Commit 777af769 authored by Richard Mansfield's avatar Richard Mansfield Committed by Gerrit Code Review
Browse files

Merge changes Idf805a5c,If8a62526,Id4924165,I2ea95fdf,I182adeb1,I9c1817d2,I8c8ac4e0,I9e1cb479

* changes:
  Add spans and classes to pieform element pre- and post-html
  Avoid cross-domain ajax requests from user subdomains (bug #1006634)
  Use subdomain URLs on Settings and Edit view pages (bug #1006634)
  Allow html to appear directly after an element in pieforms
  Allow login redirect to subdomains (bug #1006634)
  Add a function to get the servername from the request
  Always use wwwroot to generate the cookie domain (bug #1006634)
  Add clean URL "User subdomain" option (bug #1006634)
parents 745679ea 1f82edf8
......@@ -89,11 +89,21 @@ if (get_config('cleanurls') && get_config('cleanurlusereditable')) {
$elements['changeprofileurl'] = array(
'value' => '<tr><td colspan="2"><h3>' . get_string('changeprofileurl', 'account') . '</h3></td></tr>'
);
if (get_config('cleanurlusersubdomains')) {
list($proto, $rest) = explode('://', get_config('wwwroot'));
$prehtml = $proto . ':// ';
$posthtml = ' .' . $rest;
}
else {
$prehtml = get_config('wwwroot') . get_config('cleanurluserdefault') . '/ ';
$posthtml = '';
}
$elements['urlid'] = array(
'type' => 'text',
'defaultvalue' => $USER->get('urlid'),
'title' => get_string('profileurl', 'account'),
'prehtml' => '<span class="description">' . get_config('wwwroot') . get_config('cleanurluserdefault') . '/</span> ',
'prehtml' => '<span class="description">' . $prehtml . '</span>',
'posthtml' => '<span class="description">' . $posthtml . '</span>',
'description' => get_string('profileurldescription', 'account') . ' ' . get_string('cleanurlallowedcharacters'),
'rules' => array('maxlength' => 30, 'regex' => get_config('cleanurlvalidate')),
);
......
......@@ -36,6 +36,9 @@ ini_set('session.gc_divisor', 1000);
// Session timeout is stored in minutes in the database
ini_set('session.gc_maxlifetime', get_config('session_timeout') * 60);
ini_set('session.use_only_cookies', true);
if ($domain = get_config('cookiedomain')) {
ini_set('session.cookie_domain', $domain);
}
ini_set('session.cookie_path', get_mahara_install_subdirectory());
ini_set('session.cookie_httponly', 1);
ini_set('session.hash_bits_per_character', 4);
......
......@@ -211,6 +211,13 @@ if (isset($CFG->wwwroot)) {
}
}
// If we have cleanurl subdomains turned on, we need to set cookiedomain
// to ensure cookies are given back to us in all subdomains
if (isset($CFG->cleanurls) && isset($CFG->cleanurlusersubdomains) && !isset($CFG->cookiedomain)) {
$url = parse_url(get_config('wwwroot'));
$CFG->cookiedomain = '.' . $url['host'];
}
// If we're forcing an ssl proxy, make sure the wwwroot is correct
if ($CFG->sslproxy == true && parse_url($CFG->wwwroot, PHP_URL_SCHEME) !== 'https') {
throw new ConfigSanityException(get_string('wwwrootnothttps', 'error', get_config('wwwroot')));
......
......@@ -221,6 +221,15 @@ function sendjsonrequest(script, data, rtype, successcallback, errorcallback, qu
document.documentElement.style.cursor = 'wait';
if (typeof(fakewwwroot) == 'string') {
if (script.substring(0, 4) == 'http') {
script = fakewwwroot + script.substring(config.wwwroot.length);
}
else {
script = fakewwwroot + script;
}
}
var d = doXHR(script, xhrOptions);
d.addCallbacks(function (result) {
......
......@@ -305,3 +305,8 @@ $cfg->cleanurlvalidate = '/^[a-z0-9-]*$/';
// Setting this to false will remove the "Change profile URL" option from the settings page.
$cfg->cleanurlusereditable = true;
// The following option will generate subdomain-style profile urls like http://bob.mahara.example.com
// Warning: Enabling this option on your site is likely to cause users with open sessions to be logged out on all profile pages.
