web services MDL-12886 ws params: objects into an object were not cleaned, neither...
[moodle.git] / repository / filepicker.php
CommitLineData
761265ad 1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16//
17
18require_once('../config.php');
19require_once($CFG->libdir.'/filelib.php');
20require_once('lib.php');
b6fd5aee 21/// Wait as long as it takes for this script to finish
22set_time_limit(0);
23
24require_login();
761265ad 25
26$page = optional_param('page', '', PARAM_RAW); // page
27$client_id = optional_param('client_id', SITEID, PARAM_RAW); // client ID
28$env = optional_param('env', 'filepicker', PARAM_ALPHA); // opened in editor or moodleform
29$file = optional_param('file', '', PARAM_RAW); // file to download
30$title = optional_param('title', '', PARAM_FILE); // new file name
31$itemid = optional_param('itemid', '', PARAM_INT);
32$icon = optional_param('icon', '', PARAM_RAW);
33$action = optional_param('action', '', PARAM_ALPHA);
34$ctx_id = optional_param('ctx_id', SITEID, PARAM_INT); // context ID
009a97ce 35$repo_id = optional_param('repo_id', 0, PARAM_INT); // repository ID
761265ad 36$req_path = optional_param('p', '', PARAM_RAW); // path
009a97ce 37$page = optional_param('page', '', PARAM_RAW);
761265ad 38$callback = optional_param('callback', '', PARAM_CLEANHTML);
39$search_text = optional_param('s', '', PARAM_CLEANHTML);
40
c33aa23b 41$PAGE->set_url('/repository/filepicker.php');
42
761265ad 43// init repository plugin
44$sql = 'SELECT i.name, i.typeid, r.type FROM {repository} r, {repository_instances} i '.
45 'WHERE i.id=? AND i.typeid=r.id';
c33aa23b 46
009a97ce 47if ($repository = $DB->get_record_sql($sql, array($repo_id))) {
761265ad 48 $type = $repository->type;
009a97ce 49 if (file_exists($CFG->dirroot.'/repository/'.$type.'/repository.class.php')) {
50 require_once($CFG->dirroot.'/repository/'.$type.'/repository.class.php');
51 $classname = 'repository_' . $type;
52 try {
53 $repo = new $classname($repo_id, $ctx_id, array('ajax'=>false, 'name'=>$repository->name, 'client_id'=>$client_id));
54 } catch (repository_exception $e){
55 print_error('pluginerror', 'repository');
56 }
57 } else {
58 print_error('invalidplugin', 'repository');
761265ad 59 }
761265ad 60}
c33aa23b 61$url = new moodle_url($CFG->httpswwwroot."/repository/filepicker.php", array('ctx_id' => $ctx_id, 'itemid' => $itemid));
62$home_url = new moodle_url($url, array('action' => 'embedded'));
b6fd5aee 63
14f3c882 64switch ($action) {
ab9cdbb9 65case 'upload':
009a97ce 66 // The uploaded file has been processed in plugin construct function
ab9cdbb9 67 redirect($url, get_string('uploadsucc','repository'));
68 break;
14f3c882 69case 'deletedraft':
70 if (!$context = get_context_instance(CONTEXT_USER, $USER->id)) {
b6fd5aee 71 print_error('wrongcontextid', 'error');
14f3c882 72 }
73 $contextid = $context->id;
74 $fs = get_file_storage();
75 if ($file = $fs->get_file($contextid, 'user_draft', $itemid, '/', $title)) {
76 if($result = $file->delete()) {
c33aa23b 77 header('Location: ' . $home_url->out(false, array(), false));
14f3c882 78 } else {
b6fd5aee 79 print_error('cannotdelete', 'repository');
14f3c882 80 }
81 }
82 exit;
83 break;
78ff2983 84case 'search':
c33aa23b 85 echo '<div><a href="' . $home_url->out() . '">'.get_string('back', 'repository')."</a></div>";
78ff2983 86 try {
87 $search_result = $repo->search($search_text);
88 $search_result['search_result'] = true;
89 $search_result['repo_id'] = $repo_id;
009a97ce 90
91 // TODO: need a better solution
c33aa23b 92 $pagingbar = new moodle_paging_bar();
93 $pagingbar->totalcount = $search_result['total'];
94 $pagingbar->page = $search_result['page'] - 1;
95 $pagingbar->perpage = $search_result['perpage'];
96 $pagingbar->baseurl = clone($url);
97 $pagingbar->baseurl->params(array('search_paging' => 1, 'action' => 'search', 'repo_id' => $repo_id));
98 $pagingbar->pagevar = 'p';
99 echo $OUTPUT->paging_bar($pagingbar);
009a97ce 100
78ff2983 101 echo '<table>';
102 foreach ($search_result['list'] as $item) {
103 echo '<tr>';
104 echo '<td><img src="'.$item['thumbnail'].'" />';
105 echo '</td><td>';
106 if (!empty($item['url'])) {
107 echo '<a href="'.$item['url'].'" target="_blank">'.$item['title'].'</a>';
108 } else {
109 echo $item['title'];
110 }
111 echo '</td>';
112 echo '<td>';
009a97ce 113 echo '<form method="post">';
114 echo '<input type="hidden" name="file" value="'.$item['source'].'"/>';
115 echo '<input type="hidden" name="action" value="confirm"/>';
116 echo '<input type="hidden" name="title" value="'.$item['title'].'"/>';
117 echo '<input type="hidden" name="icon" value="'.$item['thumbnail'].'"/>';
118 echo '<input type="submit" value="'.get_string('select','repository').'" />';
119 echo '</form>';
78ff2983 120 echo '</td>';
009a97ce 121 echo '</tr>';
78ff2983 122 }
123 echo '</table>';
124 } catch (repository_exception $e) {
125 }
126 break;
14f3c882 127case 'list':
128case 'sign':
b6fd5aee 129 print_header();
c33aa23b 130 echo '<div><a href="' . $home_url->out() . '">'.get_string('back', 'repository')."</a></div>";
761265ad 131 if ($repo->check_login()) {
009a97ce 132 $list = $repo->get_listing($req_path, $page);
761265ad 133 $dynload = !empty($list['dynload'])?true:false;
134 if (!empty($list['upload'])) {
c33aa23b 135 echo '<form action="'.$url->out(false).'" method="post" enctype="multipart/form-data" style="display:inline">';
ab9cdbb9 136 echo '<label>'.$list['upload']['label'].': </label>';
761265ad 137 echo '<input type="file" name="repo_upload_file" /><br />';
ab9cdbb9 138 echo '<input type="hidden" name="action" value="upload" /><br />';
139 echo '<input type="hidden" name="repo_id" value="'.$repo_id.'" /><br />';
b6fd5aee 140 echo '<input type="submit" value="'.get_string('upload', 'repository').'" />';
761265ad 141 echo '</form>';
142 } else {
5e98ab96 143 if (!empty($list['path'])) {
144 foreach ($list['path'] as $p) {
145 echo '<form method="post" style="display:inline">';
146 echo '<input type="hidden" name="p" value="'.$p['path'].'"';
147 echo '<input type="hidden" name="action" value="list"';
148 echo '<input type="submit" value="'.$p['name'].'" />';
149 echo '</form>';
b6fd5aee 150 echo '<strong> / </strong>';
5e98ab96 151 }
761265ad 152 }
009a97ce 153 if (!empty($list['page'])) {
154 // TODO: need a better solution
2b65ce43 155 $pagingurl = new moodle_url("$CFG->httpswwwroot/repository/filepicker.php?action=list&itemid=$itemid&ctx_id=$ctx_id&repo_id=$repo_id");
156 echo $OUTPUT->paging_bar(moodle_paging_bar::make($list['total'], $list['page'] - 1, $list['perpage'], $pagingurl));
009a97ce 157 }
761265ad 158 echo '<table>';
159 foreach ($list['list'] as $item) {
160 echo '<tr>';
161 echo '<td><img src="'.$item['thumbnail'].'" />';
162 echo '</td><td>';
163 if (!empty($item['url'])) {
164 echo '<a href="'.$item['url'].'" target="_blank">'.$item['title'].'</a>';
165 } else {
166 echo $item['title'];
167 }
168 echo '</td>';
169 echo '<td>';
170 if (!isset($item['children'])) {
171 echo '<form method="post">';
172 echo '<input type="hidden" name="file" value="'.$item['source'].'"/>';
173 echo '<input type="hidden" name="action" value="confirm"/>';
174 echo '<input type="hidden" name="title" value="'.$item['title'].'"/>';
175 echo '<input type="hidden" name="icon" value="'.$item['thumbnail'].'"/>';
b6fd5aee 176 echo '<input type="submit" value="'.get_string('select','repository').'" />';
761265ad 177 echo '</form>';
178 } else {
179 echo '<form method="post">';
180 echo '<input type="hidden" name="p" value="'.$item['path'].'"/>';
b6fd5aee 181 echo '<input type="submit" value="'.get_string('enter', 'repository').'" />';
