MDL-14589 Check input better, preventing notices when using an editor without draftfiles
[moodle.git] / files / index.php
CommitLineData
be19e367 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Temporary file manager for all moodle files. To be replaced by something much better.
20 *
21 * @package moodlecore
22 * @subpackage file
23 * @copyright 1999 onwards Martin Dougiamas (http://dougiamas.com)
24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 */
26
27require('../config.php');
28require_once($CFG->libdir.'/filelib.php');
29require_once($CFG->libdir.'/adminlib.php');
30
31$courseid = optional_param('id', 0, PARAM_INT);
32
33$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
34$filearea = optional_param('filearea', '', PARAM_ALPHAEXT);
35$itemid = optional_param('itemid', -1, PARAM_INT);
36$filepath = optional_param('filepath', '', PARAM_PATH);
37$filename = optional_param('filename', '', PARAM_FILE);
38
39$newdirname = optional_param('newdirname', '', PARAM_FILE);
40$delete = optional_param('delete', 0, PARAM_BOOL);
41
42if ($courseid) {
43 if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
44 print_error('invalidcourseid');
f9903ed0 45 }
be19e367 46 if (!$context = get_context_instance(CONTEXT_COURSE, $course->id)) {
172dd12c 47 print_error('invalidcontext');
f9903ed0 48 }
49c8c8d2 49 redirect(new moodle_url('index.php', array('contextid' => $context->id, 'itemid'=> 0, 'filearea' => 'course_content')));
be19e367 50}
51
52if (!$context = get_context_instance_by_id($contextid)) {
53 print_error('invalidcontext');
54}
f9903ed0 55
be19e367 56require_login();
57require_capability('moodle/course:managefiles', $context);
f9903ed0 58
be19e367 59if ($filearea === '') {
60 $filearea = null;
61}
ad4e0fcc 62
be19e367 63if ($itemid < 0) {
64 $itemid = null;
65}
f9903ed0 66
be19e367 67if ($filepath === '') {
68 $filepath = null;
69}
fdfc6269 70
be19e367 71if ($filename === '') {
72 $filename = null;
73}
f9903ed0 74
be19e367 75$error = '';
f9903ed0 76
be19e367 77$browser = get_file_browser();
1a11dfd1 78
be19e367 79$file_info = $browser->get_file_info($context, $filearea, $itemid, $filepath, $filename);
1a11dfd1 80
172dd12c 81/// process actions
be19e367 82if ($file_info and $file_info->is_directory() and $file_info->is_writable() and $newdirname !== '' and data_submitted() and confirm_sesskey()) {
83 if ($newdir_info = $file_info->create_directory($newdirname, $USER->id)) {
5e991e37 84 $params = $newdir_info->get_params();
49c8c8d2 85 redirect(new moodle_url('index.php', $params));
be19e367 86 } else {
87 $error = "Could not create new dir"; // TODO: localise
172dd12c 88 }
be19e367 89}
1a11dfd1 90
be19e367 91if ($file_info and $file_info->is_directory() and $file_info->is_writable() and isset($_FILES['newfile']) and data_submitted() and confirm_sesskey()) {
92 $file = $_FILES['newfile'];
93 $newfilename = clean_param($file['name'], PARAM_FILE);
94 if (is_uploaded_file($_FILES['newfile']['tmp_name'])) {
95 try {
96 if ($newfile = $file_info->create_file_from_pathname($newfilename, $_FILES['newfile']['tmp_name'], $USER->id)) {
5e991e37 97 $params = $file_info->get_params();
49c8c8d2 98 redirect(new moodle_url('index.php', $params));
70cedbfd 99
be19e367 100 } else {
101 $error = "Could not create upload file"; // TODO: localise
