MDL-59612 core: removed hard-coded check for referer in modules

See mod/upgrade.txt for explanation.

Part of MDL-59313.

course/classes/output/activity_navigation.php

@@ -58,23 +58,25 @@ public function __construct($prevmod, $nextmod) {
 
         // Check if there is a previous module to display.
         if ($prevmod) {
+            $linkurl = new \moodle_url($prevmod->url, array('forceview' => 1));
             $linkname = $prevmod->name;
             if (!$prevmod->visible) {
                 $linkname .= ' ' . get_string('hiddenwithbrackets');
             }
 
-            $link = new \action_link($prevmod->url, $OUTPUT->larrow() . ' ' . $linkname);
+            $link = new \action_link($linkurl, $OUTPUT->larrow() . ' ' . $linkname);
             $this->prevlink = $OUTPUT->render($link);
         }
 
         // Check if there is a next module to display.
         if ($nextmod) {
+            $linkurl = new \moodle_url($nextmod->url, array('forceview' => 1));
             $linkname = $nextmod->name;
             if (!$nextmod->visible) {
                 $linkname .= ' ' . get_string('hiddenwithbrackets');
             }
 
-            $link = new \action_link($nextmod->url, $linkname . ' ' . $OUTPUT->rarrow());
+            $link = new \action_link($linkurl, $linkname . ' ' . $OUTPUT->rarrow());
             $this->nextlink = $OUTPUT->render($link);
         }
     }

course/modedit.php

@@ -157,11 +157,11 @@
     }
 
     if (isset($fromform->submitbutton)) {
+        $url = new moodle_url("/mod/$module->name/view.php", array('id' => $fromform->coursemodule, 'forceview' => 1));
         if (empty($fromform->showgradingmanagement)) {
-            redirect("$CFG->wwwroot/mod/$module->name/view.php?id=$fromform->coursemodule");
+            redirect($url);
         } else {
-            $returnurl = new moodle_url("/mod/$module->name/view.php", array('id' => $fromform->coursemodule));
-            redirect($fromform->gradingman->get_management_url($returnurl));
+            redirect($fromform->gradingman->get_management_url($url));
         }
     } else {
         redirect(course_get_url($course, $cw->section, array('sr' => $sectionreturn)));

mod/resource/view.php

@@ -31,6 +31,7 @@
 $id       = optional_param('id', 0, PARAM_INT); // Course Module ID
 $r        = optional_param('r', 0, PARAM_INT);  // Resource instance ID
 $redirect = optional_param('redirect', 0, PARAM_BOOL);
+$forceview = optional_param('forceview', 0, PARAM_BOOL);
 
 if ($r) {
     if (!$resource = $DB->get_record('resource', array('id'=>$r))) {
@@ -76,12 +77,7 @@
 $resource->mainfile = $file->get_filename();
 $displaytype = resource_get_final_display_type($resource);
 if ($displaytype == RESOURCELIB_DISPLAY_OPEN || $displaytype == RESOURCELIB_DISPLAY_DOWNLOAD) {
-    // For 'open' and 'download' links, we always redirect to the content - except
-    // if the user just chose 'save and display' from the form then that would be
-    // confusing
-    if (strpos(get_local_referer(false), 'modedit.php') === false) {
-        $redirect = true;
-    }
+    $redirect = true;
 }
 
 // Don't redirect teachers, otherwise they can not access course or module settings.
@@ -91,7 +87,7 @@
     $redirect = false;
 }
 
-if ($redirect) {
+if ($redirect && !$forceview) {
     // coming from course page or url index page
     // this redirect trick solves caching problems when tracking views ;-)
     $path = '/'.$context->id.'/mod_resource/content/'.$resource->revision.$file->get_filepath().$file->get_filename();

mod/upgrade.txt

@@ -1,6 +1,18 @@
 This files describes API changes in /mod/* - activity modules,
 information provided here is intended especially for developers.
 
+=== 3.4 ===
+
+* Navigation between activities via a previous and next link was added to Boost, Clean and Bootstrapbase. This
+  was made possible by a new function core_renderer->activity_navigation(). However, there was an issue when linking
+  to the mod_resource and mod_url view.php pages where it would automatically download the file, or redirect to
+  the URL. It was noticed that this was not the case when editing the module and clicking 'Save and display' which would
+  take you to the pages without downloading the file or redirecting to a link. The reason this worked was because of the
+  hard-coded check 'if (strpos(get_local_referer(false), 'modedit.php') === false) {' in the view.php files. This check
+  has been removed in favour of an optional_param('forceview'). If you are using the above hard-coded check in your
+  plugin it is recommended to remove it and use the optional param as it will prevent the navigation from working as
+  expected.
+
 === 3.3 ===
 
 * External functions that were returning file information now return the following additional file fields:

mod/url/view.php

@@ -31,6 +31,7 @@
 $id       = optional_param('id', 0, PARAM_INT);        // Course module ID
 $u        = optional_param('u', 0, PARAM_INT);         // URL instance id
 $redirect = optional_param('redirect', 0, PARAM_BOOL);
+$forceview = optional_param('forceview', 0, PARAM_BOOL);
 
 if ($u) {  // Two ways to specify the module
     $url = $DB->get_record('url', array('id'=>$u), '*', MUST_EXIST);
@@ -66,14 +67,10 @@
 
 $displaytype = url_get_final_display_type($url);
 if ($displaytype == RESOURCELIB_DISPLAY_OPEN) {
-    // For 'open' links, we always redirect to the content - except if the user
-    // just chose 'save and display' from the form then that would be confusing
-    if (strpos(get_local_referer(false), 'modedit.php') === false) {
-        $redirect = true;
-    }
+    $redirect = true;
 }
 
-if ($redirect) {
+if ($redirect && !$forceview) {
     // coming from course page or url index page,
     // the redirection is needed for completion tracking and logging
     $fullurl = str_replace('&', '&', url_get_full_url($url, $cm, $course));