modifications made to demo new security features
[moodle.git] / lib / formslib.php
CommitLineData
da6f8763 1<?php
2/**
3 * formslib.php - library of classes for creating forms in Moodle, based on PEAR QuickForms.
4 * THIS IS NOT YET PART OF THE MOODLE API, IT IS HERE FOR TESTING ONLY
5 * @author Jamie Pratt
6 * @version $Id$
7 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
8 */
9
10//point pear include path to moodles lib/pear so that includes and requires will search there for files before anywhere else.
11if (FALSE===strstr(ini_get('include_path'), $CFG->libdir.'/pear' )){
12 ini_set('include_path', $CFG->libdir.'/pear' . PATH_SEPARATOR . ini_get('include_path'));
13}
14require_once 'HTML/QuickForm.php';
15require_once 'HTML/QuickForm/DHTMLRulesTableless.php';
16require_once 'HTML/QuickForm/Renderer/Tableless.php';
17
864cc1de 18if ($CFG->debug >= DEBUG_ALL){
19 PEAR::setErrorHandling(PEAR_ERROR_PRINT);
20}
21
da6f8763 22class moodleform extends HTML_QuickForm_DHTMLRulesTableless{
23 /**
24 * Class constructor - same parameters as HTML_QuickForm_DHTMLRulesTableless
25 * @param string $formName Form's name.
26 * @param string $method (optional)Form's method defaults to 'POST'
27 * @param string $action (optional)Form's action
28 * @param string $target (optional)Form's target defaults to none
29 * @param mixed $attributes (optional)Extra attributes for <form> tag
30 * @param bool $trackSubmit (optional)Whether to track if the form was submitted by adding a special hidden field
31 * @access public
32 */
33 function moodleform($formName='', $method='post', $action='', $target='', $attributes=null){
34 global $CFG;
35 //we need to override the constructor, we don't call the parent constructor
36 //at all because it strips slashes depending on the magic quotes setting
37 //whereas Moodle already has added slashes whether magic quotes is on or not.
38
39 //also added check for sesskey and added sesskey to all forms
40 //and told class to ask Moodle for the max upload file size
41 HTML_Common::HTML_Common($attributes);
42 $method = (strtoupper($method) == 'GET') ? 'get' : 'post';
43 $action = ($action == '') ? $_SERVER['PHP_SELF'] : $action;
44 $target = empty($target) ? array() : array('target' => $target);
45 //no 'name' atttribute for form in xhtml strict :
46 $attributes = array('action'=>$action, 'method'=>$method, 'id'=>$formName) + $target;
47 $this->updateAttributes($attributes);
48 //check for sesskey for this form
49 //if it is not present then we don't accept any input
50 if (isset($_REQUEST['_qf__' . $formName])) {
51 $this->_submitValues = $this->_recursiveFilter('stripslashes', 'get' == $method? $_GET: $_POST);
52 foreach ($_FILES as $keyFirst => $valFirst) {
53 foreach ($valFirst as $keySecond => $valSecond) {
54 if ('name' == $keySecond) {
55 $this->_submitFiles[$keyFirst][$keySecond] = $this->_recursiveFilter('stripslashes', $valSecond);
56 } else {
57 $this->_submitFiles[$keyFirst][$keySecond] = $valSecond;
58 }
59 }
60 }
61
62 $this->_flagSubmitted = count($this->_submitValues) > 0 || count($this->_submitFiles) > 0;
63 }
64
65 //check sesskey
66 if ($this->_flagSubmitted){
67 confirm_sesskey($this->_submitValues['_qf__' . $formName]);
68 }
69 unset($this->_submitValues['_qf__' . $formName]);
70 //add sesskey to all forms
71 $this->addElement('hidden', '_qf__' . $formName, sesskey());
72
73 if (preg_match('/^([0-9]+)([a-zA-Z]*)$/', get_max_upload_file_size(), $matches)) {
74 // see http://www.php.net/manual/en/faq.using.php#faq.using.shorthandbytes
75 switch (strtoupper($matches['2'])) {
76 case 'G':
77 $this->_maxFileSize = $matches['1'] * 1073741824;
78 break;
79 case 'M':
80 $this->_maxFileSize = $matches['1'] * 1048576;
81 break;
82 case 'K':
83 $this->_maxFileSize = $matches['1'] * 1024;
84 break;
85 default:
86 $this->_maxFileSize = $matches['1'];
87 }
88 }
89 //this is custom stuff for Moodle :
90 $oldclass= $this->getAttribute('class');
91 if (!empty($oldclass)){
92 $this->updateAttributes(array('class'=>$oldclass.' mform'));
93 }else {
80f962df 94 $this->updateAttributes(array('class'=>'mform'));
da6f8763 95 }
96 $this->_helpImageURL="$CFG->wwwroot/lib/form/req.gif";
97 $this->_reqHTML =
98 helpbutton('requiredelement', get_string('requiredelement', 'form'),'moodle',
99 true, false, '', true, '<img alt="'.get_string('requiredelement', 'form').'" src="'.
