From 26d7f16686904676051bd6596bebe93d6ce3540a Mon Sep 17 00:00:00 2001 From: raortegar Date: Fri, 5 Jul 2024 14:00:17 +0200 Subject: [PATCH] MDL-81718 core: Improve localstorage validation --- lib/amd/build/localstorage.min.js | 2 +- lib/amd/build/localstorage.min.js.map | 2 +- lib/amd/build/storage_validation.min.js | 9 +++++ lib/amd/build/storage_validation.min.js.map | 1 + lib/amd/build/storagewrapper.min.js | 2 +- lib/amd/build/storagewrapper.min.js.map | 2 +- lib/amd/src/localstorage.js | 9 +++++ lib/amd/src/storage_validation.js | 37 +++++++++++++++++++++ lib/amd/src/storagewrapper.js | 9 +++++ lib/outputrequirementslib.php | 5 ++- 10 files changed, 73 insertions(+), 5 deletions(-) create mode 100644 lib/amd/build/storage_validation.min.js create mode 100644 lib/amd/build/storage_validation.min.js.map create mode 100644 lib/amd/src/storage_validation.js diff --git a/lib/amd/build/localstorage.min.js b/lib/amd/build/localstorage.min.js index 51f1077c3b2..f7f4b81c54e 100644 --- a/lib/amd/build/localstorage.min.js +++ b/lib/amd/build/localstorage.min.js @@ -7,6 +7,6 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @since 2.9 */ -define("core/localstorage",["core/config","core/storagewrapper"],(function(config,StorageWrapper){var storage=new StorageWrapper(window.localStorage);return{get:function(key){return storage.get(key)},set:function(key,value){return storage.set(key,value)}}})); +define("core/localstorage",["core/config","core/storagewrapper"],(function(config,StorageWrapper){var storage=new StorageWrapper(window.localStorage);return{get:function(key){return storage.get(key)},set:function(key,value){return storage.set(key,value)},clean:function(){return storage.clean()}}})); //# sourceMappingURL=localstorage.min.js.map \ No newline at end of file diff --git a/lib/amd/build/localstorage.min.js.map b/lib/amd/build/localstorage.min.js.map index 36e459f3599..8c9132fef7c 100644 --- a/lib/amd/build/localstorage.min.js.map +++ b/lib/amd/build/localstorage.min.js.map @@ -1 +1 @@ -{"version":3,"file":"localstorage.min.js","sources":["../src/localstorage.js"],"sourcesContent":["// This file is part of Moodle - http://moodle.org/\n//\n// Moodle is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n//\n// Moodle is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n//\n// You should have received a copy of the GNU General Public License\n// along with Moodle. If not, see .\n\n/**\n * Simple API for set/get to localstorage, with cacherev expiration.\n *\n * @module core/localstorage\n * @class localstorage\n * @copyright 2015 Damyon Wiese \n * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later\n * @since 2.9\n */\ndefine(['core/config', 'core/storagewrapper'], function(config, StorageWrapper) {\n\n // Private functions and variables.\n /** @var {Object} StorageWrapper - Wraps browsers localStorage object */\n var storage = new StorageWrapper(window.localStorage);\n\n return /** @alias module:core/localstorage */ {\n /**\n * Get a value from local storage. Remember - all values must be strings.\n *\n * @method get\n * @param {string} key The cache key to check.\n * @return {boolean|string} False if the value is not in the cache, or some other error - a string otherwise.\n */\n get: function(key) {\n return storage.get(key);\n },\n\n /**\n * Set a value to local storage. Remember - all values must be strings.\n *\n * @method set\n * @param {string} key The cache key to set.\n * @param {string} value The value to set.