From 08b3606390af575d7aa9b9684d01a7ef7cf88160 Mon Sep 17 00:00:00 2001
From: gregb_cc <gregb_cc>
Date: Tue, 11 Mar 2003 21:35:12 +0000
Subject: [PATCH] This is a first attempt to make moodle frame safe.

I've added the variable CFG->main_frame to config-dist.php, and replaced _top
targets with the variable in all the php files.  HTML files, like those in the
documentation, have not been modified, as they are not (yet) parsed.

The variable should probably get moved into the config table, and get some
documentation.

I've also included, but commented out, a slight change in weblib.php, which
would guarantee that messages would be seen before redirecting the user (unless
delay intentionally set to 0 when redirect is used).
---
 admin/auth.php                   |  2 +-
 config-dist.php                  |  2 ++
 lib/weblib.php                   | 18 ++++++++++++++----
 mod/resource/view.php            | 24 ++++++++++++++----------
 mod/survey/report.php            | 10 +++++-----
 theme/oceanblue/header.html_logo |  2 +-
 theme/poweraid/header.html       |  4 ++--
 7 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/admin/auth.php b/admin/auth.php
index 41d12ab612..dd73e0ae1d 100644
--- a/admin/auth.php
+++ b/admin/auth.php
@@ -91,7 +91,7 @@
                   "<A HREF=\"index.php\">$stradministration</A> -> $strauthenticationoptions", "$focus");
 
     echo "<CENTER><P><B>";
-    echo "<form TARGET=\"_top\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
+    echo "<form TARGET=\"{$CFG->main_frame}\" NAME=\"authmenu\" method=\"post\" action=\"auth.php\">";
     print_string("chooseauthmethod","auth");
 
 	choose_from_menu ($options, "auth", $auth, "","top.location='auth.php?auth='+document.authmenu.auth.options[document.authmenu.auth.selectedIndex].value", "");
diff --git a/config-dist.php b/config-dist.php
index 9836dd99e5..fb09e7d0f1 100644
--- a/config-dist.php
+++ b/config-dist.php
@@ -113,4 +113,6 @@ require_once("$CFG->dirroot/lib/setup.php");       // Do not change this
 
 // MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES, 
 // RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
+
+$CFG->main_frame = '_top';
 ?>
diff --git a/lib/weblib.php b/lib/weblib.php
index db868a645c..f6c0153a76 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -364,7 +364,7 @@ function popup_form ($common, $options, $formname, $selected="", $nothing="choos
         $nothing = get_string("choose")."...";
     }
 
-    $output = "<FORM TARGET=_top NAME=$formname>";
+    $output = "<FORM TARGET=\"{$CFG->main_frame}\" NAME=$formname>";
     $output .= "<SELECT NAME=popup onChange=\"top.location=document.$formname.popup.options[document.$formname.popup.selectedIndex].value\">\n";
 
     if ($nothing != "") {
@@ -653,10 +653,10 @@ function print_footer ($course=NULL) {
             $course = get_site();
             $homepage = true;
         } else {
-            $homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
+            $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>";
         }
     } else {
-        $homelink = "<A TARGET=_top HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
+        $homelink = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot\">".get_string("home")."</A>";
         $course = get_site();
     }
 
@@ -690,7 +690,7 @@ function print_navigation ($navigation) {
        if (! $site = get_site()) {
            $site->shortname = get_string("home");;
        }
-       echo "<A TARGET=_top HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
+       echo "<A TARGET=\"{$CFG->main_frame}\" HREF=\"$CFG->wwwroot/\">$site->shortname</A> -> $navigation";
    }
 }
 
@@ -1141,6 +1141,16 @@ function notice_yesno ($message, $linkyes, $linkno) {
     print_simple_box_end();
 }
 
+/* This is an alternate beginning to the redirect function
+function redirect($url, $message="", $delay=false) {
+// Uses META tags to redirect the user, after printing a notice
+    if(!empty($message) && $delay == false):
+        $delay = 10;
+    else:
+        $delay = 0;
+    endif;
+*/
+
 function redirect($url, $message="", $delay=0) {
 // Uses META tags to redirect the user, after printing a notice
 
diff --git a/mod/resource/view.php b/mod/resource/view.php
index 00842ee4a9..e008e78353 100644
--- a/mod/resource/view.php
+++ b/mod/resource/view.php
@@ -23,10 +23,10 @@
 
     if ($course->category) {
         require_login($course->id);
-        $navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
-                       <A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
+        $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
+                       <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
     } else {
-        $navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strresources</A> ->";
+        $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strresources</A> ->";
     }
 
 
@@ -54,7 +54,7 @@
         case WEBPAGE:
             if (!empty($frameset)) {
                 print_header("$course->shortname: $resource->name", "$course->fullname", 
-                "$navigation <A TARGET=_top HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
+                "$navigation <A TARGET=\"{$CFG->main_frame}\" HREF=\"$resource->reference\" TITLE=\"$resource->reference\">$resource->name</A>",
                 "", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
                 echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
 
