/'.$jsrev.$url);
return $returnurl;
}
} else {
return new moodle_url($CFG->httpswwwroot.$url);
return new moodle_url($url);
}
} else {
throw new coding_exception('Invalid JS url, it has to be shortened url starting with / or moodle_url instance.', $url);
@ -914,7 +911,7 @@ class page_requirements_manager {
if ($stylesheet instanceof moodle_url) {
// ok
} else if (strpos($stylesheet, '/') === 0) {
$stylesheet = new moodle_url($CFG->httpswwwroot.$stylesheet);
$stylesheet = new moodle_url($stylesheet);
} else {
throw new coding_exception('Invalid stylesheet parameter.', $stylesheet);
}
@ -1318,9 +1315,9 @@ class page_requirements_manager {
$output = '';
$jsrev = $this->get_jsrev();
$jsloader = new moodle_url($CFG->httpswwwroot . '/lib/javascript.php');
$jsloader = new moodle_url('/lib/javascript.php');
$jsloader->set_slashargument('/' . $jsrev . '/');
$requirejsloader = new moodle_url($CFG->httpswwwroot . '/lib/requirejs.php');
$requirejsloader = new moodle_url('/lib/requirejs.php');
$requirejsloader->set_slashargument('/' . $jsrev . '/');
$requirejsconfig = file_get_contents($CFG->dirroot . '/lib/requirejs/moodle-config.js');

71
lib/pagelib.php
View File

@ -1301,8 +1301,8 @@ class moodle_page {
if (is_string($url) && strpos($url, 'http') !== 0) {
if (strpos($url, '/') === 0) {
// We have to use httpswwwroot here, because of loginhttps pages.
$url = $CFG->httpswwwroot . $url;
// Add the wwwroot to the relative url.
$url = $CFG->wwwroot . $url;
} else {
throw new coding_exception('Invalid parameter $url, has to be full url or in shortened form starting with /.');
}
@ -1311,10 +1311,10 @@ class moodle_page {
$this->_url = new moodle_url($url, $params);
$fullurl = $this->_url->out_omit_querystring();
if (strpos($fullurl, "$CFG->httpswwwroot/") !== 0) {
debugging('Most probably incorrect set_page() url argument, it does not match the httpswwwroot!');
if (strpos($fullurl, "$CFG->wwwroot/") !== 0) {
debugging('Most probably incorrect set_page() url argument, it does not match the wwwroot!');
}
$shorturl = str_replace("$CFG->httpswwwroot/", '', $fullurl);
$shorturl = str_replace("$CFG->wwwroot/", '', $fullurl);
if (is_null($this->_pagetype)) {
$this->initialise_default_pagetype($shorturl);
@ -1461,71 +1461,28 @@ class moodle_page {
/**
* This function indicates that current page requires the https when $CFG->loginhttps enabled.
* Since loginhttps was removed this is no longer required or functional.
*
* By using this function properly, we can ensure 100% https-ized pages
* at our entire discretion (login, forgot_password, change_password)
* @deprecated since Moodle 3.4 MDL-42834 - please do not use this function any more.
* @todo MDL-46267 This will be deleted in Moodle 3.8
*
* @return void
* @throws coding_exception
*/
public function https_required() {
global $CFG;
if (!is_null($this->_url)) {
throw new coding_exception('https_required() must be used before setting page url!');
}
$this->ensure_theme_not_set();
$this->_https_login_required = true;
if (!empty($CFG->loginhttps)) {
$CFG->httpswwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
} else {
$CFG->httpswwwroot = $CFG->wwwroot;
}
debugging('https_required() has been deprecated. It no longer needs to be called.', DEBUG_DEVELOPER);
}
/**
* Makes sure that page previously marked with https_required() is really using https://, if not it redirects to https://
* Since loginhttps was removed this is no longer required or functional.
*
* @deprecated since Moodle 3.4 MDL-42834 - please do not use this function any more.
* @todo MDL-46267 This will be deleted in Moodle 3.8
*
* @return void (may redirect to https://self)
* @throws coding_exception
*/
public function verify_https_required() {
global $CFG, $FULLME;
if (is_null($this->_url)) {
throw new coding_exception('verify_https_required() must be called after setting page url!');
}
if (!$this->_https_login_required) {
throw new coding_exception('verify_https_required() must be called only after https_required()!');
}
if (empty($CFG->loginhttps)) {
// Https not required, so stop checking.
return;
}
if (strpos($this->_url, 'https://')) {
// Detect if incorrect PAGE->set_url() used, it is recommended to use root-relative paths there.
throw new coding_exception('Invalid page url. It must start with https:// for pages that set https_required()!');
}
if (!empty($CFG->sslproxy)) {
// It does not make much sense to use sslproxy and loginhttps at the same time.
return;
}
// Now the real test and redirect!
// NOTE: do NOT use this test for detection of https on current page because this code is not compatible with SSL proxies,
// instead use is_https().
if (strpos($FULLME, 'https:') !== 0) {
// This may lead to infinite redirect on an incorrectly configured site.
// In that case set $CFG->loginhttps=0; within /config.php.
redirect($this->_url);
}
debugging('verify_https_required() has been deprecated. It no longer needs to be called.', DEBUG_DEVELOPER);
}
// Initialisation methods =====================================================

1
lib/phpunit/tests/basic_test.php
View File

@ -52,6 +52,7 @@ class core_phpunit_basic_testcase extends basic_testcase {
*/
public function test_bootstrap() {
global $CFG;
// The use of httpswwwroot is deprecated, but we are still setting it for backwards compatibility.
$this->assertTrue(isset($CFG->httpswwwroot));
$this->assertEquals($CFG->httpswwwroot, $CFG->wwwroot);
$this->assertEquals($CFG->prefix, $CFG->phpunit_prefix);

2
lib/questionlib.php
View File

@ -1916,7 +1916,7 @@ function core_question_question_preview_pluginfile($previewcontext, $questionid,
function question_make_export_url($contextid, $categoryid, $format, $withcategories,
$withcontexts, $filename) {
global $CFG;
$urlbase = "$CFG->httpswwwroot/pluginfile.php";
$urlbase = "$CFG->wwwroot/pluginfile.php";
return moodle_url::make_file_url($urlbase,
"/$contextid/question/export/{$categoryid}/{$format}/{$withcategories}" .
"/{$withcontexts}/{$filename}", true);

3
lib/sessionlib.php
View File

@ -96,9 +96,6 @@ function is_moodle_cookie_secure() {
if (!isset($CFG->cookiesecure)) {
return false;
}
if (!empty($CFG->loginhttps)) {
return false;
}
if (!is_https() and empty($CFG->sslproxy)) {
return false;
}

4
lib/setup.php
View File

@ -528,8 +528,8 @@ global $FULLSCRIPT;
*/
global $SCRIPT;
// Set httpswwwroot default value (this variable will replace $CFG->wwwroot
// inside some URLs used in HTTPSPAGEREQUIRED pages.
// Set httpswwwroot to $CFG->wwwroot for backwards compatibility
// The loginhttps option is deprecated, so httpswwwroot is no longer necessary. See MDL-42834.
$CFG->httpswwwroot = $CFG->wwwroot;
require_once($CFG->libdir .'/setuplib.php'); // Functions that MUST be loaded first

10
lib/setuplib.php
View File

@ -578,11 +578,8 @@ function get_exception_info($ex) {
// When printing an error the continue button should never link offsite.
// We cannot use clean_param() here as it is not guaranteed that it has been loaded yet.
$httpswwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
if (stripos($link, $CFG->wwwroot) === 0) {
// Internal HTTP, all good.
} else if (!empty($CFG->loginhttps) && stripos($link, $httpswwwroot) === 0) {
// Internal HTTPS, all good.
} else {
// External link spotted!
$link = $CFG->wwwroot . '/';
@ -831,6 +828,13 @@ function initialise_fullme() {
initialise_fullme_cli();
return;
}
if (!empty($CFG->overridetossl)) {
if (strpos($CFG->wwwroot, 'http://') === 0) {
$CFG->wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
} else {
unset_config('overridetossl');
}
}
$rurl = setup_get_remote_url();
$wwwroot = parse_url($CFG->wwwroot.'/');

