Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-32018 mod_wiki: Improved form definitions to ensure they consiste…

…nt and secure
  • Loading branch information...
commit f7ff0f6d178437ee319d94029980b9a8e64cdb55 1 parent a280d40
Sam Hemelryk samhemelryk authored
7 mod/wiki/comments_form.php
View
@@ -7,9 +7,8 @@
require_once($CFG->dirroot . '/lib/formslib.php');
class mod_wiki_comments_form extends moodleform {
- function definition() {
- $pageid = optional_param('pageid', 0, PARAM_INT);
- $mform =& $this->_form;
+ protected function definition() {
+ $mform = $this->_form;
$current = $this->_customdata['current'];
$commentoptions = $this->_customdata['commentoptions'];
@@ -24,7 +23,7 @@ function definition() {
$mform->setType('id', PARAM_INT);
$mform->addElement('hidden', 'action', '');
- $mform->setType('action', PARAM_ACTION);
+ $mform->setType('action', PARAM_ALPHAEXT);
//-------------------------------------------------------------------------------
// buttons
11 mod/wiki/create_form.php
View
@@ -29,8 +29,7 @@
class mod_wiki_create_form extends moodleform {
protected function definition() {
- global $CFG;
- $mform =& $this->_form;
+ $mform = $this->_form;
$formats = $this->_customdata['formats'];
$defaultformat = $this->_customdata['defaultformat'];
@@ -43,6 +42,8 @@ protected function definition() {
$textoptions = array('readonly'=>'readonly');
}
$mform->addElement('text', 'pagetitle', get_string('newpagetitle', 'wiki'), $textoptions);
+ $mform->setType('pagetitle', PARAM_TEXT);
+ $mform->addRule('pagetitle', get_string('required'), 'required', null, 'client');
if ($forceformat) {
$mform->addElement('hidden', 'pageformat', $defaultformat);
@@ -60,10 +61,12 @@ protected function definition() {
$mform->addElement('radio', 'pageformat', '', get_string('format'.$format, 'wiki'), $format, $attr);
}
}
+ $mform->setType('pageformat', PARAM_ALPHANUMEXT);
+ $mform->addRule('pageformat', get_string('required'), 'required', null, 'client');
//hiddens
- $mform->addElement('hidden', 'action');
- $mform->setDefault('action', 'create');
+ $mform->addElement('hidden', 'action', 'create');
+ $mform->setType('action', PARAM_ALPHA);
$this->add_action_buttons(false, get_string('createpage', 'wiki'));
}
34 mod/wiki/edit_form.php
View
@@ -38,20 +38,16 @@ class mod_wiki_edit_form extends moodleform {
protected function definition() {
global $CFG;
- $mform =& $this->_form;
+ $mform = $this->_form;
$version = $this->_customdata['version'];
$format = $this->_customdata['format'];
- $tags = !isset($this->_customdata['tags'])?"":$this->_customdata['tags'];
-
- if ($format != 'html') {
- $contextid = $this->_customdata['contextid'];
- $filearea = $this->_customdata['filearea'];
- $fileitemid = $this->_customdata['fileitemid'];
- }
+ $pagetitle = $this->_customdata['pagetitle'];
+ $contextid = $this->_customdata['contextid'];
if (isset($this->_customdata['pagetitle'])) {
- $pagetitle = get_string('editingpage', 'wiki', $this->_customdata['pagetitle']);
+ // Page title must be formatted properly here as this is output and not an element.
+ $pagetitle = get_string('editingpage', 'wiki', format_string($pagetitle, true, array('context' => get_context_instance_by_id($contextid, MUST_EXIST))));
} else {
$pagetitle = get_string('editing', 'wiki');
}
@@ -65,7 +61,7 @@ protected function definition() {
$ft = new filetype_parser;
$extensions = $ft->get_extensions('image');
$fs = get_file_storage();
- $tree = $fs->get_area_tree($contextid, 'mod_wiki', 'attachments', $fileitemid);
+ $tree = $fs->get_area_tree($contextid, 'mod_wiki', $this->_customdata['filearea'], $this->_customdata['fileitemid']);
$files = array();
foreach ($tree['files'] as $file) {
$filename = $file->get_filename();
@@ -77,30 +73,34 @@ protected function definition() {
}
$mform->addElement('wikieditor', 'newcontent', $fieldname, array('cols' => 100, 'rows' => 20, 'wiki_format' => $format, 'files'=>$files));
$mform->addHelpButton('newcontent', 'format'.$format, 'wiki');
+ $mform->setType('newcontent', PARAM_RAW); // processed by trust text or cleaned before the display
} else {
$mform->addElement('editor', 'newcontent_editor', $fieldname, null, page_wiki_edit::$attachmentoptions);
$mform->addHelpButton('newcontent_editor', 'formathtml', 'wiki');
+ $mform->setType('newcontent_editor', PARAM_RAW); // processed by trust text or cleaned before the display
}
//hiddens
if ($version >= 0) {
- $mform->addElement('hidden', 'version');
- $mform->setDefault('version', $version);
+ $mform->addElement('hidden', 'version', $version);
+ $mform->setType('version', PARAM_FLOAT);
}
- $mform->addElement('hidden', 'contentformat');
- $mform->setDefault('contentformat', $format);
+ $mform->addElement('hidden', 'contentformat', $format);