\n * @return {boolean} False if the value can't be saved in the cache, or some other error - true otherwise.\n */\n set: function(key, value) {\n return storage.set(key, value);\n }\n\n };\n});\n"],"names":["define","config","StorageWrapper","storage","window","localStorage","get","key","set","value"],"mappings":";;;;;;;;;AAwBAA,2BAAO,CAAC,cAAe,wBAAwB,SAASC,OAAQC,oBAIxDC,QAAU,IAAID,eAAeE,OAAOC,oBAEM,CAQ1CC,IAAK,SAASC,YACHJ,QAAQG,IAAIC,MAWvBC,IAAK,SAASD,IAAKE,cACRN,QAAQK,IAAID,IAAKE"} \ No newline at end of file +{"version":3,"file":"localstorage.min.js","sources":["../src/localstorage.js"],"sourcesContent":["// This file is part of Moodle - http://moodle.org/\n//\n// Moodle is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n//\n// Moodle is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n//\n// You should have received a copy of the GNU General Public License\n// along with Moodle. If not, see .\n\n/**\n * Simple API for set/get to localstorage, with cacherev expiration.\n *\n * @module core/localstorage\n * @class localstorage\n * @copyright 2015 Damyon Wiese \n * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later\n * @since 2.9\n */\ndefine(['core/config', 'core/storagewrapper'], function(config, StorageWrapper) {\n\n // Private functions and variables.\n /** @var {Object} StorageWrapper - Wraps browsers localStorage object */\n var storage = new StorageWrapper(window.localStorage);\n\n return /** @alias module:core/localstorage */ {\n /**\n * Get a value from local storage. Remember - all values must be strings.\n *\n * @method get\n * @param {string} key The cache key to check.\n * @return {boolean|string} False if the value is not in the cache, or some other error - a string otherwise.\n */\n get: function(key) {\n return storage.get(key);\n },\n\n /**\n * Set a value to local storage. Remember - all values must be strings.\n *\n * @method set\n * @param {string} key The cache key to set.\n * @param {string} value The value to set.\n * @return {boolean} False if the value can't be saved in the cache, or some other error - true otherwise.\n */\n set: function(key, value) {\n return storage.set(key, value);\n },\n\n /**\n * Clean local storage\n *\n * @method clean\n */\n clean: function() {\n return storage.clean();\n }\n\n };\n});\n"],"names":["define","config","StorageWrapper","storage","window","localStorage","get","key","set","value","clean"],"mappings":";;;;;;;;;AAwBAA,2BAAO,CAAC,cAAe,wBAAwB,SAASC,OAAQC,oBAIxDC,QAAU,IAAID,eAAeE,OAAOC,oBAEM,CAQ1CC,IAAK,SAASC,YACHJ,QAAQG,IAAIC,MAWvBC,IAAK,SAASD,IAAKE,cACRN,QAAQK,IAAID,IAAKE,QAQ5BC,MAAO,kBACIP,QAAQO"} \ No newline at end of file diff --git a/lib/amd/build/storage_validation.min.js b/lib/amd/build/storage_validation.min.js new file mode 100644 index 00000000000..6ea80bd3b2f --- /dev/null +++ b/lib/amd/build/storage_validation.min.js @@ -0,0 +1,9 @@ +define("core/storage_validation",["exports","core/localstorage"],(function(_exports,_localstorage){var obj; +/** + * Clean caches after user login in order to prevent cache poisoning. + * @module core/storage_validation + * @copyright 2024 Raquel Ortega + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */Object.defineProperty(_exports,"__esModule",{value:!0}),_exports.init=void 0,_localstorage=(obj=_localstorage)&&obj.__esModule?obj:{default:obj};_exports.init=userCurrentLogin=>{userCurrentLogin!