Skip to content

Commit

Permalink
"MDL-23786, added sesskey and added s() filter"
Browse files Browse the repository at this point in the history
  • Loading branch information
Dongsheng Cai committed Aug 13, 2010
1 parent 77c7486 commit 7126772
Show file tree
Hide file tree
Showing 5 changed files with 62 additions and 45 deletions.
3 changes: 2 additions & 1 deletion lib/form/editor.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,8 @@ function toHtml() {
'maxbytes'=>$maxbytes,
'maxfiles'=>$maxfiles,
'ctx_id'=>$ctx->id,
'course'=>$PAGE->course->id
'course'=>$PAGE->course->id,
'sesskey'=>sesskey(),
));
$str .= '<noscript>';
$str .= "<object type='text/html' data='$editorurl' height='160' width='600' style='border:1px solid #000'></object>";
Expand Down
1 change: 1 addition & 0 deletions lib/form/filemanager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,7 @@ function form_filemanager_render($options) {
'maxfiles'=>$options->maxfiles,
'ctx_id'=>$PAGE->context->id,
'course'=>$PAGE->course->id,
'sesskey'=>sesskey(),
));

$html .= '<noscript>';
Expand Down
1 change: 1 addition & 0 deletions lib/form/filepicker.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ function toHtml() {
'maxfiles'=>1,
'ctx_id'=>$PAGE->context->id,
'course'=>$PAGE->course->id,
'sesskey'=>sesskey(),
));

// non js file picker
Expand Down
33 changes: 21 additions & 12 deletions repository/draftfiles_manager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
require_once($CFG->libdir.'/filelib.php');
require_once('lib.php');

require_sesskey();
require_login();

// disable blocks in this page
Expand Down Expand Up @@ -69,7 +70,7 @@

$fs = get_file_storage();

$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs);
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$PAGE->set_url('/repository/draftfiles_manager.php', $params);
$filepicker_url = new moodle_url($CFG->httpswwwroot."/repository/filepicker.php", $params);

Expand Down Expand Up @@ -110,10 +111,10 @@
$home_url->param('draftpath', $draftpath);
$home_url->param('action', 'rename');
echo ' <form method="post" action="'.$home_url->out().'">';
echo ' <input name="newfilename" type="text" value="'.$filename.'" />';
echo ' <input name="filename" type="hidden" value="'.$filename.'" />';
echo ' <input name="draftpath" type="hidden" value="'.$draftpath.'" />';
echo ' <input type="submit" value="'.get_string('rename', 'moodle').'" />';
echo ' <input name="newfilename" type="text" value="'.s($filename).'" />';
echo ' <input name="filename" type="hidden" value="'.s($filename).'" />';
echo ' <input name="draftpath" type="hidden" value="'.s($draftpath).'" />';
echo ' <input type="submit" value="'.s(get_string('rename', 'moodle')).'" />';
echo ' </form>';
echo $OUTPUT->footer();
break;
Expand Down Expand Up @@ -202,7 +203,11 @@
redirect($home_url);
}
echo $OUTPUT->header();
echo '<div><a href="' . $home_url->out() . '">'.get_string('back', 'repository')."</a></div>";

echo $OUTPUT->container_start();
echo html_writer::link($home_url, get_string('back', 'repository'));
echo $OUTPUT->container_end();

$data = new stdclass;
$home_url->param('action', 'movefile');
$home_url->param('draftpath', $draftpath);
Expand All @@ -214,13 +219,17 @@

case 'mkdirform':
echo $OUTPUT->header();
echo '<div><a href="' . $home_url->out() . '">'.get_string('back', 'repository')."</a></div>";

echo $OUTPUT->container_start();
echo html_writer::link($home_url, get_string('back', 'repository'));
echo $OUTPUT->container_end();

$home_url->param('draftpath', $draftpath);
$home_url->param('action', 'mkdir');
echo ' <form method="post" action="'.$home_url->out().'">';
echo ' <input name="newdirname" type="text" />';
echo ' <input name="draftpath" type="hidden" value="'.$draftpath.'" />';
echo ' <input type="submit" value="'.get_string('makeafolder', 'moodle').'" />';
echo ' <input name="draftpath" type="hidden" value="'.s($draftpath).'" />';
echo ' <input type="submit" value="'.s(get_string('makeafolder', 'moodle')).'" />';
echo ' </form>';
echo $OUTPUT->footer();
break;
Expand Down Expand Up @@ -284,7 +293,7 @@
echo ' <a href="'.$home_url->out().'">'.get_string('makeafolder', 'moodle').'</a>';
}
$home_url->param('action', 'downloaddir');
echo ' <a href="'.$home_url->out().'" target="_blank">'.get_string('downloadfolder', 'repository').'</a>';
echo html_writer::link($home_url, get_string('downloadfolder', 'repository'), array('target'=>'_blank'));
}
echo '</div>';

