MDL-41807 repository_filesystem: Prevent access to parent directories
[moodle.git] / calendar / event.php
CommitLineData
93c91ee4 1<?php
7423f116 2
3/////////////////////////////////////////////////////////////////////////////
4// //
5// NOTICE OF COPYRIGHT //
6// //
7// Moodle - Calendar extension //
8// //
9// Copyright (C) 2003-2004 Greek School Network www.sch.gr //
10// //
11// Designed by: //
bdcb26b7 12// Avgoustos Tsinakos (tsinakos@teikav.edu.gr) //
13// Jon Papaioannou (pj@moodle.org) //
7423f116 14// //
15// Programming and development: //
bdcb26b7 16// Jon Papaioannou (pj@moodle.org) //
7423f116 17// //
18// For bugs, suggestions, etc contact: //
bdcb26b7 19// Jon Papaioannou (pj@moodle.org) //
7423f116 20// //
21// The current module was developed at the University of Macedonia //
22// (www.uom.gr) under the funding of the Greek School Network (www.sch.gr) //
23// The aim of this project is to provide additional and improved //
24// functionality to the Asynchronous Distance Education service that the //
25// Greek School Network deploys. //
26// //
27// This program is free software; you can redistribute it and/or modify //
28// it under the terms of the GNU General Public License as published by //
29// the Free Software Foundation; either version 2 of the License, or //
30// (at your option) any later version. //
31// //
32// This program is distributed in the hope that it will be useful, //
33// but WITHOUT ANY WARRANTY; without even the implied warranty of //
34// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
35// GNU General Public License for more details: //
36// //
37// http://www.gnu.org/copyleft/gpl.html //
38// //
39/////////////////////////////////////////////////////////////////////////////
40
93c91ee4 41/**
76d9df3f 42 * This file is part of the Calendar section Moodle
93c91ee4 43 *
44 * @copyright 2003-2004 Jon Papaioannou (pj@moodle.org)
45 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v2 or later
46 * @package calendar
47 */
48
49require_once('../config.php');
76d9df3f 50require_once($CFG->dirroot.'/calendar/event_form.php');
93c91ee4 51require_once($CFG->dirroot.'/calendar/lib.php');
52require_once($CFG->dirroot.'/course/lib.php');
93c91ee4 53
54require_login();
55
76d9df3f 56$action = optional_param('action', 'new', PARAM_ALPHA);
93c91ee4 57$eventid = optional_param('id', 0, PARAM_INT);
797cedc7
SH
58$courseid = optional_param('courseid', SITEID, PARAM_INT);
59$courseid = optional_param('course', $courseid, PARAM_INT);
93c91ee4 60$cal_y = optional_param('cal_y', 0, PARAM_INT);
61$cal_m = optional_param('cal_m', 0, PARAM_INT);
62$cal_d = optional_param('cal_d', 0, PARAM_INT);
63
797cedc7
SH
64$url = new moodle_url('/calendar/event.php', array('action' => $action));
65if ($eventid != 0) {
66 $url->param('id', $eventid);
67}
68if ($courseid != SITEID) {
69 $url->param('course', $courseid);
70}
71if ($cal_y !== 0) {
72 $url->param('cal_y', $cal_y);
73}
74if ($cal_m !== 0) {
75 $url->param('cal_m', $cal_m);
76}
77if ($cal_d !== 0) {
78 $url->param('cal_d', $cal_d);
76d9df3f 79}
93c91ee4 80$PAGE->set_url($url);
36dc3b71 81$PAGE->set_pagelayout('standard');
93c91ee4 82
797cedc7
SH
83if ($courseid != SITEID && !empty($courseid)) {
84 $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
85 $courses = array($course->id => $course);
86 $issite = false;
87} else {
88 $course = get_site();
89 $courses = calendar_get_default_courses();
90 $issite = true;
91}
92require_login($course, false);
93
94if ($action === 'delete' && $eventid > 0) {
a6855934 95 $deleteurl = new moodle_url('/calendar/delete.php', array('id'=>$eventid));
76d9df3f
SH
96 if ($courseid > 0) {
97 $deleteurl->param('course', $courseid);
98 }
99 redirect($deleteurl);
100}
101
36dc3b71 102$calendar = new calendar_information($cal_d, $cal_m, $cal_y);
797cedc7 103$calendar->prepare_for_view($course, $courses);
93c91ee4 104
