Skip to content
Browse files

MDL-32018 mod_wiki: Fixed formatting of the page title so that is is …

…consistent and secure
  • Loading branch information...
1 parent 4e05e64 commit 2ab31346076c3c479e3cc9a467fd0b12a44fd645 Sam Hemelryk committed Mar 28, 2012
Showing with 63 additions and 40 deletions.
  1. +2 −4 mod/wiki/create.php
  2. +11 −1 mod/wiki/edit_form.php
  3. +10 −7 mod/wiki/locallib.php
  4. +35 −24 mod/wiki/pagelib.php
  5. +5 −4 mod/wiki/renderer.php
View
6 mod/wiki/create.php
@@ -28,7 +28,7 @@
// page editing page.
$action = optional_param('action', 'new', PARAM_TEXT);
// The title of the new page, can be empty
-$title = optional_param('title', '', PARAM_TEXT);
+$title = optional_param('title', get_string('newpage', 'wiki'), PARAM_TEXT);
$wid = optional_param('wid', 0, PARAM_INT);
$swid = optional_param('swid', 0, PARAM_INT);
$gid = optional_param('gid', 0, PARAM_INT);
@@ -78,9 +78,7 @@
$wikipage->set_uid($uid);
}
-if (empty($title)) {
- $title = get_string('newpage', 'wiki');
-}
+
$wikipage->set_title($title);
// set page action, and initialise moodle form
View
12 mod/wiki/edit_form.php
@@ -43,7 +43,17 @@ protected function definition() {
$version = $this->_customdata['version'];
$format = $this->_customdata['format'];
$pagetitle = $this->_customdata['pagetitle'];
- $contextid = $this->_customdata['contextid'];
+
+ if (empty($this->_customdata['contextid'])) {
+ // Hack alert
+ // This is being done ONLY to aid those who may have created there own wiki pages. It should be removed sometime
+ // after the release of 2.3 (not creating an issue because this whole thing should be reviewed)
+ debugging('You must always provide mod_wiki_edit_form with a contextid in its custom data', DEBUG_DEVELOPER);
+ global $PAGE;
+ $contextid = $PAGE->context->id;
+ } else {
+ $contextid = $this->_customdata['contextid'];
+ }
if (isset($this->_customdata['pagetitle'])) {
// Page title must be formatted properly here as this is output and not an element.
View
17 mod/wiki/locallib.php
@@ -320,7 +320,7 @@ function wiki_refresh_page_links($page, $links) {
* @param int $userid
*/
function wiki_create_page($swid, $title, $format, $userid) {
- global $DB, $PAGE;
+ global $DB;
$subwiki = wiki_get_subwiki($swid);
$cm = get_coursemodule_from_instance('wiki', $subwiki->wikiid);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
@@ -605,10 +605,12 @@ function wiki_parse_content($markup, $pagecontent, $options = array()) {
*
* NOTE: Empty pages and non-existent pages must be print in red color.
*
- * @param link name of a page
- * @param $options
+ * !!!!!! IMPORTANT !!!!!!
+ * It is critical that you call format_string on the content before it is used.
