mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 05:58:34 +01:00
Code Issues Projects Releases Wiki Activity

MDL-32018 mod_wiki: Improved form definitions to ensure they consistent and secure

Browse Source
This commit is contained in:
Sam Hemelryk 2012-03-28 12:24:52 +13:00
parent a280078197
commit 0c700cc48d
5 changed files with 46 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
mod/wiki/comments_form.php
View File

@ -7,9 +7,8 @@ if (!defined('MOODLE_INTERNAL')) {
require_once($CFG->dirroot . '/lib/formslib.php');
class mod_wiki_comments_form extends moodleform {
function definition() {
$pageid = optional_param('pageid', 0, PARAM_INT);
$mform =& $this->_form;
protected function definition() {
$mform = $this->_form;
$current = $this->_customdata['current'];
$commentoptions = $this->_customdata['commentoptions'];
@ -24,7 +23,7 @@ class mod_wiki_comments_form extends moodleform {
$mform->setType('id', PARAM_INT);
$mform->addElement('hidden', 'action', '');
$mform->setType('action', PARAM_ACTION);
$mform->setType('action', PARAM_ALPHAEXT);
//-------------------------------------------------------------------------------
// buttons

11
mod/wiki/create_form.php
View File

@ -29,8 +29,7 @@ require_once($CFG->libdir.'/formslib.php');
class mod_wiki_create_form extends moodleform {
protected function definition() {
global $CFG;
$mform =& $this->_form;
$mform = $this->_form;
$formats = $this->_customdata['formats'];
$defaultformat = $this->_customdata['defaultformat'];
@ -43,6 +42,8 @@ class mod_wiki_create_form extends moodleform {
$textoptions = array('readonly'=>'readonly');
}
$mform->addElement('text', 'pagetitle', get_string('newpagetitle', 'wiki'), $textoptions);
$mform->setType('pagetitle', PARAM_TEXT);
$mform->addRule('pagetitle', get_string('required'), 'required', null, 'client');
if ($forceformat) {
$mform->addElement('hidden', 'pageformat', $defaultformat);
@ -60,10 +61,12 @@ class mod_wiki_create_form extends moodleform {
$mform->addElement('radio', 'pageformat', '', get_string('format'.$format, 'wiki'), $format, $attr);
}
}
$mform->setType('pageformat', PARAM_ALPHANUMEXT);
$mform->addRule('pageformat', get_string('required'), 'required', null, 'client');
//hiddens
$mform->addElement('hidden', 'action');
$mform->setDefault('action', 'create');
$mform->addElement('hidden', 'action', 'create');
$mform->setType('action', PARAM_ALPHA);
$this->add_action_buttons(false, get_string('createpage', 'wiki'));
}

34
mod/wiki/edit_form.php
View File

@ -38,20 +38,16 @@ class mod_wiki_edit_form extends moodleform {
protected function definition() {
global $CFG;
$mform =& $this->_form;
$mform = $this->_form;
$version = $this->_customdata['version'];
$format = $this->_customdata['format'];
$tags = !isset($this->_customdata['tags'])?"":$this->_customdata['tags'];
if ($format != 'html') {
$contextid = $this->_customdata['contextid'];
$filearea = $this->_customdata['filearea'];
$fileitemid = $this->_customdata['fileitemid'];
}
$pagetitle = $this->_customdata['pagetitle'];
$contextid = $this->_customdata['contextid'];
if (isset($this->_customdata['pagetitle'])) {
$pagetitle = get_string('editingpage', 'wiki', $this->_customdata['pagetitle']);
// Page title must be formatted properly here as this is output and not an element.
$pagetitle = get_string('editingpage', 'wiki', format_string($pagetitle, true, array('context' => get_context_instance_by_id($contextid, MUST_EXIST))));
} else {
$pagetitle = get_string('editing', 'wiki');
}
@ -65,7 +61,7 @@ class mod_wiki_edit_form extends moodleform {
$ft = new filetype_parser;
$extensions = $ft->get_extensions('image');
$fs = get_file_storage();
$tree = $fs->get_area_tree($contextid, 'mod_wiki', 'attachments', $fileitemid);
$tree = $fs->get_area_tree($contextid, 'mod_wiki', $this->_customdata['filearea'], $this->_customdata['fileitemid']);
$files = array();
foreach ($tree['files'] as $file) {
$filename = $file->get_filename();
@ -77,30 +73,34 @@ class mod_wiki_edit_form extends moodleform {
}
$mform->addElement('wikieditor', 'newcontent', $fieldname, array('cols' => 100, 'rows' => 20, 'wiki_format' => $format, 'files'=>$files));
$mform->addHelpButton('newcontent', 'format'.$format, 'wiki');
$mform->setType('newcontent', PARAM_RAW); // processed by trust text or cleaned before the display
} else {
$mform->addElement('editor', 'newcontent_editor', $fieldname, null, page_wiki_edit::$attachmentoptions);
$mform->addHelpButton('newcontent_editor', 'formathtml', 'wiki');
$mform->setType('newcontent_editor', PARAM_RAW); // processed by trust text or cleaned before the display
}
//hiddens
if ($version >= 0) {
$mform->addElement('hidden', 'version');
$mform->setDefault('version', $version);
$mform->addElement('hidden', 'version', $version);
$mform->setType('version', PARAM_FLOAT);
}
$mform->addElement('hidden', 'contentformat');
$mform->setDefault('contentformat', $format);
$mform->addElement('hidden', 'contentformat', $format);
$mform->setType('contentformat', PARAM_ALPHANUMEXT);
if (!empty($CFG->usetags)) {
$tags = !isset($this->_customdata['tags'])?"":$this->_customdata['tags'];
$mform->addElement('header', 'tagshdr', get_string('tags', 'tag'));
$mform->addElement('tags', 'tags', get_string('tags'));
$mform->setDefault('tags', $tags);
$mform->setType('tags', PARAM_TEXT);
}
$buttongroup = array();
$buttongroup[] =& $mform->createElement('submit', 'editoption', get_string('save', 'wiki'), array('id' => 'save'));
$buttongroup[] =& $mform->createElement('submit', 'editoption', get_string('preview'), array('id' => 'preview'));
$buttongroup[] =& $mform->createElement('submit', 'editoption', get_string('cancel'), array('id' => 'cancel'));
$buttongroup[] = $mform->createElement('submit', 'editoption', get_string('save', 'wiki'), array('id' => 'save'));
$buttongroup[] = $mform->createElement('submit', 'editoption', get_string('preview'), array('id' => 'preview'));
$buttongroup[] = $mform->createElement('submit', 'editoption', get_string('cancel'), array('id' => 'cancel'));
$mform->addGroup($buttongroup, 'buttonar', '', array(' '), false);
$mform->closeHeaderBefore('buttonar');

