MDL-29805 add REQUIRE_CORRECT_ACCESS define + return error code when AJAX_SCRIPT fails

2025-01-31 04:33:13 +01:00 · 2012-12-04 11:47:19 +08:00 · 2012-12-04 11:47:19 +08:00 · e9e567f33c
commit e9e567f33c
parent 03953061ca
3 changed files with 20 additions and 3 deletions
--- a/lang/en/error.php
+++ b/lang/en/error.php
@ -435,6 +435,7 @@ $string['refoundtoorigi'] = 'Refunded to original amount: {$a}';
 $string['remotedownloaderror'] = 'Download of component to your server failed, please verify proxy settings, PHP cURL extension is highly recommended.<br /><br />You must download the <a href="{$a->url}">{$a->url}</a> file manually, copy it to "{$a->dest}" in your server and unzip it there.';
 $string['remotedownloadnotallowed'] = 'Download of components to your server isn\'t allowed (allow_url_fopen is disabled).<br /><br />You must download the <a href="{$a->url}">{$a->url}</a> file manually, copy it to "{$a->dest}" in your server and unzip it there.';
 $string['reportnotavailable'] = 'This type of report is only available for the site course';
+$string['requirecorrectaccess'] = 'Invalid url or port.';
 $string['requireloginerror'] = 'Course or activity not accessible.';
 $string['restorechecksumfailed'] = 'Some problem happened with the restore information stored in your session. Please check your PHP memory/DB package size limits. Restore stopped.';
 $string['restore_path_element_missingmethod'] = 'Restore method {$a} is missing. It must be defined by a developer.';
--- a/lib/setuplib.php
+++ b/lib/setuplib.php
@ -356,7 +356,7 @@ function default_exception_handler($ex) {
    }

    if (is_early_init($info->backtrace)) {
-        echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
+        echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo, $info->errorcode);
    } else {
        try {
            if ($DB) {
@ -370,7 +370,7 @@ function default_exception_handler($ex) {
            // so we just print at least something instead of "Exception thrown without a stack frame in Unknown on line 0":-(
            if (CLI_SCRIPT or AJAX_SCRIPT) {
                // just ignore the error and send something back using the safest method
-                echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
+                echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo, $info->errorcode);
            } else {
                echo bootstrap_renderer::early_error_content($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
                $outinfo = get_exception_info($out_ex);
@ -761,6 +761,20 @@ function initialise_fullme() {
            if (!defined('NO_MOODLE_COOKIES')) {
                define('NO_MOODLE_COOKIES', true);
            }
+            // The login/token.php script should call the correct url/port.
+            if (defined('REQUIRE_CORRECT_ACCESS')) {
+                $wwwrootport = empty($wwwroot['port'])?'':$wwwroot['port'];
+                $calledurl = $rurl['host'];
+                if (!empty($rurl['port'])) {
+                    $calledurl .=  ':'. $rurl['port'];
+                }
+                $correcturl = $wwwroot['host'];
+                if (!empty($wwwrootport)) {
+                    $correcturl .=  ':'. $wwwrootport;
+                }
+                throw new moodle_exception('requirecorrectaccess', 'error', '', null,
+                    'You called ' . $calledurl .', you should have called ' . $correcturl);
+            }
            redirect($CFG->wwwroot, get_string('wwwrootmismatch', 'error', $CFG->wwwroot), 3);
        }
    }
@ -1473,7 +1487,7 @@ width: 80%; -moz-border-radius: 20px; padding: 15px">
     * @param string $debuginfo extra information for developers
     * @return string
     */
-    public static function early_error($message, $moreinfourl, $link, $backtrace, $debuginfo = null) {
+    public static function early_error($message, $moreinfourl, $link, $backtrace, $debuginfo = null, $errorcode = null) {
        global $CFG;

        if (CLI_SCRIPT) {
@ -1501,6 +1515,7 @@ width: 80%; -moz-border-radius: 20px; padding: 15px">
                    $e->stacktrace = format_backtrace($backtrace, true);
                }
            }
+            $e->errorcode  = $errorcode;
            @header('Content-Type: application/json; charset=utf-8');
            echo json_encode($e);
            return;
--- a/login/token.php
+++ b/login/token.php
@ -22,6 +22,7 @@
 */

 define('AJAX_SCRIPT', true);
+define('REQUIRE_CORRECT_ACCESS', true);
 define('NO_MOODLE_COOKIES', true);

 require_once(dirname(dirname(__FILE__)) . '/config.php');