MDL-34311 mod_url: Missing setType on the external url
[moodle.git] / mod / url / mod_form.php
CommitLineData
58a27a74 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * URL configuration form
20 *
2b641d15
PS
21 * @package mod
22 * @subpackage url
23 * @copyright 2009 Petr Skoda {@link http://skodak.org}
24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
58a27a74 25 */
26
2b641d15 27defined('MOODLE_INTERNAL') || die;
bfebaf64 28
58a27a74 29require_once ($CFG->dirroot.'/course/moodleform_mod.php');
30require_once($CFG->dirroot.'/mod/url/locallib.php');
31
32class mod_url_mod_form extends moodleform_mod {
33 function definition() {
34 global $CFG, $DB;
35 $mform = $this->_form;
36
37 $config = get_config('url');
38
39 //-------------------------------------------------------
40 $mform->addElement('header', 'general', get_string('general', 'form'));
41 $mform->addElement('text', 'name', get_string('name'), array('size'=>'48'));
42 if (!empty($CFG->formatstringstriptags)) {
43 $mform->setType('name', PARAM_TEXT);
44 } else {
b8ea3041 45 $mform->setType('name', PARAM_CLEANHTML);
58a27a74 46 }
47 $mform->addRule('name', null, 'required', null, 'client');
48 $this->add_intro_editor($config->requiremodintro);
49
50 //-------------------------------------------------------
51 $mform->addElement('header', 'content', get_string('contentheader', 'url'));
e5dd8e3b 52 $mform->addElement('url', 'externalurl', get_string('externalurl', 'url'), array('size'=>'60'), array('usefilepicker'=>true));
b716cd2b 53 $mform->setType('externalurl', PARAM_URL);
ec3c9dad 54 $mform->addRule('externalurl', null, 'required', null, 'client');
58a27a74 55 //-------------------------------------------------------
56 $mform->addElement('header', 'optionssection', get_string('optionsheader', 'url'));
57
58 if ($this->current->instance) {
59 $options = resourcelib_get_displayoptions(explode(',', $config->displayoptions), $this->current->display);
60 } else {
61 $options = resourcelib_get_displayoptions(explode(',', $config->displayoptions));
62 }
63 if (count($options) == 1) {
64 $mform->addElement('hidden', 'display');
d18e0fe6 65 $mform->setType('display', PARAM_INT);
58a27a74 66 reset($options);
67 $mform->setDefault('display', key($options));
68 } else {
69 $mform->addElement('select', 'display', get_string('displayselect', 'url'), $options);
70 $mform->setDefault('display', $config->display);
71 $mform->setAdvanced('display', $config->display_adv);
a4330d14 72 $mform->addHelpButton('display', 'displayselect', 'url');
58a27a74 73 }
74
75 if (array_key_exists(RESOURCELIB_DISPLAY_POPUP, $options)) {
76 $mform->addElement('text', 'popupwidth', get_string('popupwidth', 'url'), array('size'=>3));
77 if (count($options) > 1) {
78 $mform->disabledIf('popupwidth', 'display', 'noteq', RESOURCELIB_DISPLAY_POPUP);
79 }
80 $mform->setType('popupwidth', PARAM_INT);
81 $mform->setDefault('popupwidth', $config->popupwidth);
82 $mform->setAdvanced('popupwidth', $config->popupwidth_adv);
83
84 $mform->addElement('text', 'popupheight', get_string('popupheight', 'url'), array('size'=>3));
85 if (count($options) > 1) {
86 $mform->disabledIf('popupheight', 'display', 'noteq', RESOURCELIB_DISPLAY_POPUP);
87 }
88 $mform->setType('popupheight', PARAM_INT);
89 $mform->setDefault('popupheight', $config->popupheight);
90 $mform->setAdvanced('popupheight', $config->popupheight_adv);
91 }
92
93 if (array_key_exists(RESOURCELIB_DISPLAY_AUTO, $options) or
94 array_key_exists(RESOURCELIB_DISPLAY_EMBED, $options) or
95 array_key_exists(RESOURCELIB_DISPLAY_FRAME, $options)) {
96 $mform->addElement('checkbox', 'printheading', get_string('printheading', 'url'));
97 $mform->disabledIf('printheading', 'display', 'eq', RESOURCELIB_DISPLAY_POPUP);
98 $mform->disabledIf('printheading', 'display', 'eq', RESOURCELIB_DISPLAY_OPEN);
99 $mform->disabledIf('printheading', 'display', 'eq', RESOURCELIB_DISPLAY_NEW);
100 $mform->setDefault('printheading', $config->printheading);
101 $mform->setAdvanced('printheading', $config->printheading_adv);
102
103 $mform->addElement('checkbox', 'printintro', get_string('printintro', 'url'));
104 $mform->disabledIf('printintro', 'display', 'eq', RESOURCELIB_DISPLAY_POPUP);
