MDL-23916 JS now allowed on private /my/ pages again
[moodle.git] / blocks / html / block_html.php
CommitLineData
4ca6cfbf 1<?php
86db09ef 2
64f93798
PS
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Form for editing HTML block instances.
20 *
21 * @package block_html
22 * @copyright 1999 onwards Martin Dougiamas (http://dougiamas.com)
23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24 */
25
86db09ef 26class block_html extends block_base {
27
28 function init() {
8c5bba16 29 $this->title = get_string('pluginname', 'block_html');
86db09ef 30 }
31
b959599b 32 function applicable_formats() {
33 return array('all' => true);
34 }
35
86db09ef 36 function specialization() {
f36acb35 37 $this->title = isset($this->config->title) ? format_string($this->config->title) : format_string(get_string('newhtmlblock', 'block_html'));
86db09ef 38 }
39
40 function instance_allow_multiple() {
41 return true;
42 }
43
44 function get_content() {
86db09ef 45 if ($this->content !== NULL) {
46 return $this->content;
47 }
48
3179b000 49 if ($this->content_is_trusted()) {
e92c286c 50 // fancy html allowed only on course, category and system blocks.
e8a7edd7 51 $filteropt = new stdClass;
52 $filteropt->noclean = true;
53 } else {
54 $filteropt = null;
55 }
e345909c 56
86db09ef 57 $this->content = new stdClass;
86db09ef 58 $this->content->footer = '';
94ee9ae0 59 if (isset($this->config->text)) {
41976db3 60 // rewrite url
ce162914
DC
61 $this->config->text = file_rewrite_pluginfile_urls($this->config->text, 'pluginfile.php', $this->context->id, 'block_html', 'content', NULL);
62 $this->content->text = format_text($this->config->text, $this->config->format, $filteropt);
94ee9ae0
MD
63 } else {
64 $this->content->text = '';
65 }
86db09ef 66
e345909c 67 unset($filteropt); // memory footprint
68
86db09ef 69 return $this->content;
70 }
43457dc8 71
41976db3
DC
72
73 /**
74 * Serialize and store config data
75 */
76 function instance_config_save($data, $nolongerused = false) {
77 global $DB;
78
ce162914 79 $config = clone($data);
41976db3 80 // Move embedded files into a proper filearea and adjust HTML links to match
ce162914
DC
81 $config->text = file_save_draft_area_files($data->text['itemid'], $this->context->id, 'block_html', 'content', 0, array('subdirs'=>true), $data->text['text']);
82 $config->format = $data->text['format'];
41976db3 83
ce162914 84 parent::instance_config_save($config, $nolongerused);
41976db3
DC
85 }
86
af140288
DC
87 function instance_delete() {
88 global $DB;
89 $fs = get_file_storage();
64f93798 90 $fs->delete_area_files($this->context->id, 'block_html');
af140288
DC
91 return true;
92 }
41976db3 93
3179b000 94 function content_is_trusted() {
d449b246
PS
95 global $SCRIPT;
96
758bfdf6
PS
97 if (!$context = get_context_instance_by_id($this->instance->parentcontextid)) {
98 return false;
99 }
d449b246
PS
100 //find out if this block is on the profile page
101 if ($context->contextlevel == CONTEXT_USER) {
102 if ($SCRIPT === '/my/index.php') {
103 // this is exception - page is completely private, nobody else may see content there
104 // that is why we allow JS here
105 return true;
106 } else {
107 // no JS on public personal pages, it would be a big security issue
108 return false;
109 }
110 }
111
112 return true;
3179b000 113 }
114
5cfefc9b 115 /**
116 * Will be called before an instance of this block is backed up, so that any links in
117 * any links in any HTML fields on config can be encoded.
118 * @return string
119 */
120 function get_backup_encoded_config() {
83fc4004 121 /// Prevent clone for non configured block instance. Delegate to parent as fallback.
122 if (empty($this->config)) {
123 return parent::get_backup_encoded_config();
124 }
5cfefc9b 125 $data = clone($this->config);
126 $data->text = backup_encode_absolute_links($data->text);
127 return base64_encode(serialize($data));
43457dc8 128 }
129
5cfefc9b 130 /**
131 * This function makes all the necessary calls to {@link restore_decode_content_links_worker()}
4ca6cfbf
PS
132 * function in order to decode contents of this block from the backup
133 * format to destination site/course in order to mantain inter-activities
134 * working in the backup/restore process.
135 *
5cfefc9b 136 * This is called from {@link restore_decode_content_links()} function in the restore process.
137 *
138 * NOTE: There is no block instance when this method is called.
139 *
140 * @param object $restore Standard restore object
141 * @return boolean
142 **/
143 function decode_content_links_caller($restore) {
f28f2d90 144 global $CFG, $DB;
5cfefc9b 145
f28f2d90 146 if ($restored_blocks = $DB->get_records_select("backup_ids", "table_name = 'block_instance' AND backup_code = ? AND new_id > 0", array($restore->backup_unique_code), "", "new_id")) {
5cfefc9b 147 $restored_blocks = implode(',', array_keys($restored_blocks));
148 $sql = "SELECT bi.*
f28f2d90 149 FROM {block_instance} bi
150 JOIN {block} b ON b.id = bi.blockid
4ca6cfbf 151 WHERE b.name = 'html' AND bi.id IN ($restored_blocks)";
5cfefc9b 152
f28f2d90 153 if ($instances = $DB->get_records_sql($sql)) {
5cfefc9b 154 foreach ($instances as $instance) {
155 $blockobject = block_instance('html', $instance);
156 $blockobject->config->text = restore_decode_absolute_links($blockobject->config->text);
157 $blockobject->config->text = restore_decode_content_links_worker($blockobject->config->text, $restore);
e92c286c 158 $blockobject->instance_config_commit();
5cfefc9b 159 }
160 }
161 }
162
163 return true;
43457dc8 164 }
86db09ef 165}