15
lib/tests/moodlelib_test.php
View File

@ -643,31 +643,20 @@ class core_moodlelib_testcase extends advanced_testcase {
// Local absolute HTTPS in a non HTTPS site.
$CFG->wwwroot = str_replace('https:', 'http:', $CFG->wwwroot); // Need to simulate non-https site.
$httpsroot = str_replace('http:', 'https:', $CFG->wwwroot);
$CFG->loginhttps = false; // Not allowed.
$this->assertSame('', clean_param($httpsroot, PARAM_LOCALURL));
$this->assertSame('', clean_param($httpsroot . '/with/something?else=true', PARAM_LOCALURL));
$CFG->loginhttps = true; // Allowed.
$this->assertSame($httpsroot, clean_param($httpsroot, PARAM_LOCALURL));
$this->assertSame($httpsroot . '/with/something?else=true',
clean_param($httpsroot . '/with/something?else=true', PARAM_LOCALURL));
// Local absolute HTTPS in a HTTPS site.
$CFG->wwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
$CFG->wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
$httpsroot = $CFG->wwwroot;
$CFG->loginhttps = false; // Always allowed.
$this->assertSame($httpsroot, clean_param($httpsroot, PARAM_LOCALURL));
$this->assertSame($httpsroot . '/with/something?else=true',
clean_param($httpsroot . '/with/something?else=true', PARAM_LOCALURL));
$CFG->loginhttps = true; // Always allowed.
$this->assertSame($httpsroot, clean_param($httpsroot, PARAM_LOCALURL));
$this->assertSame($httpsroot . '/with/something?else=true',
clean_param($httpsroot . '/with/something?else=true', PARAM_LOCALURL));
// Test open redirects are not possible.
$CFG->loginhttps = false;
$CFG->wwwroot = 'http://www.example.com';
$this->assertSame('', clean_param('http://www.example.com.evil.net/hack.php', PARAM_LOCALURL));
$CFG->loginhttps = true;
$CFG->wwwroot = 'https://www.example.com';
$this->assertSame('', clean_param('https://www.example.com.evil.net/hack.php', PARAM_LOCALURL));
}

10
lib/tests/outputcomponents_test.php
View File

@ -126,7 +126,6 @@ class core_outputcomponents_testcase extends advanced_testcase {
$this->assertEquals(1, $CFG->themerev);
$this->assertEquals(0, $CFG->themedesignermode);
$this->assertSame('https://www.example.com/moodle', $CFG->wwwroot);
$this->assertSame($CFG->wwwroot, $CFG->httpswwwroot);
$this->assertEquals(0, $CFG->enablegravatar);
$this->assertSame('mm', $CFG->gravatardefaulturl);
@ -207,7 +206,6 @@ class core_outputcomponents_testcase extends advanced_testcase {
// Http version.
$CFG->wwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
$CFG->httpswwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
// Verify defaults to misteryman (mm).
$up2 = new user_picture($user2);
@ -222,13 +220,13 @@ class core_outputcomponents_testcase extends advanced_testcase {
$this->assertSame($CFG->wwwroot.'/pluginfile.php/'.$context1->id.'/user/icon/boost/f2?rev=11', $up1->get_url($page, $renderer)->out(false));
// Https version.
$CFG->httpswwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
$CFG->wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
$up1 = new user_picture($user1);
$this->assertSame($CFG->httpswwwroot.'/pluginfile.php/'.$context1->id.'/user/icon/boost/f2?rev=11', $up1->get_url($page, $renderer)->out(false));
$this->assertSame($CFG->wwwroot.'/pluginfile.php/'.$context1->id.'/user/icon/boost/f2?rev=11', $up1->get_url($page, $renderer)->out(false));
$up3 = new user_picture($user3);
$this->assertSame($CFG->httpswwwroot.'/theme/image.php/boost/core/1/u/f2', $up3->get_url($page, $renderer)->out(false));
$this->assertSame($CFG->wwwroot.'/theme/image.php/boost/core/1/u/f2', $up3->get_url($page, $renderer)->out(false));
$up2 = new user_picture($user2);
$this->assertSame('https://secure.gravatar.com/avatar/ab53a2911ddf9b4817ac01ddcd3d975f?s=35&d=https%3A%2F%2Fwww.example.com%2Fmoodle%2Fpix%2Fu%2Ff2.png', $up2->get_url($page, $renderer)->out(false));
@ -271,7 +269,7 @@ class core_outputcomponents_testcase extends advanced_testcase {
// Test non-slashargument images.
set_config('theme', 'clean');
$CFG->httpswwwroot = $CFG->wwwroot;
$CFG->wwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
$CFG->slasharguments = 0;
$page = new moodle_page();
$page->set_url('/user/profile.php');