==Number(_localstorage.default.get("sUserLogintime"))&&(_localstorage.default.clean(),_localstorage.default.set("sUserLogintime",Number(userCurrentLogin).toString()))}})); + +//# sourceMappingURL=storage_validation.min.js.map \ No newline at end of file diff --git a/lib/amd/build/storage_validation.min.js.map b/lib/amd/build/storage_validation.min.js.map new file mode 100644 index 00000000000..b9b9d313bff --- /dev/null +++ b/lib/amd/build/storage_validation.min.js.map @@ -0,0 +1 @@ +{"version":3,"file":"storage_validation.min.js","sources":["../src/storage_validation.js"],"sourcesContent":["// This file is part of Moodle - http://moodle.org/\n//\n// Moodle is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n//\n// Moodle is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n//\n// You should have received a copy of the GNU General Public License\n// along with Moodle. If not, see .\n\n/**\n * Clean caches after user login in order to prevent cache poisoning.\n * @module core/storage_validation\n * @copyright 2024 Raquel Ortega \n * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later\n */\n\nimport LocalStorage from 'core/localstorage';\n\n/**\n * Initialise storage validation.\n *\n * @param {Number|null} userCurrentLogin - Current login information. Can be null.\n */\nexport const init = (userCurrentLogin) => {\n const sUserLoginTime = Number(LocalStorage.get('sUserLogintime'));\n\n if (userCurrentLogin !== sUserLoginTime) {\n LocalStorage.clean();\n LocalStorage.set('sUserLogintime', Number(userCurrentLogin).toString());\n }\n};\n"],"names":["userCurrentLogin","Number","LocalStorage","get","clean","set","toString"],"mappings":";;;;;;oKA6BqBA,mBAGbA,mBAFmBC,OAAOC,sBAAaC,IAAI,2CAG9BC,8BACAC,IAAI,iBAAkBJ,OAAOD,kBAAkBM"} \ No newline at end of file diff --git a/lib/amd/build/storagewrapper.min.js b/lib/amd/build/storagewrapper.min.js index 5d4b2888644..3f0c94f2995 100644 --- a/lib/amd/build/storagewrapper.min.js +++ b/lib/amd/build/storagewrapper.min.js @@ -6,6 +6,6 @@ * @copyright 2017 Ryan Wyllie * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ -define("core/storagewrapper",["core/config"],(function(config){var Wrapper=function(storage){this.storage=storage,this.supported=this.detectSupport(),this.hashSource=config.wwwroot+"/"+config.jsrev,this.hash=this.hashString(this.hashSource),this.prefix=this.hash+"/",this.jsrevPrefix=this.hashString(config.wwwroot)+"/jsrev",this.validateCache()};return Wrapper.prototype.detectSupport=function(){if(-1==config.jsrev)return!1;if(void 0===this.storage)return!1;try{return null!==this.storage&&(this.storage.setItem("test","1"),this.storage.removeItem("test"),!0)}catch(ex){return!1}},Wrapper.prototype.prefixKey=function(key){return this.prefix+key},Wrapper.prototype.validateCache=function(){if(this.supported){var cacheVersion=this.storage.getItem(this.jsrevPrefix);if(null!==cacheVersion)config.jsrev!=cacheVersion&&(this.storage.clear(),this.storage.setItem(this.jsrevPrefix,config.jsrev));else this.storage.setItem(this.jsrevPrefix,config.jsrev)}},Wrapper.prototype.hashString=function(source){var i,len,hash=0;if(0===source.length)return hash;for(i=0,len=source.length;i.\n\n/**\n * Wrap an instance of the browser's local or session storage to handle\n * cache expiry, key namespacing and other helpful things.\n *\n * @module core/storagewrapper\n * @copyright 2017 Ryan Wyllie \n * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later\n */\ndefine(['core/config'], function(config) {\n\n /**\n * Constructor.