<?php
-
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
* back to the page that they were on.
*
* This functionality is also supported in {@link /course/view.php} in order to comply
- * with backwards compatibility
+ * with backwards compatibility.
* The reason that we created this file was so that user didn't get redirected back
* to the course view page only to be redirected again.
*
require_once($CFG->dirroot.'/course/lib.php');
$id = required_param('id', PARAM_INT);
-$switchrole = optional_param('switchrole',-1, PARAM_INT);
-$returnurl = optional_param('returnurl', false, PARAM_LOCALURL);
+$switchrole = optional_param('switchrole', -1, PARAM_INT);
+$returnurl = optional_param('returnurl', '', PARAM_RAW);
+
+if (strpos($returnurl, '?') === false) {
+ // Looks like somebody did not set proper page url, better go to course page.
+ $returnurl = new moodle_url('/course/view.php', array('id' => $id));
+} else {
+ if (strpos($returnurl, $CFG->wwwroot) !== 0) {
+ $returnurl = $CFG->wwwroot.$returnurl;
+ }
+ $returnurl = clean_param($returnurl, PARAM_URL);
+}
$PAGE->set_url('/course/switchrole.php', array('id'=>$id));
-if (!confirm_sesskey()) {
- print_error('confirmsesskeybad', 'error');
-}
+require_sesskey();
-if (! ($course = $DB->get_record('course', array('id'=>$id)))) {
- print_error('invalidcourseid', 'error');
+if (!$course = $DB->get_record('course', array('id'=>$id))) {
+ redirect(new moodle_url('/'));
}
$context = context_course::instance($course->id);
-// Remove any switched roles before checking login
+// Remove any switched roles before checking login.
if ($switchrole == 0) {
- role_switch($switchrole, $context);
+ role_switch(0, $context);
}
require_login($course);
// Switchrole - sanity check in cost-order...
if ($switchrole > 0 && has_capability('moodle/role:switchroles', $context)) {
- // is this role assignable in this context?
+ // Is this role assignable in this context?
// inquiring minds want to know...
$aroles = get_switchable_roles($context);
if (is_array($aroles) && isset($aroles[$switchrole])) {
role_switch($switchrole, $context);
- // Double check that this role is allowed here
- require_login($course);
}
}
-// TODO: Using SESSION->returnurl is deprecated and should be removed in the future.
-// Till then this code remains to support any external applications calling this script.
-if (!empty($returnurl) && is_numeric($returnurl)) {
- $returnurl = false;
- if (!empty($SESSION->returnurl) && strpos($SESSION->returnurl, 'moodle_url')!==false) {
- debugging('Code calling switchrole should be passing a URL as a param.', DEBUG_DEVELOPER);
- $returnurl = @unserialize($SESSION->returnurl);
- if (!($returnurl instanceof moodle_url)) {
- $returnurl = false;
- }
- }
-}
-
-if ($returnurl === false) {
- $returnurl = new moodle_url('/course/view.php', array('id' => $course->id));
-}
-
redirect($returnurl);
$section = optional_param('section', 0, PARAM_INT);
$move = optional_param('move', 0, PARAM_INT);
$marker = optional_param('marker',-1 , PARAM_INT);
- $switchrole = optional_param('switchrole',-1, PARAM_INT);
+ $switchrole = optional_param('switchrole',-1, PARAM_INT); // Deprecated, use course/switchrole.php instead.
$modchooser = optional_param('modchooser', -1, PARAM_BOOL);
$return = optional_param('return', 0, PARAM_LOCALURL);
if ((count($roles)==1 && array_key_exists(0, $roles))|| $assumedrole!==false) {
$switchroles->force_open();
}
- $returnurl = $this->page->url;
- $returnurl->param('sesskey', sesskey());
foreach ($roles as $key => $name) {
- $url = new moodle_url('/course/switchrole.php', array('id'=>$course->id,'sesskey'=>sesskey(), 'switchrole'=>$key, 'returnurl'=>$returnurl->out(false)));
+ $url = new moodle_url('/course/switchrole.php', array('id'=>$course->id, 'sesskey'=>sesskey(), 'switchrole'=>$key, 'returnurl'=>$this->page->url->out_as_local_url(false)));
$switchroles->add($name, $url, self::TYPE_SETTING, null, $key, new pix_icon('i/switchrole', ''));
}
}
