MDL-25754 improved tag sanitisation and fixed tag autocomplete
[moodle.git] / tag / edit.php
CommitLineData
6bfe7aac 1<?php
c933a060 2
000ebd5c
DM
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * @package core
20 * @subpackage tag
21 * @copyright 2007 Luiz Cruz <luiz.laydner@gmail.com>
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
c933a060 25require_once('../config.php');
26require_once('lib.php');
27require_once('edit_form.php');
c933a060 28
0edd6535 29$tag_id = optional_param('id', 0, PARAM_INT);
30$tag_name = optional_param('tag', '', PARAM_TAG);
9c9d3076 31
c933a060 32require_login();
33
9c9d3076 34if (empty($CFG->usetags)) {
5a2a5331 35 print_error('tagsaredisabled', 'tag');
c933a060 36}
37
0edd6535 38//Editing a tag requires moodle/tag:edit capability
39$systemcontext = get_context_instance(CONTEXT_SYSTEM);
40require_capability('moodle/tag:edit', $systemcontext);
8479c2e0 41
3d535996 42if ($tag_name) {
8479c2e0 43 $tag = tag_get('name', $tag_name, '*');
44} else if ($tag_id) {
45 $tag = tag_get('id', $tag_id, '*');
46}
47
48if (empty($tag)) {
49 redirect($CFG->wwwroot.'/tag/search.php');
3d535996 50}
8479c2e0 51
a6855934 52$PAGE->set_url('/tag/index.php', array('id' => $tag->id));
0edd6535 53$PAGE->set_subpage($tag->id);
54$PAGE->set_context($systemcontext);
55$PAGE->set_blocks_editing_capability('moodle/tag:editblocks');
191b267b 56$PAGE->set_pagelayout('base');
c933a060 57
34b93e39 58$PAGE->requires->yui2_lib('connection');
f44b10ed 59$PAGE->requires->yui2_lib('animation');
34b93e39 60$PAGE->requires->yui2_lib('datasource');
f44b10ed 61$PAGE->requires->yui2_lib('autocomplete');
0edd6535 62
63$tagname = tag_display_name($tag);
c933a060 64
65// set the relatedtags field of the $tag object that will be passed to the form
e7134583 66$tag->relatedtags = tag_get_related_tags_csv(tag_get_related_tags($tag->id, TAG_RELATED_MANUAL), TAG_RETURN_TEXT);
c933a060 67
d4be9d6d 68if (can_use_html_editor()) {
c213773d 69 $options = new stdClass();
d4be9d6d 70 $options->smiley = false;
71 $options->filter = false;
72
73 // convert and remove any XSS
74 $tag->description = format_text($tag->description, $tag->descriptionformat, $options);
75 $tag->descriptionformat = FORMAT_HTML;
76}
77
7e6e76a6 78$errorstring = '';
79
8bdc9cac 80$editoroptions = array('maxfiles'=>EDITOR_UNLIMITED_FILES, 'maxbytes'=>$CFG->maxbytes, 'trusttext'=>false);
64f93798 81$tag = file_prepare_standard_editor($tag, 'description', $editoroptions, $systemcontext, 'tag', 'description', $tag->id);
8bdc9cac
SH
82
83$tagform = new tag_edit_form(null, compact('editoroptions'));
603443b5 84if ( $tag->tagtype == 'official' ) {
85 $tag->tagtype = '1';
86} else {
87 $tag->tagtype = '0';
88}
8bdc9cac 89
c933a060 90$tagform->set_data($tag);
91
7e6e76a6 92// If new data has been sent, update the tag record
c933a060 93if ($tagnew = $tagform->get_data()) {
d4be9d6d 94
603443b5 95 if (has_capability('moodle/tag:manage', $systemcontext)) {
28f64040 96 if (($tag->tagtype != 'default') && (!isset($tagnew->tagtype) || ($tagnew->tagtype != '1'))) {
603443b5 97 tag_type_set($tag->id, 'default');
98
