MDL-25937 Froms Library: Added server side validation for filepicker and filemanager
[moodle.git] / grade / import / xml / grade_import_form.php
CommitLineData
e060e33d 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
bfebaf64
MD
18if (!defined('MOODLE_INTERNAL')) {
19 die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
20}
21
a700b5de 22require_once $CFG->libdir.'/formslib.php';
23
24class grade_import_form extends moodleform {
25 function definition () {
5c75a0a3 26 global $COURSE, $USER, $CFG, $DB;
a700b5de 27
28 $mform =& $this->_form;
29
a700b5de 30 // course id needs to be passed for auth purposes
622365d2 31 $mform->addElement('hidden', 'id', optional_param('id', 0, PARAM_INT));
a700b5de 32 $mform->setType('id', PARAM_INT);
d18e0fe6 33
a700b5de 34 $mform->addElement('header', 'general', get_string('importfile', 'grades'));
1843999a 35
34058207 36 $mform->addElement('advcheckbox', 'feedback', get_string('importfeedback', 'grades'));
37 $mform->setDefault('feedback', 0);
38
a700b5de 39 // file upload
a12f8571 40 $mform->addElement('filepicker', 'userfile', get_string('file'));
1843999a 41 $mform->disabledIf('userfile', 'url', 'noteq', '');
42
43 $mform->addElement('text', 'url', get_string('fileurl', 'gradeimport_xml'), 'size="80"');
f03a17bb 44 $mform->disabledIf('url', 'userfile', 'noteq', '');
a700b5de 45
46 if (!empty($CFG->gradepublishing)) {
47 $mform->addElement('header', 'publishing', get_string('publishing', 'grades'));
48 $options = array(get_string('nopublish', 'grades'), get_string('createnewkey', 'userkey'));
5c75a0a3 49 $keys = $DB->get_records_select('user_private_key',
50 "script='grade/import' AND instance=? AND userid=?",
51 array($COURSE->id, $USER->id));
52 if ($keys) {
a700b5de 53 foreach ($keys as $key) {
54 $options[$key->value] = $key->value; // TODO: add more details - ip restriction, valid until ??
55 }
56 }
57 $mform->addElement('select', 'key', get_string('userkey', 'userkey'), $options);
2e98f5ac 58 $mform->addHelpButton('key', 'userkey', 'userkey');
a700b5de 59 $mform->addElement('static', 'keymanagerlink', get_string('keymanager', 'userkey'),
60 '<a href="'.$CFG->wwwroot.'/grade/import/keymanager.php?id='.$COURSE->id.'">'.get_string('keymanager', 'userkey').'</a>');
61
62 $mform->addElement('text', 'iprestriction', get_string('keyiprestriction', 'userkey'), array('size'=>80));
2e98f5ac 63 $mform->addHelpButton('iprestriction', 'keyiprestriction', 'userkey');
662a057c 64 $mform->setDefault('iprestriction', getremoteaddr()); // own IP - just in case somebody does not know what user key is
a700b5de 65
66 $mform->addElement('date_time_selector', 'validuntil', get_string('keyvaliduntil', 'userkey'), array('optional'=>true));
2e98f5ac 67 $mform->addHelpButton('validuntil', 'keyvaliduntil', 'userkey');
662a057c 68 $mform->setDefault('validuntil', time()+3600*24*7); // only 1 week default duration - just in case somebody does not know what user key is
1843999a 69
70 $mform->disabledIf('iprestriction', 'key', 'noteq', 1);
71 $mform->disabledIf('validuntil', 'key', 'noteq', 1);
72
73 $mform->disabledIf('iprestriction', 'url', 'eq', '');
74 $mform->disabledIf('validuntil', 'url', 'eq', '');
75 $mform->disabledIf('key', 'url', 'eq', '');
a700b5de 76 }
77
78 $this->add_action_buttons(false, get_string('uploadgrades', 'grades'));
79 }
80
d7a61f65 81 function validation($data, $files) {
a78890d5 82 $err = parent::validation($data, $files);
a12f8571 83 if (empty($data['url']) and empty($data['userfile'])) {
d7a61f65 84 if (array_key_exists('url', $data)) {
85 $err['url'] = get_string('required');
86 }
87 if (array_key_exists('userfile', $data)) {
88 $err['userfile'] = get_string('required');
89 }
a700b5de 90
d7a61f65 91 } else if (array_key_exists('url', $data) and $data['url'] != clean_param($data['url'], PARAM_URL)) {
a700b5de 92 $err['url'] = get_string('error');
93 }
94
a78890d5 95 return $err;
a700b5de 96 }
97}
6c3ef410 98