// See https://wiki.mahara.org/index.php/System_Administrator%27s_Guide/Clean_URL_Configuration#User_Subdomains
// $cfg->cleanurlusersubdomains = true;
......@@ -891,7 +891,7 @@ class AccessDeniedException extends UserException {
public function render_exception() {
global $USER;
if (defined('PUBLIC') && !$USER->is_logged_in()) {
$loginurl = substr($_SERVER['REQUEST_URI'], strlen(get_mahara_install_subdirectory()) - 1);
$loginurl = get_full_script_path();
$loginurl .= (false === strpos($loginurl, '?')) ? '?' : '&';
$loginurl .= 'login';
redirect($loginurl);
......
......@@ -48,12 +48,16 @@ function pieform_renderer_div(Pieform $form, $element) {/*{{{*/
}
if (isset($element['prehtml'])) {
$result .= $element['prehtml'];
$result .= '<span class="prehtml">' . $element['prehtml'] . '</span>';
}
//$result .= $builtelement;
$result .= $element['html'];
if (isset($element['posthtml'])) {
$result .= '<span class="posthtml">' . $element['posthtml'] . '</span>';
}
if (isset($element['helphtml'])) {
$result .= ' ' . $element['helphtml'];
}
......
......@@ -56,11 +56,15 @@ function pieform_renderer_oneline(Pieform $form, $element) {/*{{{*/
}
if (isset($element['prehtml'])) {
$result .= $element['prehtml'];
$result .= '<span class="prehtml">' . $element['prehtml'] . '</span>';
}
$result .= $element['html'];
if (isset($element['posthtml'])) {
$result .= '<span class="posthtml">' . $element['posthtml'] . '</span>';
}
$result .= "</span>";
return $result;
}/*}}}*/
......@@ -75,9 +75,14 @@ function pieform_renderer_table(Pieform $form, $element) {/*{{{*/
}
$result .= "</th>\n\t\t<td>";
if (isset($element['prehtml'])) {
$result .= $element['prehtml'];
$result .= '<span class="prehtml">' . $element['prehtml'] . '</span>';
}
$result .= $element['html'];
if (isset($element['posthtml'])) {
$result .= '<span class="posthtml">' . $element['posthtml'] . '</span>';
}
if (isset($element['helphtml'])) {
$result .= ' ' . $element['helphtml'];
}
......
......@@ -1503,6 +1503,12 @@ function profile_url($user, $full=true, $useid=false) {
}
if ($wantclean && !is_null($urlid)) {
// If the host part of the url is not being returned, the user subdomain
// can't be added here, so ignore the subdomain setting when !$full.
if ($full && get_config('cleanurlusersubdomains')) {
list($proto, $rest) = explode('://', get_config('wwwroot'));
return $proto . '://' . $urlid . '.' . substr($rest, 0, -1);
}
$url = get_config('cleanurluserdefault') . '/' . $urlid;
}
else if (!empty($id)) {
......
......@@ -3447,6 +3447,10 @@ class View {
$institutions = get_records_assoc('institution', '', '', '', 'name,displayname');
$institutions['mahara']->displayname = get_config('sitename');
}
$wwwroot = get_config('wwwroot');
$needsubdomain = get_config('cleanurlusersubdomains');
foreach ($viewdata as &$v) {
if ($v->owner) {
$v->sharedby = View::owner_name($v->ownerformat, $owners[$v->owner]);
......@@ -3465,7 +3469,7 @@ class View {
$view->set('dirty', false);
$v['displaytitle'] = $view->display_title_editing();
$v['url'] = $view->get_url(false);
$v['fullurl'] = get_config('wwwroot') . $v['url'];
$v['fullurl'] = $needsubdomain ? $view->get_url(true) : ($wwwroot . $v['url']);
}
}
}
......
......@@ -81,6 +81,21 @@ function smarty($javascript = array(), $headers = array(), $pagestrings = array(
// drag them around the wysiwyg editor
$jswwwroot = json_encode($wwwroot);
// Workaround for $cfg->cleanurlusersubdomains.