@@ -69,18 +69,22 @@
             break;
 
         case UPLOADEDFILE:
+            if ($CFG->slasharguments) {
+                $ffurl = "file.php/$course->id/$resource->reference";
+            } else {
+                $ffurl = "file.php?file=/$course->id/$resource->reference";
+            }
+
             if (!empty($frameset)) {
                 print_header("$course->shortname: $resource->name", "$course->fullname", "$navigation $resource->name",
                          "", "", true, update_module_button($cm->id, $course->id, $strresource), navmenu($course, $cm));
                 echo "<CENTER><FONT SIZE=-1>".text_to_html($resource->summary, true, false)."</FONT></CENTER>";
-
+                echo "<HR><CENTER><FONT SIZE=-2>If you cannot see the file in your
+                browser, and were not prompted to save the file, please try the
+                following link (you may need to right click and choose
+                &quot;Save As&quot;):<a href=\"{$CFG->wwwroot}/$ffurl\">{$resource->name}</FONT></CENTER>";
             } else {
                 add_to_log($course->id, "resource", "view", "view.php?id=$cm->id", "$resource->id");
-                if ($CFG->slasharguments) {
-                    $ffurl = "file.php/$course->id/$resource->reference";
-                } else {
-                    $ffurl = "file.php?file=/$course->id/$resource->reference";
-                }
                 echo "<HEAD><TITLE>$course->shortname: $resource->name</TITLE></HEAD>\n";
                 echo "<FRAMESET ROWS=$RESOURCE_FRAME_SIZE,*>";
                 echo "<FRAME SRC=\"view.php?id=$cm->id&frameset=true\">";
diff --git a/mod/survey/report.php b/mod/survey/report.php
index 47f442caa8..0ff965cfc0 100644
--- a/mod/survey/report.php
+++ b/mod/survey/report.php
@@ -61,12 +61,12 @@
     switch ($action) {
       case "top":
         if ($course->category) {
-            $navigation = "<A TARGET=_top HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
-                           <A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
-                           <A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
+            $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"../../course/view.php?id=$course->id\">$course->shortname</A> ->
+                           <A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
+                           <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
         } else {
-            $navigation = "<A TARGET=_top HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
-                           <A TARGET=_top HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
+            $navigation = "<A TARGET=\"{$CFG->main_frame}\" HREF=\"index.php?id=$course->id\">$strsurveys</A> ->
+                           <A TARGET=\"{$CFG->main_frame}\" HREF=\"view.php?id=$cm->id\">$survey->name</A> -> ";
         }
         print_header("$course->shortname: $survey->name", "$course->fullname", "$navigation $strreport");
         break;
diff --git a/theme/oceanblue/header.html_logo b/theme/oceanblue/header.html_logo
index 731dfef70d..d45b1d323b 100644
--- a/theme/oceanblue/header.html_logo
+++ b/theme/oceanblue/header.html_logo
@@ -14,7 +14,7 @@
 
      <TABLE WIDTH=100% CELLPADDING=10 CELLSPACING=0 BORDER=0>
        <TR>
-         <TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="_top"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
+         <TD VALIGN=TOP><A HREF="<?=$CFG->wwwroot?>" TARGET="<?=$CFG->main_frame?>"><IMG SRC="<?=$CFG->wwwroot?>/theme/oceanblue/logo.jpg" ALT="Moodle" BORDER="0"></A></TD>
          <TD ALIGN=RIGHT VALIGN=TOP><?=$menu ?></TD>
        </TR>
      </TABLE>
diff --git a/theme/poweraid/header.html b/theme/poweraid/header.html
index 6280253dd4..f28c100caa 100644
--- a/theme/poweraid/header.html
+++ b/theme/poweraid/header.html
@@ -58,7 +58,7 @@
 </tr>
 <tr>
 <td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
-<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
+<td align="left" valign="top"><A TARGET=\"{$CFG->main_frame}\" HREF="<? echo $CFG->wwwroot?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->frontlogo" ?>" border="0" /></A></td>
 <td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
 </tr>
 </table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">
@@ -99,7 +99,7 @@
 </tr>
 <tr>
 <td width="6" bgcolor="<? echo $THEME->body?>"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/side_left.gif" width="2" height="100%" /></td>
-<td align="left" valign="top"><A TARGET=_top HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
+<td align="left" valign="top"><A TARGET="<?=$CFG->main_frame?>" HREF="<? echo $CFG->wwwroot ?>"><img src="<? echo "$CFG->wwwroot/theme/$CFG->theme/$THEME->smalllogo" ?>" border="0" /></A></td>
 <td width="6" background="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg"><img src="<?=$CFG->wwwroot?>/theme/<?=$CFG->theme ?>/images/left_sidebar.jpg" width="6" height="100%" /></td>
 </tr>
 </table><table border="0" cellspacing="0" cellpadding="0" width="<? echo $THEME->themewidth?>">
-- 
2.39.5