Merge branch 'MDL-43785-master' of git://github.com/andrewnicols/moodle

2025-04-20 07:56:06 +02:00 · 2015-07-27 14:49:18 +01:00 · 2015-07-27 14:49:18 +01:00 · b860082e13
commit b860082e13
parent 14f438c531 2ed6be873b
3 changed files with 33 additions and 8 deletions
--- a/lib/ajax/getsiteadminbranch.php
+++ b/lib/ajax/getsiteadminbranch.php
@ -29,14 +29,12 @@ define('AJAX_SCRIPT', true);
 require_once(dirname(__FILE__) . '/../../config.php');

 // This should be accessed by only valid logged in user.
-if (!isloggedin() or isguestuser()) {
-    die('Invalid access.');
-}
+require_login(null, false);

 // This identifies the type of the branch we want to get. Make sure it's SITE_ADMIN.
 $branchtype = required_param('type', PARAM_INT);
 if ($branchtype !== navigation_node::TYPE_SITE_ADMIN) {
-    die('Wrong node type passed.');
+    throw new coding_exception('Incorrect node type passed');
 }

 // Start capturing output in case of broken plugins.
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -2482,6 +2482,11 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
        $preventredirect = true;
    }

+    if (AJAX_SCRIPT) {
+        // We cannot redirect for AJAX scripts either.
+        $preventredirect = true;
+    }
+
    // Setup global $COURSE, themes, language and locale.
    if (!empty($courseorid)) {
        if (is_object($courseorid)) {
@ -2521,11 +2526,15 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
    }

    // Redirect to the login page if session has expired, only with dbsessions enabled (MDL-35029) to maintain current behaviour.
-    if ((!isloggedin() or isguestuser()) && !empty($SESSION->has_timed_out) && !$preventredirect && !empty($CFG->dbsessions)) {
-        if ($setwantsurltome) {
-            $SESSION->wantsurl = qualified_me();
+    if ((!isloggedin() or isguestuser()) && !empty($SESSION->has_timed_out) && !empty($CFG->dbsessions)) {
+        if ($preventredirect) {
+            throw new require_login_session_timeout_exception();
+        } else {
+            if ($setwantsurltome) {
+                $SESSION->wantsurl = qualified_me();
+            }
+            redirect(get_login_url());
        }
-        redirect(get_login_url());
    }

    // If the user is not even logged in yet then make sure they are.
--- a/lib/setuplib.php
+++ b/lib/setuplib.php
@ -164,6 +164,24 @@ class require_login_exception extends moodle_exception {
    }
 }

+/**
+ * Session timeout exception.
+ *
+ * This exception is thrown from require_login()
+ *
+ * @package    core_access
+ * @copyright  2015 Andrew Nicols <andrew@nicols.co.uk>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class require_login_session_timeout_exception extends require_login_exception {
+    /**
+     * Constructor
+     */
+    public function __construct() {
+        moodle_exception::__construct('sessionerroruser', 'error');
+    }
+}
+
 /**
 * Web service parameter exception class
 * @deprecated since Moodle 2.2 - use moodle exception instead