*
- * @return
+ * @param string|page_wiki $link name of a page
+ * @param array $options
+ * @return array Array('content' => string, 'url' => string, 'new' => bool, 'link_info' => array)
*
* @TODO Doc return and options
*/
@@ -1394,9 +1396,9 @@ function wiki_print_upload_table($context, $filearea, $fileitemid, $deleteupload
/**
* Generate wiki's page tree
*
- * @param $page. A wiki page object
- * @param $node. Starting navigation_node
- * @param $keys. An array to store keys
+ * @param page_wiki $page. A wiki page object
+ * @param navigation_node $node. Starting navigation_node
+ * @param array $keys. An array to store keys
* @return an array with all tree nodes
*/
function wiki_build_tree($page, $node, &$keys) {
@@ -1412,6 +1414,7 @@ function wiki_build_tree($page, $node, &$keys) {
array_push($keys, $key);
$l = wiki_parser_link($p);
$link = new moodle_url('/mod/wiki/view.php', array('pageid' => $p->id));
+ // navigation_node::get_content will format the title for us
$nodeaux = $node->add($p->title, $link, null, null, null, $icon);
if ($l['new']) {
$nodeaux->add_class('wiki_newentry');
View
59 mod/wiki/pagelib.php
@@ -204,6 +204,7 @@ function set_page($page) {
$this->page = $page;
$this->title = $page->title;
+ // set_title calls format_string itself so no probs there
$PAGE->set_title($this->title);
}
@@ -217,6 +218,7 @@ function set_title($title) {
$this->page = null;
$this->title = $title;
+ // set_title calls format_string itself so no probs there
$PAGE->set_title($this->title);
}
@@ -347,15 +349,15 @@ function set_url() {
print_error(get_string('invalidparameters', 'wiki'));
}
- $PAGE->set_url($CFG->wwwroot . '/mod/wiki/view.php', $params);
+ $PAGE->set_url(new moodle_url($CFG->wwwroot . '/mod/wiki/view.php', $params));
}
function set_coursemodule($id) {
$this->coursemodule = $id;
}
protected function create_navbar() {
- global $PAGE, $CFG;
+ global $PAGE;
$PAGE->navbar->add(format_string($this->title));
$PAGE->navbar->add(get_string('view', 'wiki'));
@@ -540,7 +542,13 @@ protected function print_edit($content = null) {
$url .= "&section=" . urlencode($this->section);
}
- $params = array('attachmentoptions' => page_wiki_edit::$attachmentoptions, 'format' => $version->contentformat, 'version' => $versionnumber, 'pagetitle'=>$this->page->title);
+ $params = array(
+ 'attachmentoptions' => page_wiki_edit::$attachmentoptions,
+ 'format' => $version->contentformat,
+ 'version' => $versionnumber,
+ 'pagetitle' => $this->page->title,
+ 'contextid' => $this->modcontext->id
+ );
$data = new StdClass();
$data->newcontent = $content;
@@ -556,11 +564,10 @@ protected function print_edit($content = null) {
break;
default:
break;
- }
+ }
if ($version->contentformat != 'html') {
$params['fileitemid'] = $this->subwiki->id;
- $params['contextid'] = $this->modcontext->id;
$params['component'] = 'mod_wiki';
$params['filearea'] = 'attachments';
}
@@ -865,19 +872,17 @@ function set_url() {
global $PAGE, $CFG;
$params = array();
+ $params['swid'] = $this->swid;
if ($this->action == 'new') {
$params['action'] = 'new';
- $params['swid'] = $this->swid;
$params['wid'] = $this->wid;
if ($this->title != get_string('newpage', 'wiki')) {
$params['title'] = $this->title;
}
- $PAGE->set_url($CFG->wwwroot . '/mod/wiki/create.php', $params);
} else {
$params['action'] = 'create';
- $params['swid'] = $this->swid;
- $PAGE->set_url($CFG->wwwroot . '/mod/wiki/create.php', $params);
}
+ $PAGE->set_url(new moodle_url('/mod/wiki/create.php', $params));
}
function set_format($format) {
@@ -908,7 +913,7 @@ function set_action($action) {
protected function create_navbar() {
global $PAGE;
-
+ // navigation_node::get_content formats this before printing.