f9903ed0 102 }
be19e367 103 } catch (file_exception $e) {
104 $error = "Exception: Could not create upload file"; // TODO: localise
172dd12c 105 }
106 }
be19e367 107}
e64984a0 108
be19e367 109if ($file_info and $delete) {
110 if (!data_submitted() or !confirm_sesskey()) {
534f203d 111 echo $OUTPUT->header();
aa9a6867 112 echo $OUTPUT->notification(get_string('deletecheckwarning').': '.$file_info->get_visible_name());
be19e367 113 $parent_info = $file_info->get_parent();
e64984a0 114
be19e367 115 $optionsno = $parent_info->get_params();
116 $optionsyes = $file_info->get_params();
117 $optionsyes['delete'] = 1;
118 $optionsyes['sesskey'] = sesskey();
e64984a0 119
642816a6 120 echo $OUTPUT->confirm(get_string('deletecheckfiles'), new moodle_url( 'index.php', $optionsyes), new moodle_url('index.php', $optionsno));
7e0d6675 121 echo $OUTPUT->footer();
be19e367 122 die;
123 }
e64984a0 124
be19e367 125 if ($parent_info = $file_info->get_parent() and $parent_info->is_writable()) {
126 if (!$file_info->delete()) {
127 $error = "Could not delete file!"; // TODO: localise
172dd12c 128 }
5e991e37 129 $params = $parent_info->get_params();
49c8c8d2 130 redirect(new moodle_url('index.php', $params));
172dd12c 131 }
be19e367 132}
f9903ed0 133
f9903ed0 134
172dd12c 135/// print dir listing
be19e367 136html_header($context, $file_info);
f9903ed0 137
be19e367 138if ($error !== '') {
aa9a6867 139 echo $OUTPUT->notification($error);
be19e367 140}
f9903ed0 141
be19e367 142displaydir($file_info);
143
144if ($file_info and $file_info->is_directory() and $file_info->is_writable()) {
145 echo '<br />';
146
147 echo '<form action="index.php" method="post"><div>';
148 echo '<input type="hidden" name="contextid" value="'.$contextid.'" />';
149 echo '<input type="hidden" name="filearea" value="'.$filearea.'" />';
150 echo '<input type="hidden" name="itemid" value="'.$itemid.'" />';
151 echo '<input type="hidden" name="filepath" value="'.s($filepath).'" />';
152 echo '<input type="hidden" name="filename" value="'.s($filename).'" />';
153 echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
154 echo '<input type="text" name="newdirname" value="" />';
155 echo '<input type="submit" value="'.get_string('makeafolder').'" />';
156 echo '</div></form>';
157
158 echo '<br />';
159
160 echo '<form enctype="multipart/form-data" method="post" action="index.php"><div>';
161 echo '<input type="hidden" name="contextid" value="'.$contextid.'" />';
162 echo '<input type="hidden" name="filearea" value="'.$filearea.'" />';
163 echo '<input type="hidden" name="itemid" value="'.$itemid.'" />';
164 echo '<input type="hidden" name="filepath" value="'.s($filepath).'" />';
165 echo '<input type="hidden" name="filename" value="'.s($filename).'" />';
166 echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
167 echo '<input name="newfile" type="file" />';
168 echo '<input type="submit" value="'.get_string('uploadafile').'" />';
169 echo '</div></form>';
170}
f9903ed0 171
be19e367 172html_footer();
f9903ed0 173
172dd12c 174/// UI functions /////////////////////////
175
176function html_footer() {
7e0d6675 177 global $OUTPUT;
172dd12c 178 echo '</td></tr></table>';
7e0d6675 179 echo $OUTPUT->footer();
f9903ed0 180}
181
172dd12c 182function html_header($context, $file_info){