761265ad 182 echo '</form>';
183 }
184 echo '</td>';
009a97ce 185 echo '</tr>';
761265ad 186 }
187 echo '</table>';
188 }
189 } else {
190 echo '<form method="post">';
761265ad 191 echo '<input type="hidden" name="action" value="sign" />';
192 echo '<input type="hidden" name="repo_id" value="'.$repo_id.'" />';
78ff2983 193 $repo->print_login();
761265ad 194 echo '</form>';
195 }
6fd42112 196 echo $OUTPUT->footer();
14f3c882 197 break;
198case 'download':
199 $filepath = $repo->get_file($file, $title, $itemid);
009a97ce 200 if (!empty($filepath)) {
14f3c882 201 // normal file path name
202 $info = repository::move_to_filepool($filepath, $title, $itemid);
203 //echo json_encode($info);
204 redirect($url, get_string('downloadsucc','repository'));
009a97ce 205 } else {
206 print_error('cannotdownload', 'repository');
14f3c882 207 }
208
209 break;
210case 'confirm':
b6fd5aee 211 print_header();
212 echo '<div><a href="'.me().'">'.get_string('back', 'repository').'</a></div>';
14f3c882 213 echo '<img src="'.$icon.'" />';
214 echo '<form method="post"><table>';
215 echo '<tr>';
216 echo '<td><label>'.get_string('filename', 'repository').'</label></td>';
217 echo '<td><input type="text" name="title" value="'.$title.'" /></td>';
218 echo '<td><input type="hidden" name="file" value="'.$file.'" /></td>';
219 echo '<td><input type="hidden" name="action" value="download" /></td>';
220 echo '<td><input type="hidden" name="itemid" value="'.$itemid.'" /></td>';
221 echo '</tr>';
222 echo '</table>';
223 echo '<div>';
224 echo '<input type="submit" value="'.get_string('download', 'repository').'" />';
225 echo '</div>';
226 echo '</form>';
6fd42112 227 echo $OUTPUT->footer();
14f3c882 228 break;
ab9cdbb9 229case 'plugins':
230 $user_context = get_context_instance(CONTEXT_USER, $USER->id);
231 $repos = repository::get_instances(array($user_context, get_system_context()), null, true, null, '*', 'ref_id');
232 print_header();
233 echo '<div><ul>';
234 foreach($repos as $repo) {
235 $info = $repo->get_meta();
beb56299 236 $icon = new moodle_action_icon();
c33aa23b 237 $icon->image->src = $info->icon;
238 $icon->image->style = 'height: 16px; width: 16px;';
239 $icon->link->url = clone($url);
240 $icon->link->url->params(array('action' => 'list', 'repo_id' => $info->id));
241 $icon->linktext = $info->name;
242 echo '<li>' . $OUTPUT->action_icon($icon) . '</li>';
ab9cdbb9 243 }
244 echo '</ul></div>';
245 break;
14f3c882 246default:
761265ad 247 $user_context = get_context_instance(CONTEXT_USER, $USER->id);
248 $repos = repository::get_instances(array($user_context, get_system_context()), null, true, null, '*', 'ref_id');
b6fd5aee 249 print_header();
250 $fs = get_file_storage();
251 $context = get_context_instance(CONTEXT_USER, $USER->id);
252 $files = $fs->get_area_files($context->id, 'user_draft', $itemid);
b6fd5aee 253 if (empty($files)) {
254 echo get_string('nofilesattached', 'repository');
255 } else {
256 echo '<ul>';
257 foreach ($files as $file) {
258 if ($file->get_filename()!='.') {
c33aa23b 259 $drafturl = new moodle_url($CFG->httpswwwroot.'/draftfile.php/'.$context->id.'/user_draft/'.$itemid.'/'.$file->get_filename());
260 echo '<li><a href="'.$drafturl->out().'">'.$file->get_filename().'</a> ';
f2a1963c 261 echo '<a href="'.$CFG->httpswwwroot.'/repository/filepicker.php?action=deletedraft&amp;itemid='.$itemid.'&amp;ctx_id='.$ctx_id.'&amp;title='.$file->get_filename().'"><img src="'.$OUTPUT->old_icon_url('t/delete') . '" class="iconsmall" /></a></li>';
b6fd5aee 262 }
263 }
264 echo '</ul>';
265 }
c33aa23b 266 $url->param('action', 'plugins');
267 echo '<div><a href="'.$url->out().'">'.get_string('addfile', 'repository').'</a></div>';
6fd42112 268 echo $OUTPUT->footer();
14f3c882 269 break;
761265ad 270}