-
Bug
-
Resolution: Fixed
-
Minor
-
2.5.1
-
MOODLE_25_STABLE
-
MOODLE_24_STABLE, MOODLE_25_STABLE
-
w36_
MDL-41255_m26_changepw -
SUMMARY
I am using a password expiry plugin. When I am prompted to change my password, the change password form goes into an endless loop, going back and forth between the confirmation form with the continue button and the change password screen.
One might immediately jump to the conclusion that this is a plugin issue however, as you will see below, it's actually a result of a coding error in the core Moodle code.
DESIRED BEHAVIOUR
After successfully changing my password and clicking continue, I should be sent to the profile screen as the normal change password process does.
SUGGESTED SOLUTION
Fix line 43 of /login/change_password.php as follows:
Replace:
or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php') === 0)) {
With:
or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php')) === 0) {
The difference is very subtle. There is are two closing )) after the ===0)), one of which needs to be moved before the ) === 0) because the comparison is supposed to apply to the results of the stripos() function and not to the results of the str_replace() function which doesn't make sense.
The resulting code block should look like this:
if (empty($SESSION->wantsurl)
or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php')) === 0)
else
{ $returnto = $SESSION->wantsurl; }I would appreciate it very much if you could help me get this fix integrated into future versions of Moodle.
Best regards,
Michael