18
lib/tests/sessionlib_test.php
View File

@ -165,9 +165,7 @@ class core_sessionlib_testcase extends advanced_testcase {
// Non ssl, not set.
'config' => array(
'wwwroot' => 'http://example.com',
'httpswwwroot' => 'http://example.com',
'sslproxy' => null,
'loginhttps' => null,
'cookiesecure' => null,
),
'secure' => false,
@ -176,9 +174,7 @@ class core_sessionlib_testcase extends advanced_testcase {
// Non ssl, off and ignored.
'config' => array(
'wwwroot' => 'http://example.com',
'httpswwwroot' => 'http://example.com',
'sslproxy' => null,
'loginhttps' => null,
'cookiesecure' => false,
),
'secure' => false,
@ -187,9 +183,7 @@ class core_sessionlib_testcase extends advanced_testcase {
// Non ssl, on and ignored.
'config' => array(
'wwwroot' => 'http://example.com',
'httpswwwroot' => 'http://example.com',
'sslproxy' => null,
'loginhttps' => null,
'cookiesecure' => true,
),
'secure' => false,
@ -198,9 +192,7 @@ class core_sessionlib_testcase extends advanced_testcase {
// SSL via proxy, off.
'config' => array(
'wwwroot' => 'http://example.com',
'httpswwwroot' => 'http://example.com',
'sslproxy' => true,
'loginhttps' => null,
'cookiesecure' => false,
),
'secure' => false,
@ -209,9 +201,7 @@ class core_sessionlib_testcase extends advanced_testcase {
// SSL via proxy, on.
'config' => array(
'wwwroot' => 'http://example.com',
'httpswwwroot' => 'http://example.com',
'sslproxy' => true,
'loginhttps' => null,
'cookiesecure' => true,
),
'secure' => true,
@ -220,9 +210,7 @@ class core_sessionlib_testcase extends advanced_testcase {
// SSL and off.
'config' => array(
'wwwroot' => 'https://example.com',
'httpswwwroot' => 'https://example.com',
'sslproxy' => null,
'loginhttps' => null,
'cookiesecure' => false,
),
'secure' => false,
@ -231,9 +219,7 @@ class core_sessionlib_testcase extends advanced_testcase {
// SSL and on.
'config' => array(
'wwwroot' => 'https://example.com',
'httpswwwroot' => 'https://example.com',
'sslproxy' => null,
'loginhttps' => null,
'cookiesecure' => true,
),
'secure' => true,
@ -250,10 +236,10 @@ class core_sessionlib_testcase extends advanced_testcase {
* @param bool $secure Wether cookies should be secure or not
*/
public function test_is_moodle_cookie_secure($config, $secure) {
global $CFG;
$this->resetAfterTest();
foreach ($config as $key => $value) {
set_config($key, $value);
$CFG->$key = $value;
}
$this->assertEquals($secure, is_moodle_cookie_secure());
}

27
lib/tests/setuplib_test.php
View File

@ -357,7 +357,6 @@ class core_setuplib_testcase extends advanced_testcase {
public function test_get_exception_info_link() {
global $CFG, $SESSION;
$initialloginhttps = $CFG->loginhttps;
$httpswwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
// Simple local URL.
@ -372,8 +371,7 @@ class core_setuplib_testcase extends advanced_testcase {
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// HTTPS URL when login HTTPS is not enabled and site is HTTP.
$CFG->loginhttps = false;
// HTTPS URL when login HTTPS is not enabled (default) and site is HTTP.
$CFG->wwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
$url = $httpswwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
@ -387,21 +385,6 @@ class core_setuplib_testcase extends advanced_testcase {
$infos = $this->get_exception_info($exception);
$this->assertSame($url, $infos->link);
// HTTPS URL when login HTTPS enabled and site is HTTP.
$CFG->loginhttps = true;
$CFG->wwwroot = str_replace('https:', 'http:', $CFG->wwwroot);
$url = $httpswwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($url, $infos->link);
// HTTPS URL when login HTTPS enabled and site is HTTPS.
$CFG->wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
$url = $httpswwwroot . '/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
$infos = $this->get_exception_info($exception);
$this->assertSame($url, $infos->link);
// External HTTP URL.
$url = 'http://moodle.org/something/here?really=yes';
$exception = new moodle_exception('none', 'error', $url);
@ -444,14 +427,6 @@ class core_setuplib_testcase extends advanced_testcase {
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
// External HTTPS link from fromurl with login HTTPS.
$CFG->loginhttps = true;
$SESSION->fromurl = 'https://moodle.org/something/here?really=yes';
$exception = new moodle_exception('none');
$infos = $this->get_exception_info($exception);
$this->assertSame($CFG->wwwroot . '/', $infos->link);
$CFG->loginhttps = $initialloginhttps;
$SESSION->fromurl = '';
}

4
lib/upgrade.txt
View File

@ -54,6 +54,10 @@ information provided here is intended especially for developers.
* Instead of checking the 'moodle/course:viewparticipants' and 'moodle/site:viewparticipants' capabilities use the
new functions course_can_view_participants() and course_require_view_participants().
* $stored_file->add_to_curl_request() now adds the filename to the curl request.
* The option for Login HTTPS (authentication-only SSL) has been removed
* $CFG->loginhttps is now deprecated, do not use it.
* $PAGE->https_required and $PAGE->verify_https_required() are now deprecated. They are no longer used and will throw a coding_exception.
* $CFG->httpswwwroot is now deprecated and will always result in the same value as wwwroot.
=== 3.3.1 ===