105 $mform->disabledIf('printintro', 'display', 'eq', RESOURCELIB_DISPLAY_OPEN);
106 $mform->disabledIf('printintro', 'display', 'eq', RESOURCELIB_DISPLAY_NEW);
107 $mform->setDefault('printintro', $config->printintro);
108 $mform->setAdvanced('printintro', $config->printintro_adv);
109 }
110
111 //-------------------------------------------------------
112 $mform->addElement('header', 'parameterssection', get_string('parametersheader', 'url'));
f08e5e98
PS
113 $mform->addElement('static', 'parametersinfo', '', get_string('parametersheader_help', 'url'));
114 $mform->setAdvanced('parametersinfo');
58a27a74 115
116 if (empty($this->current->parameters)) {
117 $parcount = 5;
118 } else {
119 $parcount = 5 + count(unserialize($this->current->parameters));
120 $parcount = ($parcount > 100) ? 100 : $parcount;
121 }
122 $options = url_get_variable_options($config);
123
124 for ($i=0; $i < $parcount; $i++) {
125 $parameter = "parameter_$i";
126 $variable = "variable_$i";
127 $pargroup = "pargoup_$i";
128 $group = array(
129 $mform->createElement('text', $parameter, '', array('size'=>'12')),
130 $mform->createElement('selectgroups', $variable, '', $options),
131 );
132 $mform->addGroup($group, $pargroup, get_string('parameterinfo', 'url'), ' ', false);
133 $mform->setAdvanced($pargroup);
134 }
135
136 //-------------------------------------------------------
137 $this->standard_coursemodule_elements();
138
139 //-------------------------------------------------------
140 $this->add_action_buttons();
141 }
142
143 function data_preprocessing(&$default_values) {
144 if (!empty($default_values['displayoptions'])) {
145 $displayoptions = unserialize($default_values['displayoptions']);
146 if (isset($displayoptions['printintro'])) {
147 $default_values['printintro'] = $displayoptions['printintro'];
148 }
149 if (isset($displayoptions['printheading'])) {
150 $default_values['printheading'] = $displayoptions['printheading'];
151 }
152 if (!empty($displayoptions['popupwidth'])) {
153 $default_values['popupwidth'] = $displayoptions['popupwidth'];
154 }
155 if (!empty($displayoptions['popupheight'])) {
156 $default_values['popupheight'] = $displayoptions['popupheight'];
157 }
158 }
159 if (!empty($default_values['parameters'])) {
160 $parameters = unserialize($default_values['parameters']);
161 $i = 0;
162 foreach ($parameters as $parameter=>$variable) {
163 $default_values['parameter_'.$i] = $parameter;
164 $default_values['variable_'.$i] = $variable;
165 $i++;
166 }
167 }
168 }
169
4373200f
AKA
170 function validation($data, $files) {
171 $errors = parent::validation($data, $files);
48f69e41
PS
172
173 // Validating Entered url, we are looking for obvious problems only,
174 // teachers are responsible for testing if it actually works.
175
176 // This is not a security validation!! Teachers are allowed to enter "javascript:alert(666)" for example.
177
178 // NOTE: do not try to explain the difference between URL and URI, people would be only confused...
179
4373200f 180 if (empty($data['externalurl'])) {
48f69e41
PS
181 $errors['externalurl'] = get_string('required');
182
183 } else {
184 $url = trim($data['externalurl']);
185 if (empty($url)) {
186 $errors['externalurl'] = get_string('required');
187
188 } else if (preg_match('|^/|', $url)) {
189 // links relative to server root are ok - no validation necessary
190
191 } else if (preg_match('|^[a-z]+://|i', $url) or preg_match('|^https?:|i', $url) or preg_match('|^ftp:|i', $url)) {
192 // normal URL
193 if (!url_appears_valid_url($url)) {
194 $errors['externalurl'] = get_string('invalidurl', 'url');
195 }
196
197 } else if (preg_match('|^[a-z]+:|i', $url)) {
198 // general URI such as teamspeak, mailto, etc. - it may or may not work in all browsers,
199 // we do not validate these at all, sorry
200
201 } else {
202 // invalid URI, we try to fix it by adding 'http://' prefix,
203 // relative links are NOT allowed because we display the link on different pages!
204 if (!url_appears_valid_url('http://'.$url)) {
205 $errors['externalurl'] = get_string('invalidurl', 'url');
206 }
207 }
4373200f
AKA
208 }
209 return $errors;
210 }
211
58a27a74 212}