}
// security: login to course if necessary
+ // Note: file.php always calls require_login() with $setwantsurltome=false
+ // in order to avoid messing redirects. MDL-14495
if ($args[0] == 'blog') {
if (empty($CFG->bloglevel)) {
print_error('Blogging is disabled!');
} else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
- require_login();
+ require_login(0, true, null, false);
} else if ($CFG->forcelogin) {
- require_login();
+ require_login(0, true, null, false);
}
} else if ($course->id != SITEID) {
- require_login($course->id);
+ require_login($course->id, true, null, false);
} else if ($CFG->forcelogin) {
if (!empty($CFG->sitepolicy)
and ($CFG->sitepolicy == $CFG->wwwroot.'/file.php'.$relativepath
or $CFG->sitepolicy == $CFG->wwwroot.'/file.php?file='.$relativepath)) {
//do not require login for policy file
} else {
- require_login();
+ require_login(0, true, null, false);
}
}
* @param mixed $courseorid id of the course or course object
* @param bool $autologinguest
* @param object $cm course module object
+ * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
+ * true. Used to avoid (=false) some scripts (file.php...) to set that variable,
+ * in order to keep redirects working properly. MDL-14495
*/
-function require_login($courseorid=0, $autologinguest=true, $cm=null) {
+function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsurltome=true) {
global $CFG, $SESSION, $USER, $COURSE, $FULLME;
if (!isloggedin()) {
//NOTE: $USER->site check was obsoleted by session test cookie,
// $USER->confirmed test is in login/index.php
- $SESSION->wantsurl = $FULLME;
+ if ($setwantsurltome) {
+ $SESSION->wantsurl = $FULLME;
+ }
if (!empty($_SERVER['HTTP_REFERER'])) {
$SESSION->fromurl = $_SERVER['HTTP_REFERER'];
}
* @param mixed $courseorid The course object or id in question
* @param bool $autologinguest Allow autologin guests if that is wanted
* @param object $cm Course activity module if known
+ * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
+ * true. Used to avoid (=false) some scripts (file.php...) to set that variable,
+ * in order to keep redirects working properly. MDL-14495
*/
-function require_course_login($courseorid, $autologinguest=true, $cm=null) {
+function require_course_login($courseorid, $autologinguest=true, $cm=null, $setwantsurltome=true) {
global $CFG;
if (!empty($CFG->forcelogin)) {
// login required for both SITE and courses
- require_login($courseorid, $autologinguest, $cm);
+ require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
} else if (!empty($cm) and !$cm->visible) {
// always login for hidden activities
- require_login($courseorid, $autologinguest, $cm);
+ require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
} else if ((is_object($courseorid) and $courseorid->id == SITEID)
or (!is_object($courseorid) and $courseorid == SITEID)) {
} else {
// course login always required
- require_login($courseorid, $autologinguest, $cm);
+ require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
}
}
projects / moodle.git / commitdiff