[LON-CAPA-cvs] cvs: loncom /auth lonroles.pm
raeburn
raeburn at source.lon-capa.org
Mon Apr 19 11:05:55 EDT 2021
raeburn Mon Apr 19 15:05:55 2021 EDT
Modified files:
/loncom/auth lonroles.pm
Log:
- Verify symb in query string (if included) before internal redirect to
load course role.
Index: loncom/auth/lonroles.pm
diff -u loncom/auth/lonroles.pm:1.344 loncom/auth/lonroles.pm:1.345
--- loncom/auth/lonroles.pm:1.344 Fri Dec 18 15:23:03 2020
+++ loncom/auth/lonroles.pm Mon Apr 19 15:05:55 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.344 2020/12/18 15:23:03 raeburn Exp $
+# $Id: lonroles.pm,v 1.345 2021/04/19 15:05:55 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -653,6 +653,13 @@
if (($ferr) && ($tadv)) {
&error_page($r,$ferr,$dest);
} else {
+ if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
+ if (($env{'form.orgurl'} ne '') && ($env{'form.symb'} ne '')) {
+ unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'}) {
+ $dest=$env{'form.orgurl'};
+ }
+ }
+ }
if ($dest =~ m{^/adm/coursedocs\?folderpath}) {
if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
More information about the LON-CAPA-cvs
mailing list