21
lib/weblib.php
View File

@ -203,7 +203,7 @@ function qualified_me() {
/**
* Determines whether or not the Moodle site is being served over HTTPS.
*
* This is done simply by checking the value of $CFG->httpswwwroot, which seems
* This is done simply by checking the value of $CFG->wwwroot, which seems
* to be the only reliable method.
*
* @return boolean True if site is served over HTTPS, false otherwise.
@ -211,7 +211,7 @@ function qualified_me() {
function is_https() {
global $CFG;
return (strpos($CFG->httpswwwroot, 'https://') === 0);
return (strpos($CFG->wwwroot, 'https://') === 0);
}
/**
@ -347,12 +347,9 @@ class moodle_url {
// Normalise shortened form of our url ex.: '/course/view.php'.
if (strpos($url, '/') === 0) {
// We must not use httpswwwroot here, because it might be url of other page,
// devs have to use httpswwwroot explicitly when creating new moodle_url.
$url = $CFG->wwwroot.$url;
}
// Now fix the admin links if needed, no need to mess with httpswwwroot.
if ($CFG->admin !== 'admin') {
if (strpos($url, "$CFG->wwwroot/admin/") === 0) {
$url = str_replace("$CFG->wwwroot/admin/", "$CFG->wwwroot/$CFG->admin/", $url);
@ -781,7 +778,7 @@ class moodle_url {
public static function make_pluginfile_url($contextid, $component, $area, $itemid, $pathname, $filename,
$forcedownload = false) {
global $CFG;
$urlbase = "$CFG->httpswwwroot/pluginfile.php";
$urlbase = "$CFG->wwwroot/pluginfile.php";
if ($itemid === null) {
return self::make_file_url($urlbase, "/$contextid/$component/$area".$pathname.$filename, $forcedownload);
} else {
@ -807,7 +804,7 @@ class moodle_url {
public static function make_webservice_pluginfile_url($contextid, $component, $area, $itemid, $pathname, $filename,
$forcedownload = false) {
global $CFG;
$urlbase = "$CFG->httpswwwroot/webservice/pluginfile.php";
$urlbase = "$CFG->wwwroot/webservice/pluginfile.php";
if ($itemid === null) {
return self::make_file_url($urlbase, "/$contextid/$component/$area".$pathname.$filename, $forcedownload);
} else {
@ -826,7 +823,7 @@ class moodle_url {
*/
public static function make_draftfile_url($draftid, $pathname, $filename, $forcedownload = false) {
global $CFG, $USER;
$urlbase = "$CFG->httpswwwroot/draftfile.php";
$urlbase = "$CFG->wwwroot/draftfile.php";
$context = context_user::instance($USER->id);
return self::make_file_url($urlbase, "/$context->id/user/draft/$draftid".$pathname.$filename, $forcedownload);
@ -861,15 +858,11 @@ class moodle_url {
global $CFG;
$url = $this->out($escaped, $overrideparams);
$httpswwwroot = str_replace("http://", "https://", $CFG->wwwroot);
// Url should be equal to wwwroot or httpswwwroot. If not then throw exception.
// Url should be equal to wwwroot. If not then throw exception.
if (($url === $CFG->wwwroot) || (strpos($url, $CFG->wwwroot.'/') === 0)) {
$localurl = substr($url, strlen($CFG->wwwroot));
return !empty($localurl) ? $localurl : '';
} else if (($url === $httpswwwroot) || (strpos($url, $httpswwwroot.'/') === 0)) {
$localurl = substr($url, strlen($httpswwwroot));
return !empty($localurl) ? $localurl : '';
} else {
throw new coding_exception('out_as_local_url called on a non-local URL');
}
@ -1318,7 +1311,7 @@ function format_text($text, $format = FORMAT_MOODLE, $options = null, $courseidd
// this happens when developers forget to post process the text.
// The only potential problem is that somebody might try to format
// the text before storing into database which would be itself big bug..
$text = str_replace("\"$CFG->httpswwwroot/draftfile.php", "\"$CFG->httpswwwroot/brokenfile.php#", $text);
$text = str_replace("\"$CFG->wwwroot/draftfile.php", "\"$CFG->wwwroot/brokenfile.php#", $text);
if ($CFG->debugdeveloper) {
if (strpos($text, '@@PLUGINFILE@@/') !== false) {

8
login/change_password.php
View File

@ -35,9 +35,6 @@ $return = optional_param('return', 0, PARAM_BOOL); // redirect after password ch
$systemcontext = context_system::instance();
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$PAGE->set_url('/login/change_password.php', array('id'=>$id));
$PAGE->set_context($systemcontext);
@ -64,7 +61,7 @@ if (!$course = $DB->get_record('course', array('id'=>$id))) {
// require proper login; guest user can not change password
if (!isloggedin() or isguestuser()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
$SESSION->wantsurl = $CFG->wwwroot.'/login/change_password.php';
}
redirect(get_login_url());
}
@ -148,9 +145,6 @@ if ($mform->is_cancelled()) {
exit;
}
// make sure we really are on the https page when https login required
$PAGE->verify_https_required();
$strchangepassword = get_string('changepassword');
$fullname = fullname($USER, true);