99 } elseif (($tag->tagtype != 'official') && ($tagnew->tagtype == '1')) {
100 tag_type_set($tag->id, 'official');
101 }
102 }
103
3efae234 104 if (!has_capability('moodle/tag:manage', $systemcontext) && !has_capability('moodle/tag:edit', $systemcontext)) {
7e6e76a6 105 unset($tagnew->name);
106 unset($tagnew->rawname);
107
108 } else { // They might be trying to change the rawname, make sure it's a change that doesn't affect name
109 $tagnew->name = array_shift(tag_normalize($tagnew->rawname, TAG_CASE_LOWER));
110
2f4b82f4 111 if ($tag->name != $tagnew->name) { // The name has changed, let's make sure it's not another existing tag
7e6e76a6 112 if (tag_get_id($tagnew->name)) { // Something exists already, so flag an error
113 $errorstring = s($tagnew->rawname).': '.get_string('namesalreadybeeingused', 'tag');
114 }
115 }
116 }
c933a060 117
7e6e76a6 118 if (empty($errorstring)) { // All is OK, let's save it
2f4b82f4 119
64f93798 120 $tagnew = file_postupdate_standard_editor($tagnew, 'description', $editoroptions, $systemcontext, 'tag', 'description', $tag->id);
03221650 121
8bdc9cac
SH
122 tag_description_set($tag_id, $tagnew->description, $tagnew->descriptionformat);
123
7e6e76a6 124 $tagnew->timemodified = time();
125
3efae234 126 if (has_capability('moodle/tag:manage', $systemcontext)) {
127 // rename tag
128 if(!tag_rename($tag->id, $tagnew->rawname)) {
38fb8190 129 print_error('errorupdatingrecord', 'tag');
3efae234 130 }
7e6e76a6 131 }
6bfe7aac 132
b89e4ad8 133 //log tag changes activity
134 //if tag name exist from form, renaming is allow. record log action as rename
6bfe7aac 135 //otherwise, record log action as update
b89e4ad8 136 if (isset($tagnew->name) && ($tag->name != $tagnew->name)){
137 add_to_log($COURSE->id, 'tag', 'update', 'index.php?id='. $tag->id, $tag->name . '->'. $tagnew->name);
138
6bfe7aac 139 } elseif ($tag->description != $tagnew->description) {
b89e4ad8 140 add_to_log($COURSE->id, 'tag', 'update', 'index.php?id='. $tag->id, $tag->name);
141 }
6bfe7aac 142
7e6e76a6 143 //updated related tags
144 tag_set('tag', $tagnew->id, explode(',', trim($tagnew->relatedtags)));
0d626493 145 //print_object($tagnew); die();
6bfe7aac 146
7e6e76a6 147 redirect($CFG->wwwroot.'/tag/index.php?tag='.rawurlencode($tag->name)); // must use $tag here, as the name isn't in the edit form
148 }
c933a060 149}
150
a6855934 151$PAGE->navbar->add(get_string('tags', 'tag'), new moodle_url('/tag/search.php'));
968583af 152$PAGE->navbar->add($tagname);
440e1f1a 153$PAGE->navbar->add(get_string('edit'));
968583af 154$PAGE->set_title(get_string('tag', 'tag') . ' - '. $tagname);
440e1f1a 155$PAGE->set_heading($COURSE->fullname);
968583af 156echo $OUTPUT->header();
73aec3a7 157echo $OUTPUT->heading($tagname, 2);
c933a060 158
7e6e76a6 159if (!empty($errorstring)) {
8f6e7e6c 160 echo $OUTPUT->notification($errorstring);
7e6e76a6 161}
162
c933a060 163$tagform->display();
164
9c9d3076 165if (ajaxenabled()) {
9dec75db 166 $PAGE->requires->js('/tag/tag.js');
593f9b87 167 $PAGE->requires->js_function_call('init_tag_autocomplete', null, true);
9c9d3076 168}
1dd2ba54 169echo $OUTPUT->footer();