Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50374

Allow redirect when AJAX_SCRIPT =1 but request is not xmlhttprequest

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Minor Minor
    • None
    • 2.9
    • General, Libraries
    • None
    • MOODLE_29_STABLE

      When AJAX_SCRIPT==1 redirects are not allowed

      function redirect($url, $message='', $delay=-1) {
          if (CLI_SCRIPT or AJAX_SCRIPT) {
              // This is wrong - developers should not use redirect in these scripts but it should not be very likely.
              throw new moodle_exception('redirecterrordetected', 'error');
          }
      

      however redirects are desirable in an ajax script if the script has been accessed directly by the browser. i.e. If someone accesses my pure ajax script by going to the url i want to redirect them to the main page

      an example core script:
      <moodle>/course/category.ajax.php
      this uses require_login() – require_login will fail with an error because it depends on redirect() internally, which is disallowed by script_ajax

      it also means we cant do something like this:

      if ((empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
      ) {
          // No access or not ajax request.
          redirect($CFG->wwwroot.'/index.php/');
      }
      

      which gracefully deals with people accessing ajax scripts directly.
      MY suggestion is to do something like:

      function redirect($url, $message='', $delay=-1) {
          if (CLI_SCRIPT or (AJAX_SCRIPT && (((isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest'))) {
              // This is wrong - developers should not use redirect in these scripts but it should not be very likely.
              throw new moodle_exception('redirecterrordetected', 'error');
          }
      

      i.e. if AJAX_SCRIPT is set and the request is ajax (xmlhttprequest) then thrown an exception

            dobedobedoh Andrew Lyons
            berserkk Ben Kelada
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.