5
login/forgot_password.php
View File

@ -41,9 +41,6 @@ require_once('set_password_form.php');
$token = optional_param('token', false, PARAM_ALPHANUM);
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$PAGE->set_url('/login/forgot_password.php');
$systemcontext = context_system::instance();
$PAGE->set_context($systemcontext);
@ -85,7 +82,7 @@ if (empty($token)) {
// The session var is intentionally used only during the lifespan of one request (the redirect) and is unset above.
if (!$tokeninsession && $_SERVER['REQUEST_METHOD'] === 'GET') {
$SESSION->password_reset_token = $token;
redirect($CFG->httpswwwroot . '/login/forgot_password.php');
redirect($CFG->wwwroot . '/login/forgot_password.php');
} else {
// Continue with the password reset process.
core_login_process_password_set($token);

29
login/index.php
View File

@ -30,18 +30,10 @@ require_once('lib.php');
redirect_if_major_upgrade_required();
$testsession = optional_param('testsession', 0, PARAM_INT); // test session works properly
$cancel = optional_param('cancel', 0, PARAM_BOOL); // redirect to frontpage, needed for loginhttps
$anchor = optional_param('anchor', '', PARAM_RAW); // Used to restore hash anchor to wantsurl.
if ($cancel) {
redirect(new moodle_url('/'));
}
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$context = context_system::instance();
$PAGE->set_url("$CFG->httpswwwroot/login/index.php");
$PAGE->set_url("$CFG->wwwroot/login/index.php");
$PAGE->set_context($context);
$PAGE->set_pagelayout('login');
@ -214,12 +206,12 @@ if ($frm and isset($frm->username)) { // Login WITH
if ($userauth->can_change_password()) {
$passwordchangeurl = $userauth->change_password_url();
if (!$passwordchangeurl) {
$passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
$passwordchangeurl = $CFG->wwwroot.'/login/change_password.php';
} else {
$externalchangepassword = true;
}
} else {
$passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
$passwordchangeurl = $CFG->wwwroot.'/login/change_password.php';
}
$days2expire = $userauth->password_expire($USER->username);
$PAGE->set_title("$site->fullname: $loginsite");
@ -279,9 +271,9 @@ if (empty($SESSION->wantsurl)) {
if ($referer &&
$referer != $CFG->wwwroot &&
$referer != $CFG->wwwroot . '/' &&
$referer != $CFG->httpswwwroot . '/login/' &&
strpos($referer, $CFG->httpswwwroot . '/login/?') !== 0 &&
strpos($referer, $CFG->httpswwwroot . '/login/index.php') !== 0) { // There might be some extra params such as ?lang=.
$referer != $CFG->wwwroot . '/login/' &&
strpos($referer, $CFG->wwwroot . '/login/?') !== 0 &&
strpos($referer, $CFG->wwwroot . '/login/index.php') !== 0) { // There might be some extra params such as ?lang=.
$SESSION->wantsurl = $referer;
}
}
@ -305,9 +297,6 @@ if (!empty($CFG->alternateloginurl)) {
redirect($loginurl->out(false));
}
// make sure we really are on the https page when https login required
$PAGE->verify_https_required();
/// Generate the login page with forms
if (!isset($frm) or !is_object($frm)) {
@ -339,7 +328,7 @@ if (!empty($SESSION->loginerrormsg)) {
if ($errormsg) {
$SESSION->loginerrormsg = $errormsg;
}
redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php'));
redirect(new moodle_url('/login/index.php'));
}
$PAGE->set_title("$site->fullname: $loginsite");
@ -350,8 +339,8 @@ echo $OUTPUT->header();
if (isloggedin() and !isguestuser()) {
// prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed
echo $OUTPUT->box_start();
$logout = new single_button(new moodle_url($CFG->httpswwwroot.'/login/logout.php', array('sesskey'=>sesskey(),'loginpage'=>1)), get_string('logout'), 'post');
$continue = new single_button(new moodle_url($CFG->httpswwwroot.'/login/index.php', array('cancel'=>1)), get_string('cancel'), 'get');
$logout = new single_button(new moodle_url('/login/logout.php', array('sesskey'=>sesskey(),'loginpage'=>1)), get_string('logout'), 'post');
$continue = new single_button(new moodle_url('/'), get_string('cancel'), 'get');
echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
echo $OUTPUT->box_end();
} else {

