Some robustness fixes

diff --git a/mod/forum/lib.php b/mod/forum/lib.php
index 89a3394feea2ea5d81b16ba92ab526f329dcd9a5..34ef8d66df372e5cf8d89c0c117185acfd850083 100644 (file)
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@@ -1066,8 +1066,13 @@ function forum_set_return() {
     global $CFG, $SESSION;
 
     if (! isset($SESSION->fromdiscussion)) {
+        if (!empty($_SERVER['HTTP_REFERER'])) {
+            $referer = $_SERVER['HTTP_REFERER'];
+        } else {
+            $referer = "";
+        }
         // If the referer is NOT a login screen then save it.
-        if (! strncasecmp("$CFG->wwwroot/login", $_SERVER["HTTP_REFERER"], 300)) {
+        if (! strncasecmp("$CFG->wwwroot/login", $referer, 300)) {
             $SESSION->fromdiscussion = $_SERVER["HTTP_REFERER"];
             save_session("SESSION");
         }

diff --git a/mod/forum/post.php b/mod/forum/post.php
index 4edef6ef88318cd0d0f8e39583b21caf95735c9b..8ff68e4eab50912c1e0ed3f2b25e4ef74dce5c56 100644 (file)
--- a/mod/forum/post.php
+++ b/mod/forum/post.php
@@ -10,6 +10,8 @@
         error(get_string("noguestpost", "forum"), $_SERVER["HTTP_REFERER"]);
     }
 
+    require_login();   // Script is useless unless they're logged in
+
     if ($post = data_submitted()) {
 
         $post->subject = strip_tags($post->subject);  // Strip all tags
@@ -21,8 +23,6 @@
             error(get_string("emptymessage", "forum"));
         }
 
-        require_login();
-
         if ($post->edit) {           // Updating a post
             $post->id = $post->edit;
             if (forum_update_post($post)) {