From b4d24344c2899e638eb5297d4aee21d5200dfcc6 Mon Sep 17 00:00:00 2001 From: Jerome Mouneyrac Date: Tue, 5 Feb 2013 16:36:37 +0800 Subject: [PATCH] MDL-37012 some typos, add a new lang string, change tag 'a' for 'link', some code cleaning, clean the external string against cross-scripting, proper usage of doclink, correcting the require_once quickform/input AMOS BEGIN CPY [download,block_community],[install,block_community] AMOS END --- blocks/community/forms.php | 52 ++++++++------------ blocks/community/lang/en/block_community.php | 3 +- blocks/community/styles.css | 3 +- lib/form/listing.php | 39 ++++++++------- lib/form/yui/listing/listing.js | 17 +++---- theme/base/style/core.css | 4 ++ 6 files changed, 58 insertions(+), 60 deletions(-) diff --git a/blocks/community/forms.php b/blocks/community/forms.php index a2f2164b4c3d0..3e00e623262b7 100644 --- a/blocks/community/forms.php +++ b/blocks/community/forms.php @@ -137,68 +137,58 @@ public function definition() { if (!empty($hubs)) { $htmlhubs = array(); foreach ($hubs as $hub) { + // Name can come from hub directory - need some cleaning. + $hubname = clean_text($hub['name'], PARAM_TEXT); $smalllogohtml = ''; if (array_key_exists('id', $hub)) { // Retrieve hub logo + generate small logo. - $params = array('hubid' => $hub['id'], - 'filetype' => HUB_HUBSCREENSHOT_FILE_TYPE); - $imgurl = new moodle_url(HUB_HUBDIRECTORYURL . - "/local/hubdirectory/webservice/download.php", $params); + $params = array('hubid' => $hub['id'], 'filetype' => HUB_HUBSCREENSHOT_FILE_TYPE); + $imgurl = new moodle_url(HUB_HUBDIRECTORYURL . "/local/hubdirectory/webservice/download.php", $params); $imgsize = getimagesize($imgurl->out(false)); if ($imgsize[0] > 1) { - $ascreenshothtml = html_writer::empty_tag('img', - array('src' => $imgurl, 'alt' => $hub['name'])); - $smalllogohtml = html_writer::empty_tag('img', - array('src' => $imgurl, 'alt' => $hub['name'] + $ascreenshothtml = html_writer::empty_tag('img', array('src' => $imgurl, 'alt' => $hubname)); + $smalllogohtml = html_writer::empty_tag('img', array('src' => $imgurl, 'alt' => $hubname , 'height' => 30, 'width' => 40)); } else { $ascreenshothtml = ''; } - $hubimage = html_writer::tag('div', $ascreenshothtml, - array('class' => 'hubimage')); + $hubimage = html_writer::tag('div', $ascreenshothtml, array('class' => 'hubimage')); - // Statistics + trusted info + // Statistics + trusted info. $hubstats = ''; if (isset($hub['enrollablecourses'])) { //check needed to avoid warnings for Moodle version < 2011081700 $additionaldesc = get_string('enrollablecourses', 'block_community') . ': ' . $hub['enrollablecourses'] . ' - ' . get_string('downloadablecourses', 'block_community') . ': ' . $hub['downloadablecourses']; - $hubstats .= html_writer::tag('div', $additionaldesc, - array('class' => '')); + $hubstats .= html_writer::tag('div', $additionaldesc); } if ($hub['trusted']) { $hubtrusted = get_string('hubtrusted', 'block_community'); - $hubstats .= html_writer::tag('div', $hubtrusted . ' ' . $OUTPUT->doc_link('trusted_hubs'), array('class' => '')); + $hubstats .= $OUTPUT->doc_link('trusted_hubs') . html_writer::tag('div', $hubtrusted); } $hubstats = html_writer::tag('div', $hubstats, array('class' => 'hubstats')); - // hub name link + hub description - $hubnamelink = html_writer::tag('a', - html_writer::tag('h2',$hub['name']), - array('class' => 'hubtitlelink', 'href' => $hub['url'], - 'onclick' => 'this.target="_blank"')); - $hubdescriptiontext = html_writer::tag('div', format_text($hub['description'], FORMAT_PLAIN), + // hub name link + hub description. + $hubnamelink = html_writer::link($hub['url'], html_writer::tag('h2',$hubname), + array('class' => 'hubtitlelink')); + // The description can come from the hub directory - need to clean. + $hubdescription = clean_param($hub['description'], PARAM_TEXT); + $hubdescriptiontext = html_writer::tag('div', format_text($hubdescription, FORMAT_PLAIN), array('class' => 'hubdescription')); - $hubtext = html_writer::tag('div', $hubdescriptiontext . $hubstats, - array('class' => 'hubtext')); + $hubtext = html_writer::tag('div', $hubdescriptiontext . $hubstats, array('class' => 'hubtext')); - $hubimgandtext = html_writer::tag('div', $hubimage . $hubtext, - array('class' => 'hubimgandtext')); + $hubimgandtext = html_writer::tag('div', $hubimage . $hubtext, array('class' => 'hubimgandtext')); - $hubfulldesc = html_writer::tag('div', - $hubnamelink . $hubimgandtext, - array('class' => 'hubmainhmtl')); + $hubfulldesc = html_writer::tag('div', $hubnamelink . $hubimgandtext, array('class' => 'hubmainhmtl')); } else { - $hubfulldesc = html_writer::tag('a', $hub['name'], - array('class' => '', 'href' => $hub['url'])); + $hubfulldesc = html_writer::link($hub['url'], $hubname); } // Add hub to the hub items. $hubinfo = new stdClass(); $hubinfo->mainhtml = $hubfulldesc; - $hubinfo->rowhtml = html_writer::tag('div', $smalllogohtml , - array('class' => 'hubsmalllogo')) . $hub['name']; + $hubinfo->rowhtml = html_writer::tag('div', $smalllogohtml , array('class' => 'hubsmalllogo')) . $hubname; $hubitems[$hub['url']] = $hubinfo; } diff --git a/blocks/community/lang/en/block_community.php b/blocks/community/lang/en/block_community.php index 89e9adf9565ea..df06794bf1ce9 100644 --- a/blocks/community/lang/en/block_community.php +++ b/blocks/community/lang/en/block_community.php @@ -49,7 +49,7 @@ $string['coverage'] = 'Tags: {$a}'; $string['donotrestore'] = 'No'; $string['dorestore'] = 'Yes'; -$string['download'] = 'Install'; +$string['download'] = 'Download'; $string['downloadable'] = 'courses I can download'; $string['downloadablecourses'] = 'Downloadable courses'; $string['downloadconfirmed'] = 'The backup has been saved in your private files {$a}'; @@ -72,6 +72,7 @@ $string['hub'] = 'hub'; $string['hubnottrusted'] = 'Not trusted'; $string['hubtrusted'] = 'This hub is trusted by Moodle.org'; +$string['install'] = 'Install'; $string['keywords'] = 'Keywords'; $string['keywords_help'] = 'You can search for courses containing specific text in the name, description and other fields of the database.'; $string['langdesc'] = 'Language: {$a} - '; diff --git a/blocks/community/styles.css b/blocks/community/styles.css index 59f91f0f4fa0a..96598cf2aa595 100644 --- a/blocks/community/styles.css +++ b/blocks/community/styles.css @@ -3,12 +3,13 @@ /* HUB SELECTOR */ #page-blocks-community-communitycourse .hubscreenshot {float: left; } #page-blocks-community-communitycourse .hubtitlelink {color: #999; } -#page-blocks-community-communitycourse .hubsmalllogo {padding-right: 7px; float: left; } +#page-blocks-community-communitycourse .hubsmalllogo {padding-left: 3px; padding-right: 7px; float: left; } #page-blocks-community-communitycourse .hubtext {display: block; width: 68%; padding-left: 165px;} #page-blocks-community-communitycourse .hubimgandtext {display:table;} #page-blocks-community-communitycourse .hubimage {float: left; display: block; width: 100px;} #page-blocks-community-communitycourse .hubdescriptiontext {} #page-blocks-community-communitycourse .hubstats {padding-top: 10px} +#page-blocks-community-communitycourse .hubstats .iconhelp {float: left; padding-right: 3px;} #page-blocks-community-communitycourse .hubadditionaldesc {color: #666666; font-size: 90%; display:block;} #page-blocks-community-communitycourse .hubscreenshot {margin-right: 10px;} #page-blocks-community-communitycourse .hubnottrusted {} diff --git a/lib/form/listing.php b/lib/form/listing.php index ad97f4fba4af1..102b492571506 100644 --- a/lib/form/listing.php +++ b/lib/form/listing.php @@ -24,7 +24,11 @@ * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ -require_once("HTML/QuickForm/button.php"); +if (!defined('MOODLE_INTERNAL')) { + die('Direct access to this script is forbidden.'); +} + +require_once("HTML/QuickForm/input.php"); /** * The listing element is a simple customizable "select" without the input type=select. @@ -33,12 +37,15 @@ * This list is composed by the "small" html of each item. * * How to use it: -* The options parameter is an arrau containing: +* The options parameter is an array containing: * - items => array of object: the key is the value of the form input * $item->rowhtml => small html * $item->mainhtml => large html * - showall/hideall => string for the Show/Hide button * +* WARNINGS: The form lets you display HTML. So it is subject to CROSS-SCRIPTING if you send it uncleaned HTML. +* Don't forget to escape your HTML as soon as one string comes from an input/external source. +* * How to customize it: * You can change the css in core.css. For example if you remove float:left; from .formlistingrow, * then the item list is not display as tabs but as rows. @@ -49,23 +56,22 @@ */ class MoodleQuickForm_listing extends HTML_QuickForm_input { - /** @var array items to display */ + /** @var array items to display. */ protected $items = array(); - /** @var string language string for Show All */ + /** @var string language string for Show All. */ protected $showall; - /** @var string language string for Hide */ + /** @var string language string for Hide. */ protected $hideall; /** * Constructor. * - * @param string $elementName (optional) name of the listing - * @param string $elementLabel (optional) listing label - * @param array $attributes (optional) Either a typical HTML attribute string - * or an associative array - * @param array $options set of options to initalize listing + * @param string $elementName (optional) name of the listing. + * @param string $elementLabel (optional) listing label. + * @param array $attributes (optional) Either a typical HTML attribute string or an associative array. + * @param array $options set of options to initalize listing. */ function MoodleQuickForm_listing($elementName=null, $elementLabel=null, $attributes=null, $options=array()) { @@ -89,7 +95,7 @@ function MoodleQuickForm_listing($elementName=null, $elementLabel=null, $attribu /** * Returns HTML for listing form element. * - * @return string the HTML + * @return string the HTML. */ function toHtml() { global $CFG, $PAGE; @@ -110,24 +116,23 @@ function toHtml() { // Add radio buttons for non javascript support. $radiobuttons = ''; - foreach($this->items as $itemid => $item) { + foreach ($this->items as $itemid => $item) { $radioparams = array('name' => $this->getName(), 'value' => $itemid, - 'id' => 'id_huburl_'.$itemid, 'class' => 'formlistinginputradio', 'type' => 'radio'); + 'id' => 'id_'.$itemid, 'class' => 'formlistinginputradio', 'type' => 'radio'); if ($itemid == $this->getValue()) { $radioparams['checked'] = 'checked'; } - $radiobuttons .= html_writer::tag('div', html_writer::tag('input', ' ' . + $radiobuttons .= html_writer::tag('div', html_writer::tag('input', html_writer::tag('div', $item->rowhtml, array('class' => 'formlistingradiocontent')), $radioparams), array('class' => 'formlistingradio')); - ; } // Container for the hidden hidden input which will contain the selected item. $html .= html_writer::tag('div', $radiobuttons, - array('id' => 'formlistinginputcontainer', 'class' => 'formlistinginputcontainer')); + array('id' => 'formlistinginputcontainer_' . $this->getName(), 'class' => 'formlistinginputcontainer')); $module = array('name'=>'form_listing', 'fullpath'=>'/lib/form/yui/listing/listing.js', - 'requires'=>array('node', 'event', 'transition')); + 'requires'=>array('node', 'event', 'transition', 'escape')); $PAGE->requires->js_init_call('M.form_listing.init', array(array( diff --git a/lib/form/yui/listing/listing.js b/lib/form/yui/listing/listing.js index e66b6be305a80..0e420e0d8d199 100644 --- a/lib/form/yui/listing/listing.js +++ b/lib/form/yui/listing/listing.js @@ -39,11 +39,8 @@ M.form_listing.instances = []; M.form_listing.init = function(Y, params) { if (params && params.hiddeninputid && params.elementid) { - // Enable element that were hidden/displau for support of no-javascript. - // Display the form. - Y.one('#'+params.elementid).removeClass('hide'); // Replace the radio buttons by a hidden input. - Y.one('#formlistinginputcontainer').setHTML(''); + Y.one('#formlistinginputcontainer_' + params.inputname).setHTML(''); var caption = Y.one('#'+params.elementid+'_caption'); var allitems = Y.one('#'+params.elementid+'_all'); @@ -55,14 +52,14 @@ M.form_listing.init = function(Y, params) { allitems.hide(); // Refresh the main item + set the hidden input to its value. - var selectItem = function(e) { - var index = this.get('id').replace(params.elementid+'_all_',"");; + var selectitem = function(e) { + var index = this.get('id').replace(params.elementid+'_all_',""); hiddeninput.set('value', items[index]); - selecteditem.setHTML(params.items[items[index]].mainhtml) + selecteditem.setHTML(params.items[items[index]].mainhtml); } // Caption Onlick event to display/hide the listing. - var onClick = function(e) { + var onclick = function(e) { if (!show) { allitems.show(true); show = 1; @@ -74,7 +71,7 @@ M.form_listing.init = function(Y, params) { } }; - caption.on('click', onClick); + caption.on('click', onclick); // Fill the item rows with html + add event. // PS: we need to save the items into a temporary "items[]" array because params.items keys could be url. @@ -88,7 +85,7 @@ M.form_listing.init = function(Y, params) { allitems.append("
" + params.items[itemid].rowhtml + "
"); // Add click event to the row. - Y.one('#'+params.elementid+'_all_'+itemindex).on('click', selectItem); + Y.one('#'+params.elementid+'_all_'+itemindex).on('click', selectitem); itemindex = itemindex + 1; } diff --git a/theme/base/style/core.css b/theme/base/style/core.css index 8e41668e2a834..4319d5f306fa0 100644 --- a/theme/base/style/core.css +++ b/theme/base/style/core.css @@ -1140,3 +1140,7 @@ table.flexible .r1, table.generaltable .r1 {background-color: #FAFAFA;} body.jsenabled .formlistingradio { display: none; } + +body.jsenabled .formlisting { + display: block; +}