mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-22 08:55:15 +02:00
Code Issues Projects Releases Wiki Activity

"MDL-23786, added sesskey and added s() filter"

Browse Source
This commit is contained in:
Dongsheng Cai 2010-08-13 06:53:28 +00:00
parent 77c7486ea0
commit 7126772325
5 changed files with 62 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/form/editor.php
View File

@ -233,7 +233,8 @@ class MoodleQuickForm_editor extends HTML_QuickForm_element {
'maxbytes'=>$maxbytes,
'maxfiles'=>$maxfiles,
'ctx_id'=>$ctx->id,
'course'=>$PAGE->course->id
'course'=>$PAGE->course->id,
'sesskey'=>sesskey(),
));
$str .= '<noscript>';
$str .= "<object type='text/html' data='$editorurl' height='160' width='600' style='border:1px solid #000'></object>";

1
lib/form/filemanager.php
View File

@ -318,6 +318,7 @@ FMHTML;
'maxfiles'=>$options->maxfiles,
'ctx_id'=>$PAGE->context->id,
'course'=>$PAGE->course->id,
'sesskey'=>sesskey(),
));
$html .= '<noscript>';

1
lib/form/filepicker.php
View File

@ -96,6 +96,7 @@ class MoodleQuickForm_filepicker extends HTML_QuickForm_input {
'maxfiles'=>1,
'ctx_id'=>$PAGE->context->id,
'course'=>$PAGE->course->id,
'sesskey'=>sesskey(),
));
// non js file picker

33
repository/draftfiles_manager.php
View File

@ -36,6 +36,7 @@ require_once('../config.php');
require_once($CFG->libdir.'/filelib.php');
require_once('lib.php');
require_sesskey();
require_login();
// disable blocks in this page
@ -69,7 +70,7 @@ $PAGE->set_context($user_context);
$fs = get_file_storage();
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs);
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$PAGE->set_url('/repository/draftfiles_manager.php', $params);
$filepicker_url = new moodle_url($CFG->httpswwwroot."/repository/filepicker.php", $params);
@ -110,10 +111,10 @@ case 'renameform':
$home_url->param('draftpath', $draftpath);
$home_url->param('action', 'rename');
echo ' <form method="post" action="'.$home_url->out().'">';
echo ' <input name="newfilename" type="text" value="'.$filename.'" />';
echo ' <input name="filename" type="hidden" value="'.$filename.'" />';
echo ' <input name="draftpath" type="hidden" value="'.$draftpath.'" />';
echo ' <input type="submit" value="'.get_string('rename', 'moodle').'" />';
echo ' <input name="newfilename" type="text" value="'.s($filename).'" />';
echo ' <input name="filename" type="hidden" value="'.s($filename).'" />';
echo ' <input name="draftpath" type="hidden" value="'.s($draftpath).'" />';
echo ' <input type="submit" value="'.s(get_string('rename', 'moodle')).'" />';
echo ' </form>';
echo $OUTPUT->footer();
break;
@ -202,7 +203,11 @@ case 'movefile':
redirect($home_url);
}
echo $OUTPUT->header();
echo '<div><a href="' . $home_url->out() . '">'.get_string('back', 'repository')."</a></div>";
echo $OUTPUT->container_start();
echo html_writer::link($home_url, get_string('back', 'repository'));
echo $OUTPUT->container_end();
$data = new stdclass;
$home_url->param('action', 'movefile');
$home_url->param('draftpath', $draftpath);
@ -214,13 +219,17 @@ case 'movefile':
case 'mkdirform':
echo $OUTPUT->header();
echo '<div><a href="' . $home_url->out() . '">'.get_string('back', 'repository')."</a></div>";
echo $OUTPUT->container_start();
echo html_writer::link($home_url, get_string('back', 'repository'));
echo $OUTPUT->container_end();
$home_url->param('draftpath', $draftpath);
$home_url->param('action', 'mkdir');
echo ' <form method="post" action="'.$home_url->out().'">';
echo ' <input name="newdirname" type="text" />';
echo ' <input name="draftpath" type="hidden" value="'.$draftpath.'" />';
echo ' <input type="submit" value="'.get_string('makeafolder', 'moodle').'" />';
echo ' <input name="draftpath" type="hidden" value="'.s($draftpath).'" />';
echo ' <input type="submit" value="'.s(get_string('makeafolder', 'moodle')).'" />';
echo ' </form>';
echo $OUTPUT->footer();
break;
@ -284,7 +293,7 @@ default:
echo ' <a href="'.$home_url->out().'">'.get_string('makeafolder', 'moodle').'</a>';
}
$home_url->param('action', 'downloaddir');
echo ' <a href="'.$home_url->out().'" target="_blank">'.get_string('downloadfolder', 'repository').'</a>';
echo html_writer::link($home_url, get_string('downloadfolder', 'repository'), array('target'=>'_blank'));
}
echo '</div>';
@ -298,7 +307,7 @@ default:
$type = mimeinfo('icon', $file->filename);
echo '<li>';
echo '<img src="'.$fileicon. '" class="iconsmall" />';
echo ' <a href="'.$drafturl.'">'.$file->filename.'</a> ';
echo html_writer::link($drafturl, $file->filename);
$home_url->param('filename', $file->filename);
$home_url->param('draftpath', $file->filepath);
@ -327,7 +336,7 @@ default:
$home_url->param('action', 'browse');
$home_url->param('draftpath', $file->filepath);
$foldername = trim(array_pop(explode('/', trim($file->filepath, '/'))), '/');
echo ' <a href="'.$home_url->out().'">'.$foldername.'</a>';
echo html_writer::link($home_url, $foldername);
$home_url->param('draftpath', $file->filepath);
$home_url->param('filename', $file->filename);

69
repository/filepicker.php
View File

@ -32,6 +32,7 @@ require_once('lib.php');
/// Wait as long as it takes for this script to finish
set_time_limit(0);
require_sesskey();
require_login();
// disable blocks in this page
@ -92,7 +93,7 @@ if ($repository = $DB->get_record_sql($sql, array($repo_id))) {
}
}
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs);
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$params['action'] = 'browse';
$params['draftpath'] = $draftpath;
$home_url = new moodle_url('/repository/draftfiles_manager.php', $params);
@ -128,18 +129,18 @@ case 'search':
echo '<td><img src="'.$item['thumbnail'].'" />';
echo '</td><td>';
if (!empty($item['url'])) {
echo '<a href="'.$item['url'].'" target="_blank">'.$item['title'].'</a>';
echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
} else {
echo $item['title'];
}
echo '</td>';
echo '<td>';
echo '<form method="post">';
echo '<input type="hidden" name="fileurl" value="'.$item['source'].'"/>';
echo '<input type="hidden" name="fileurl" value="'.s($item['source']).'"/>';
echo '<input type="hidden" name="action" value="confirm"/>';
echo '<input type="hidden" name="filename" value="'.$item['title'].'"/>';
echo '<input type="hidden" name="thumbnail" value="'.$item['thumbnail'].'"/>';
echo '<input type="submit" value="'.get_string('select','repository').'" />';
echo '<input type="hidden" name="filename" value="'.s($item['title']).'"/>';
echo '<input type="hidden" name="thumbnail" value="'.s($item['thumbnail']).'"/>';
echo '<input type="submit" value="'.s(get_string('select','repository')).'" />';
echo '</form>';
echo '</td>';
echo '</tr>';
@ -152,7 +153,11 @@ case 'search':
case 'list':
case 'sign':
echo $OUTPUT->header();
echo '<div><a href="' . $url->out() . '">'.get_string('back', 'repository')."</a></div>";
echo $OUTPUT->container_start();
echo html_writer::link($url, get_string('back', 'repository'));
echo $OUTPUT->container_end();
if ($repo->check_login()) {
$list = $repo->get_listing($req_path, $curr_page);
$dynload = !empty($list['dynload'])?true:false;
@ -161,20 +166,20 @@ case 'sign':
echo '<label>'.$list['upload']['label'].': </label>';
echo '<input type="file" name="repo_upload_file" /><br />';
echo '<input type="hidden" name="action" value="upload" /><br />';
echo '<input type="hidden" name="draftpath" value="'.$draftpath.'" /><br />';
echo '<input type="hidden" name="savepath" value="'.$savepath.'" /><br />';
echo '<input type="hidden" name="repo_id" value="'.$repo_id.'" /><br />';
echo '<input type="submit" value="'.get_string('upload', 'repository').'" />';
echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
echo '<input type="hidden" name="repo_id" value="'.s($repo_id).'" /><br />';
echo '<input type="submit" value="'.s(get_string('upload', 'repository')).'" />';
echo '</form>';
} else {
if (!empty($list['path'])) {
foreach ($list['path'] as $p) {
//echo '<form method="post" style="display:inline">';
//echo '<input type="hidden" name="p" value="'.$p['path'].'"';
//echo '<input type="hidden" name="p" value="'.s($p['path']).'"';
//echo '<input type="hidden" name="action" value="list"';
//echo '<input type="hidden" name="draftpath" value="'.$draftpath.'" /><br />';
//echo '<input type="hidden" name="savepath" value="'.$savepath.'" /><br />';
//echo '<input style="display:inline" type="submit" value="'.$p['name'].'" />';
//echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
//echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
//echo '<input style="display:inline" type="submit" value="'.s($p['name']).'" />';
//echo '</form>';
$pathurl = new moodle_url($url, array(
@ -198,7 +203,7 @@ case 'sign':
echo '<td><img src="'.$item['thumbnail'].'" />';
echo '</td><td>';
if (!empty($item['url'])) {
echo '<a href="'.$item['url'].'" target="_blank">'.$item['title'].'</a>';
echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
} else {
echo $item['title'];
}
@ -206,18 +211,18 @@ case 'sign':
echo '<td>';
if (!isset($item['children'])) {
echo '<form method="post">';
echo '<input type="hidden" name="fileurl" value="'.$item['source'].'"/>';
echo '<input type="hidden" name="fileurl" value="'.s($item['source']).'"/>';
echo '<input type="hidden" name="action" value="confirm"/>';
echo '<input type="hidden" name="draftpath" value="'.$draftpath.'" /><br />';
echo '<input type="hidden" name="savepath" value="'.$savepath.'" /><br />';
echo '<input type="hidden" name="filename" value="'.$item['title'].'"/>';
echo '<input type="hidden" name="thumbnail" value="'.$item['thumbnail'].'"/>';
echo '<input type="submit" value="'.get_string('select','repository').'" />';
echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
echo '<input type="hidden" name="filename" value="'.s($item['title']).'"/>';
echo '<input type="hidden" name="thumbnail" value="'.s($item['thumbnail']).'"/>';
echo '<input type="submit" value="'.s(get_string('select','repository')).'" />';
echo '</form>';
} else {
echo '<form method="post">';
echo '<input type="hidden" name="p" value="'.$item['path'].'"/>';
echo '<input type="submit" value="'.get_string('enter', 'repository').'" />';
echo '<input type="hidden" name="p" value="'.s($item['path']).'"/>';
echo '<input type="submit" value="'.s(get_string('enter', 'repository')).'" />';
echo '</form>';
}
echo '</td>';
@ -228,7 +233,7 @@ case 'sign':
} else {
echo '<form method="post">';
echo '<input type="hidden" name="action" value="sign" />';
echo '<input type="hidden" name="repo_id" value="'.$repo_id.'" />';
echo '<input type="hidden" name="repo_id" value="'.s($repo_id).'" />';
$repo->print_login();
echo '</form>';
}
@ -252,7 +257,7 @@ case 'download':
$record->author = '';
$record->source = $thefile['url'];
$info = repository::move_to_filepool($thefile['path'], $record);
redirect($home_url, get_string('downloadsucc','repository'));
redirect($home_url, get_string('downloadsucc', 'repository'));
} else {
print_error('cannotdownload', 'repository');
}
@ -267,17 +272,17 @@ case 'confirm':
echo '<table>';
echo ' <tr>';
echo ' <td><label>'.get_string('filename', 'repository').'</label></td>';
echo ' <td><input type="text" name="filename" value="'.$filename.'" /></td>';
echo ' <td><input type="hidden" name="fileurl" value="'.$fileurl.'" /></td>';
echo ' <td><input type="text" name="filename" value="'.s($filename).'" /></td>';
echo ' <td><input type="hidden" name="fileurl" value="'.s($fileurl).'" /></td>';
echo ' <td><input type="hidden" name="action" value="download" /></td>';
echo ' <td><input type="hidden" name="itemid" value="'.$itemid.'" /></td>';
echo ' <td><input type="hidden" name="itemid" value="'.s($itemid).'" /></td>';
echo ' </tr>';
echo '</table>';
echo '<div>';
// the save path
echo ' <input name="draftpath" type="hidden" value="'.$draftpath.'" />';
echo ' <input name="savepath" type="hidden" value="'.$savepath.'" />';
echo ' <input type="submit" value="'.get_string('download', 'repository').'" />';
echo ' <input name="draftpath" type="hidden" value="'.s($draftpath).'" />';
echo ' <input name="savepath" type="hidden" value="'.s($savepath).'" />';
echo ' <input type="submit" value="'.s(get_string('download', 'repository')).'" />';
echo '</div>';
echo '</form>';
echo $OUTPUT->footer();