MDL-41807 repository_filesystem: Prevent access to parent directories
[moodle.git] / calendar / set.php
1 <?php
3 /////////////////////////////////////////////////////////////////////////////
4 //                                                                         //
5 // NOTICE OF COPYRIGHT                                                     //
6 //                                                                         //
7 // Moodle - Calendar extension                                             //
8 //                                                                         //
9 // Copyright (C) 2003-2004  Greek School Network            www.sch.gr     //
10 //                                                                         //
11 // Designed by:                                                            //
12 //     Avgoustos Tsinakos (tsinakos@teikav.edu.gr)                         //
13 //     Jon Papaioannou (pj@moodle.org)                                     //
14 //                                                                         //
15 // Programming and development:                                            //
16 //     Jon Papaioannou (pj@moodle.org)                                     //
17 //                                                                         //
18 // For bugs, suggestions, etc contact:                                     //
19 //     Jon Papaioannou (pj@moodle.org)                                     //
20 //                                                                         //
21 // The current module was developed at the University of Macedonia         //
22 // (www.uom.gr) under the funding of the Greek School Network (www.sch.gr) //
23 // The aim of this project is to provide additional and improved           //
24 // functionality to the Asynchronous Distance Education service that the   //
25 // Greek School Network deploys.                                           //
26 //                                                                         //
27 // This program is free software; you can redistribute it and/or modify    //
28 // it under the terms of the GNU General Public License as published by    //
29 // the Free Software Foundation; either version 2 of the License, or       //
30 // (at your option) any later version.                                     //
31 //                                                                         //
32 // This program is distributed in the hope that it will be useful,         //
33 // but WITHOUT ANY WARRANTY; without even the implied warranty of          //
34 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           //
35 // GNU General Public License for more details:                            //
36 //                                                                         //
37 //          http://www.gnu.org/copyleft/gpl.html                           //
38 //                                                                         //
39 /////////////////////////////////////////////////////////////////////////////
41 require_once('../config.php');
42 require_once($CFG->dirroot.'/calendar/lib.php');
44 require_sesskey();
46 $var = required_param('var', PARAM_ALPHA);
47 $return = clean_param(base64_decode(required_param('return', PARAM_RAW)), PARAM_URL);
48 $courseid = optional_param('id', -1, PARAM_INT);
49 if ($courseid != -1) {
50     $return = new moodle_url($return, array('course' => $courseid));
51 } else {
52     $return = new moodle_url($return);
53 }
54 $url = new moodle_url('/calendar/set.php', array('return'=>base64_encode($return->out(false)), 'course' => $courseid, 'var'=>$var, 'sesskey'=>sesskey()));
55 $PAGE->set_url($url);
56 $PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
58 switch($var) {
59     case 'showgroups':
60         calendar_set_event_type_display(CALENDAR_EVENT_GROUP);
61         break;
62     case 'showcourses':
63         calendar_set_event_type_display(CALENDAR_EVENT_COURSE);
64         break;
65     case 'showglobal':
66         calendar_set_event_type_display(CALENDAR_EVENT_GLOBAL);
67         break;
68     case 'showuser':
69         calendar_set_event_type_display(CALENDAR_EVENT_USER);
70         break;
71 }
73 redirect($return);