mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 08:22:07 +02:00
Code Issues Projects Releases Wiki Activity

MDL-49179 weblib: Secure the direct usage of $_SERVER['HTTP_REFERER']

Browse Source
This commit is contained in:
Frederic Massart 2015-03-04 16:00:32 +01:00 committed by Mr. Jenkins (CiBoT)
parent dd0607b7bb
commit b2687a055d
9 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
auth/ldap/auth.php
View File

@ -1653,7 +1653,8 @@ class auth_plugin_ldap extends auth_plugin_base {
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot &&
$_SERVER['HTTP_REFERER'] != $CFG->wwwroot.'/' &&
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/' &&
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/index.php')
$_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/index.php' &&
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '')
? $_SERVER['HTTP_REFERER'] : NULL;
}

5
course/togglecompletion.php
View File

@ -78,8 +78,9 @@ if ($courseid) {
}
// Return to previous page
if (!empty($_SERVER['HTTP_REFERER'])) {
redirect($_SERVER['HTTP_REFERER']);
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
if (!empty($referer)) {
redirect($referer);
} else {
redirect('view.php?id='.$course->id);
}

4
login/index.php
View File

@ -263,7 +263,9 @@ if (empty($SESSION->wantsurl)) {
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/?') !== 0 &&
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0) // There might be some extra params such as ?lang=.
strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0 &&
clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '')
// There might be some extra params such as ?lang=.
? $_SERVER["HTTP_REFERER"] : NULL;
}

2
mod/choice/view.php
View File

@ -178,7 +178,7 @@ if (!$choiceformshown) {
} else if (!is_enrolled($context)) {
// Only people enrolled can make a choice
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = (!empty($_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : '';
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
$coursecontext = context_course::instance($course->id);
$courseshortname = format_string($course->shortname, true, array('context' => $coursecontext));

8
mod/forum/lib.php
View File

@ -3929,14 +3929,10 @@ function forum_set_return() {
global $CFG, $SESSION;
if (! isset($SESSION->fromdiscussion)) {
if (!empty($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
} else {
$referer = "";
}
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
// If the referer is NOT a login screen then save it.
if (! strncasecmp("$CFG->wwwroot/login", $referer, 300)) {
$SESSION->fromdiscussion = $_SERVER["HTTP_REFERER"];
$SESSION->fromdiscussion = $referer;
}
}
}

5
mod/forum/post.php
View File

@ -117,7 +117,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
if (!is_enrolled($coursecontext)) {
if (enrol_selfenrol_available($course->id)) {
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = $_SERVER['HTTP_REFERER'];
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
redirect($CFG->wwwroot.'/enrol/index.php?id='.$course->id, get_string('youneedtoenrol'));
}
}
@ -135,7 +135,6 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
$SESSION->fromurl = '';
}
// Load up the $post variable.
$post = new stdClass();
@ -187,7 +186,7 @@ if (!empty($forum)) { // User is starting a new discussion in a forum
if (!isguestuser()) {
if (!is_enrolled($coursecontext)) { // User is a guest here!
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = $_SERVER['HTTP_REFERER'];
$SESSION->enrolcancel = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
redirect(new moodle_url('/enrol/index.php', array(
'id' => $course->id,
'returnurl' => new moodle_url('/mod/forum/view.php',

2
mod/survey/save.php
View File

@ -70,7 +70,7 @@
echo $OUTPUT->heading($survey->name);
if (survey_already_done($survey->id, $USER->id)) {
notice(get_string("alreadysubmitted", "survey"), $_SERVER["HTTP_REFERER"]);
notice(get_string("alreadysubmitted", "survey"), clean_param($_SERVER["HTTP_REFERER"], PARAM_LOCALURL));
exit;
}

5
mod/wiki/filesedit.php
View File

@ -60,8 +60,9 @@ if (!wiki_user_can_view($subwiki, $wiki)) {
require_capability('mod/wiki:managefiles', $context);
if (empty($returnurl)) {
if (!empty($_SERVER["HTTP_REFERER"])) {
$returnurl = $_SERVER["HTTP_REFERER"];
$refere = clean_param($_SERVER["HTTP_REFERER"], PARAM_LOCALURL);
if (!empty($referer)) {
$returnurl = $referer;
} else {
$returnurl = new moodle_url('/mod/wiki/files.php', array('subwiki'=>$subwiki->id));
}

10
user/view.php
View File

@ -112,8 +112,9 @@ if ($currentuser) {
// Need to have full access to a course to see the rest of own info.
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
if (!empty($_SERVER['HTTP_REFERER'])) {
echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']);
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
if (!empty($referer)) {
echo $OUTPUT->continue_button($referer);
}
echo $OUTPUT->footer();
die;
@ -143,8 +144,9 @@ if ($currentuser) {
$PAGE->navbar->add($struser);
echo $OUTPUT->heading(get_string('notenrolledprofile'));
}
if (!empty($_SERVER['HTTP_REFERER'])) {
echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']);
$referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
if (!empty($referer)) {
echo $OUTPUT->continue_button($referer);
}
echo $OUTPUT->footer();
exit;