6
login/lib.php
View File

@ -58,9 +58,6 @@ function core_login_process_password_reset_request() {
die; // Never reached.
}
// Make sure we really are on the https page when https login required.
$PAGE->verify_https_required();
// DISPLAY FORM.
echo $OUTPUT->header();
@ -212,7 +209,7 @@ function core_login_process_password_set($token) {
WHERE upr.token = ?";
$user = $DB->get_record_sql($sql, array($token));
$forgotpasswordurl = "{$CFG->httpswwwroot}/login/forgot_password.php";
$forgotpasswordurl = "{$CFG->wwwroot}/login/forgot_password.php";
if (empty($user) or ($user->timerequested < (time() - $pwresettime - DAYSECS))) {
// There is no valid reset request record - not even a recently expired one.
// (suspicious)
@ -253,7 +250,6 @@ function core_login_process_password_set($token) {
$setdata->username2 = $user->username;
$setdata->token = $user->token;
$mform->set_data($setdata);
$PAGE->verify_https_required();
echo $OUTPUT->header();
echo $OUTPUT->box(get_string('setpasswordinstructions'), 'generalbox boxwidthnormal boxaligncenter');
$mform->display();

8
login/signup.php
View File

@ -32,9 +32,6 @@ if (!$authplugin = signup_is_enabled()) {
print_error('notlocalisederrormessage', 'error', '', 'Sorry, you may not use this page.');
}
//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();
$PAGE->set_url('/login/signup.php');
$PAGE->set_context(context_system::instance());
@ -53,7 +50,7 @@ if (isloggedin() and !isguestuser()) {
// Prevent signing up when already logged in.
echo $OUTPUT->header();
echo $OUTPUT->box_start();
$logout = new single_button(new moodle_url($CFG->httpswwwroot . '/login/logout.php',
$logout = new single_button(new moodle_url('/login/logout.php',
array('sesskey' => sesskey(), 'loginpage' => 1)), get_string('logout'), 'post');
$continue = new single_button(new moodle_url('/'), get_string('cancel'), 'get');
echo $OUTPUT->confirm(get_string('cannotsignup', 'error', fullname($USER)), $logout, $continue);
@ -75,9 +72,6 @@ if ($mform_signup->is_cancelled()) {
exit; //never reached
}
// make sure we really are on the https page when https login required
$PAGE->verify_https_required();
$newaccount = get_string('newaccount');
$login = get_string('login');

2
login/signup_form.php
View File

@ -93,7 +93,7 @@ class login_signup_form extends moodleform implements renderable, templatable {
profile_signup_fields($mform);
if (signup_captcha_enabled()) {
$mform->addElement('recaptcha', 'recaptcha_element', get_string('security_question', 'auth'), array('https' => $CFG->loginhttps));
$mform->addElement('recaptcha', 'recaptcha_element', get_string('security_question', 'auth'));
$mform->addHelpButton('recaptcha_element', 'recaptcha', 'auth');
$mform->closeHeaderBefore('recaptcha_element');
}

4
mod/chat/gui_ajax/index.php
View File

@ -70,8 +70,8 @@ $module = array(
array('modulename', 'chat'), array('beep', 'chat'), array('talk', 'chat'))
);
$modulecfg = array(
'home' => $CFG->httpswwwroot.'/mod/chat/view.php?id='.$cm->id,
'chaturl' => $CFG->httpswwwroot.'/mod/chat/gui_ajax/index.php?id='.$id,
'home' => $CFG->wwwroot.'/mod/chat/view.php?id='.$cm->id,
'chaturl' => $CFG->wwwroot.'/mod/chat/gui_ajax/index.php?id='.$id,
'theme' => $theme,
'userid' => $USER->id,
'sid' => $chatsid,

2
mod/lti/locallib.php
View File

@ -2378,7 +2378,7 @@ function lti_get_launch_container($lti, $toolconfig) {
function lti_request_is_using_ssl() {
global $CFG;
return (stripos($CFG->httpswwwroot, 'https://') === 0);
return (stripos($CFG->wwwroot, 'https://') === 0);
}
function lti_ensure_url_is_https($url) {

2
repository/draftfiles_manager.php
View File

@ -73,7 +73,7 @@ $fs = get_file_storage();
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'areamaxbytes'=>$areamaxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$PAGE->set_url('/repository/draftfiles_manager.php', $params);
$filepicker_url = new moodle_url($CFG->httpswwwroot."/repository/filepicker.php", $params);
$filepicker_url = new moodle_url("/repository/filepicker.php", $params);
$params['action'] = 'browse';
$home_url = new moodle_url('/repository/draftfiles_manager.php', $params);

