MDL-25937 Froms Library: Added server side validation for filepicker and filemanager
[moodle.git] / lib / form / filepicker.php
CommitLineData
c5704ec6 1<?php
ae4a98a1 2
3global $CFG;
c5704ec6 4
5require_once("HTML/QuickForm/button.php");
ae4a98a1 6require_once($CFG->dirroot.'/repository/lib.php');
c5704ec6 7
8/**
757f30a2 9 * HTML class for a single filepicker element (based on button)
c5704ec6 10 *
757f30a2 11 * @author Moodle.com
c5704ec6 12 * @version 1.0
13 * @since Moodle 2.0
14 * @access public
15 */
b8d9c719 16class MoodleQuickForm_filepicker extends HTML_QuickForm_input {
12f11f23 17 public $_helpbutton = '';
99eaca9d 18 protected $_options = array('maxbytes'=>0, 'accepted_types'=>'*', 'return_types'=>FILE_INTERNAL);
b7335412 19
9d54b8cd 20 function MoodleQuickForm_filepicker($elementName=null, $elementLabel=null, $attributes=null, $options=null) {
21 global $CFG;
4287fc0d 22
9d54b8cd 23 $options = (array)$options;
24 foreach ($options as $name=>$value) {
25 if (array_key_exists($name, $this->_options)) {
26 $this->_options[$name] = $value;
27 }
28 }
29 if (!empty($options['maxbytes'])) {
30 $this->_options['maxbytes'] = get_max_upload_file_size($CFG->maxbytes, $options['maxbytes']);
31 }
f03a17bb 32 $this->_type = 'filepicker';
b8d9c719 33 parent::HTML_QuickForm_input($elementName, $elementLabel, $attributes);
43023002 34 }
4287fc0d 35
b8d9c719 36 function setHelpButton($helpbuttonargs, $function='helpbutton') {
4bcc5118 37 debugging('component setHelpButton() is not used any more, please use $mform->setHelpButton() instead');
c5704ec6 38 }
4287fc0d 39
b8d9c719 40 function getHelpButton() {
c5704ec6 41 return $this->_helpbutton;
42 }
4287fc0d 43
b8d9c719 44 function getElementTemplateType() {
c5704ec6 45 if ($this->_flagFrozen){
46 return 'nodisplay';
47 } else {
48 return 'default';
49 }
50 }
4287fc0d 51
c5704ec6 52 function toHtml() {
bb496de7
DC
53 global $CFG, $COURSE, $USER, $PAGE, $OUTPUT;
54 $id = $this->_attributes['id'];
55 $elname = $this->_attributes['name'];
dd070162 56
c5704ec6 57 if ($this->_flagFrozen) {
58 return $this->getFrozenHtml();
b8d9c719 59 }
bb496de7 60 if (!$draftitemid = (int)$this->getValue()) {
2289c0e4 61 // no existing area info provided - let's use fresh new draft area
842f2914
PS
62 $draftitemid = file_get_unused_draft_itemid();
63 $this->setValue($draftitemid);
b8d9c719 64 }
bb496de7 65
b8d9c719 66 if ($COURSE->id == SITEID) {
67 $context = get_context_instance(CONTEXT_SYSTEM);
68 } else {
69 $context = get_context_instance(CONTEXT_COURSE, $COURSE->id);
70 }
99eaca9d 71
e189ec00 72 $client_id = uniqid();
4287fc0d 73
6bdfef5d 74 $args = new stdClass();
99eaca9d
DC
75 // need these three to filter repositories list
76 $args->accepted_types = $this->_options['accepted_types']?$this->_options['accepted_types']:'*';
77 $args->return_types = FILE_INTERNAL;
bb496de7 78 $args->itemid = $draftitemid;
b817205b 79 $args->maxbytes = $this->_options['maxbytes'];
99eaca9d 80 $args->context = $PAGE->context;
4b72f9eb 81 $args->buttonname = $elname.'choose';
99eaca9d 82
7e074670 83 $html = $this->_getTabs();
bb496de7
DC
84 $fp = new file_picker($args);
85 $options = $fp->options;
be85f7ab 86 $options->context = $PAGE->context;
7e074670 87 $html .= $OUTPUT->render($fp);
4b72f9eb 88 $html .= '<input type="hidden" name="'.$elname.'" id="'.$id.'" value="'.$draftitemid.'" class="filepickerhidden"/>';
7e074670
DC
89
90 $module = array('name'=>'form_filepicker', 'fullpath'=>'/lib/form/filepicker.js', 'requires'=>array('core_filepicker'));
91 $PAGE->requires->js_init_call('M.form_filepicker.init', array($fp->options), true, $module);
92
563d0417
DC
93 $nonjsfilepicker = new moodle_url('/repository/draftfiles_manager.php', array(
94 'env'=>'filepicker',
95 'action'=>'browse',
96 'itemid'=>$draftitemid,
97 'subdirs'=>0,
98 'maxbytes'=>$options->maxbytes,
99 'maxfiles'=>1,
100 'ctx_id'=>$PAGE->context->id,
101 'course'=>$PAGE->course->id,
71267723 102 'sesskey'=>sesskey(),
563d0417
DC
103 ));
104
105 // non js file picker
106 $html .= '<noscript>';
6ef1402e 107 $html .= "<div><object type='text/html' data='$nonjsfilepicker' height='160' width='600' style='border:1px solid #000'></object></div>";
563d0417
DC
108 $html .= '</noscript>';
109
7e074670 110 return $html;
c5704ec6 111 }
4287fc0d 112
21599d8c 113 function exportValue(&$submitValues, $assoc = false) {
b7335412 114 global $USER;
115
b1eca344
JP
116 $draftitemid = $this->_findValue($submitValues);
117 if (null === $draftitemid) {
118 $draftitemid = $this->getValue();
119 }
120
b7335412 121 // make sure max one file is present and it is not too big
b1eca344 122 if (!is_null($draftitemid)) {
b7335412 123 $fs = get_file_storage();
124 $usercontext = get_context_instance(CONTEXT_USER, $USER->id);
64f93798 125 if ($files = $fs->get_area_files($usercontext->id, 'user', 'draft', $draftitemid, 'id DESC', false)) {
b7335412 126 $file = array_shift($files);
127 if ($this->_options['maxbytes'] and $file->get_filesize() > $this->_options['maxbytes']) {
128 // bad luck, somebody tries to sneak in oversized file
129 $file->delete();
130 }
131 foreach ($files as $file) {
132 // only one file expected
133 $file->delete();
134 }
135 }
136 }
5b5206e1
JP
137
138 return $this->_prepareValue($draftitemid, true);
21599d8c 139 }
c5704ec6 140}