100 $this->_helpImageURL.'" />');
101 $this->setRequiredNote(get_string('denotesreq', 'form', $this->getReqHTML()));
102 }
103 function getReqHTML(){
104 return $this->_reqHTML;
105 }
106 /**
107 * Class constructor - same parameters as HTML_QuickForm_DHTMLRulesTableless
108 * @param array $buttons An associative array representing help button to attach to
109 * to the form. keys of array correspond to names of elements in form.
110 *
111 * @access public
112 */
80f962df 113 function addHelpButtons($buttons, $suppresscheck=false){
da6f8763 114
115 foreach ($this->_elements as $no => $element){
116 if (array_key_exists($element->getName(), $buttons)){
117
80f962df 118 if (method_exists($element, 'setHelpButton')){
119 $this->_elements[$no]->setHelpButton($buttons[$element->getName()]);
120 }else{
121 $a=new object();
122 $a->name=$element->getName();
123 $a->classname=get_class($element);
124 print_error('nomethodforaddinghelpbutton', 'form', '', $a);
125 }
da6f8763 126 unset($buttons[$element->getName()]);
127 }
128
129 }
130 if (count($buttons)&& !$suppresscheck){
131 print_error('nonexistentformelements', 'form', '', join(', ', array_keys($buttons)));
132 }
133 }
134 /**
135 * Applies a data filter for the given field(s)
136 * We can use any PARAM_
137 *
138 * @param mixed $element Form element name or array of such names
139 * @param mixed $filter Callback, either function name or array(&$object, 'method') or PARAM_ integer
140 * @since 2.0
141 * @access public
142 */
143 function applyFilter($element, $filter){
144 if (is_numeric($filter)){
145 $filter=create_function('$value', "clean_param(\$value, $filter);");
146 }
147 parent::applyFilter($element, $filter);
148 }
149 function exportValue($element, $addslashes=true){
150 $unfiltered=parent::exportValue($element);
151 if ($addslashes){
152 return HTML_QuickForm::_recursiveFilter('addslashes',$unfiltered);
153 } else {
154 return $unfiltered;
155 }
156 }
157 function exportValues($elementList, $addslashes=true){
158 $unfiltered=parent::exportValues($elementList);
159 if ($addslashes){
160 return HTML_QuickForm::_recursiveFilter('addslashes',$unfiltered);
161 } else {
162 return $unfiltered;
163 }
164 }
165}
166
167/**
168 * A renderer for moodleform that only uses XHTML and CSS and no
169 * table tags, extends PEAR class HTML_QuickForm_Renderer_Tableless
170 *
171 * Stylesheet is part of standard theme and should be automatically included.
172 *
173 * @author Jamie Pratt <me@jamiep.org>
174 * @license gpl license
175 */
176class moodleform_renderer extends HTML_QuickForm_Renderer_Tableless{
177
178 /**
179 * Element template array
180 * @var array
181 * @access private
182 */
183 var $_elementTemplates;
184 var $_htmleditors=array();
185 function moodleform_renderer(){
80f962df 186 $this->_elementTemplates=array('default'=>"\n\t\t<div class=\"qfrow\"><label class=\"qflabel\">{label}{help}<!-- BEGIN required -->{req}<!-- END required --></label><div class=\"qfelement<!-- BEGIN error --> error<!-- END error --> {type}\"><!-- BEGIN error --><span class=\"error\">{error}</span><br /><!-- END error -->{element}</div></div>",
187 'wide'=>"\n\t\t<div class=\"qfrow\"><label class=\"qflabel\">{label}{help}<!-- BEGIN required -->{req}<!-- END required --></label><br /><div class=\"qfelementwide<!-- BEGIN error --> error<!-- END error --> {type}\"><!-- BEGIN error --><span class=\"error\">{error}</span><br /><!-- END error -->{element}</span></div>");
da6f8763 188
189 parent::HTML_QuickForm_Renderer_Tableless();
190 }
191 function startForm(&$form){
192 $this->_reqHTML=$form->getReqHTML();
193 $this->_elementTemplates=str_replace('{req}', $this->_reqHTML, $this->_elementTemplates);
194 parent::startForm($form);
195 }
196 function startGroup(&$group, $required, $error){
197 if (method_exists($group, 'getElementTemplateType')){
198 $html = $this->_elementTemplates[$element->getElementTemplateType()];
199 }else{
200 $html = $this->_elementTemplates['default'];
201
202 }
203 if (method_exists($group, 'getHelpButton')){
204 $html =str_replace('{help}', $group->getHelpButton(), $html);
205 }else{
206 $html =str_replace('{help}', '', $html);
207
208 }
80f962df 209 $html =str_replace('{type}', 'group', $html);
210
da6f8763 211 $this->_templates[$group->getName()]=$html;
212 // Fix for bug in tableless quickforms that didn't allow you to stop a
213 // fieldset before a group of elements.
