mirror of
https://github.com/moodle/moodle.git
synced 2025-01-18 05:58:34 +01:00
MDL-26389 improve profile and search engine privacy
This commit is contained in:
Petr Skoda
parent
d911c72bf9
commit
81b58cc227
@ -216,19 +216,8 @@ abstract class session_stub implements moodle_session {
|
||||
$user = null;
|
||||
|
||||
if (!empty($CFG->opentogoogle) and !NO_MOODLE_COOKIES) {
|
||||
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
|
||||
// allow web spiders in as guest users
|
||||
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
|
||||
$user = guest_user();
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
|
||||
$user = guest_user();
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
|
||||
$user = guest_user();
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
|
||||
$user = guest_user();
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
|
||||
$user = guest_user();
|
||||
}
|
||||
if (is_web_crawler()) {
|
||||
$user = guest_user();
|
||||
}
|
||||
if (!empty($CFG->guestloginbutton) and !$user and !empty($_SERVER['HTTP_REFERER'])) {
|
||||
// automaticaly log in users coming from search engine results
|
||||
|
||||
@ -1123,6 +1123,38 @@ function init_eaccelerator() {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if current user is a web crawler.
|
||||
*
|
||||
* This list can not be made complete, this is not a security
|
||||
* restriction, we make the list only to help these sites
|
||||
* especially when automatic guest login is disabled.
|
||||
*
|
||||
* If admin needs security they should enable forcelogin
|
||||
* and disable guest access!!
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function is_web_crawler() {
|
||||
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
|
||||
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
|
||||
return true;
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
|
||||
return true;
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
|
||||
return true;
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
|
||||
return true;
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
|
||||
return true;
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yandex') !== false ) {
|
||||
return true;
|
||||
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'AltaVista') !== false ) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* This class solves the problem of how to initialise $OUTPUT.
|
||||
|
||||
@ -106,11 +106,10 @@ switch ($mode) {
|
||||
echo '<div class="user-content">';
|
||||
|
||||
if ($course->id == SITEID) {
|
||||
if (empty($CFG->forceloginforprofiles) || isloggedin()) {
|
||||
$searchcourse = SITEID;
|
||||
if (empty($CFG->forceloginforprofiles) or (isloggedin() and !isguestuser() and !is_web_crawler())) {
|
||||
// Search throughout the whole site.
|
||||
$searchcourse = 0;
|
||||
} else {
|
||||
$searchcourse = SITEID;
|
||||
}
|
||||
} else {
|
||||
// Search only for posts the user made in this course.
|
||||
|
||||
@ -42,9 +42,12 @@ require_once($CFG->libdir.'/filelib.php');
|
||||
$userid = optional_param('id', 0, PARAM_INT);
|
||||
$edit = optional_param('edit', null, PARAM_BOOL); // Turn editing on and off
|
||||
|
||||
$PAGE->set_url('/user/profile.php', array('id'=>$userid));
|
||||
|
||||
if (!empty($CFG->forceloginforprofiles)) {
|
||||
require_login();
|
||||
if (isguestuser()) {
|
||||
$SESSION->wantsurl = $PAGE->url->out(false);
|
||||
redirect(get_login_url());
|
||||
}
|
||||
} else if (!empty($CFG->forcelogin)) {
|
||||
@ -106,8 +109,6 @@ if (has_capability('moodle/user:viewhiddendetails', $context)) {
|
||||
// Start setting up the page
|
||||
$strpublicprofile = get_string('publicprofile');
|
||||
|
||||
$params = array('id'=>$userid);
|
||||
$PAGE->set_url('/user/profile.php', $params);
|
||||
$PAGE->blocks->add_region('content');
|
||||
$PAGE->set_subpage($currentpage->id);
|
||||
$PAGE->set_title(fullname($user).": $strpublicprofile");
|
||||
|
||||
@ -40,8 +40,7 @@ if ($courseid == SITEID) { // Since Moodle 2.0 all site-level profiles are sho
|
||||
redirect($CFG->wwwroot.'/user/profile.php?id='.$id); // Immediate redirect
|
||||
}
|
||||
|
||||
$url = new moodle_url('/user/view.php', array('id'=>$id,'course'=>$courseid));
|
||||
$PAGE->set_url($url);
|
||||
$PAGE->set_url('/user/view.php', array('id'=>$id,'course'=>$courseid));
|
||||
|
||||
$user = $DB->get_record('user', array('id'=>$id), '*', MUST_EXIST);
|
||||
$course = $DB->get_record('course', array('id'=>$courseid), '*', MUST_EXIST);
|
||||
@ -57,6 +56,14 @@ if (isguestuser($user)) {
|
||||
print_error('invaliduserid');
|
||||
}
|
||||
|
||||
if (!empty($CFG->forceloginforprofiles)) {
|
||||
require_login(); // we can not log in to course due to the parent hack bellow
|
||||
if (isguestuser()) {
|
||||
$SESSION->wantsurl = $PAGE->url->out(false);
|
||||
redirect(get_login_url());
|
||||
}
|
||||
}
|
||||
|
||||
$PAGE->set_context($coursecontext);
|
||||
$PAGE->set_course($course);
|
||||
$PAGE->set_pagetype('course-view-' . $course->format); // To get the blocks exactly like the course
|
||||
@ -76,7 +83,7 @@ if (!$currentuser
|
||||
} else {
|
||||
// normal course
|
||||
require_login($course);
|
||||
// what to do with users temporary accessing this course? shoudl they see the details?
|
||||
// what to do with users temporary accessing this course? should they see the details?
|
||||
}
|
||||
|
||||
$strpersonalprofile = get_string('personalprofile');
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user