\n *\n * @param {object} storage window.localStorage or window.sessionStorage\n */\n var Wrapper = function(storage) {\n this.storage = storage;\n this.supported = this.detectSupport();\n this.hashSource = config.wwwroot + '/' + config.jsrev;\n this.hash = this.hashString(this.hashSource);\n this.prefix = this.hash + '/';\n this.jsrevPrefix = this.hashString(config.wwwroot) + '/jsrev';\n this.validateCache();\n };\n\n /**\n * Check if the browser supports the type of storage.\n *\n * @method detectSupport\n * @return {boolean} True if the browser supports storage.\n */\n Wrapper.prototype.detectSupport = function() {\n if (config.jsrev == -1) {\n // Disable cache if debugging.\n return false;\n }\n if (typeof (this.storage) === \"undefined\") {\n return false;\n }\n var testKey = 'test';\n try {\n if (this.storage === null) {\n return false;\n }\n // MDL-51461 - Some browsers misreport availability of the storage\n // so check it is actually usable.\n this.storage.setItem(testKey, '1');\n this.storage.removeItem(testKey);\n return true;\n } catch (ex) {\n return false;\n }\n };\n\n /**\n * Add a unique prefix to all keys so multiple moodle sites do not share caches.\n *\n * @method prefixKey\n * @param {string} key The cache key to prefix.\n * @return {string} The new key\n */\n Wrapper.prototype.prefixKey = function(key) {\n return this.prefix + key;\n };\n\n /**\n * Check the current jsrev version and clear the cache if it has been bumped.\n *\n * @method validateCache\n */\n Wrapper.prototype.validateCache = function() {\n if (!this.supported) {\n return;\n }\n var cacheVersion = this.storage.getItem(this.jsrevPrefix);\n if (cacheVersion === null) {\n this.storage.setItem(this.jsrevPrefix, config.jsrev);\n return;\n }\n\n var moodleVersion = config.jsrev;\n if (moodleVersion != cacheVersion) {\n this.storage.clear();\n this.storage.setItem(this.jsrevPrefix, config.jsrev);\n }\n };\n\n /**\n * Hash a string, used to make shorter key prefixes.\n *\n * @method hashString\n * @param {String} source The string to hash\n * @return {Number}\n */\n Wrapper.prototype.hashString = function(source) {\n // From http://stackoverflow.com/questions/7616461/generate-a-hash-from-string-in-javascript-jquery.\n /* jshint bitwise: false */\n /* eslint no-bitwise: \"off\" */\n var hash = 0;\n var i, chr, len;\n if (source.length === 0) {\n return hash;\n }\n for (i = 0, len = source.length; i < len; i++) {\n chr = source.charCodeAt(i);\n hash = ((hash << 5) - hash) + chr;\n hash |= 0; // Convert to 32bit integer\n }\n return hash;\n };\n\n /**\n * Get a value from local storage. Remember - all values must be strings.\n *\n * @method get\n * @param {string} key The cache key to check.\n * @return {boolean|string} False if the value is not in the cache, or some other error - a string otherwise.\n */\n Wrapper.prototype.get = function(key) {\n if (!this.supported) {\n return false;\n }\n key = this.prefixKey(key);\n\n return this.storage.getItem(key);\n };\n\n /**\n * Set a value to local storage. Remember - all values must be strings.\n *\n * @method set\n * @param {string} key The cache key to set.\n * @param {string} value The value to set.\n * @return {boolean} False if the value can't be saved in the cache, or some other error - true otherwise.\n */\n Wrapper.prototype.set = function(key, value) {\n if (!this.supported) {\n return false;\n }\n key = this.prefixKey(key);\n // This can throw exceptions when the storage limit is reached.