MDL-68292 core: Remove sesskey leakage on module pages
[moodle.git] / admin / modules.php
CommitLineData
20207b82 1<?php
7f30d941 2 // Allows the admin to manage activity modules
5867bfb5 3
636c2c08 4 require_once('../config.php');
778951f8 5 require_once('../course/lib.php');
6e4dc10f 6 require_once($CFG->libdir.'/adminlib.php');
778951f8 7 require_once($CFG->libdir.'/tablelib.php');
8
9 // defines
10 define('MODULE_TABLE','module_administration_table');
11
1ae083e4 12 admin_externalpage_setup('managemodules');
5867bfb5 13
aff24313
PS
14 $show = optional_param('show', '', PARAM_PLUGIN);
15 $hide = optional_param('hide', '', PARAM_PLUGIN);
5867bfb5 16
5867bfb5 17
18/// Print headings
19
bee4702d 20 $stractivities = get_string("activities");
dd24dd37 21 $struninstall = get_string('uninstallplugin', 'core_admin');
1e169427 22 $strversion = get_string("version");
5867bfb5 23 $strhide = get_string("hide");
24 $strshow = get_string("show");
4e299145 25 $strsettings = get_string("settings");
9bf45e00 26 $stractivities = get_string("activities");
5867bfb5 27 $stractivitymodule = get_string("activitymodule");
616ad119 28 $strshowmodulecourse = get_string('showmodulecourse');
5867bfb5 29
5867bfb5 30/// If data submitted, then process and store.
31
5ba7f1b7 32 if (!empty($hide) and confirm_sesskey()) {
b9a66360 33 if (!$module = $DB->get_record("modules", array("name"=>$hide))) {
4fd532ea 34 print_error('moduledoesnotexist', 'error');
5867bfb5 35 }
b9a66360 36 $DB->set_field("modules", "visible", "0", array("id"=>$module->id)); // Hide main module
6b6eea55 37 // Remember the visibility status in visibleold
38 // and hide...
b9a66360 39 $sql = "UPDATE {course_modules}
40 SET visibleold=visible, visible=0
41 WHERE module=?";
42 $DB->execute($sql, array($module->id));
4a3fb71c
MG
43 // Increment course.cacherev for courses where we just made something invisible.
44 // This will force cache rebuilding on the next request.
45 increment_revision_number('course', 'cacherev',
46 "id IN (SELECT DISTINCT course
b9a66360 47 FROM {course_modules}
4a3fb71c
MG
48 WHERE visibleold=1 AND module=?)",
49 array($module->id));
e87214bd 50 core_plugin_manager::reset_caches();
220a90c5 51 admin_get_root(true, false); // settings not required - only pages
3f04dbee 52 redirect(new moodle_url('/admin/modules.php'));
5867bfb5 53 }
54
5ba7f1b7 55 if (!empty($show) and confirm_sesskey()) {
b9a66360 56 if (!$module = $DB->get_record("modules", array("name"=>$show))) {
4fd532ea 57 print_error('moduledoesnotexist', 'error');
5867bfb5 58 }
b9a66360 59 $DB->set_field("modules", "visible", "1", array("id"=>$module->id)); // Show main module
73f27e16 60 $DB->set_field('course_modules', 'visible', '1', array('visibleold'=>1, 'module'=>$module->id)); // Get the previous saved visible state for the course module.
4a3fb71c
MG
61 // Increment course.cacherev for courses where we just made something visible.
62 // This will force cache rebuilding on the next request.