2
repository/dropbox/lib.php
View File

@ -591,7 +591,7 @@ class repository_dropbox extends repository {
public static function get_oauth2callbackurl() {
global $CFG;
return new moodle_url($CFG->httpswwwroot . '/admin/oauth2callback.php');
return new moodle_url('/admin/oauth2callback.php');
}
/**

4
repository/filepicker.php
View File

@ -101,7 +101,7 @@ $home_url = new moodle_url('/repository/draftfiles_manager.php', $params);
$params['savepath'] = $savepath;
$params['repo_id'] = $repo_id;
$url = new moodle_url($CFG->httpswwwroot."/repository/filepicker.php", $params);
$url = new moodle_url("/repository/filepicker.php", $params);
$PAGE->set_url('/repository/filepicker.php', $params);
switch ($action) {
@ -212,7 +212,7 @@ case 'sign':
// TODO MDL-28482: need a better solution
// paging_bar is not a good option because it starts page numbering from 0 and
// repositories number pages starting from 1.
$pagingurl = new moodle_url("$CFG->httpswwwroot/repository/filepicker.php?action=list&itemid=$itemid&ctx_id=$contextid&repo_id=$repo_id&course=$courseid&sesskey=". sesskey());
$pagingurl = new moodle_url("/repository/filepicker.php?action=list&itemid=$itemid&ctx_id=$contextid&repo_id=$repo_id&course=$courseid&sesskey=". sesskey());
if (!isset($list['perpage']) && !isset($list['total'])) {
$list['perpage'] = 10; // instead of setting perpage&total we use number of pages, the result is the same
}

2
theme/styles_debug.php
View File

@ -56,7 +56,7 @@ if ($type === 'editor') {
css_send_uncached_css($csscontent);
}
$chunkurl = new moodle_url($CFG->httpswwwroot . '/theme/styles_debug.php', array('theme' => $themename,
$chunkurl = new moodle_url('/theme/styles_debug.php', array('theme' => $themename,
'type' => $type, 'subtype' => $subtype, 'sheet' => $sheet, 'usesvg' => $usesvg, 'rtl' => $rtl));
// We need some kind of caching here because otherwise the page navigation becomes

8
user/edit.php
View File

@ -29,9 +29,6 @@ require_once($CFG->dirroot.'/user/editlib.php');
require_once($CFG->dirroot.'/user/profile/lib.php');
require_once($CFG->dirroot.'/user/lib.php');
// HTTPS is required in this page when $CFG->loginhttps enabled.
$PAGE->https_required();
$userid = optional_param('id', $USER->id, PARAM_INT); // User id.
$course = optional_param('course', SITEID, PARAM_INT); // Course id (defaults to Site).
$returnto = optional_param('returnto', null, PARAM_ALPHA); // Code determining where to return to after save.
@ -47,7 +44,7 @@ if ($course->id != SITEID) {
require_login($course);
} else if (!isloggedin()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/user/edit.php';
$SESSION->wantsurl = $CFG->wwwroot.'/user/edit.php';
}
redirect(get_login_url());
} else {
@ -304,9 +301,6 @@ if ($usernew = $userform->get_data()) {
}
}
// Make sure we really are on the https page when https login required.
$PAGE->verify_https_required();
// Display page header.
$streditmyprofile = get_string('editmyprofile');

6
user/editadvanced.php
View File

@ -31,9 +31,6 @@ require_once($CFG->dirroot.'/user/profile/lib.php');
require_once($CFG->dirroot.'/user/lib.php');
require_once($CFG->dirroot.'/webservice/lib.php');
// HTTPS is required in this page when $CFG->loginhttps enabled.
$PAGE->https_required();
$id = optional_param('id', $USER->id, PARAM_INT); // User id; -1 if creating new user.
$course = optional_param('course', SITEID, PARAM_INT); // Course id (defaults to Site).
$returnto = optional_param('returnto', null, PARAM_ALPHA); // Code determining where to return to after save.
@ -313,9 +310,6 @@ if ($usernew = $userform->get_data()) {
// Never reached..
}
// Make sure we really are on the https page when https login required.
$PAGE->verify_https_required();
// Display page header.
if ($user->id == -1 or ($user->id != $USER->id)) {

2
user/editlib.php
View File

@ -57,7 +57,7 @@ function useredit_setup_preference_page($userid, $courseid) {
require_login($course);
} else if (!isloggedin()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/user/preferences.php';
$SESSION->wantsurl = $CFG->wwwroot.'/user/preferences.php';
}
redirect(get_login_url());
} else {

2
version.php
View File

@ -29,7 +29,7 @@
defined('MOODLE_INTERNAL') || die();
$version = 2017102100.00; // YYYYMMDD = weekly release date of this DEV branch.
$version = 2017102100.01; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.