+ $mform->setType('contentformat', PARAM_ALPHANUMEXT);
if (!empty($CFG->usetags)) {
+ $tags = !isset($this->_customdata['tags'])?"":$this->_customdata['tags'];
$mform->addElement('header', 'tagshdr', get_string('tags', 'tag'));
$mform->addElement('tags', 'tags', get_string('tags'));
$mform->setDefault('tags', $tags);
+ $mform->setType('tags', PARAM_TEXT);
}
$buttongroup = array();
- $buttongroup[] =& $mform->createElement('submit', 'editoption', get_string('save', 'wiki'), array('id' => 'save'));
- $buttongroup[] =& $mform->createElement('submit', 'editoption', get_string('preview'), array('id' => 'preview'));
- $buttongroup[] =& $mform->createElement('submit', 'editoption', get_string('cancel'), array('id' => 'cancel'));
+ $buttongroup[] = $mform->createElement('submit', 'editoption', get_string('save', 'wiki'), array('id' => 'save'));
+ $buttongroup[] = $mform->createElement('submit', 'editoption', get_string('preview'), array('id' => 'preview'));
+ $buttongroup[] = $mform->createElement('submit', 'editoption', get_string('cancel'), array('id' => 'cancel'));
$mform->addGroup($buttongroup, 'buttonar', '', array(' '), false);
$mform->closeHeaderBefore('buttonar');
6 mod/wiki/filesedit_form.php
View
@@ -27,15 +27,19 @@
require_once("$CFG->libdir/formslib.php");
class mod_wiki_filesedit_form extends moodleform {
- function definition() {
+ protected function definition() {
$mform = $this->_form;
$data = $this->_customdata['data'];
$options = $this->_customdata['options'];
$mform->addElement('filemanager', 'files_filemanager', get_string('files'), null, $options);
+
$mform->addElement('hidden', 'returnurl', $data->returnurl);
+ $mform->setType('returnurl', PARAM_URL);
+
$mform->addElement('hidden', 'subwiki', $data->subwikiid);
+ $mform->setType('subwiki', PARAM_INT);
$this->add_action_buttons(true, get_string('savechanges'));
31 mod/wiki/mod_form.php
View
@@ -41,28 +41,24 @@
class mod_wiki_mod_form extends moodleform_mod {
- function definition() {
-
- global $COURSE;
- $mform =& $this->_form;
+ protected function definition() {
+ $mform = $this->_form;
+ $required = get_string('required');
//-------------------------------------------------------------------------------
- /// Adding the "general" fieldset, where all the common settings are showed
+ // Adding the "general" fieldset, where all the common settings are showed
$mform->addElement('header', 'general', get_string('general', 'form'));
- /// Adding the standard "name" field
+
+ // Adding the standard "name" field
$mform->addElement('text', 'name', get_string('wikiname', 'wiki'), array('size' => '64'));
$mform->setType('name', PARAM_TEXT);
- $mform->addRule('name', null, 'required', null, 'client');
- /// Adding the optional "intro" and "introformat" pair of fields
- // $mform->addElement('htmleditor', 'intro', get_string('wikiintro', 'wiki'));
- // $mform->setType('intro', PARAM_RAW);
- // $mform->addRule('intro', get_string('required'), 'required', null, 'client');
- //
- // $mform->addElement('format', 'introformat', get_string('format'));
+ $mform->addRule('name', $required, 'required', null, 'client');
+ // Adding the optional "intro" and "introformat" pair of fields
$this->add_intro_editor(true, get_string('wikiintro', 'wiki'));
+
//-------------------------------------------------------------------------------
- /// Adding the rest of wiki settings, spreeading all them into this fieldset
- /// or adding more fieldsets ('header' elements) if needed for better logic
+ // Adding the rest of wiki settings, spreeading all them into this fieldset
+ // or adding more fieldsets ('header' elements) if needed for better logic
$mform->addElement('header', 'wikifieldset', get_string('wikisettings', 'wiki'));
@@ -75,9 +71,9 @@ function definition() {
$mform->addElement('text', 'firstpagetitle', get_string('firstpagetitle', 'wiki'), $attr);
$mform->addHelpButton('firstpagetitle', 'firstpagetitle', 'wiki');
-
+ $mform->setType('firstpagetitle', PARAM_TEXT);
if (empty($this->_instance)) {
- $mform->addRule('firstpagetitle', null, 'required', null, 'client');
+ $mform->addRule('firstpagetitle', $required, 'required', null, 'client');
}
$wikimodeoptions = array ('collaborative' => get_string('wikimodecollaborative', 'wiki'), 'individual' => get_string('wikimodeindividual', 'wiki'));
@@ -96,6 +92,7 @@ function definition() {
}
$mform->addElement('select', 'defaultformat', get_string('defaultformat', 'wiki'), $editoroptions);
$mform->addHelpButton('defaultformat', 'defaultformat', 'wiki');
+
$mform->addElement('checkbox', 'forceformat', get_string('forceformat', 'wiki'));
$mform->addHelpButton('forceformat', 'forceformat', 'wiki');
Please sign in to comment.
Something went wrong with that request. Please try again.