\n try {\n this.storage.setItem(key, value);\n } catch (e) {\n return false;\n }\n return true;\n };\n\n return Wrapper;\n});\n"],"names":["define","config","Wrapper","storage","supported","this","detectSupport","hashSource","wwwroot","jsrev","hash","hashString","prefix","jsrevPrefix","validateCache","prototype","setItem","removeItem","ex","prefixKey","key","cacheVersion","getItem","clear","source","i","len","length","charCodeAt","get","set","value","e"],"mappings":";;;;;;;;AAuBAA,6BAAO,CAAC,gBAAgB,SAASC,YAOzBC,QAAU,SAASC,cACdA,QAAUA,aACVC,UAAYC,KAAKC,qBACjBC,WAAaN,OAAOO,QAAU,IAAMP,OAAOQ,WAC3CC,KAAOL,KAAKM,WAAWN,KAAKE,iBAC5BK,OAASP,KAAKK,KAAO,SACrBG,YAAcR,KAAKM,WAAWV,OAAOO,SAAW,cAChDM,wBASTZ,QAAQa,UAAUT,cAAgB,eACT,GAAjBL,OAAOQ,aAEA,UAEmB,IAAlBJ,KAAKF,eACN,aAIc,OAAjBE,KAAKF,eAKJA,QAAQa,QAPH,OAOoB,UACzBb,QAAQc,WARH,SASH,GACT,MAAOC,WACE,IAWfhB,QAAQa,UAAUI,UAAY,SAASC,YAC5Bf,KAAKO,OAASQ,KAQzBlB,QAAQa,UAAUD,cAAgB,cACzBT,KAAKD,eAGNiB,aAAehB,KAAKF,QAAQmB,QAAQjB,KAAKQ,gBACxB,OAAjBQ,aAKgBpB,OAAOQ,OACNY,oBACZlB,QAAQoB,aACRpB,QAAQa,QAAQX,KAAKQ,YAAaZ,OAAOQ,kBAPzCN,QAAQa,QAAQX,KAAKQ,YAAaZ,OAAOQ,SAkBtDP,QAAQa,UAAUJ,WAAa,SAASa,YAKhCC,EAAQC,IADRhB,KAAO,KAEW,IAAlBc,OAAOG,cACAjB,SAENe,EAAI,EAAGC,IAAMF,OAAOG,OAAQF,EAAIC,IAAKD,IAEtCf,MAASA,MAAQ,GAAKA,KADhBc,OAAOI,WAAWH,GAExBf,MAAQ,SAELA,MAUXR,QAAQa,UAAUc,IAAM,SAAST,aACxBf,KAAKD,YAGVgB,IAAMf,KAAKc,UAAUC,KAEdf,KAAKF,QAAQmB,QAAQF,OAWhClB,QAAQa,UAAUe,IAAM,SAASV,IAAKW,WAC7B1B,KAAKD,iBACC,EAEXgB,IAAMf,KAAKc,UAAUC,cAGZjB,QAAQa,QAAQI,IAAKW,OAC5B,MAAOC,UACE,SAEJ,GAGJ9B"} \ No newline at end of file +{"version":3,"file":"storagewrapper.min.js","sources":["../src/storagewrapper.js"],"sourcesContent":["// This file is part of Moodle - http://moodle.org/\n//\n// Moodle is free software: you can redistribute it and/or modify\n// it under the terms of the GNU General Public License as published by\n// the Free Software Foundation, either version 3 of the License, or\n// (at your option) any later version.\n//\n// Moodle is distributed in the hope that it will be useful,\n// but WITHOUT ANY WARRANTY; without even the implied warranty of\n// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n// GNU General Public License for more details.\n//\n// You should have received a copy of the GNU General Public License\n// along with Moodle. If not, see .\n\n/**\n * Wrap an instance of the browser's local or session storage to handle\n * cache expiry, key namespacing and other helpful things.\n *\n * @module core/storagewrapper\n * @copyright 2017 Ryan Wyllie \n * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later\n */\ndefine(['core/config'], function(config) {\n\n /**\n * Constructor.\n *\n * @param {object} storage window.localStorage or window.sessionStorage\n */\n var Wrapper = function(storage) {\n this.storage = storage;\n this.supported = this.detectSupport();\n this.hashSource = config.wwwroot + '/' + config.jsrev;\n this.hash = this.hashString(this.hashSource);\n this.prefix = this.hash + '/';\n this.jsrevPrefix = this.hashString(config.wwwroot) + '/jsrev';\n this.validateCache();\n };\n\n /**\n * Check if the browser supports the type of storage.\n *\n * @method detectSupport\n * @return {boolean} True if the browser supports storage.\n */\n Wrapper.prototype.detectSupport = function() {\n if (config.jsrev == -1) {\n // Disable cache if debugging.\n return false;\n }\n if (typeof (this.storage) === \"undefined\") {\n return false;\n }\n var testKey = 'test';\n try {\n if (this.storage === null) {\n return false;\n }\n // MDL-51461 - Some browsers misreport availability of the storage\n // so check it is actually usable.