When AJAX_SCRIPT==1 redirects are not allowed
function redirect($url, $message='', $delay=-1) {
|
if (CLI_SCRIPT or AJAX_SCRIPT) {
|
// This is wrong - developers should not use redirect in these scripts but it should not be very likely.
|
throw new moodle_exception('redirecterrordetected', 'error');
|
}
|
however redirects are desirable in an ajax script if the script has been accessed directly by the browser. i.e. If someone accesses my pure ajax script by going to the url i want to redirect them to the main page
an example core script:
<moodle>/course/category.ajax.php
this uses require_login() – require_login will fail with an error because it depends on redirect() internally, which is disallowed by script_ajax
it also means we cant do something like this:
if ((empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
|
) {
|
// No access or not ajax request.
|
redirect($CFG->wwwroot.'/index.php/');
|
}
|
which gracefully deals with people accessing ajax scripts directly.
MY suggestion is to do something like:
function redirect($url, $message='', $delay=-1) {
|
if (CLI_SCRIPT or (AJAX_SCRIPT && (((isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest'))) {
|
// This is wrong - developers should not use redirect in these scripts but it should not be very likely.
|
throw new moodle_exception('redirecterrordetected', 'error');
|
}
|
i.e. if AJAX_SCRIPT is set and the request is ajax (xmlhttprequest) then thrown an exception
- has a non-specific relationship to
-
MDL-34506 Error when trying to view blog entries comments without being logged
- Closed
-
MDL-41065 On session timeout, filepicker ajax script should redirect to login page.
- Closed
-
MDL-43785 Syntax Error instead of session timeout warning from AJAX_SCRIPT renderer
- Closed
- has been marked as being related by
-
MDL-21938 Add general support for ajax scripts
- Closed