534f203d 183 global $CFG, $SITE, $PAGE, $OUTPUT;
f9903ed0 184
172dd12c 185 $strfiles = get_string("files");
345d1b38 186 build_navbar_for_file($PAGE, $file_info);
5e991e37 187 $PAGE->set_url("/files/index.php", $file_info->get_params());
534f203d 188 $PAGE->set_title("$SITE->shortname: $strfiles");
189 echo $OUTPUT->header();
f9903ed0 190
172dd12c 191 echo "<table border=\"0\" style=\"margin-left:auto;margin-right:auto\" cellspacing=\"3\" cellpadding=\"3\" width=\"740\">";
192 echo "<tr>";
193 echo "<td colspan=\"2\">";
f9903ed0 194}
195
172dd12c 196/// FILE FUNCTIONS ///////////////////////////////////////////////////////////
f9903ed0 197
6b091c94 198function print_cell($alignment='center', $text='&nbsp;', $class='') {
199 if ($class) {
200 $class = ' class="'.$class.'"';
201 }
60a9a6ea 202 echo '<td align="'.$alignment.'" style="white-space:nowrap "'.$class.'>'.$text.'</td>';
f9903ed0 203}
204
172dd12c 205function displaydir($file_info) {
42d5737a 206 global $CFG, $OUTPUT;
172dd12c 207
208 $children = $file_info->get_children();
209 $parent_info = $file_info->get_parent();
210
211 $strname = get_string('name');
212 $strsize = get_string('size');
213 $strmodified = get_string('modified');
214 $strfolder = get_string('folder');
215 $strfile = get_string('file');
216 $strdownload = get_string('download');
217 $strdelete = get_string('delete');
218 $straction = get_string('action');
219
220 $path = array();
221 $params = $file_info->get_params_rawencoded();
222 $params = implode('&amp;', $params);
223 $path[] = $file_info->get_visible_name();
224
225 $level = $parent_info;
226 while ($level) {
227 $params = $level->get_params_rawencoded();
228 $params = implode('&amp;', $params);
229 $path[] = '<a href="index.php?'.$params.'">'.$level->get_visible_name().'</a>';
230 $level = $level->get_parent();
231 }
f9903ed0 232
172dd12c 233 $path = array_reverse($path);
f9903ed0 234
172dd12c 235 $path = implode (' / ', $path);
236 echo $path. ' /';
f9903ed0 237
60a9a6ea 238 echo "<div>";
60a9a6ea 239 echo "<hr/>";
172dd12c 240 echo "<table border=\"0\" cellspacing=\"2\" cellpadding=\"2\" width=\"740\" class=\"files\">";
9a58f7cb 241 echo "<tr>";
2eb467b3 242 echo "<th class=\"header\" scope=\"col\"></th>";
60a9a6ea 243 echo "<th class=\"header name\" scope=\"col\">$strname</th>";
244 echo "<th class=\"header size\" scope=\"col\">$strsize</th>";
245 echo "<th class=\"header date\" scope=\"col\">$strmodified</th>";
246 echo "<th class=\"header commands\" scope=\"col\">$straction</th>";
9a58f7cb 247 echo "</tr>\n";
f9903ed0 248
172dd12c 249 $parentwritable = $file_info->is_writable();
f9903ed0 250
172dd12c 251 if ($parent_info) {
252 $params = $parent_info->get_params_rawencoded();
253 $params = implode('&amp;', $params);
6b091c94 254
172dd12c 255 echo "<tr class=\"folder\">";
256 print_cell();
b5d0cafc 257 print_cell('left', '<a href="index.php?'.$params.'"><img src="'.$OUTPUT->pix_url('f/parent') . '" class="icon" alt="" />&nbsp;'.get_string('parentfolder').'</a>', 'name');
172dd12c 258 print_cell();
259 print_cell();
260 print_cell();
70cedbfd 261
172dd12c 262 echo "</tr>";
f9903ed0 263 }
264
172dd12c 265 if ($children) {
266 foreach ($children as $child_info) {
267 $filename = $child_info->get_visible_name();
268 $filesize = $child_info->get_filesize();
