Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50374

Allow redirect when AJAX_SCRIPT =1 but request is not xmlhttprequest

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Minor
    • None
    • 2.9
    • General, Libraries
    • None
    • MOODLE_29_STABLE

    Description

      When AJAX_SCRIPT==1 redirects are not allowed

      function redirect($url, $message='', $delay=-1) {
          if (CLI_SCRIPT or AJAX_SCRIPT) {
              // This is wrong - developers should not use redirect in these scripts but it should not be very likely.
              throw new moodle_exception('redirecterrordetected', 'error');
          }
      

      however redirects are desirable in an ajax script if the script has been accessed directly by the browser. i.e. If someone accesses my pure ajax script by going to the url i want to redirect them to the main page

      an example core script:
      <moodle>/course/category.ajax.php
      this uses require_login() – require_login will fail with an error because it depends on redirect() internally, which is disallowed by script_ajax

      it also means we cant do something like this:

      if ((empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
      ) {
          // No access or not ajax request.
          redirect($CFG->wwwroot.'/index.php/');
      }
      

      which gracefully deals with people accessing ajax scripts directly.
      MY suggestion is to do something like:

      function redirect($url, $message='', $delay=-1) {
          if (CLI_SCRIPT or (AJAX_SCRIPT && (((isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest'))) {
              // This is wrong - developers should not use redirect in these scripts but it should not be very likely.
              throw new moodle_exception('redirecterrordetected', 'error');
          }
      

      i.e. if AJAX_SCRIPT is set and the request is ajax (xmlhttprequest) then thrown an exception

      Attachments

        Issue Links

          Activity

            People

              dobedobedoh Andrew Lyons
              berserkk Ben Kelada
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Clockify

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.