MDL-71016 gradeexport_xml: ensure user/grade idnumbers are encoded.
[moodle.git] / grade / export / xml / grade_export_xml.php
CommitLineData
e060e33d 1<?php
8ad36f4c 2
e060e33d 3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
a216f661 17
18require_once($CFG->dirroot.'/grade/export/lib.php');
f6f2f42d 19require_once($CFG->libdir.'/filelib.php');
a216f661 20
21class grade_export_xml extends grade_export {
ba74762b 22
5c75a0a3 23 public $plugin = 'xml';
24 public $updatedgradesonly = false; // default to export ALL grades
25
0bda2849
PH
26 /**
27 * Ensure we produce correctly formed XML content by encoding idnumbers appropriately
28 *
29 * @param string $idnumber
30 * @return string
31 */
32 private static function xml_export_idnumber(string $idnumber): string {
33 return htmlspecialchars($idnumber, ENT_QUOTES | ENT_XML1);
34 }
35
a216f661 36 /**
37 * To be implemented by child classes
97599c0a 38 * @param boolean $feedback
39 * @param boolean $publish Whether to output directly, or send as a file
40 * @return string
a216f661 41 */
5c75a0a3 42 public function print_grades($feedback = false) {
a2422359 43 global $CFG;
caffc55a 44 require_once($CFG->libdir.'/filelib.php');
a2422359 45
caffc55a 46 $export_tracking = $this->track_exports();
97599c0a 47
3674c398 48 $strgrades = get_string('grades');
ba74762b 49
a216f661 50 /// Calculate file name
d4060472 51 $shortname = format_string($this->course->shortname, true, array('context' => context_course::instance($this->course->id)));
8ebbb06a 52 $downloadfilename = clean_filename("$shortname $strgrades.xml");
a216f661 53
af9b1444 54 make_temp_directory('gradeexport');
7aa06e6d 55 $tempfilename = $CFG->tempdir .'/gradeexport/'. md5(sesskey().microtime().$downloadfilename);
76ca1ff1 56 if (!$handle = fopen($tempfilename, 'w+b')) {
9b6a1a4b 57 print_error('cannotcreatetempdir');
76ca1ff1 58 }
59
a216f661 60 /// time stamp to ensure uniqueness of batch export
76ca1ff1 61 fwrite($handle, '<results batch="xml_export_'.time().'">'."\n");
ba74762b 62
eb859919 63 $export_buffer = array();
64
65 $geub = new grade_export_update_buffer();
caffc55a 66 $gui = new graded_users_iterator($this->course, $this->columns, $this->groupid);
78ab98bc 67 $gui->require_active_enrolment($this->onlyactive);
caffc55a 68 $gui->init();
69 while ($userdata = $gui->next_user()) {
70 $user = $userdata->user;
ba74762b 71
34058207 72 if (empty($user->idnumber)) {
7ce5df86 73 //id number must exist otherwise we cant match up students when importing
34058207 74 continue;
75 }
76
ba74762b 77 // studentgrades[] index should match with corresponding $index
caffc55a 78 foreach ($userdata->grades as $itemid => $grade) {
79 $grade_item = $this->grade_items[$itemid];
80 $grade->grade_item =& $grade_item;
5c75a0a3 81
eb44aee4 82 // MDL-11669, skip exported grades or bad grades (if setting says so)
59a7447a 83 if ($export_tracking) {
84 $status = $geub->track($grade);
85 if ($this->updatedgradesonly && ($status == 'nochange' || $status == 'unknown')) {
5c75a0a3 86 continue;
59a7447a 87 }
88 }
ba74762b 89
caffc55a 90 fwrite($handle, "\t<result>\n");
eb859919 91
92 if ($export_tracking) {
eb859919 93 fwrite($handle, "\t\t<state>$status</state>\n");
a216f661 94 }
eb859919 95
a216f661 96 // only need id number
0bda2849
PH
97 $gradeitemidnumber = self::xml_export_idnumber($grade_item->idnumber);
98 fwrite($handle, "\t\t<assignment>{$gradeitemidnumber}</assignment>\n");
a216f661 99 // this column should be customizable to use either student id, idnumber, uesrname or email.
0bda2849
PH
100 $useridnumber = self::xml_export_idnumber($user->idnumber);
101 fwrite($handle, "\t\t<student>{$useridnumber}</student>\n");
e6c990ad
SL
102 // Format and display the grade in the selected display type (real, letter, percentage).
103 if (is_array($this->displaytype)) {
8c55a50d 104 // Grades display type came from the return of export_bulk_export_data() on grade publishing.
e6c990ad
SL
105 foreach ($this->displaytype as $gradedisplayconst) {
106 $gradestr = $this->format_grade($grade, $gradedisplayconst);
107 fwrite($handle, "\t\t<score>$gradestr</score>\n");
108 }
8c55a50d
SL
109 } else {
110 // Grade display type submitted directly from the grade export form.
111 $gradestr = $this->format_grade($grade, $this->displaytype);
112 fwrite($handle, "\t\t<score>$gradestr</score>\n");
e6c990ad
SL
113 }
114
caffc55a 115 if ($this->export_feedback) {
a1e8c6d4 116 $feedbackstr = $this->format_feedback($userdata->feedbacks[$itemid], $grade);
caffc55a 117 fwrite($handle, "\t\t<feedback>$feedbackstr</feedback>\n");
c31f631b 118 }
76ca1ff1 119 fwrite($handle, "\t</result>\n");
a2422359 120 }
a216f661 121 }
76ca1ff1 122 fwrite($handle, "</results>");
123 fclose($handle);
eb859919 124 $gui->close();
125 $geub->close();
97599c0a 126
ad5ab383
DW
127 if (defined('BEHAT_SITE_RUNNING')) {
128 // If behat is running, we cannot test the output if we force a file download.
129 include($tempfilename);
130 } else {
131 @header("Content-type: text/xml; charset=UTF-8");
132 send_temp_file($tempfilename, $downloadfilename, false);
133 }
a216f661 134 }
135}
136
6c3ef410 137