\n this.storage.setItem(testKey, '1');\n this.storage.removeItem(testKey);\n return true;\n } catch (ex) {\n return false;\n }\n };\n\n /**\n * Add a unique prefix to all keys so multiple moodle sites do not share caches.\n *\n * @method prefixKey\n * @param {string} key The cache key to prefix.\n * @return {string} The new key\n */\n Wrapper.prototype.prefixKey = function(key) {\n return this.prefix + key;\n };\n\n /**\n * Check the current jsrev version and clear the cache if it has been bumped.\n *\n * @method validateCache\n */\n Wrapper.prototype.validateCache = function() {\n if (!this.supported) {\n return;\n }\n var cacheVersion = this.storage.getItem(this.jsrevPrefix);\n if (cacheVersion === null) {\n this.storage.setItem(this.jsrevPrefix, config.jsrev);\n return;\n }\n\n var moodleVersion = config.jsrev;\n if (moodleVersion != cacheVersion) {\n this.storage.clear();\n this.storage.setItem(this.jsrevPrefix, config.jsrev);\n }\n };\n\n /**\n * Hash a string, used to make shorter key prefixes.\n *\n * @method hashString\n * @param {String} source The string to hash\n * @return {Number}\n */\n Wrapper.prototype.hashString = function(source) {\n // From http://stackoverflow.com/questions/7616461/generate-a-hash-from-string-in-javascript-jquery.\n /* jshint bitwise: false */\n /* eslint no-bitwise: \"off\" */\n var hash = 0;\n var i, chr, len;\n if (source.length === 0) {\n return hash;\n }\n for (i = 0, len = source.length; i < len; i++) {\n chr = source.charCodeAt(i);\n hash = ((hash << 5) - hash) + chr;\n hash |= 0; // Convert to 32bit integer\n }\n return hash;\n };\n\n /**\n * Get a value from local storage. Remember - all values must be strings.\n *\n * @method get\n * @param {string} key The cache key to check.\n * @return {boolean|string} False if the value is not in the cache, or some other error - a string otherwise.\n */\n Wrapper.prototype.get = function(key) {\n if (!this.supported) {\n return false;\n }\n key = this.prefixKey(key);\n\n return this.storage.getItem(key);\n };\n\n /**\n * Set a value to local storage. Remember - all values must be strings.\n *\n * @method set\n * @param {string} key The cache key to set.\n * @param {string} value The value to set.\n * @return {boolean} False if the value can't be saved in the cache, or some other error - true otherwise.\n */\n Wrapper.prototype.set = function(key, value) {\n if (!this.supported) {\n return false;\n }\n key = this.prefixKey(key);\n // This can throw exceptions when the storage limit is reached.\n try {\n this.storage.setItem(key, value);\n } catch (e) {\n return false;\n }\n return true;\n };\n\n /**\n * Clean local storage.\n *\n * @method clean\n */\n Wrapper.prototype.clean = function() {\n this.storage.clear();\n };\n\n return Wrapper;\n});\n"],"names":["define","config","Wrapper","storage","supported","this","detectSupport","hashSource","wwwroot","jsrev","hash","hashString","prefix","jsrevPrefix","validateCache","prototype","setItem","removeItem","ex","prefixKey","key","cacheVersion","getItem","clear","source","i","len","length","charCodeAt","get","set","value","e","clean"],"mappings":";;;;;;;;AAuBAA,6BAAO,CAAC,gBAAgB,SAASC,YAOzBC,QAAU,SAASC,cACdA,QAAUA,aACVC,UAAYC,KAAKC,qBACjBC,WAAaN,OAAOO,QAAU,IAAMP,OAAOQ,WAC3CC,KAAOL,KAAKM,WAAWN,KAAKE,iBAC5BK,OAASP,KAAKK,KAAO,SACrBG,YAAcR,KAAKM,WAAWV,OAAOO,SAAW,cAChDM,wBASTZ,QAAQa,UAAUT,cAAgB,eACT,GAAjBL,OAAOQ,aAEA,UAEmB,IAAlBJ,KAAKF,eACN,aAIc,OAAjBE,KAAKF,eAKJA,QAAQa,QAPH,