MDL-33791 Portfolio: Fixed security issue with passing file paths.
[moodle.git] / mod / glossary / export.php
CommitLineData
5fa0208e 1<?php
4f4ca7b5 2
5fa0208e 3require_once("../../config.php");
4require_once("lib.php");
fe32b4f6 5
5fa0208e 6$id = required_param('id', PARAM_INT); // Course Module ID
4f4ca7b5 7
5fa0208e 8$mode= optional_param('mode', '', PARAM_ALPHA); // term entry cat date letter search author approval
9$hook= optional_param('hook', '', PARAM_CLEAN); // the term, entry, cat, etc... to look for based on mode
10$cat = optional_param('cat',0, PARAM_ALPHANUM);
4f4ca7b5 11
a6855934 12$url = new moodle_url('/mod/glossary/export.php', array('id'=>$id));
5fa0208e 13if ($cat !== 0) {
14 $url->param('cat', $cat);
15}
16if ($mode !== '') {
17 $url->param('mode', $mode);
18}
1ca1c8f8 19
5fa0208e 20$PAGE->set_url($url);
fe32b4f6 21
5fa0208e 22if (! $cm = get_coursemodule_from_id('glossary', $id)) {
23 print_error('invalidcoursemodule');
24}
fe32b4f6 25
5fa0208e 26if (! $course = $DB->get_record("course", array("id"=>$cm->course))) {
27 print_error('coursemisconf');
28}
29
30if (! $glossary = $DB->get_record("glossary", array("id"=>$cm->instance))) {
31 print_error('invalidid', 'glossary');
32}
fe32b4f6 33
cdbea7ee 34require_login($course, false, $cm);
9f555b8f 35
e0a91e11 36$context = context_module::instance($cm->id);
5fa0208e 37require_capability('mod/glossary:export', $context);
4f4ca7b5 38
5fa0208e 39$strglossaries = get_string("modulenameplural", "glossary");
40$strglossary = get_string("modulename", "glossary");
41$strallcategories = get_string("allcategories", "glossary");
42$straddentry = get_string("addentry", "glossary");
43$strnoentries = get_string("noentries", "glossary");
5fa0208e 44$strsearchindefinition = get_string("searchindefinition", "glossary");
45$strsearch = get_string("search");
46$strexportfile = get_string("exportfile", "glossary");
47$strexportentries = get_string('exportentriestoxml', 'glossary');
fe32b4f6 48
a6855934 49$PAGE->set_url('/mod/glossary/export.php', array('id'=>$cm->id));
5fa0208e 50$PAGE->navbar->add($strexportentries);
51$PAGE->set_title(format_string($glossary->name));
2e4fd166 52$PAGE->set_heading($course->fullname);
ec81373f 53
5fa0208e 54echo $OUTPUT->header();
55echo $OUTPUT->heading($strexportentries);
56echo $OUTPUT->box_start('glossarydisplay generalbox');
1ca1c8f8
PS
57$exporturl = moodle_url::make_pluginfile_url($context->id, 'mod_glossary', 'export', 0, "/$cat/", 'export.xml', true);
58
5fa0208e 59?>
1ca1c8f8 60 <form action="<?php echo $exporturl->out(); ?>" method="post">
904d60d4 61 <table border="0" cellpadding="6" cellspacing="6" width="100%">
62 <tr><td align="center">
c2c54ac0 63 <input type="submit" value="<?php p($strexportfile)?>" />
212039c0 64 </td></tr></table>
5bd76d7f 65 <div>
5bd76d7f 66 </div>
212039c0 67 </form>
a5c3d160 68<?php
86a3996d 69 // don't need cap check here, we share with the general export.
6708a1f5 70 if (!empty($CFG->enableportfolios) && $DB->count_records('glossary_entries', array('glossaryid' => $glossary->id))) {
866d543f 71 require_once($CFG->libdir . '/portfoliolib.php');
0d06b6fd 72 $button = new portfolio_add_button();
37743241 73 $button->set_callback_options('glossary_full_portfolio_caller', array('id' => $cm->id), 'mod_glossary');
0d06b6fd 74 $button->render();
866d543f 75 }
9f555b8f 76 echo $OUTPUT->box_end();
0578c9a2 77 echo $OUTPUT->footer();
4528ab53 78?>