Commit 31e63c63 authored by Mike Kelly's avatar Mike Kelly Committed by Gerrit Code Review
Browse files

Fix PDFs SAMEORIGIN error when using subdomains (Bug #1399246)



X-Frame SAMEORIGIN error is thrown when viewing an embedded PDF on a
user's View, if Mahara is set up to use subdomains.

This is because the current page url has the subdomain part, but the PDF
iframe does not. Group views and page editing interface are not
affected. 
This patch adds the subdomain part to the iframe url, and the PDF url,
as required.

Change-Id: I7e5856d8cfcd6ac7e2df71859c1b18d3f561bfd1
Signed-off-by: default avatarMike Kelly <m.f.kelly@arts.ac.uk>
parent 4b7768ff
......@@ -30,8 +30,11 @@ class PluginBlocktypePdf extends PluginBlocktype {
}
public static function render_instance(BlockInstance $instance, $editing=false) {
require_once(get_config('docroot') . 'lib/view.php');
$configdata = $instance->get('configdata'); // this will make sure to unserialize it for us
$configdata['viewid'] = $instance->get('view');
$view = new View($configdata['viewid']);
$group = $view->get('group');
$result = '';
$artefactid = isset($configdata['artefactid']) ? $configdata['artefactid'] : null;
......@@ -42,12 +45,20 @@ class PluginBlocktypePdf extends PluginBlocktype {
return '';
}
$result = '<iframe src="' . get_config('wwwroot') . 'artefact/file/blocktype/pdf/viewer.php?file=' . $artefactid . '&view=' . $instance->get('view')
$urlbase = get_config('wwwroot');
// edit view doesn't use subdomains, neither do groups
if (get_config('cleanurls') && get_config('cleanurlusersubdomains') && !$editing && empty($group)) {
global $USER;
$userurlid = $USER->get('urlid');
if ($urlallowed = !is_null($userurlid) && strlen($userurlid)) {
$urlbase = profile_url($USER) . '/';
}
}
$result = '<iframe src="' . $urlbase . 'artefact/file/blocktype/pdf/viewer.php?editing=' . $editing . '&ingroup=' . !empty($group) . '&file=' . $artefactid . '&view=' . $instance->get('view')
. '" width="100%" height="500" frameborder="0"></iframe>';
require_once(get_config('docroot') . 'artefact/comment/lib.php');
require_once(get_config('docroot') . 'lib/view.php');
$view = new View($configdata['viewid']);
list($commentcount, $comments) = ArtefactTypeComment::get_artefact_comments_for_view($artefact, $view, $instance->get('id'));
}
$smarty = smarty_core();
......
......@@ -12,5 +12,5 @@
defined('INTERNAL') || die();
$config = new StdClass;
$config->version = 2013042500;
$config->release = '1.0.0';
$config->version = 2014120400;
$config->release = '1.0.1';
......@@ -20,6 +20,8 @@ require_once(get_config('docroot') . '/artefact/lib.php');
$fileid = param_integer('file');
$viewid = param_integer('view');
$editing = param_boolean('editing', false);
$ingroup = param_boolean('ingroup', false);
if (!artefact_in_view($fileid, $viewid)) {
throw new AccessDeniedException('');
......@@ -34,7 +36,16 @@ if (!($file instanceof ArtefactTypeFile)) {
throw new NotFoundException();
}
$urlbase = get_config('wwwroot');
if (get_config('cleanurls') && get_config('cleanurlusersubdomains') && !$editing && !$ingroup) {
global $USER;
$userurlid = $USER->get('urlid');
if ($urlallowed = !is_null($userurlid) && strlen($userurlid)) {
$urlbase = profile_url($USER) . '/';
}
}
$smarty = smarty();
$smarty->assign('url', get_config('wwwroot') . 'artefact/file/download.php?file='.$fileid.'&view='.$viewid);
$smarty->assign('url', $urlbase . 'artefact/file/download.php?file='.$fileid.'&view='.$viewid);
$smarty->assign('title', $file->get('title'));
$smarty->display('blocktype:pdf:pdf.tpl');
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment