Project

General

Profile

Feature #7678

Global URLs: cidReq -> c

Added by Yannick Warnier about 4 years ago. Updated about 4 years ago.

Status:
Needs more info
Priority:
Normal
Assignee:
Category:
Global / Others / Misc
Target version:
Start date:
04/05/2015
Due date:
% Done:

10%

Estimated time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

Now we moved to more coordinated c_id everywhere in the database, it makes sense (for security and efficiency purposes) to remove the last bit of global non-integer value we keep in the URLs.

To do this, we need to move cidReq to "c" (or anything short like cid, although cid is already used as string in other contexts) and from string to integer.

The only disadvantage of doing this is that we would loose the CODE of the course in the URL that made it easy to identify the course.

I've been playing around a little with the changes needed, and about 80% of the change (the easiest part) can be covered with the following changes:

  • in local.inc.php:
    // $cidReq can be set in the index.php file of a course-area
    $cidReq = isset($cidReq) ? Database::escape_string($cidReq) : '';
    // $cidReq can be set in URL-parameter
    $cidReq = isset($_GET["cidReq"]) ? Database::escape_string($_GET["cidReq"]) : $cidReq;
    $cidReset = isset($cidReset) ? Database::escape_string($cidReset) : '';
    // if cid is set in the URL, use it in priority
    if (isset($_GET['c'])) {
        $c = intval($_GET['c']);
        $course = api_get_course_info_by_id($c);
    } else {
        $course = api_get_course_info($cidReq);
    }
    if (!empty($course)) {
        // modify the
        $c = $course['real_id'];
        $GLOBALS['c'] = $c;
    }
    
  • in api.lib.php:
    function api_get_cidreq($addSessionId = true, $addGroupId = true)
    {
        $url = empty($GLOBALS['_cid']) ? '' : 'cidReq='.htmlspecialchars($GLOBALS['_cid']);
        // Through the transition phase, we use cidReq and c simultaneously in the URL, c having priority by means of changes in local.inc.php
        $url .= empty($GLOBALS['c']) ? '' : '&c='.intval($GLOBALS['c']);
        $origin = api_get_origin();
    
        if ($addSessionId) {
            if (!empty($url)) {
                $url .= api_get_session_id() == 0 ? '&id_session=0' : '&id_session='.api_get_session_id();
            }
        }
    
        if ($addGroupId) {
            if (!empty($url)) {
                $url .= api_get_group_id() == 0 ? '&gidReq=0' : '&gidReq='.api_get_group_id();
            }
        }
    
        $url .= '&gradebook='.intval(api_is_in_gradebook());
        $url .= '&origin='.$origin;
    
        return $url;
    }
    

Opinions?
Not necessarily due for 1.10.0, but definitely worth starting the conversation...

History

#1

Updated by Julio Montoya about 4 years ago

We have also to replace all handcoded url from:

file.php?cidReq=$code&id_session=$sessionId&gidReq=$groupId

to:

file.php?'.api_get_cidReq();
#2

Updated by Yannick Warnier about 4 years ago

  • Target version changed from 1.10.0 to 2.0

Yes. These should be easy enough to find, just looking for the string "cidReq="

This being said, I'm moving this requirement to 2.0 because I tried it and I remember it generated a few hickups (namely when changing from one course to another under a few specific circumstances, it didn't change course).

#3

Updated by Julio Montoya about 4 years ago

Agree.

Also available in: Atom PDF