63 increment_revision_number('course', 'cacherev',
64 "id IN (SELECT DISTINCT course
b9a66360 65 FROM {course_modules}
4a3fb71c
MG
66 WHERE visible=1 AND module=?)",
67 array($module->id));
e87214bd 68 core_plugin_manager::reset_caches();
220a90c5 69 admin_get_root(true, false); // settings not required - only pages
3f04dbee 70 redirect(new moodle_url('/admin/modules.php'));
5867bfb5 71 }
72
61ef8f9f 73 echo $OUTPUT->header();
2fff8846 74 echo $OUTPUT->heading($stractivities);
220a90c5 75
5867bfb5 76/// Get and sort the existing modules
77
d9a8e12d 78 if (!$modules = $DB->get_records('modules', array(), 'name ASC')) {
4fd532ea 79 print_error('moduledoesnotexist', 'error');
5867bfb5 80 }
81
5867bfb5 82/// Print the table of all modules
778951f8 83 // construct the flexible table ready to display
84 $table = new flexible_table(MODULE_TABLE);
dd24dd37 85 $table->define_columns(array('name', 'instances', 'version', 'hideshow', 'uninstall', 'settings'));
e87214bd 86 $table->define_headers(array($stractivitymodule, $stractivities, $strversion, "$strhide/$strshow", $strsettings, $struninstall));
e12d37df 87 $table->define_baseurl($CFG->wwwroot.'/'.$CFG->admin.'/modules.php');
88 $table->set_attribute('id', 'modules');
e87214bd 89 $table->set_attribute('class', 'admintable generaltable');
778951f8 90 $table->setup();
5867bfb5 91
7cdd97b2
TM
92 $pluginmanager = core_plugin_manager::instance();
93
d9a8e12d 94 foreach ($modules as $module) {
7cdd97b2
TM
95 $plugininfo = $pluginmanager->get_plugin_info('mod_'.$module->name);
96 $status = $plugininfo->get_status();
5867bfb5 97
7cdd97b2 98 if ($status === core_plugin_manager::PLUGIN_STATUS_MISSING) {
d9a8e12d
PS
99 $strmodulename = '<span class="notifyproblem">'.$module->name.' ('.get_string('missingfromdisk').')</span>';
100 $missing = true;
101 } else {
102 // took out hspace="\10\", because it does not validate. don't know what to replace with.
663640f5 103 $icon = "<img src=\"" . $OUTPUT->image_url('icon', $module->name) . "\" class=\"icon\" alt=\"\" />";
d9a8e12d
PS
104 $strmodulename = $icon.' '.get_string('modulename', $module->name);
105 $missing = false;
106 }
5867bfb5 107
dd24dd37 108 $uninstall = '';
e87214bd 109 if ($uninstallurl = core_plugin_manager::instance()->get_uninstall_url('mod_'.$module->name, 'manage')) {
dd24dd37 110 $uninstall = html_writer::link($uninstallurl, $struninstall);
cd79930e 111 }
5867bfb5 112
0a82a1bb 113 if (file_exists("$CFG->dirroot/mod/$module->name/settings.php") ||
114 file_exists("$CFG->dirroot/mod/$module->name/settingstree.php")) {
220a90c5 115 $settings = "<a href=\"settings.php?section=modsetting$module->name\">$strsettings</a>";
4e299145 116 } else {
117 $settings = "";
118 }
119
c259e5f6
PS
120 try {
121 $count = $DB->count_records_select($module->name, "course<>0");
122 } catch (dml_exception $e) {
123 $count = -1;
124 }
616ad119 125 if ($count>0) {
3f04dbee
BH
126 $countlink = $OUTPUT->action_link(new moodle_url('/course/search.php', ['modulelist' => $module->name]),
127 $count, null, ['title' => $strshowmodulecourse]);
c259e5f6
PS
128 } else if ($count < 0) {
129 $countlink = get_string('error');
130 } else {
616ad119 131 $countlink = "$count";
132 }
9bf45e00 133
d9a8e12d
PS
134 if ($missing) {
135 $visible = '';
136 $class = '';
137 } else if ($module->visible) {
973d2660 138 $visible = "<a href=\"modules.php?hide=$module->name&amp;sesskey=".sesskey()."\" title=\"$strhide\">".
663640f5 139 $OUTPUT->pix_icon('t/hide', $strhide) . '</a>';
d9a8e12d 140 $class = '';
5867bfb5 141 } else {
973d2660 142 $visible = "<a href=\"modules.php?show=$module->name&amp;sesskey=".sesskey()."\" title=\"$strshow\">".
663640f5 143 $OUTPUT->pix_icon('t/show', $strshow) . '</a>';
e87214bd 144 $class = 'dimmed_text';
5867bfb5 145 }
146 if ($module->name == "forum") {
dd24dd37 147 $uninstall = "";
5867bfb5 148 $visible = "";
149 $class = "";
150 }
bde002b8 151 $version = get_config('mod_'.$module->name, 'version');
ac42d5c6 152
778951f8 153 $table->add_data(array(
e87214bd 154 $strmodulename,
220a90c5 155 $countlink,
e87214bd 156 $version,
220a90c5 157 $visible,
e87214bd 158 $settings,
dd24dd37 159 $uninstall,
e87214bd 160 ), $class);
5867bfb5 161 }
5867bfb5 162
778951f8 163 $table->print_html();
5867bfb5 164
73d6f52f 165 echo $OUTPUT->footer();
5867bfb5 166
20207b82 167