mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 16:32:18 +02:00
Code Issues Projects Releases Wiki Activity

MDL-66228 mod_lesson: ensure return URL parameters are always local.

Browse Source
This commit is contained in:
Paul Holden 2019-07-24 11:46:31 +01:00 committed by Jenkins
parent 01aa126848
commit 6330d48813
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
mod/lesson/editpage.php
View File

@ -32,8 +32,11 @@ $pageid = required_param('pageid', PARAM_INT);
$id = required_param('id', PARAM_INT); // Course Module ID
$qtype = optional_param('qtype', 0, PARAM_INT);
$edit = optional_param('edit', false, PARAM_BOOL);
$returnto = optional_param('returnto', null, PARAM_URL);
if (empty($returnto)) {
$returnto = optional_param('returnto', null, PARAM_LOCALURL);
if (!empty($returnto)) {
$returnto = new moodle_url($returnto);
} else {
$returnto = new moodle_url('/mod/lesson/edit.php', array('id' => $id));
$returnto->set_anchor('lesson-' . $pageid);
}

4
mod/lesson/locallib.php
View File

@ -584,7 +584,7 @@ function lesson_add_header_buttons($cm, $context, $extraeditbuttons=false, $less
'id' => $cm->id,
'pageid' => $lessonpageid,
'edit' => 1,
'returnto' => $PAGE->url->out(false)
'returnto' => $PAGE->url->out_as_local_url(false)
));
$PAGE->set_button($OUTPUT->single_button($url, get_string('editpagecontent', 'lesson')));
}
@ -1363,7 +1363,7 @@ abstract class lesson_add_page_form_base extends moodleform {
if (!empty($this->_customdata['returnto'])) {
$mform->addElement('hidden', 'returnto', $this->_customdata['returnto']);
$mform->setType('returnto', PARAM_URL);
$mform->setType('returnto', PARAM_LOCALURL);
}
$mform->addElement('hidden', 'id');