OAOoB,UACzBb,QAAQc,WARH,SASH,GACT,MAAOC,WACE,IAWfhB,QAAQa,UAAUI,UAAY,SAASC,YAC5Bf,KAAKO,OAASQ,KAQzBlB,QAAQa,UAAUD,cAAgB,cACzBT,KAAKD,eAGNiB,aAAehB,KAAKF,QAAQmB,QAAQjB,KAAKQ,gBACxB,OAAjBQ,aAKgBpB,OAAOQ,OACNY,oBACZlB,QAAQoB,aACRpB,QAAQa,QAAQX,KAAKQ,YAAaZ,OAAOQ,kBAPzCN,QAAQa,QAAQX,KAAKQ,YAAaZ,OAAOQ,SAkBtDP,QAAQa,UAAUJ,WAAa,SAASa,YAKhCC,EAAQC,IADRhB,KAAO,KAEW,IAAlBc,OAAOG,cACAjB,SAENe,EAAI,EAAGC,IAAMF,OAAOG,OAAQF,EAAIC,IAAKD,IAEtCf,MAASA,MAAQ,GAAKA,KADhBc,OAAOI,WAAWH,GAExBf,MAAQ,SAELA,MAUXR,QAAQa,UAAUc,IAAM,SAAST,aACxBf,KAAKD,YAGVgB,IAAMf,KAAKc,UAAUC,KAEdf,KAAKF,QAAQmB,QAAQF,OAWhClB,QAAQa,UAAUe,IAAM,SAASV,IAAKW,WAC7B1B,KAAKD,iBACC,EAEXgB,IAAMf,KAAKc,UAAUC,cAGZjB,QAAQa,QAAQI,IAAKW,OAC5B,MAAOC,UACE,SAEJ,GAQX9B,QAAQa,UAAUkB,MAAQ,gBACjB9B,QAAQoB,SAGVrB"} \ No newline at end of file diff --git a/lib/amd/src/localstorage.js b/lib/amd/src/localstorage.js index b335b98f7bb..3b9e0d1b0a7 100644 --- a/lib/amd/src/localstorage.js +++ b/lib/amd/src/localstorage.js @@ -50,6 +50,15 @@ define(['core/config', 'core/storagewrapper'], function(config, StorageWrapper) */ set: function(key, value) { return storage.set(key, value); + }, + + /** + * Clean local storage + * + * @method clean + */ + clean: function() { + return storage.clean(); } }; diff --git a/lib/amd/src/storage_validation.js b/lib/amd/src/storage_validation.js new file mode 100644 index 00000000000..2f815d971e3 --- /dev/null +++ b/lib/amd/src/storage_validation.js @@ -0,0 +1,37 @@ +// This file is part of Moodle - http://moodle.org/ +// +// Moodle is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// Moodle is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with Moodle. If not, see . + +/** + * Clean caches after user login in order to prevent cache poisoning. + * @module core/storage_validation + * @copyright 2024 Raquel Ortega + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +import LocalStorage from 'core/localstorage'; + +/** + * Initialise storage validation. + * + * @param {Number|null} userCurrentLogin - Current login information. Can be null. + */ +export const init = (userCurrentLogin) => { + const sUserLoginTime = Number(LocalStorage.get('sUserLogintime')); + + if (userCurrentLogin !== sUserLoginTime) { + LocalStorage.clean(); + LocalStorage.set('sUserLogintime', Number(userCurrentLogin).toString()); + } +}; diff --git a/lib/amd/src/storagewrapper.js b/lib/amd/src/storagewrapper.js index 7c6b7e51e55..0b3dc2ad33b 100644 --- a/lib/amd/src/storagewrapper.js +++ b/lib/amd/src/storagewrapper.js @@ -162,5 +162,14 @@ define(['core/config'], function(config) { return true; }; + /** + * Clean local storage. + * + * @method clean + */ + Wrapper.prototype.clean = function() { + this.storage.clear(); + }; + return Wrapper; }); diff --git a/lib/outputrequirementslib.php b/lib/outputrequirementslib.php index a80095dfbec..c7e0578bb60 100644 --- a/lib/outputrequirementslib.php +++ b/lib/outputrequirementslib.php @@ -1657,7 +1657,7 @@ EOF; * @return string the HTML code to to at the end of the page. */ public function get_end_code() { - global $CFG; + global $CFG, $USER; $output = ''; // Set the log level for the JS logging. @@ -1670,6 +1670,9 @@ EOF; // Add any global JS that needs to run on all pages. $this->js_call_amd('core/page_global', 'init'); $this->js_call_amd('core/utility'); + $this->js_call_amd('core/storage_validation', 'init', [ + !empty($USER->currentlogin) ? (int) $USER->currentlogin : null + ]); // Call amd init functions. $output .= $this->get_amd_footercode();