269 $filesize = $filesize ? display_size($filesize) : '';
270 $filedate = $child_info->get_timemodified();
271 $filedate = $filedate ? userdate($filedate) : '';
f9903ed0 272
172dd12c 273 $mimetype = $child_info->get_mimetype();
f9903ed0 274
172dd12c 275 $params = $child_info->get_params_rawencoded();
276 $params = implode('&amp;', $params);
f9903ed0 277
172dd12c 278 if ($child_info->is_directory()) {
8e73aa97 279
172dd12c 280 echo "<tr class=\"folder\">";
281 print_cell();
b5d0cafc 282 print_cell("left", "<a href=\"index.php?$params\"><img src=\"" . $OUTPUT->pix_url('f/folder') . "\" class=\"icon\" alt=\"$strfolder\" />&nbsp;".s($filename)."</a>", 'name');
172dd12c 283 print_cell("right", $filesize, 'size');
284 print_cell("right", $filedate, 'date');
285 if ($parentwritable) {
b5d0cafc 286 print_cell("right", "<a href=\"index.php?$params&amp;sesskey=".sesskey()."&amp;delete=1\"><img src=\"" . $OUTPUT->pix_url('t/delete') . "\" class=\"iconsmall\" alt=\"$strdelete\" /></a>", 'command');
172dd12c 287 } else {
288 print_cell();
289 }
290 echo "</tr>";
f9903ed0 291
172dd12c 292 } else {
5a254a29 293
172dd12c 294 if ($downloadurl = $child_info->get_url(true)) {
b5d0cafc 295 $downloadurl = "&nbsp;<a href=\"$downloadurl\" title=\"" . get_string('downloadfile') . "\"><img src=\"" . $OUTPUT->pix_url('t/down') . "\" class=\"iconsmall\" alt=\"$strdownload\" /></a>";
172dd12c 296 } else {
297 $downloadurl = '';
298 }
f9903ed0 299
172dd12c 300 if ($viewurl = $child_info->get_url()) {
75015e5f
PS
301 $viewurl = "&nbsp;".$OUTPUT->action_link($viewurl, "<img src=\"" . $OUTPUT->pix_url('t/preview') . "\" class=\"iconsmall\" alt=\"$strfile\" />&nbsp;",
302 new popup_action('click', $viewurl, 'display', array('height' => 480, 'width' => 640)));
172dd12c 303 } else {
304 $viewurl = '';
305 }
8e73aa97 306
8e73aa97 307
308
172dd12c 309 echo "<tr class=\"file\">";
310 print_cell();
b5d0cafc 311 print_cell("left", "<img src=\"" . $OUTPUT->pix_url(file_mimetype_icon($mimetype)) . "\" class=\"icon\" alt=\"$strfile\" />&nbsp;".s($filename).$downloadurl.$viewurl, 'name');
172dd12c 312 print_cell("right", $filesize, 'size');
313 print_cell("right", $filedate, 'date');
314 if ($parentwritable) {
b5d0cafc 315 print_cell("right", "<a href=\"index.php?$params&amp;sesskey=".sesskey()."&amp;delete=1\"><img src=\"" . $OUTPUT->pix_url('t/delete') . "\" class=\"iconsmall\" alt=\"$strdelete\" /></a>", 'command');
172dd12c 316 } else {
317 print_cell();
476fd9c7 318 }
172dd12c 319 echo "</tr>";
f9903ed0 320 }
f9903ed0 321 }
322 }
f98e18e6 323
9a58f7cb 324 echo "</table>";
172dd12c 325 echo "</div>";
60a9a6ea 326 echo "<hr/>";
f9903ed0 327
328}
329
345d1b38
SH
330/**
331 * Creates a navigation bar that relates to the passed file
332 *
333 * @param moodle_page $page
334 * @param file_info $file_info
335 */
336function build_navbar_for_file($page, $file_info) {
337 $page->navbar->ignore_active();
338 $parent_info = $file_info->get_parent();
339 $level = $parent_info;
340 $nodes = array(clone($file_info));
341 while ($level) {
342 $nodes[] = $level;
343 $level = $level->get_parent();
344 }
345 $page->navbar->add(get_string('files'));
346 foreach (array_reverse($nodes) as $level) {
347 $page->navbar->add($level->get_visible_name(), 'index.php?'.implode('&amp;', $level->get_params_rawencoded()));
348 }
349}