Expand All @@ -298,7 +307,7 @@
$type = mimeinfo('icon', $file->filename);
echo '<li>';
echo '<img src="'.$fileicon. '" class="iconsmall" />';
echo ' <a href="'.$drafturl.'">'.$file->filename.'</a> ';
echo html_writer::link($drafturl, $file->filename);

$home_url->param('filename', $file->filename);
$home_url->param('draftpath', $file->filepath);
Expand Down Expand Up @@ -327,7 +336,7 @@
$home_url->param('action', 'browse');
$home_url->param('draftpath', $file->filepath);
$foldername = trim(array_pop(explode('/', trim($file->filepath, '/'))), '/');
echo ' <a href="'.$home_url->out().'">'.$foldername.'</a>';
echo html_writer::link($home_url, $foldername);

$home_url->param('draftpath', $file->filepath);
$home_url->param('filename', $file->filename);
Expand Down
69 changes: 37 additions & 32 deletions repository/filepicker.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
/// Wait as long as it takes for this script to finish
set_time_limit(0);

require_sesskey();
require_login();

// disable blocks in this page
Expand Down Expand Up @@ -92,7 +93,7 @@
}
}

$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs);
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$params['action'] = 'browse';
$params['draftpath'] = $draftpath;
$home_url = new moodle_url('/repository/draftfiles_manager.php', $params);
Expand Down Expand Up @@ -128,18 +129,18 @@
echo '<td><img src="'.$item['thumbnail'].'" />';
echo '</td><td>';
if (!empty($item['url'])) {
echo '<a href="'.$item['url'].'" target="_blank">'.$item['title'].'</a>';
echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
} else {
echo $item['title'];
}
echo '</td>';
echo '<td>';
echo '<form method="post">';
echo '<input type="hidden" name="fileurl" value="'.$item['source'].'"/>';
echo '<input type="hidden" name="fileurl" value="'.s($item['source']).'"/>';
echo '<input type="hidden" name="action" value="confirm"/>';
echo '<input type="hidden" name="filename" value="'.$item['title'].'"/>';
echo '<input type="hidden" name="thumbnail" value="'.$item['thumbnail'].'"/>';
echo '<input type="submit" value="'.get_string('select','repository').'" />';
echo '<input type="hidden" name="filename" value="'.s($item['title']).'"/>';
echo '<input type="hidden" name="thumbnail" value="'.s($item['thumbnail']).'"/>';
echo '<input type="submit" value="'.s(get_string('select','repository')).'" />';
echo '</form>';
echo '</td>';
echo '</tr>';
Expand All @@ -152,7 +153,11 @@
case 'list':
case 'sign':
echo $OUTPUT->header();
echo '<div><a href="' . $url->out() . '">'.get_string('back', 'repository')."</a></div>";

echo $OUTPUT->container_start();
echo html_writer::link($url, get_string('back', 'repository'));
echo $OUTPUT->container_end();

if ($repo->check_login()) {
$list = $repo->get_listing($req_path, $curr_page);
$dynload = !empty($list['dynload'])?true:false;
Expand All @@ -161,20 +166,20 @@
echo '<label>'.$list['upload']['label'].': </label>';
echo '<input type="file" name="repo_upload_file" /><br />';
echo '<input type="hidden" name="action" value="upload" /><br />';
echo '<input type="hidden" name="draftpath" value="'.$draftpath.'" /><br />';
echo '<input type="hidden" name="savepath" value="'.$savepath.'" /><br />';
echo '<input type="hidden" name="repo_id" value="'.$repo_id.'" /><br />';
echo '<input type="submit" value="'.get_string('upload', 'repository').'" />';
echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
echo '<input type="hidden" name="repo_id" value="'.s($repo_id).'" /><br />';
echo '<input type="submit" value="'.s(get_string('upload', 'repository')).'" />';
echo '</form>';
} else {
if (!empty($list['path'])) {
foreach ($list['path'] as $p) {
//echo '<form method="post" style="display:inline">';
//echo '<input type="hidden" name="p" value="'.$p['path'].'"';
//echo '<input type="hidden" name="p" value="'.s($p['path']).'"';
//echo '<input type="hidden" name="action" value="list"';
//echo '<input type="hidden" name="draftpath" value="'.$draftpath.'" /><br />';
//echo '<input type="hidden" name="savepath" value="'.$savepath.'" /><br />';
//echo '<input style="display:inline" type="submit" value="'.$p['name'].'" />';
//echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
//echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
//echo '<input style="display:inline" type="submit" value="'.s($p['name']).'" />';
//echo '</form>';

