Index: file.php =================================================================== RCS file: /cvsroot/moodle/moodle/file.php,v retrieving revision 1.46.2.1 diff -u -r1.46.2.1 file.php --- file.php 2 Apr 2008 06:09:56 -0000 1.46.2.1 +++ file.php 23 Apr 2008 17:37:43 -0000 @@ -53,23 +53,25 @@ } // security: login to course if necessary + // Note: file.php always calls require_login() with $setwantsurltome=false + // in order to avoid messing redirects. MDL-14495 if ($args[0] == 'blog') { if (empty($CFG->bloglevel)) { error('Blogging is disabled!'); } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { - require_login(); + require_login(0, true, null, false); } else if ($CFG->forcelogin) { - require_login(); + require_login(0, true, null, false); } } else if ($course->id != SITEID) { - require_login($course->id); + require_login($course->id, true, null, false); } else if ($CFG->forcelogin) { if (!empty($CFG->sitepolicy) and ($CFG->sitepolicy == $CFG->wwwroot.'/file.php'.$relativepath or $CFG->sitepolicy == $CFG->wwwroot.'/file.php?file='.$relativepath)) { //do not require login for policy file } else { - require_login(); + require_login(0, true, null, false); } } Index: lib/moodlelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/moodlelib.php,v retrieving revision 1.960.2.73 diff -u -r1.960.2.73 moodlelib.php --- lib/moodlelib.php 18 Apr 2008 07:55:38 -0000 1.960.2.73 +++ lib/moodlelib.php 23 Apr 2008 17:37:49 -0000 @@ -1843,8 +1843,11 @@ * @param mixed $courseorid id of the course or course object * @param bool $autologinguest * @param object $cm course module object + * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to + * true. Used to avoid (=false) some scripts (file.php...) to set that variable, + * in order to keep redirects working properly. MDL-14495 */ -function require_login($courseorid=0, $autologinguest=true, $cm=null) { +function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsurltome=true) { global $CFG, $SESSION, $USER, $COURSE, $FULLME; @@ -1855,7 +1858,9 @@ if (!isloggedin()) { //NOTE: $USER->site check was obsoleted by session test cookie, // $USER->confirmed test is in login/index.php - $SESSION->wantsurl = $FULLME; + if ($setwantsurltome) { + $SESSION->wantsurl = $FULLME; + } if (!empty($_SERVER['HTTP_REFERER'])) { $SESSION->fromurl = $_SERVER['HTTP_REFERER']; } @@ -2120,16 +2125,19 @@ * @param mixed $courseorid The course object or id in question * @param bool $autologinguest Allow autologin guests if that is wanted * @param object $cm Course activity module if known + * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to + * true. Used to avoid (=false) some scripts (file.php...) to set that variable, + * in order to keep redirects working properly. MDL-14495 */ -function require_course_login($courseorid, $autologinguest=true, $cm=null) { +function require_course_login($courseorid, $autologinguest=true, $cm=null, $setwantsurltome=true) { global $CFG; if (!empty($CFG->forcelogin)) { // login required for both SITE and courses - require_login($courseorid, $autologinguest, $cm); + require_login($courseorid, $autologinguest, $cm, $setwantsurltome); } else if (!empty($cm) and !$cm->visible) { // always login for hidden activities - require_login($courseorid, $autologinguest, $cm); + require_login($courseorid, $autologinguest, $cm, $setwantsurltome); } else if ((is_object($courseorid) and $courseorid->id == SITEID) or (!is_object($courseorid) and $courseorid == SITEID)) { @@ -2139,7 +2147,7 @@ } else { // course login always required - require_login($courseorid, $autologinguest, $cm); + require_login($courseorid, $autologinguest, $cm, $setwantsurltome); } }