76d9df3f 105$formoptions = new stdClass;
76d9df3f
SH
106if ($eventid !== 0) {
107 $title = get_string('editevent', 'calendar');
108 $event = calendar_event::load($eventid);
109 if (!calendar_edit_event_allowed($event)) {
110 print_error('nopermissions');
36dc3b71 111 }
76d9df3f
SH
112 $event->action = $action;
113 $event->course = $courseid;
114 $event->timedurationuntil = $event->timestart + $event->timeduration;
115 $event->count_repeats();
93c91ee4 116
76d9df3f
SH
117 if (!calendar_add_event_allowed($event)) {
118 print_error('nopermissions');
36dc3b71
SH
119 }
120} else {
76d9df3f 121 $title = get_string('newevent', 'calendar');
797cedc7 122 calendar_get_allowed_types($formoptions->eventtypes, $course);
f4700b91 123 $event = new stdClass();
76d9df3f
SH
124 $event->action = $action;
125 $event->course = $courseid;
ffdccab0 126 $event->courseid = $courseid;
76d9df3f
SH
127 $event->timeduration = 0;
128 if ($formoptions->eventtypes->courses) {
797cedc7 129 if (!$issite) {
76d9df3f 130 $event->eventtype = 'course';
93c91ee4 131 } else {
76d9df3f
SH
132 unset($formoptions->eventtypes->courses);
133 unset($formoptions->eventtypes->groups);
93c91ee4 134 }
36dc3b71
SH
135 }
136 if($cal_y && $cal_m && $cal_d && checkdate($cal_m, $cal_d, $cal_y)) {
76d9df3f
SH
137 $event->timestart = make_timestamp($cal_y, $cal_m, $cal_d, 0, 0, 0);
138 } else if($cal_y && $cal_m && checkdate($cal_m, 1, $cal_y)) {
797cedc7 139 $now = usergetdate(time());
36dc3b71 140 if($cal_y == $now['year'] && $cal_m == $now['mon']) {
76d9df3f
SH
141 $event->timestart = make_timestamp($cal_y, $cal_m, $now['mday'], 0, 0, 0);
142 } else {
143 $event->timestart = make_timestamp($cal_y, $cal_m, 1, 0, 0, 0);
36dc3b71
SH
144 }
145 }
f4700b91 146 $event = new calendar_event($event);
76d9df3f
SH
147 if (!calendar_add_event_allowed($event)) {
148 print_error('nopermissions');
36dc3b71
SH
149 }
150}
7423f116 151
76d9df3f
SH
152$properties = $event->properties(true);
153$formoptions->event = $event;
154$formoptions->hasduration = ($event->timeduration > 0);
155$mform = new event_form(null, $formoptions);
156$mform->set_data($properties);
157$data = $mform->get_data();
158if ($data) {
159 if ($data->duration == 1) {
160 $data->timeduration = $data->timedurationuntil- $data->timestart;
161 } else if ($data->duration == 2) {
162 $data->timeduration = $data->timedurationminutes * MINSECS;
163 } else {
164 $data->timeduration = 0;
bdbae764 165 }
7423f116 166
76d9df3f 167 $event->update($data);
797cedc7
SH
168
169 $params = array(
170 'view' => 'day',
b4355cfb
DP
171 'cal_d' => userdate($event->timestart, '%d'),
172 'cal_m' => userdate($event->timestart, '%m'),
173 'cal_y' => userdate($event->timestart, '%Y'),
797cedc7
SH
174 );
175 $eventurl = new moodle_url('/calendar/view.php', $params);
176 if (!empty($event->courseid) && $event->courseid != SITEID) {
76d9df3f 177 $eventurl->param('course', $event->courseid);
bdbae764 178 }
76d9df3f
SH
179 $eventurl->set_anchor('event_'.$event->id);
180 redirect($eventurl);
bdbae764 181}
7423f116 182
797cedc7
SH
183$viewcalendarurl = new moodle_url(CALENDAR_URL.'view.php', $PAGE->url->params());
184$viewcalendarurl->remove_params(array('id', 'action'));
185$viewcalendarurl->param('view', 'upcoming');
186$strcalendar = get_string('calendar', 'calendar');
187
188$PAGE->navbar->add($strcalendar, $viewcalendarurl);
76d9df3f 189$PAGE->navbar->add($title);
797cedc7
SH
190$PAGE->set_title($course->shortname.': '.$strcalendar.': '.$title);
191$PAGE->set_heading($course->fullname);
3c134875 192
36dc3b71
SH
193$renderer = $PAGE->get_renderer('core_calendar');
194$calendar->add_sidecalendar_blocks($renderer);
93c91ee4 195
36dc3b71
SH
196echo $OUTPUT->header();
197echo $renderer->start_layout();
76d9df3f
SH
198echo $OUTPUT->heading($title);
199$mform->display();
36dc3b71 200echo $renderer->complete_layout();
93c91ee4 201echo $OUTPUT->footer();