214 // if the element name indicates the end of a fieldset, close the fieldset
215 if ( in_array($group->getName(), $this->_stopFieldsetElements)
216 && $this->_fieldsetsOpen > 0
217 ) {
218 $this->_html .= $this->_closeFieldsetTemplate;
219 $this->_fieldsetsOpen--;
220 }
221 parent::startGroup($group, $required, $error);
222 }
223 function renderElement(&$element, $required, $error){
224 if (method_exists($element, 'getElementTemplateType')){
225 $html = $this->_elementTemplates[$element->getElementTemplateType()];
226 }else{
227 $html = $this->_elementTemplates['default'];
228
229 }
80f962df 230 $html =str_replace('{type}', $element->getType(), $html);
da6f8763 231 if (method_exists($element, 'getHelpButton')){
232 $html=str_replace('{help}', $element->getHelpButton(), $html);
233 }else{
234 $html=str_replace('{help}', '', $html);
235
236 }
237 $this->_templates[$element->getName()]=$html;
238
239 parent::renderElement($element, $required, $error);
240 }
241
242
243}
244
245class moodleform_filter{
246 var $paramtype;
247 var $default;
248 function moodleform_filter($paramtype, $default){
249 $this->paramtype=$paramtype;
250 $this->default=$default;
251 }
252 function required_param($value){
253 if (isset($value)) {
254 $param = $value;
255 } else {
256 error('A required parameter was missing');
257 }
258
259 return $this->clean_param($param);
260 }
261 function optional_param($value){
262 if (!isset($value)) {
263 return $this->default;
264 }
265 return $this->clean_param($value);
266 }
267 function clean_param($value){
268 //clean param expects vars with slashes
269 $value=HTML_QuickForm::_recursiveFilter('addslashes', $value);
270 $value=clean_param($value, $this->paramtype);
271 return HTML_QuickForm::_recursiveFilter('stripslashes', $value);
272 }
273}
274
275$GLOBALS['_HTML_QuickForm_default_renderer']=& new moodleform_renderer();
276
277moodleform::registerElementType('checkbox', "$CFG->libdir/form/checkbox.php", 'moodleform_checkbox');
278moodleform::registerElementType('file', "$CFG->libdir/form/file.php", 'moodleform_file');
279moodleform::registerElementType('group', "$CFG->libdir/form/group.php", 'moodleform_group');
280moodleform::registerElementType('password', "$CFG->libdir/form/password.php", 'moodleform_password');
281moodleform::registerElementType('radio', "$CFG->libdir/form/radio.php", 'moodleform_radio');
282moodleform::registerElementType('select', "$CFG->libdir/form/select.php", 'moodleform_select');
283moodleform::registerElementType('text', "$CFG->libdir/form/text.php", 'moodleform_text');
284moodleform::registerElementType('textarea', "$CFG->libdir/form/textarea.php", 'moodleform_textarea');
285moodleform::registerElementType('date_selector', "$CFG->libdir/form/dateselector.php", 'moodleform_date_selector');
286moodleform::registerElementType('htmleditor', "$CFG->libdir/form/htmleditor.php", 'moodleform_htmleditor');
f8857b49 287moodleform::registerElementType('static', "$CFG->libdir/form/static.php", 'moodleform_static');
da6f8763 288
864cc1de 289
da6f8763 290?>