6
mod/wiki/filesedit_form.php
View File

@ -27,15 +27,19 @@ defined('MOODLE_INTERNAL') || die();
require_once("$CFG->libdir/formslib.php");
class mod_wiki_filesedit_form extends moodleform {
function definition() {
protected function definition() {
$mform = $this->_form;
$data = $this->_customdata['data'];
$options = $this->_customdata['options'];
$mform->addElement('filemanager', 'files_filemanager', get_string('files'), null, $options);
$mform->addElement('hidden', 'returnurl', $data->returnurl);
$mform->setType('returnurl', PARAM_URL);
$mform->addElement('hidden', 'subwiki', $data->subwikiid);
$mform->setType('subwiki', PARAM_INT);
$this->add_action_buttons(true, get_string('savechanges'));

31
mod/wiki/mod_form.php
View File

@ -41,28 +41,24 @@ require_once($CFG->dirroot . '/lib/datalib.php');
class mod_wiki_mod_form extends moodleform_mod {
function definition() {
global $COURSE;
$mform =& $this->_form;
protected function definition() {
$mform = $this->_form;
$required = get_string('required');
//-------------------------------------------------------------------------------
/// Adding the "general" fieldset, where all the common settings are showed
// Adding the "general" fieldset, where all the common settings are showed
$mform->addElement('header', 'general', get_string('general', 'form'));
/// Adding the standard "name" field
// Adding the standard "name" field
$mform->addElement('text', 'name', get_string('wikiname', 'wiki'), array('size' => '64'));
$mform->setType('name', PARAM_TEXT);
$mform->addRule('name', null, 'required', null, 'client');
/// Adding the optional "intro" and "introformat" pair of fields
// $mform->addElement('htmleditor', 'intro', get_string('wikiintro', 'wiki'));
// $mform->setType('intro', PARAM_RAW);
// $mform->addRule('intro', get_string('required'), 'required', null, 'client');
//
// $mform->addElement('format', 'introformat', get_string('format'));
$mform->addRule('name', $required, 'required', null, 'client');
// Adding the optional "intro" and "introformat" pair of fields
$this->add_intro_editor(true, get_string('wikiintro', 'wiki'));
//-------------------------------------------------------------------------------
/// Adding the rest of wiki settings, spreeading all them into this fieldset
/// or adding more fieldsets ('header' elements) if needed for better logic
// Adding the rest of wiki settings, spreeading all them into this fieldset
// or adding more fieldsets ('header' elements) if needed for better logic
$mform->addElement('header', 'wikifieldset', get_string('wikisettings', 'wiki'));
@ -75,9 +71,9 @@ class mod_wiki_mod_form extends moodleform_mod {
$mform->addElement('text', 'firstpagetitle', get_string('firstpagetitle', 'wiki'), $attr);
$mform->addHelpButton('firstpagetitle', 'firstpagetitle', 'wiki');
$mform->setType('firstpagetitle', PARAM_TEXT);
if (empty($this->_instance)) {
$mform->addRule('firstpagetitle', null, 'required', null, 'client');
$mform->addRule('firstpagetitle', $required, 'required', null, 'client');
}
$wikimodeoptions = array ('collaborative' => get_string('wikimodecollaborative', 'wiki'), 'individual' => get_string('wikimodeindividual', 'wiki'));
@ -96,6 +92,7 @@ class mod_wiki_mod_form extends moodleform_mod {
}
$mform->addElement('select', 'defaultformat', get_string('defaultformat', 'wiki'), $editoroptions);
$mform->addHelpButton('defaultformat', 'defaultformat', 'wiki');
$mform->addElement('checkbox', 'forceformat', get_string('forceformat', 'wiki'));
$mform->addHelpButton('forceformat', 'forceformat', 'wiki');