Skip to content

GitLab

Commit 1c807f3f authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Fix first access of secret url view (bug #661613) 


Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 0d89a21c
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 4 deletions
htdocs/lib/mahara.php
View file @ 1c807f3f
......@@ -1718,17 +1718,17 @@ function get_view_from_token($token, $visible=true) {
);
if ($order) {
if ($token != get_cookie('caccess:'.$order[0]->collection)) {
set_cookie('caccess:'.$order[0]->collection, $token);
set_cookie('caccess:'.$order[0]->collection, $token, 0, true);
}
return $order[0]->view;
}
}
$viewid = $viewids[0];
if (!$visible && $token != get_cookie('mviewaccess:'.$viewid)) {
set_cookie('mviewaccess:'.$viewid, $token);
set_cookie('mviewaccess:'.$viewid, $token, 0, true);
}
if ($visible && $token != get_cookie('viewaccess:'.$viewid)) {
set_cookie('viewaccess:'.$viewid, $token);
set_cookie('viewaccess:'.$viewid, $token, 0, true);
}
return $viewid;
}
......
htdocs/lib/web.php
View file @ 1c807f3f
......@@ -1333,10 +1333,13 @@ function get_cookies($prefix) {
* @param int $expires The unix timestamp of the time the cookie should expire
* @todo path/domain/secure: should be set automatically by this function if possible (?)
*/
function set_cookie($name, $value='', $expires=0) {
function set_cookie($name, $value='', $expires=0, $access=false) {
$name = get_config('cookieprefix') . $name;
$url = parse_url(get_config('wwwroot'));
setcookie($name, $value, $expires, $url['path'], $url['host'], false);
if ($access) { // View access cookies may be needed on this request
$_COOKIE[$name] = $value;
}
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment