MDL-41807 repository_filesystem: Prevent access to parent directories
[moodle.git] / files / coursefilesedit.php
CommitLineData
e921afa8
DC
1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18require_once('../config.php');
19require_once(dirname(__FILE__) . '/coursefilesedit_form.php');
20require_once($CFG->dirroot . '/repository/lib.php');
21
22// current context
23$contextid = required_param('contextid', PARAM_INT);
24$component = 'course';
25$filearea = 'legacy';
26$itemid = 0;
27
28list($context, $course, $cm) = get_context_info_array($contextid);
29
30$url = new moodle_url('/files/coursefilesedit.php', array('contextid'=>$contextid));
31
32require_login($course);
33require_capability('moodle/course:managefiles', $context);
34
e921afa8 35$PAGE->set_url($url);
91d284c1 36$heading = get_string('coursefiles') . ': ' . format_string($course->fullname, true, array('context' => $context));
22511106
DC
37$strfiles = get_string("files");
38if ($node = $PAGE->settingsnav->find('coursefiles', navigation_node::TYPE_SETTING)) {
39 $node->make_active();
40} else {
41 $PAGE->navbar->add($strfiles);
42}
e921afa8
DC
43$PAGE->set_context($context);
44$PAGE->set_title($heading);
45$PAGE->set_heading($heading);
22511106 46$PAGE->set_pagelayout('course');
e921afa8 47
8be32502 48$data = new stdClass();
e921afa8
DC
49$options = array('subdirs'=>1, 'maxfiles'=>-1, 'accepted_types'=>'*', 'return_types'=>FILE_INTERNAL);
50file_prepare_standard_filemanager($data, 'files', $options, $context, $component, $filearea, $itemid);
51$form = new coursefiles_edit_form(null, array('data'=>$data, 'contextid'=>$contextid));
52
53$returnurl = new moodle_url('/files/index.php', array('contextid'=>$contextid));
54
55if ($form->is_cancelled()) {
56 redirect($returnurl);
57}
58
59if ($data = $form->get_data()) {
60 $data = file_postupdate_standard_filemanager($data, 'files', $options, $context, $component, $filearea, $itemid);
61 redirect($returnurl);
62}
63
64echo $OUTPUT->header();
65
66echo $OUTPUT->container_start();
67$form->display();
68echo $OUTPUT->container_end();
69
70echo $OUTPUT->footer();