MDL-33791 Portfolio: Fixed security issue with passing file paths.
[moodle.git] / mod / assignment / renderer.php
CommitLineData
ce2a1c4d
DC
1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * A custom renderer class that extends the plugin_renderer_base and
20 * is used by the assignment module.
21 *
22 * @package mod-assignment
23 * @copyright 2010 Dongsheng Cai <dongsheng@moodle.com>
24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25 **/
26class mod_assignment_renderer extends plugin_renderer_base {
ce2a1c4d
DC
27 /**
28 * @return string
29 */
be534597 30 public function assignment_files($context, $itemid, $filearea='submission') {
31 return $this->render(new assignment_files($context, $itemid, $filearea));
ce2a1c4d
DC
32 }
33
34 public function render_assignment_files(assignment_files $tree) {
35 $module = array('name'=>'mod_assignment_files', 'fullpath'=>'/mod/assignment/assignment.js', 'requires'=>array('yui2-treeview'));
e525b6f1
DC
36 $this->htmlid = 'assignment_files_tree_'.uniqid();
37 $this->page->requires->js_init_call('M.mod_assignment.init_tree', array(true, $this->htmlid));
b12ce944
DC
38 $html = '<div id="'.$this->htmlid.'">';
39 $html .= $this->htmllize_tree($tree, $tree->dir);
40 $html .= '</div>';
41
42 if ($tree->portfolioform) {
43 $html .= $tree->portfolioform;
44 }
ce2a1c4d
DC
45 return $html;
46 }
47
48 /**
49 * Internal function - creates htmls structure suitable for YUI tree.
50 */
51 protected function htmllize_tree($tree, $dir) {
52 global $CFG;
53 $yuiconfig = array();
54 $yuiconfig['type'] = 'html';
55
56 if (empty($dir['subdirs']) and empty($dir['files'])) {
57 return '';
58 }
b12ce944
DC
59
60 $result = '<ul>';
ce2a1c4d 61 foreach ($dir['subdirs'] as $subdir) {
559276b1 62 $image = $this->output->pix_icon(file_folder_icon(), $subdir['dirname'], 'moodle', array('class'=>'icon'));
ce2a1c4d
DC
63 $result .= '<li yuiConfig=\''.json_encode($yuiconfig).'\'><div>'.$image.' '.s($subdir['dirname']).'</div> '.$this->htmllize_tree($tree, $subdir).'</li>';
64 }
e525b6f1 65
ce2a1c4d 66 foreach ($dir['files'] as $file) {
ce2a1c4d 67 $filename = $file->get_filename();
d31a1ad8
SB
68 if ($CFG->enableplagiarism) {
69 require_once($CFG->libdir.'/plagiarismlib.php');
70 $plagiarsmlinks = plagiarism_get_links(array('userid'=>$file->get_userid(), 'file'=>$file, 'cmid'=>$tree->cm->id, 'course'=>$tree->course));
71 } else {
72 $plagiarsmlinks = '';
73 }
559276b1 74 $image = $this->output->pix_icon(file_file_icon($file), $filename, 'moodle', array('class'=>'icon'));
bce59524 75 $result .= '<li yuiConfig=\''.json_encode($yuiconfig).'\'><div>'.$image.' '.$file->fileurl.' '.$plagiarsmlinks.$file->portfoliobutton.'</div></li>';
ce2a1c4d 76 }
e525b6f1 77
ce2a1c4d
DC
78 $result .= '</ul>';
79
80 return $result;
81 }
82}
83
84class assignment_files implements renderable {
85 public $context;
86 public $dir;
e525b6f1 87 public $portfolioform;
a75a4b24
DC
88 public $cm;
89 public $course;
be534597 90 public function __construct($context, $itemid, $filearea='submission') {
e525b6f1 91 global $USER, $CFG;
ce2a1c4d 92 $this->context = $context;
e525b6f1
DC
93 list($context, $course, $cm) = get_context_info_array($context->id);
94 $this->cm = $cm;
95 $this->course = $course;
ce2a1c4d 96 $fs = get_file_storage();
be534597 97 $this->dir = $fs->get_area_tree($this->context->id, 'mod_assignment', $filearea, $itemid);
6708a1f5
SH
98 if (!empty($CFG->enableportfolios)) {
99 require_once($CFG->libdir . '/portfoliolib.php');
100 $files = $fs->get_area_files($this->context->id, 'mod_assignment', $filearea, $itemid, "timemodified", false);
101 if (count($files) >= 1 && has_capability('mod/assignment:exportownsubmission', $this->context)) {
102 $button = new portfolio_add_button();
37743241 103 $button->set_callback_options('assignment_portfolio_caller', array('id' => $this->cm->id, 'submissionid' => $itemid), 'mod_assignment');
6708a1f5 104 $button->reset_formats();
b777c798 105 $this->portfolioform = $button->to_html(PORTFOLIO_ADD_TEXT_LINK);
6708a1f5 106 }
e525b6f1 107 }
be9608fe 108 $this->preprocess($this->dir, $filearea);
e525b6f1 109 }
be9608fe 110 public function preprocess($dir, $filearea) {
e525b6f1
DC
111 global $CFG;
112 foreach ($dir['subdirs'] as $subdir) {
be9608fe 113 $this->preprocess($subdir, $filearea);
e525b6f1
DC
114 }
115 foreach ($dir['files'] as $file) {
6708a1f5
SH
116 $file->portfoliobutton = '';
117 if (!empty($CFG->enableportfolios)) {
118 $button = new portfolio_add_button();
119 if (has_capability('mod/assignment:exportownsubmission', $this->context)) {
37743241 120 $button->set_callback_options('assignment_portfolio_caller', array('id' => $this->cm->id, 'fileid' => $file->get_id()), 'mod_assignment');
6708a1f5
SH
121 $button->set_format_by_file($file);
122 $file->portfoliobutton = $button->to_html(PORTFOLIO_ADD_ICON_LINK);
123 }
e525b6f1 124 }
2b9d57c4 125 $url = file_encode_url("$CFG->wwwroot/pluginfile.php", '/'.$this->context->id.'/mod_assignment/'.$filearea.'/'.$file->get_itemid(). $file->get_filepath().$file->get_filename(), true);
e525b6f1
DC
126 $filename = $file->get_filename();
127 $file->fileurl = html_writer::link($url, $filename);
128 }
ce2a1c4d
DC
129 }
130}