New setting in require_login() to avoid certain scripts (file.php)

to mess $SESSION->wantsurl. MDL-14495 ; merged from 19_STABLE

file.php

@@ -53,23 +53,25 @@
     }
 
     // security: login to course if necessary
+    // Note: file.php always calls require_login() with $setwantsurltome=false
+    //       in order to avoid messing redirects. MDL-14495
     if ($args[0] == 'blog') {
         if (empty($CFG->bloglevel)) {
             print_error('Blogging is disabled!');
         } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
-            require_login();
+            require_login(0, true, null, false);
         } else if ($CFG->forcelogin) {
-            require_login();
+            require_login(0, true, null, false);
         }
     } else if ($course->id != SITEID) {
-        require_login($course->id);
+        require_login($course->id, true, null, false);
     } else if ($CFG->forcelogin) {
         if (!empty($CFG->sitepolicy)
             and ($CFG->sitepolicy == $CFG->wwwroot.'/file.php'.$relativepath
                  or $CFG->sitepolicy == $CFG->wwwroot.'/file.php?file='.$relativepath)) {
             //do not require login for policy file
         } else {
-            require_login();
+            require_login(0, true, null, false);
         }
     }
 

lib/moodlelib.php

@@ -1843,8 +1843,11 @@ function course_setup($courseorid=0) {
  * @param mixed $courseorid id of the course or course object
  * @param bool $autologinguest
  * @param object $cm course module object
+ * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
+ *             true. Used to avoid (=false) some scripts (file.php...) to set that variable,
+ *             in order to keep redirects working properly. MDL-14495
  */
-function require_login($courseorid=0, $autologinguest=true, $cm=null) {
+function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsurltome=true) {
 
     global $CFG, $SESSION, $USER, $COURSE, $FULLME;
 
@@ -1855,7 +1858,9 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null) {
     if (!isloggedin()) {
         //NOTE: $USER->site check was obsoleted by session test cookie,
         //      $USER->confirmed test is in login/index.php
-        $SESSION->wantsurl = $FULLME;
+        if ($setwantsurltome) {
+            $SESSION->wantsurl = $FULLME;
+        }
         if (!empty($_SERVER['HTTP_REFERER'])) {
             $SESSION->fromurl  = $_SERVER['HTTP_REFERER'];
         }
@@ -2120,16 +2125,19 @@ function require_logout() {
  * @param mixed $courseorid The course object or id in question
  * @param bool $autologinguest Allow autologin guests if that is wanted
  * @param object $cm Course activity module if known
+ * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
+ *             true. Used to avoid (=false) some scripts (file.php...) to set that variable,
+ *             in order to keep redirects working properly. MDL-14495
  */
-function require_course_login($courseorid, $autologinguest=true, $cm=null) {
+function require_course_login($courseorid, $autologinguest=true, $cm=null, $setwantsurltome=true) {
     global $CFG;
     if (!empty($CFG->forcelogin)) {
         // login required for both SITE and courses
-        require_login($courseorid, $autologinguest, $cm);
+        require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
 
     } else if (!empty($cm) and !$cm->visible) {
         // always login for hidden activities
-        require_login($courseorid, $autologinguest, $cm);
+        require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
 
     } else if ((is_object($courseorid) and $courseorid->id == SITEID)
           or (!is_object($courseorid) and $courseorid == SITEID)) {
@@ -2139,7 +2147,7 @@ function require_course_login($courseorid, $autologinguest=true, $cm=null) {
 
     } else {
         // course login always required
-        require_login($courseorid, $autologinguest, $cm);
+        require_login($courseorid, $autologinguest, $cm, $setwantsurltome);
     }
 }