$PAGE->navbar->add($this->title);
}
@@ -1009,10 +1014,14 @@ protected function print_preview() {
if (!empty($this->section)) {
$url .= "&section=" . urlencode($this->section);
}
- $params = array('attachmentoptions' => page_wiki_edit::$attachmentoptions, 'format' => $this->format, 'version' => $this->versionnumber);
+ $params = array(
+ 'attachmentoptions' => page_wiki_edit::$attachmentoptions,
+ 'format' => $this->format,
+ 'version' => $this->versionnumber,
+ 'contextid' => $this->modcontext->id
+ );
if ($this->format != 'html') {
- $params['contextid'] = $this->modcontext->id;
$params['component'] = 'mod_wiki';
$params['filearea'] = 'attachments';
$params['fileitemid'] = $this->page->id;
@@ -1502,10 +1511,10 @@ private function print_contributions_content() {
$user = $users[$version->userid];
}
- $link = wiki_parser_link(format_string($page->title), array('swid' => $swid));
+ $link = wiki_parser_link($page->title, array('swid' => $swid));
$class = ($link['new']) ? 'class="wiki_newentry"' : '';
- $linkpage = '<a href="' . $link['url'] . '"' . $class . '>' . $link['content'] . '</a>';
+ $linkpage = '<a href="' . $link['url'] . '"' . $class . '>' . format_string($link['content'], true, array('context' => $this->modcontext)) . '</a>';
$icon = $OUTPUT->user_picture($user, array('popup' => true));
$table->data[] = array("$icon&nbsp;$linkpage");
@@ -1582,6 +1591,7 @@ private function print_index_content() {
$page = $fresh['page'];
}
+ // navigation_node get_content calls format string for us
$node = new navigation_node($page->title);
$keys = array();
@@ -1616,15 +1626,12 @@ private function print_page_list_content() {
$strspecial = get_string('special', 'wiki');
foreach ($pages as $page) {
- $letter = strtoupper(substr($page->title, 0, 1));
+ $letter = format_string($page->title, true, array('context' => $this->modcontext));
+ $letter = strtoupper(substr($letter, 0, 1));
if (preg_match('/[A-Z]/', $letter)) {
- $stdaux->{
- $letter}
- [] = wiki_parser_link($page);
+ $stdaux->{$letter}[] = wiki_parser_link($page);
} else {
- $stdaux->{
- $strspecial}
- [] = wiki_parser_link($page);
+ $stdaux->{$strspecial}[] = wiki_parser_link($page);
}
}
@@ -1635,7 +1642,7 @@ private function print_page_list_content() {
foreach ($stdaux as $key => $elem) {
$table->data[] = array($key);
foreach ($elem as $e) {
- $table->data[] = array(html_writer::link($e['url'], $e['content']));
+ $table->data[] = array(html_writer::link($e['url'], format_string($e['content'], true, array('context' => $this->modcontext))));
}
}
echo html_writer::table($table);
@@ -1993,11 +2000,15 @@ protected function print_save() {
$url .= "&section=" . urlencode($this->section);
}
- $params = array('attachmentoptions' => page_wiki_edit::$attachmentoptions, 'format' => $this->format, 'version' => $this->versionnumber);
+ $params = array(
+ 'attachmentoptions' => page_wiki_edit::$attachmentoptions,
+ 'format' => $this->format,
+ 'version' => $this->versionnumber,
+ 'contextid' => $this->modcontext->id
+ );
if ($this->format != 'html') {
$params['fileitemid'] = $this->page->id;
- $params['contextid'] = $this->modcontext->id;
$params['component'] = 'mod_wiki';
$params['filearea'] = 'attachments';
}
View
9 mod/wiki/renderer.php
@@ -44,7 +44,7 @@ public function page_index() {
$pages = wiki_get_page_list($swid);
$selectoptions = array();
foreach ($pages as $page) {
- $selectoptions[$page->id] = $page->title;
+ $selectoptions[$page->id] = format_string($page->title, true, array('context' => $this->page->context));
}
$label = get_string('pageindex', 'wiki') . ': ';
$select = new single_select(new moodle_url('/mod/wiki/view.php'), 'pageid', $selectoptions);
@@ -365,7 +365,7 @@ public function wiki_print_subwiki_selector($wiki, $subwiki, $page, $pagetype =
$baseurl->params($params);
echo $this->output->container_start('wiki_right');
- groups_print_activity_menu($cm, $baseurl->out());
+ groups_print_activity_menu($cm, $baseurl);
echo $this->output->container_end();
return;
} else if ($wiki->wikimode == 'individual') {
@@ -415,14 +415,15 @@ public function wiki_print_subwiki_selector($wiki, $subwiki, $page, $pagetype =
CASE VISIBLEGROUPS:
if ($wiki->wikimode == 'collaborative') {
// We need to print a select to choose a course group
- $params = array('wid'=>$wiki->id, 'title'=>urlencode($page->title));
+ // moodle_url will take care of encoding for us
+ $params = array('wid'=>$wiki->id, 'title'=>$page->title);
if ($pagetype == 'files') {
$params['pageid'] = $page->id;
}
$baseurl->params($params);
echo $this->output->container_start('wiki_right');
- groups_print_activity_menu($cm, $baseurl->out());
+ groups_print_activity_menu($cm, $baseurl);
echo $this->output->container_end();
return;

0 comments on commit 2ab3134

Please sign in to comment.
Something went wrong with that request. Please try again.