$pathurl = new moodle_url($url, array(
Expand All @@ -198,26 +203,26 @@
echo '<td><img src="'.$item['thumbnail'].'" />';
echo '</td><td>';
if (!empty($item['url'])) {
echo '<a href="'.$item['url'].'" target="_blank">'.$item['title'].'</a>';
echo html_writer::link($item['url'], $item['title'], array('target'=>'_blank'));
} else {
echo $item['title'];
}
echo '</td>';
echo '<td>';
if (!isset($item['children'])) {
echo '<form method="post">';
echo '<input type="hidden" name="fileurl" value="'.$item['source'].'"/>';
echo '<input type="hidden" name="fileurl" value="'.s($item['source']).'"/>';
echo '<input type="hidden" name="action" value="confirm"/>';
echo '<input type="hidden" name="draftpath" value="'.$draftpath.'" /><br />';
echo '<input type="hidden" name="savepath" value="'.$savepath.'" /><br />';
echo '<input type="hidden" name="filename" value="'.$item['title'].'"/>';
echo '<input type="hidden" name="thumbnail" value="'.$item['thumbnail'].'"/>';
echo '<input type="submit" value="'.get_string('select','repository').'" />';
echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
echo '<input type="hidden" name="filename" value="'.s($item['title']).'"/>';
echo '<input type="hidden" name="thumbnail" value="'.s($item['thumbnail']).'"/>';
echo '<input type="submit" value="'.s(get_string('select','repository')).'" />';
echo '</form>';
} else {
echo '<form method="post">';
echo '<input type="hidden" name="p" value="'.$item['path'].'"/>';
echo '<input type="submit" value="'.get_string('enter', 'repository').'" />';
echo '<input type="hidden" name="p" value="'.s($item['path']).'"/>';
echo '<input type="submit" value="'.s(get_string('enter', 'repository')).'" />';
echo '</form>';
}
echo '</td>';
Expand All @@ -228,7 +233,7 @@
} else {
echo '<form method="post">';
echo '<input type="hidden" name="action" value="sign" />';
echo '<input type="hidden" name="repo_id" value="'.$repo_id.'" />';
echo '<input type="hidden" name="repo_id" value="'.s($repo_id).'" />';
$repo->print_login();
echo '</form>';
}
Expand All @@ -252,7 +257,7 @@
$record->author = '';
$record->source = $thefile['url'];
$info = repository::move_to_filepool($thefile['path'], $record);
redirect($home_url, get_string('downloadsucc','repository'));
redirect($home_url, get_string('downloadsucc', 'repository'));
} else {
print_error('cannotdownload', 'repository');
}
Expand All @@ -267,17 +272,17 @@
echo '<table>';
echo ' <tr>';
echo ' <td><label>'.get_string('filename', 'repository').'</label></td>';
echo ' <td><input type="text" name="filename" value="'.$filename.'" /></td>';
echo ' <td><input type="hidden" name="fileurl" value="'.$fileurl.'" /></td>';
echo ' <td><input type="text" name="filename" value="'.s($filename).'" /></td>';
echo ' <td><input type="hidden" name="fileurl" value="'.s($fileurl).'" /></td>';
echo ' <td><input type="hidden" name="action" value="download" /></td>';
echo ' <td><input type="hidden" name="itemid" value="'.$itemid.'" /></td>';
echo ' <td><input type="hidden" name="itemid" value="'.s($itemid).'" /></td>';
echo ' </tr>';
echo '</table>';
echo '<div>';
// the save path
echo ' <input name="draftpath" type="hidden" value="'.$draftpath.'" />';
echo ' <input name="savepath" type="hidden" value="'.$savepath.'" />';
echo ' <input type="submit" value="'.get_string('download', 'repository').'" />';
echo ' <input name="draftpath" type="hidden" value="'.s($draftpath).'" />';
echo ' <input name="savepath" type="hidden" value="'.s($savepath).'" />';
echo ' <input type="submit" value="'.s(get_string('download', 'repository')).'" />';
echo '</div>';
echo '</form>';
echo $OUTPUT->footer();
Expand Down

0 comments on commit 7126772

Please sign in to comment.