Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-41044

Wiki gets returnurl handling wrong

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.5.1
    • Fix Version/s: FRONTEND
    • Component/s: Wiki (2.x)
    • Labels:
    • Affected Branches:
      MOODLE_25_STABLE

      Description

      1. It uses full urls in hidden fields. Some web servers have a security heruristic where they block URL parameters (not sure about POST paramters) that are full URLs. You should always use a URL relative to wwwroot (output with moodle_url::out_as_local_url), and receive it with PARAM_LOCALURL.

      2. It uses HTTP referrer as the return URL. this works the first time you arrive on a page like https://tjh238.vledev2.open.ac.uk/moodle_head/mod/wiki/filesedit.php?subwiki=1&pageid=1, but it fails if you then use the block editing UI on that page, or the purge caches link in the footer. The correct returnurl should be passed around in the URL, or hidden fields.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              timhunt Tim Hunt
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated: