MDL-44962 mod_wiki: No input filter
[moodle.git] / mod / wiki / edit.php
CommitLineData
00710f4c
DC
1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * This file contains all necessary code to edit a wiki page
20 *
593b8385 21 * @package mod_wiki
7db38cd5
SH
22 * @copyright 2009 Marc Alier, Jordi Piguillem marc.alier@upc.edu
23 * @copyright 2009 Universitat Politecnica de Catalunya http://www.upc.edu
00710f4c
DC
24 *
25 * @author Jordi Piguillem
26 * @author Marc Alier
27 * @author David Jimenez
28 * @author Josep Arus
29 * @author Kenneth Riba
30 *
31 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
32 */
33
34require_once('../../config.php');
35
36require_once($CFG->dirroot . '/mod/wiki/lib.php');
37require_once($CFG->dirroot . '/mod/wiki/locallib.php');
38require_once($CFG->dirroot . '/mod/wiki/pagelib.php');
39
40$pageid = required_param('pageid', PARAM_INT);
41$contentformat = optional_param('contentformat', '', PARAM_ALPHA);
42$option = optional_param('editoption', '', PARAM_TEXT);
082f6c34 43$section = optional_param('section', "", PARAM_RAW);
00710f4c 44$version = optional_param('version', -1, PARAM_INT);
00710f4c
DC
45$attachments = optional_param('attachments', 0, PARAM_INT);
46$deleteuploads = optional_param('deleteuploads', 0, PARAM_RAW);
47
6ff768a6 48$newcontent = '';
97f2eb45 49if (!empty($newcontent) && is_array($newcontent)) {
367a75fa
SH
50 $newcontent = $newcontent['text'];
51}
52
00710f4c
DC
53if (!$page = wiki_get_page($pageid)) {
54 print_error('incorrectpageid', 'wiki');
55}
56
57if (!$subwiki = wiki_get_subwiki($page->subwikiid)) {
58 print_error('incorrectsubwikiid', 'wiki');
59}
60
61if (!$wiki = wiki_get_wiki($subwiki->wikiid)) {
62 print_error('incorrectwikiid', 'wiki');
63}
64
65if (!$cm = get_coursemodule_from_instance('wiki', $wiki->id)) {
66 print_error('invalidcoursemodule');
67}
68
74df2951 69$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
00710f4c
DC
70
71if (!empty($section) && !$sectioncontent = wiki_get_section_page($page, $section)) {
72 print_error('invalidsection', 'wiki');
73}
74
0f70da0f 75require_login($course, true, $cm);
00710f4c 76
1df23626 77$context = context_module::instance($cm->id);
3a7b9b76
MG
78
79if (!wiki_user_can_edit($subwiki)) {
80 print_error('cannoteditpage', 'wiki');
81}
00710f4c 82
00710f4c
DC
83if ($option == get_string('save', 'wiki')) {
84 if (!confirm_sesskey()) {
85 print_error(get_string('invalidsesskey', 'wiki'));
86 }
87 $wikipage = new page_wiki_save($wiki, $subwiki, $cm);
88 $wikipage->set_page($page);
89 $wikipage->set_newcontent($newcontent);
90 $wikipage->set_upload(true);
91} else {
92 if ($option == get_string('preview')) {
93 if (!confirm_sesskey()) {
94 print_error(get_string('invalidsesskey', 'wiki'));
95 }
96 $wikipage = new page_wiki_preview($wiki, $subwiki, $cm);
97 $wikipage->set_page($page);
00710f4c
DC
98 } else {
99 if ($option == get_string('cancel')) {
100 //delete lock
101 wiki_delete_locks($page->id, $USER->id, $section);
102
103 redirect($CFG->wwwroot . '/mod/wiki/view.php?pageid=' . $pageid);
104 } else {
105 $wikipage = new page_wiki_edit($wiki, $subwiki, $cm);
106 $wikipage->set_page($page);
107 $wikipage->set_upload($option == get_string('upload', 'wiki'));
108 }
109 }
110
111 if (has_capability('mod/wiki:overridelock', $context)) {
112 $wikipage->set_overridelock(true);
113 }
114}
115
116if ($version >= 0) {
117 $wikipage->set_versionnumber($version);
118}
119
120if (!empty($section)) {
121 $wikipage->set_section($sectioncontent, $section);
122}
123
124if (!empty($attachments)) {
125 $wikipage->set_attachments($attachments);
126}
127
128if (!empty($deleteuploads)) {
129 $wikipage->set_deleteuploads($deleteuploads);
130}
131
132if (!empty($contentformat)) {
133 $wikipage->set_format($contentformat);
134}
135
136$wikipage->print_header();
137
138$wikipage->print_content();
139
140$wikipage->print_footer();