MDL-69431 course: validate section url param against maxsections
[moodle.git] / course / modedit.php
CommitLineData
aa54ed7b 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
ba9dc077
SH
19* Adds or updates modules in a course using new formslib
20*
21* @package moodlecore
22* @copyright 1999 onwards Martin Dougiamas (http://dougiamas.com)
23* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24*/
25
26require_once("../config.php");
27require_once("lib.php");
28require_once($CFG->libdir.'/filelib.php');
29require_once($CFG->libdir.'/gradelib.php');
30require_once($CFG->libdir.'/completionlib.php');
bce59524 31require_once($CFG->libdir.'/plagiarismlib.php');
80fe0c19 32require_once($CFG->dirroot . '/course/modlib.php');
ba9dc077 33
1e7e255d 34$add = optional_param('add', '', PARAM_ALPHANUM); // Module name.
ba9dc077
SH
35$update = optional_param('update', 0, PARAM_INT);
36$return = optional_param('return', 0, PARAM_BOOL); //return to course/view.php if false or mod/modname/view.php if true
37$type = optional_param('type', '', PARAM_ALPHANUM); //TODO: hopefully will be removed in 2.0
923451c5 38$sectionreturn = optional_param('sr', null, PARAM_INT);
ba9dc077
SH
39
40$url = new moodle_url('/course/modedit.php');
a41b1d96 41$url->param('sr', $sectionreturn);
ba9dc077
SH
42if (!empty($return)) {
43 $url->param('return', $return);
44}
45
46if (!empty($add)) {
ba9dc077
SH
47 $section = required_param('section', PARAM_INT);
48 $course = required_param('course', PARAM_INT);
2b9e3bac 49
ebb32067
SV
50 $url->param('add', $add);
51 $url->param('section', $section);
52 $url->param('course', $course);
53 $PAGE->set_url($url);
54
74df2951 55 $course = $DB->get_record('course', array('id'=>$course), '*', MUST_EXIST);
ba9dc077 56 require_login($course);
264867fd 57
0af463d4
SH
58 // There is no page for this in the navigation. The closest we'll have is the course section.
59 // If the course section isn't displayed on the navigation this will fall back to the course which
60 // will be the closest match we have.
61 navigation_node::override_active_url(course_get_url($course, $section));
62
ddc0da4b
DW
63 // MDL-69431 Validate that $section (url param) does not exceed the maximum for this course / format.
64 // If too high (e.g. section *id* not number) non-sequential sections inserted in course_sections table.
65 // Then on import, backup fills 'gap' with empty sections (see restore_rebuild_course_cache). Avoid this.
66 $courseformat = course_get_format($course);
67 $maxsections = $courseformat->get_max_sections();
68 if ($section > $maxsections) {
69 print_error('maxsectionslimit', 'moodle', '', $maxsections);
70 }
71
796876b0
JL
72 list($module, $context, $cw, $cm, $data) = prepare_new_moduleinfo_data($course, $add, $section);
73 $data->return = 0;
74 $data->sr = $sectionreturn;
75 $data->add = $add;
ba9dc077
SH
76 if (!empty($type)) { //TODO: hopefully will be removed in 2.0
77 $data->type = $type;
78 }
264867fd 79
7487c856 80 $sectionname = get_section_name($course, $cw);
ba9dc077 81 $fullmodulename = get_string('modulename', $module->name);
264867fd 82
ba9dc077 83 if ($data->section && $course->format != 'site') {
fbaea88f 84 $heading = new stdClass();
ba9dc077 85 $heading->what = $fullmodulename;
7487c856 86 $heading->to = $sectionname;
ba9dc077
SH
87 $pageheading = get_string('addinganewto', 'moodle', $heading);
88 } else {
89 $pageheading = get_string('addinganew', 'moodle', $fullmodulename);
90 }
0af463d4 91 $navbaraddition = $pageheading;
264867fd 92
ba9dc077 93} else if (!empty($update)) {
cb141e5a 94
ba9dc077
SH
95 $url->param('update', $update);
96 $PAGE->set_url($url);
264867fd 97
d5814f4e
PS
98 // Select the "Edit settings" from navigation.
99 navigation_node::override_active_url(new moodle_url('/course/modedit.php', array('update'=>$update, 'return'=>1)));
100
dd5d933f 101 // Check the course module exists.
ba9dc077 102 $cm = get_coursemodule_from_id('', $update, 0, false, MUST_EXIST);
dd5d933f
JM
103
104 // Check the course exists.
74df2951 105 $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
ba9dc077 106
dd5d933f 107 // require_login
ba9dc077 108 require_login($course, false, $cm); // needed to setup proper $COURSE
ba9dc077 109
796876b0
JL
110 list($cm, $context, $module, $data, $cw) = get_moduleinfo_data($cm, $course);
111 $data->return = $return;
112 $data->sr = $sectionreturn;
113 $data->update = $update;
61defed9 114
7487c856 115 $sectionname = get_section_name($course, $cw);
ba9dc077 116 $fullmodulename = get_string('modulename', $module->name);
61defed9 117
ba9dc077 118 if ($data->section && $course->format != 'site') {
fbaea88f 119 $heading = new stdClass();
ba9dc077 120 $heading->what = $fullmodulename;
7487c856 121 $heading->in = $sectionname;
ba9dc077 122 $pageheading = get_string('updatingain', 'moodle', $heading);
52273766 123 } else {
ba9dc077 124 $pageheading = get_string('updatinga', 'moodle', $fullmodulename);
264867fd 125 }
0af463d4 126 $navbaraddition = null;
264867fd 127
ba9dc077
SH
128} else {
129 require_login();
130 print_error('invalidaction');
131}
132
133$pagepath = 'mod-' . $module->name . '-';
134if (!empty($type)) { //TODO: hopefully will be removed in 2.0
135 $pagepath .= $type;
136} else {
137 $pagepath .= 'mod';
138}
139$PAGE->set_pagetype($pagepath);
ae2fa74f 140$PAGE->set_pagelayout('admin');
ba9dc077
SH
141
142$modmoodleform = "$CFG->dirroot/mod/$module->name/mod_form.php";
143if (file_exists($modmoodleform)) {
144 require_once($modmoodleform);
145} else {
146 print_error('noformdesc');
147}
148
ba9dc077
SH
149$mformclassname = 'mod_'.$module->name.'_mod_form';
150$mform = new $mformclassname($data, $cw->section, $cm, $course);
151$mform->set_data($data);
152
153if ($mform->is_cancelled()) {
154 if ($return && !empty($cm->id)) {
e7008d46
NM
155 $urlparams = [
156 'id' => $cm->id, // We always need the activity id.
157 'forceview' => 1, // Stop file downloads in resources.
158 ];
159 $activityurl = new moodle_url("/mod/$module->name/view.php", $urlparams);
160 redirect($activityurl);
52273766 161 } else {
923451c5 162 redirect(course_get_url($course, $cw->section, array('sr' => $sectionreturn)));
ba9dc077
SH
163 }
164} else if ($fromform = $mform->get_data()) {
ba9dc077 165 if (!empty($fromform->update)) {
dd5d933f 166 list($cm, $fromform) = update_moduleinfo($cm, $fromform, $course, $mform);
ba9dc077 167 } else if (!empty($fromform->add)) {
dd5d933f 168 $fromform = add_moduleinfo($fromform, $course, $mform);
ba9dc077
SH
169 } else {
170 print_error('invaliddata');
171 }
61defed9 172
ba9dc077 173 if (isset($fromform->submitbutton)) {
1678181a 174 $url = new moodle_url("/mod/$module->name/view.php", array('id' => $fromform->coursemodule, 'forceview' => 1));
7bf4f6e9 175 if (empty($fromform->showgradingmanagement)) {
1678181a 176 redirect($url);
03d448e5 177 } else {
1678181a 178 redirect($fromform->gradingman->get_management_url($url));
03d448e5 179 }
52273766 180 } else {
923451c5 181 redirect(course_get_url($course, $cw->section, array('sr' => $sectionreturn)));
ba9dc077
SH
182 }
183 exit;
61defed9 184
ba9dc077 185} else {
aa6c1ced 186
ba9dc077
SH
187 $streditinga = get_string('editinga', 'moodle', $fullmodulename);
188 $strmodulenameplural = get_string('modulenameplural', $module->name);
aa6c1ced 189
ba9dc077 190 if (!empty($cm->id)) {
9a5e297b 191 $context = context_module::instance($cm->id);
ba9dc077 192 } else {
9a5e297b 193 $context = context_course::instance($course->id);
ba9dc077
SH
194 }
195
196 $PAGE->set_heading($course->fullname);
c20b001b 197 $PAGE->set_title($streditinga);
ba9dc077 198 $PAGE->set_cacheable(false);
0af463d4
SH
199
200 if (isset($navbaraddition)) {
201 $PAGE->navbar->add($navbaraddition);
202 }
203
ba9dc077
SH
204 echo $OUTPUT->header();
205
5435c9dc 206 if (get_string_manager()->string_exists('modulename_help', $module->name)) {
ba9dc077
SH
207 echo $OUTPUT->heading_with_help($pageheading, 'modulename', $module->name, 'icon');
208 } else {
e1401974 209 echo $OUTPUT->heading_with_help($pageheading, '', $module->name, 'icon');
264867fd 210 }
ba9dc077
SH
211
212 $mform->display();
213
214 echo $OUTPUT->footer();
5435c9dc 215}