// When cleanurlusersubdomains is on, ajax requests might come from somewhere other than
// the wwwroot. To avoid cross-domain requests, set a js variable when this page is on a
// different subdomain, and let the ajax wrapper function sendjsonrequest rewrite its url
// if necessary.
if (get_config('cleanurls') && get_config('cleanurlusersubdomains')) {
if ($requesthost = get_requested_host_name()) {
$wwwrootparts = parse_url($wwwroot);
if ($wwwrootparts['host'] != $requesthost) {
$fakewwwroot = $wwwrootparts['scheme'] . '://' . $requesthost . '/';
$headers[] = '<script type="text/javascript">var fakewwwroot = ' . json_encode($fakewwwroot) . ';</script>';
}
}
}
$theme_list = array();
if (function_exists('pieform_get_headdata')) {
......@@ -1440,7 +1455,10 @@ function get_cookies($prefix) {
function set_cookie($name, $value='', $expires=0, $access=false) {
$name = get_config('cookieprefix') . $name;
$url = parse_url(get_config('wwwroot'));
setcookie($name, $value, $expires, $url['path'], $url['host'], false, true);
if (!$domain = get_config('cookiedomain')) {
$domain = $url['host'];
}
setcookie($name, $value, $expires, $url['path'], $domain, false, true);
if ($access) { // View access cookies may be needed on this request
$_COOKIE[$name] = $value;
}
......@@ -2572,6 +2590,37 @@ function get_script_path() {
}
}
/**
* Get the requested servername in preference to the host in the configured
* wwwroot. Usually the same unless some parts of the site are at subdomains.
*
* @return string
*/
function get_requested_host_name() {
global $CFG;
if (!empty($_SERVER['SERVER_NAME'])) {
return $_SERVER['SERVER_NAME'];
}
if (!empty($_ENV['SERVER_NAME'])) {
return $_ENV['SERVER_NAME'];
}
if (!empty($_SERVER['HTTP_HOST'])) {
return $_SERVER['HTTP_HOST'];
}
if (!empty($_ENV['HTTP_HOST'])) {
return $_ENV['HTTP_HOST'];
}
if (!empty($CFG->wwwroot)) {
$url = parse_url($CFG->wwwroot);
if (!empty($url['host'])) {
return $url['host'];
}
}
log_warn('Warning: could not find the name of this server!');
return false;
}
/**
* Like {@link get_script_path()} but returns a full URL
* @see get_script_path()
......@@ -2585,18 +2634,7 @@ function get_full_script_path() {
$url = parse_url($CFG->wwwroot);
}
if (!empty($url['host'])) {
$hostname = $url['host'];
} else if (!empty($_SERVER['SERVER_NAME'])) {
$hostname = $_SERVER['SERVER_NAME'];
} else if (!empty($_ENV['SERVER_NAME'])) {
$hostname = $_ENV['SERVER_NAME'];
} else if (!empty($_SERVER['HTTP_HOST'])) {
$hostname = $_SERVER['HTTP_HOST'];
} else if (!empty($_ENV['HTTP_HOST'])) {
$hostname = $_ENV['HTTP_HOST'];
} else {
log_warn('Warning: could not find the name of this server!');
if (!$hostname = get_requested_host_name()) {
return false;
}
......
......@@ -90,13 +90,14 @@ if ($studentid !== '') {
if ($urlallowed = get_config('cleanurls') && $view->get('type') == 'portfolio' && !$institution) {
if ($group) {
$groupdata = get_record('group', 'id', $group);
$urlallowed = $urlallowed && strlen($groupdata->urlid);
$cleanurlbase = get_config('wwwroot') . get_config('cleanurlgroupdefault') . '/' . $groupdata->urlid . '/';
if ($urlallowed = !is_null($groupdata->urlid) && strlen($groupdata->urlid)) {
$cleanurlbase = group_homepage_url($groupdata) . '/';
}
}
else {
$userurlid = $USER->get('urlid');
if ($urlallowed = ($urlallowed && !is_null($userurlid) && strlen($userurlid))) {
$cleanurlbase = get_config('wwwroot') . get_config('cleanurluserdefault') . '/' . $userurlid . '/';
if ($urlallowed = !is_null($userurlid) && strlen($userurlid)) {
$cleanurlbase = profile_url($USER) . '/';
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment