diff --git a/lib/form/filepicker.php b/lib/form/filepicker.php
index 564cb0d2b33..ab699f461c7 100644
--- a/lib/form/filepicker.php
+++ b/lib/form/filepicker.php
@@ -40,13 +40,18 @@ class MoodleQuickForm_filepicker extends HTML_QuickForm_button
}
}
function toHtml() {
- global $CFG;
+ global $CFG, $COURSE;
if ($this->_flagFrozen) {
return $this->getFrozenHtml();
} else {
$strsaved = get_string('filesaved', 'repository');
$itemid = substr(hexdec(uniqid()), 0, 9)+rand(1,100);
- $ret = get_repository_client();
+ if(empty($COURSE->context)) {
+ $ctx = get_context_instance(CONTEXT_SYSTEM);
+ } else {
+ $ctx = $COURSE->context;
+ }
+ $ret = get_repository_client($ctx);
$suffix = $ret['suffix'];
$str = $this->_getTabs();
$str .= '';
diff --git a/lib/weblib.php b/lib/weblib.php
index f5faac4d6f8..e1a437330d5 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -4811,6 +4811,7 @@ function print_textarea($usehtmleditor, $rows, $cols, $width, $height, $name, $v
global $CFG, $COURSE, $HTTPSPAGEREQUIRED, $THEME;
//static $scriptcount = 0; // For loading the htmlarea script only once.
+ //var_dump(unserialize($COURSE->modinfo));
$mincols = 65;
$minrows = 10;
$str = '';
@@ -4872,7 +4873,12 @@ function print_textarea($usehtmleditor, $rows, $cols, $width, $height, $name, $v
require_once("$CFG->dirroot/repository/lib.php");
$str_toggle = '
';
// Show shortcuts button if HTML editor is in use, but only if JavaScript is enabled (MDL-9556)
- $ret = get_repository_client();
+ if(empty($COURSE->context)) {
+ $ctx = get_context_instance(CONTEXT_SYSTEM);
+ } else {
+ $ctx = $COURSE->context;
+ }
+ $ret = get_repository_client($ctx);
$str .= $ret['html'].$ret['js'];
$suffix = $ret['suffix'];
$str .= '';
diff --git a/repository/lib.php b/repository/lib.php
index 5381aa2a09f..e7c407a0ecc 100644
--- a/repository/lib.php
+++ b/repository/lib.php
@@ -69,9 +69,9 @@ abstract class repository {
* @param string $search The text will be searched.
* @return array the list of files, including meta infomation
*/
- public function __construct($repositoryid, $context = SITEID, $options = array()){
- $this->context = $context;
+ public function __construct($repositoryid, $contextid = SITEID, $options = array()){
$this->repositoryid = $repositoryid;
+ $this->context = get_context_instance_by_id($contextid);
$this->options = array();
if (is_array($options)) {
foreach ($options as $n => $v) {
@@ -211,7 +211,7 @@ abstract class repository {
* @param string $userid The id of specific user
* @return array the list of files, including meta infomation
*/
- public function store_login($username = '', $password = '', $userid = 1, $contextid = SITEID) {
+ public function store_login($username = '', $password = '', $userid = 1) {
global $DB;
$repository = new stdclass;
@@ -220,7 +220,7 @@ abstract class repository {
} else {
$repository->userid = $userid;
$repository->repositorytype = $this->type;
- $repository->contextid = $contextid;
+ $repository->contextid = $this->context->id;
}
if ($entry = $DB->get_record('repository', $repository)) {
$repository->id = $entry->id;
@@ -282,19 +282,19 @@ function repository_get_option($id, $position){
$ret = (array)unserialize($entry->$option);
return $ret;
}
-function repository_instances($contextid = SITEID){
+function repository_instances($context){
global $DB, $CFG, $USER;
$params = array();
$sql = 'SELECT * FROM {repository} r WHERE ';
$sql .= ' (r.userid = 0 or r.userid = ?) ';
$params[] = $USER->id;
- if($contextid == SITEID) {
+ if($context->id == SITEID) {
$sql .= 'AND (r.contextid = ?)';
$params[] = SITEID;
} else {
$sql .= 'AND (r.contextid = ? or r.contextid = ?)';
$params[] = SITEID;
- $params[] = $contextid;
+ $params[] = $context->id;
}
if(!$repos = $DB->get_records_sql($sql, $params)) {
$repos = array();
@@ -361,7 +361,7 @@ function move_to_filepool($path, $name, $itemid) {
// TODO
// Need to pass contextid and contextlevel here
-function get_repository_client(){
+function get_repository_client($context){
global $CFG, $USER;
$suffix = uniqid();
$strsubmit = get_string('submit', 'repository');
@@ -670,7 +670,7 @@ function get_repository_client(){
}
_client.loading();
var trans = YAHOO.util.Connect.asyncRequest('POST',
- '$CFG->wwwroot/repository/ws.php?repo_id='+_client.repositoryid+
+ '$CFG->wwwroot/repository/ws.php?ctx_id=$context->id&repo_id='+_client.repositoryid+
'&action=download',
_client.dlfile, _client.postdata({'itemid': itemid, 'env':_client.env, 'file':file, 'title':title}));
}
@@ -687,6 +687,7 @@ function get_repository_client(){
}
}
obj['env'] = _client.env;
+ obj['ctx_id'] = $context->id;
_client.loading();
var trans = YAHOO.util.Connect.asyncRequest('POST',
'$CFG->wwwroot/repository/ws.php', _client.callback,
@@ -744,7 +745,7 @@ function get_repository_client(){
_client.viewbar.set('disabled', false);
_client.loading();
_client.repositoryid = id;
- var trans = YAHOO.util.Connect.asyncRequest('GET', '$CFG->wwwroot/repository/ws.php?repo_id='+id+'&p='+path+'&reset='+reset+'&env='+_client.env, _client.callback);
+ var trans = YAHOO.util.Connect.asyncRequest('GET', '$CFG->wwwroot/repository/ws.php?ctx_id=$context->id&repo_id='+id+'&p='+path+'&reset='+reset+'&env='+_client.env, _client.callback);
}
_client.search = function(id){
var data = window.prompt("What are you searching for?");
@@ -754,13 +755,13 @@ function get_repository_client(){
}
_client.viewbar.set('disabled', false);
_client.loading();
- var trans = YAHOO.util.Connect.asyncRequest('GET', '$CFG->wwwroot/repository/ws.php?repo_id='+id+'&s='+data+'&env='+_client.env, _client.callback);
+ var trans = YAHOO.util.Connect.asyncRequest('GET', '$CFG->wwwroot/repository/ws.php?ctx_id=$context->id&repo_id='+id+'&s='+data+'&env='+_client.env, _client.callback);
}
return _client;
})();
EOD;
- $repos = repository_instances();
+ $repos = repository_instances($context);
foreach($repos as $repo) {
$js .= "\r\n";
$js .= 'repository_client_'.$suffix.'.repos.push('.json_encode($repo).');'."\n";
diff --git a/repository/ws.php b/repository/ws.php
index 45cb6b79b20..9cde46dab65 100644
--- a/repository/ws.php
+++ b/repository/ws.php
@@ -6,18 +6,20 @@ require_once('lib.php');
// set one hour here
$CFG->repository_cache_expire = 60*60;
// page
-$p = optional_param('p', '', PARAM_RAW);
+$p = optional_param('p', '', PARAM_INT);
// opened in editor or moodleform
-$env = optional_param('env', 'form', PARAM_RAW);
+$env = optional_param('env', 'form', PARAM_ALPHA);
// file to download
-$file = optional_param('file', '', PARAM_RAW);
+$file = optional_param('file', '', PARAM_URL);
// rename the file name
-$title = optional_param('title', '', PARAM_RAW);
-$action = optional_param('action', '', PARAM_RAW);
-$search = optional_param('s', '', PARAM_RAW);
+$title = optional_param('title', '', PARAM_FILE);
+$action = optional_param('action', '', PARAM_ALPHA);
+$search = optional_param('s', '', PARAM_CLEANHTML);
// id of repository
$repo_id = optional_param('repo_id', 1, PARAM_INT);
-// context id
+// TODO
+// what will happen if user use a fake ctx_id?
+// Think about using $SESSION save it
$ctx_id = optional_param('ctx_id', SITEID, PARAM_INT);
$itemid = optional_param('itemid', 0, PARAM_INT);
$userid = $USER->id;
@@ -36,7 +38,7 @@ if(file_exists($CFG->dirroot.'/repository/'.
$repository->repositorytype.'/repository.class.php');
$classname = 'repository_' . $repository->repositorytype;
try{
- $repo = new $classname($repo_id, SITEID, array('ajax'=>true));
+ $repo = new $classname($repo_id, $ctx_id, array('ajax'=>true));
} catch (repository_exception $e){
$err = new stdclass;
$err->e = $e->getMessage();