MDL-21769 fixed input validation
[moodle.git] / mod / data / field / textarea / field.class.php
CommitLineData
1adbd2c3 1<?php
35bcb325 2///////////////////////////////////////////////////////////////////////////
3// //
4// NOTICE OF COPYRIGHT //
5// //
6// Moodle - Modular Object-Oriented Dynamic Learning Environment //
7// http://moodle.org //
8// //
0997e51a 9// Copyright (C) 1999-onwards Moodle Pty Ltd http://moodle.com //
35bcb325 10// //
11// This program is free software; you can redistribute it and/or modify //
12// it under the terms of the GNU General Public License as published by //
13// the Free Software Foundation; either version 2 of the License, or //
601104f2 14// (at your option) any later version. // // //
35bcb325 15// This program is distributed in the hope that it will be useful, //
16// but WITHOUT ANY WARRANTY; without even the implied warranty of //
17// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
18// GNU General Public License for more details: //
19// //
20// http://www.gnu.org/copyleft/gpl.html //
21// //
22///////////////////////////////////////////////////////////////////////////
23
4e033542
SH
24require_once($CFG->dirroot.'/lib/filelib.php');
25require_once($CFG->dirroot.'/repository/lib.php');
26
35bcb325 27class data_field_textarea extends data_field_base {
28
29 var $type = 'textarea';
aab98aaf 30
0997e51a 31 function display_add_field($recordid=0) {
4e033542 32 global $CFG, $DB, $OUTPUT, $PAGE;
0997e51a 33
423bd918 34 $text = '';
35 $format = 0;
36
423bd918 37 $str = '<div title="'.$this->field->description.'">';
aab98aaf 38
4e033542
SH
39 editors_head_setup();
40
41 $options = array();
42 $options['trusttext'] = false;
43 $options['forcehttps'] = false;
44 $options['subdirs'] = false;
45 $options['maxfiles'] = 0;
46 $options['maxbytes'] = 0;
47 $options['changeformat'] = 0;
48 $options['noclean'] = false;
49
50 $itemid = $this->field->id;
51 $field = 'field_'.$itemid;
52
53 if ($recordid && $content = $DB->get_record('data_content', array('fieldid'=>$this->field->id, 'recordid'=>$recordid))){
54 $text = $content->content;
55 $format = $content->content1;
b67bb422 56 $text = clean_text($text, $format);
4e033542
SH
57 } else if (can_use_html_editor()) {
58 $format = FORMAT_HTML;
0997e51a 59 } else {
4e033542
SH
60 $format = FORMAT_PLAIN;
61 }
0997e51a 62
4e033542
SH
63 $editor = get_preferred_texteditor($format);
64 $strformats = format_text_menu();
65 $formats = $editor->get_supported_formats();
66 foreach ($formats as $fid) {
67 $formats[$fid] = $strformats[$fid];
11378212 68 }
4e033542
SH
69 $editor->use_editor($field, $options);
70 $str .= '<div><textarea id="'.$field.'" name="'.$field.'" rows="15" cols="80">'.s($text).'</textarea></div>';
71 $str .= '<div><select name="'.$field.'_content1">';
72 foreach ($formats as $key=>$desc) {
73 $selected = ($format == $key) ? 'selected="selected"' : '';
74 $str .= '<option value="'.s($key).'" '.$selected.'>'.$desc.'</option>';
75 }
76 $str .= '</select>';
4bcc5118 77 $str .= $OUTPUT->help_icon('textformat', get_string('helpformatting'), 'moodle');
4e033542
SH
78 $str .= '</div>';
79
bbe39b6c 80 $str .= '</div>';
35bcb325 81 return $str;
82 }
1adbd2c3
PS
83
84
7900ecb0 85 function display_search_field($value = '') {
1adbd2c3 86 return '<input type="text" size="16" name="f_'.$this->field->id.'" value="'.$value.'" />';
7900ecb0 87 }
1adbd2c3 88
7900ecb0 89 function parse_search_field() {
90 return optional_param('f_'.$this->field->id, '', PARAM_NOTAGS);
91 }
1adbd2c3 92
7900ecb0 93 function generate_sql($tablealias, $value) {
e3487936 94 global $DB;
95
96 $ILIKE = $DB->sql_ilike();
97
98 static $i=0;
99 $i++;
100 $name = "df_picture_$i";
101 return array(" ({$tablealias}.fieldid = {$this->field->id} AND {$tablealias}.content $ILIKE :$name) ", array($name=>"%$value%"));
7900ecb0 102 }
1adbd2c3 103
f1ad19bc 104 function print_after_form() {
f1ad19bc 105 }
aab98aaf 106
107
0997e51a 108 function update_content($recordid, $value, $name='') {
a656d951 109 global $DB;
110
0997e51a 111 $content = new object;
112 $content->fieldid = $this->field->id;
113 $content->recordid = $recordid;
0997e51a 114
115 $names = explode('_', $name);
116 if (!empty($names[2])) {
117 $content->$names[2] = clean_param($value, PARAM_NOTAGS); // content[1-4]
118 } else {
505d3123 119 $content->content = clean_param($value, PARAM_CLEAN);
11378212 120 }
0997e51a 121
a656d951 122 if ($oldcontent = $DB->get_record('data_content', array('fieldid'=>$this->field->id, 'recordid'=>$recordid))) {
11378212 123 $content->id = $oldcontent->id;
a656d951 124 return $DB->update_record('data_content', $content);
0997e51a 125 } else {
a656d951 126 return $DB->insert_record('data_content', $content);
11378212 127 }
128 }
35bcb325 129}
1adbd2c3 130