chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Always loading the require_uri if entering the api_not_allowed see #6768

Browse Source
1.9.x
Julio Montoya 12 years ago
parent f9f499e2aa
commit b085adca68
2 changed files with 12 additions and 11 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      main/inc/lib/main_api.lib.php
  2. 14
      main/inc/lib/redirect.class.php

9
main/inc/lib/main_api.lib.php
Unescape View File

@ -2282,7 +2282,6 @@ function api_get_self() {
return htmlentities($_SERVER['PHP_SELF']); return htmlentities($_SERVER['PHP_SELF']);
} }
/* USER PERMISSIONS */ /* USER PERMISSIONS */
/** /**
@ -3045,11 +3044,11 @@ function api_not_allowed($print_headers = false, $message = null)
global $this_section; global $this_section;
if (empty($user_id)) { //if (empty($user_id)) {
// Why the CustomPages::enabled() need to be to set the request_uri // Why the CustomPages::enabled() need to be to set the request_uri
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
} //}
if (CustomPages::enabled() && !isset($user_id)) { if (CustomPages::enabled() && !isset($user_id)) {
CustomPages::display(CustomPages::INDEX_UNLOGGED); CustomPages::display(CustomPages::INDEX_UNLOGGED);

14
main/inc/lib/redirect.class.php
Unescape View File

@ -2,7 +2,7 @@
/** /**
* Send a redirect to the user agent and exist * Send a redirect to the user agent and exist
* *
* @license see /license.txt * @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva * @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/ */
@ -29,7 +29,7 @@ class Redirect {
} }
/** /**
* Redirect to the session "request uri" if it exists. * Redirect to the session "request uri" if it exists.
* @param bool Whether the user just logged in (in this case, use page_after_login rules) * @param bool Whether the user just logged in (in this case, use page_after_login rules)
*/ */
static function session_request_uri($logging_in = false, $user_id = null) { static function session_request_uri($logging_in = false, $user_id = null) {
@ -47,7 +47,7 @@ class Redirect {
self::navigate($url); self::navigate($url);
} elseif ($logging_in || (isset($_REQUEST['sso_referer']) && !empty($_REQUEST['sso_referer']))) { } elseif ($logging_in || (isset($_REQUEST['sso_referer']) && !empty($_REQUEST['sso_referer']))) {
if (isset($user_id)) { if (isset($user_id)) {
// Make sure we use the appropriate role redirection in case one has been defined // Make sure we use the appropriate role redirection in case one has been defined
$user_status = api_get_user_status($user_id); $user_status = api_get_user_status($user_id);
switch ($user_status) { switch ($user_status) {
case COURSEMANAGER: case COURSEMANAGER:
@ -95,9 +95,11 @@ class Redirect {
self::navigate("$www/user_portal.php"); self::navigate("$www/user_portal.php");
} }
protected static function navigate($url) { protected static function navigate($url)
session_write_close(); //should not be neeeded {
$url = Security::remove_XSS($url);
session_write_close(); //should not be neeeded
header("Location: $url"); header("Location: $url");
exit; exit;
} }
} }

Write Preview
Loading…
Cancel
Save