From 01dd64a8c8aa95f793accea371b2392e662663c5 Mon Sep 17 00:00:00 2001 From: Rossiani Wijaya Date: Mon, 31 Oct 2011 17:28:52 +0800 Subject: [PATCH 1/1] MDL-29092 login/change password: backporting to 1.9 for MDL-26381 and set form action to user https when loginhttps is enable --- login/change_password.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/login/change_password.php b/login/change_password.php index d80d59050a5..41d1a7d2d19 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -4,6 +4,7 @@ require_once('change_password_form.php'); $id = optional_param('id', SITEID, PARAM_INT); // current course + $return = optional_param('return', 0, PARAM_BOOL); // redirect after password change $strparticipants = get_string('participants'); @@ -12,6 +13,19 @@ $systemcontext = get_context_instance(CONTEXT_SYSTEM); + if ($return) { + // this redirect prevents security warning because https can not POST to http pages + if (empty($SESSION->wantsurl) + or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php') === 0)) { + $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id"; + } else { + $returnto = $SESSION->wantsurl; + } + unset($SESSION->wantsurl); + + redirect($returnto); + } + if (!$course = get_record('course', 'id', $id)) { error('No such course!'); } @@ -19,7 +33,7 @@ // require proper login; guest user can not change password if (empty($USER->id) or isguestuser()) { if (empty($SESSION->wantsurl)) { - $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php'; + $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php?id=' . $id; } redirect($CFG->httpswwwroot.'/login/index.php'); } @@ -54,7 +68,7 @@ redirect($changeurl); } - $mform = new login_change_password_form(); + $mform = new login_change_password_form($CFG->httpswwwroot . '/login/change_password.php'); $mform->set_data(array('id'=>$course->id)); $navlinks = array(); -- 2.17.1