[LON-CAPA-cvs] cvs: loncom /auth lonroles.pm

Mon Apr 19 11:05:55 EDT 2021

raeburn		Mon Apr 19 15:05:55 2021 EDT

  Modified files:              
    /loncom/auth	lonroles.pm 
  Log:
  - Verify symb in query string (if included) before internal redirect to
    load course role. 
  
  
Index: loncom/auth/lonroles.pm
diff -u loncom/auth/lonroles.pm:1.344 loncom/auth/lonroles.pm:1.345

--- loncom/auth/lonroles.pm:1.344	Fri Dec 18 15:23:03 2020
+++ loncom/auth/lonroles.pm	Mon Apr 19 15:05:55 2021
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.344 2020/12/18 15:23:03 raeburn Exp $
+# $Id: lonroles.pm,v 1.345 2021/04/19 15:05:55 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -653,6 +653,13 @@
                             if (($ferr) && ($tadv)) {
 				&error_page($r,$ferr,$dest);
 			    } else {
+                                if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
+                                    if (($env{'form.orgurl'} ne '') && ($env{'form.symb'} ne '')) {
+                                        unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'}) {
+                                            $dest=$env{'form.orgurl'};
+                                        }
+                                    } 
+                                }
                                 if ($dest =~ m{^/adm/coursedocs\?folderpath}) {
                                     if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { 
                                         my $chome = &Apache::lonnet::homeserver($cnum,$cdom);


