MDL-33791 Portfolio: Fixed security issue with passing file paths.
[moodle.git] / user / portfoliologs.php
CommitLineData
8bde1611 1<?php
2
ce221eb5 3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * This file is part of the User section Moodle
20 *
21 * @copyright 1999 Martin Dougiamas http://dougiamas.com
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 * @package user
24 */
25
8bde1611 26require_once(dirname(dirname(__FILE__)) . '/config.php');
27
28if (empty($CFG->enableportfolios)) {
29 print_error('disabled', 'portfolio');
30}
31
32require_once($CFG->libdir . '/portfoliolib.php');
834ad953 33require_once($CFG->libdir . '/portfolio/exporter.php');
8bde1611 34
f6017569
MC
35$courseid = optional_param('courseid', SITEID, PARAM_INT);
36$page = optional_param('page', 0, PARAM_INT);
37$perpage = optional_param('perpage', 10, PARAM_INT);
ce221eb5 38
f6017569 39if (! $course = $DB->get_record("course", array("id"=>$courseid))) {
8bde1611 40 print_error('invalidcourseid');
41}
42
f6017569
MC
43require_login($course, false);
44
8bde1611 45$user = $USER;
46$fullname = fullname($user);
47$strportfolios = get_string('portfolios', 'portfolio');
48
f6017569 49$url = new moodle_url('/user/portfoliologs.php', array('courseid'=>$courseid));
8bde1611 50
100e0d49
DC
51navigation_node::override_active_url(new moodle_url('/user/portfoliologs.php', array('courseid'=>$courseid)));
52
ce221eb5 53if ($page !== 0) {
54 $url->param('page', $page);
55}
56if ($perpage !== 0) {
57 $url->param('perpage', $perpage);
58}
ce221eb5 59
f6017569 60$PAGE->set_url($url);
caa8363f 61$PAGE->set_title("$course->fullname: $fullname: $strportfolios");
62$PAGE->set_heading($course->fullname);
43731030 63$PAGE->set_context(context_user::instance($user->id));
f6017569 64$PAGE->set_pagelayout('standard');
8bde1611 65
caa8363f 66echo $OUTPUT->header();
8bde1611 67
8bde1611 68$showroles = 1;
c95a6095 69$somethingprinted = false;
8bde1611 70
c95a6095
PL
71echo $OUTPUT->box_start();
72
59dd457e 73$queued = $DB->get_records('portfolio_tempdata', array('userid' => $USER->id), 'expirytime DESC', 'id, expirytime');
8bde1611 74if (count($queued) > 0) {
f2f085ee 75 $table = new html_table();
8bde1611 76 $table->head = array(
77 get_string('displayarea', 'portfolio'),
78 get_string('plugin', 'portfolio'),
79 get_string('displayinfo', 'portfolio'),
80 get_string('displayexpiry', 'portfolio'),
c95a6095 81 '',
8bde1611 82 );
83 $table->data = array();
c95a6095 84 $now = time();
8bde1611 85 foreach ($queued as $q){
86 $e = portfolio_exporter::rewaken_object($q->id);
87 $e->verify_rewaken(true);
c95a6095 88 $queued = $e->get('queued');
a6855934 89 $baseurl = new moodle_url('/portfolio/add.php', array('id'=>$q->id, 'logreturn'=>1, 'sesskey'=>sesskey()));
c95a6095 90
c63923bd 91 $iconstr = $OUTPUT->action_icon(new moodle_url($baseurl, array('cancel'=>1)), new pix_icon('t/stop', get_string('cancel')));
c95a6095
PL
92
93 if (!$e->get('queued') && $e->get('expirytime') > $now) {
c63923bd 94 $iconstr .= '&nbsp;' . $OUTPUT->action_icon($baseurl, new pix_icon('t/go', get_string('continue')));
c95a6095 95 }
8bde1611 96 $table->data[] = array(
97 $e->get('caller')->display_name(),
c95a6095 98 (($e->get('instance')) ? $e->get('instance')->get('name') : get_string('noinstanceyet', 'portfolio')),
8bde1611 99 $e->get('caller')->heading_summary(),
100 userdate($q->expirytime),
c95a6095 101 $iconstr,
8bde1611 102 );
103 unset($e); // this could potentially be quite big, so free it.
104 }
f24ca3ce 105 echo $OUTPUT->heading(get_string('queuesummary', 'portfolio'));
16be8974 106 echo html_writer::table($table);
c95a6095 107 $somethingprinted = true;
8bde1611 108}
c95a6095 109// paging - get total count separately
8bde1611 110$logcount = $DB->count_records('portfolio_log', array('userid' => $USER->id));
111if ($logcount > 0) {
f2f085ee 112 $table = new html_table();
8bde1611 113 $table->head = array(
114 get_string('plugin', 'portfolio'),
115 get_string('displayarea', 'portfolio'),
116 get_string('transfertime', 'portfolio'),
117 );
118 $logs = $DB->get_records('portfolio_log', array('userid' => $USER->id), 'time DESC', '*', ($page * $perpage), $perpage);
119 foreach ($logs as $log) {
37743241
MN
120 if (!empty($log->caller_file)) {
121 portfolio_include_callback_file($log->caller_file);
122 } else if (!empty($log->caller_component)) {
123 portfolio_include_callback_file($log->caller_component);
124 } else { // Errrmahgerrrd - this should never happen. Skipping.
125 continue;
126 }
8bde1611 127 $class = $log->caller_class;
128 $pluginname = '';
129 try {
130 $plugin = portfolio_instance($log->portfolio);
5d0dbf13
PL
131 $url = $plugin->resolve_static_continue_url($log->continueurl);
132 if ($url) {
133 $pluginname = '<a href="' . $url . '">' . $plugin->get('name') . '</a>';
134 } else {
135 $pluginname = $plugin->get('name');
136 }
8bde1611 137 } catch (portfolio_exception $e) { // may have been deleted
138 $pluginname = get_string('unknownplugin', 'portfolio');
139 }
140
141 $table->data[] = array(
142 $pluginname,
5d0dbf13 143 '<a href="' . $log->returnurl . '">' . call_user_func(array($class, 'display_name')) . '</a>',
8bde1611 144 userdate($log->time),
145 );
146 }
f24ca3ce 147 echo $OUTPUT->heading(get_string('logsummary', 'portfolio'));
929d7a83
PS
148 $pagingbar = new paging_bar($logcount, $page, $perpage, $CFG->wwwroot . '/user/portfoliologs.php?');
149 echo $OUTPUT->render($pagingbar);
16be8974 150 echo html_writer::table($table);
929d7a83 151 echo $OUTPUT->render($pagingbar);
c95a6095 152 $somethingprinted = true;
8bde1611 153}
c95a6095
PL
154if (!$somethingprinted) {
155 echo $OUTPUT->heading($strportfolios);
156 echo get_string('nologs', 'portfolio');
157}
158echo $OUTPUT->box_end();
f24ca3ce 159echo $OUTPUT->footer();
8bde1611 160
aa6c1ced 161