MDL-52651 htmlpurifier: Append rel=noreferrer to links.
[moodle.git] / mod / data / field / url / field.class.php
1 <?php
2 ///////////////////////////////////////////////////////////////////////////
3 //                                                                       //
4 // NOTICE OF COPYRIGHT                                                   //
5 //                                                                       //
6 // Moodle - Modular Object-Oriented Dynamic Learning Environment         //
7 //          http://moodle.org                                            //
8 //                                                                       //
9 // Copyright (C) 1999-onwards Moodle Pty Ltd  http://moodle.com          //
10 //                                                                       //
11 // This program is free software; you can redistribute it and/or modify  //
12 // it under the terms of the GNU General Public License as published by  //
13 // the Free Software Foundation; either version 2 of the License, or     //
14 // (at your option) any later version.                                   //
15 //                                                                       //
16 // This program is distributed in the hope that it will be useful,       //
17 // but WITHOUT ANY WARRANTY; without even the implied warranty of        //
18 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         //
19 // GNU General Public License for more details:                          //
20 //                                                                       //
21 //          http://www.gnu.org/copyleft/gpl.html                         //
22 //                                                                       //
23 ///////////////////////////////////////////////////////////////////////////
25 class data_field_url extends data_field_base {
26     var $type = 'url';
28     function display_add_field($recordid = 0, $formdata = null) {
29         global $CFG, $DB, $OUTPUT, $PAGE;
31         require_once($CFG->dirroot. '/repository/lib.php'); // necessary for the constants used in args
33         $args = new stdClass();
34         $args->accepted_types = '*';
35         $args->return_types = FILE_EXTERNAL;
36         $args->context = $this->context;
37         $args->env = 'url';
38         $fp = new file_picker($args);
39         $options = $fp->options;
41         $fieldid = 'field_url_'.$options->client_id;
43         $straddlink = get_string('choosealink', 'repository');
44         $url = '';
45         $text = '';
46         if ($formdata) {
47             $fieldname = 'field_' . $this->field->id . '_0';
48             $url = $formdata->$fieldname;
49             $fieldname = 'field_' . $this->field->id . '_1';
50             if (isset($formdata->$fieldname)) {
51                 $text = $formdata->$fieldname;
52             }
53         } else if ($recordid) {
54             if ($content = $DB->get_record('data_content', array('fieldid'=>$this->field->id, 'recordid'=>$recordid))) {
55                 $url  = $content->content;
56                 $text = $content->content1;
57             }
58         }
60         $autolinkable = !empty($this->field->param1) and empty($this->field->param2);
62         $str = '<div title="' . s($this->field->description) . '">';
64         $label = '<label for="' . $fieldid . '"><span class="accesshide">' . $this->field->name . '</span>';
65         if ($this->field->required) {
66             $image = html_writer::img($OUTPUT->pix_url('req'), get_string('requiredelement', 'form'),
67                                       array('class' => 'req', 'title' => get_string('requiredelement', 'form')));
68             if ($autolinkable) {
69                 $label .= html_writer::div(get_string('requiredelement', 'form'), 'accesshide');
70             } else {
71                 $label .= html_writer::div($image, 'inline-req');
72             }
73         }
74         $label .= '</label>';
76         if ($autolinkable) {
77             $str .= '<table><tr><td align="right">';
78             $str .= '<span class="mod-data-input">' . get_string('url', 'data') . ':</span>';
79             if (!empty($image)) {
80                 $str .= $image;
81             }
82             $str .= '</td><td>';
83             $str .= $label;
84             $str .= '<input type="text" name="field_'.$this->field->id.'_0" id="'.$fieldid.'" value="'.s($url).'" size="60" />';
85             $str .= '<button id="filepicker-button-'.$options->client_id.'" style="display:none">'.$straddlink.'</button></td></tr>';
86             $str .= '<tr><td align="right"><span class="mod-data-input">'.get_string('text', 'data').':</span></td><td>';
87             $str .= '<input type="text" name="field_'.$this->field->id.'_1" id="field_'.$this->field->id.'_1" value="'.s($text).'"';
88             $str .= ' size="60" /></td></tr>';
89             $str .= '</table>';
90         } else {
91             // Just the URL field
92             $str .= $label;
93             $str .= '<input type="text" name="field_'.$this->field->id.'_0" id="'.$fieldid.'" value="'.s($url).'"';
94             $str .= ' size="60" class="mod-data-input" />';
95             if (count($options->repositories) > 0) {
96                 $str .= '<button id="filepicker-button-'.$options->client_id.'" class="visibleifjs">'.$straddlink.'</button>';
97             }
98         }
100         // print out file picker
101         //$str .= $OUTPUT->render($fp);
103         $module = array('name'=>'data_urlpicker', 'fullpath'=>'/mod/data/data.js', 'requires'=>array('core_filepicker'));
104         $PAGE->requires->js_init_call('M.data_urlpicker.init', array($options), true, $module);
105         $str .= '</div>';
106         return $str;
107     }
109     function display_search_field($value = '') {
110         return '<label class="accesshide" for="f_'.$this->field->id.'">' . get_string('fieldname', 'data') . '</label>' .
111                '<input type="text" size="16" id="f_'.$this->field->id.'" name="f_'.$this->field->id.'" value="'.s($value).'" />';
112     }
114     function parse_search_field() {
115         return optional_param('f_'.$this->field->id, '', PARAM_NOTAGS);
116     }
118     function generate_sql($tablealias, $value) {
119         global $DB;
121         static $i=0;
122         $i++;
123         $name = "df_url_$i";
124         return array(" ({$tablealias}.fieldid = {$this->field->id} AND ".$DB->sql_like("{$tablealias}.content", ":$name", false).") ", array($name=>"%$value%"));
125     }
127     function display_browse_field($recordid, $template) {
128         global $DB;
130         if ($content = $DB->get_record('data_content', array('fieldid'=>$this->field->id, 'recordid'=>$recordid))) {
131             $url = empty($content->content)? '':$content->content;
132             $text = empty($content->content1)? '':$content->content1;
133             if (empty($url) or ($url == 'http://')) {
134                 return '';
135             }
136             if (!empty($this->field->param2)) {
137                 // param2 forces the text to something
138                 $text = $this->field->param2;
139             }
140             if ($this->field->param1) {
141                 // param1 defines whether we want to autolink the url.
142                 $attributes = array();
143                 if ($this->field->param3) {
144                     // param3 defines whether this URL should open in a new window.
145                     $attributes['target'] = '_blank';
146                     $attributes['rel'] = 'noreferrer';
147                 }
149                 if (empty($text)) {
150                     $text = $url;
151                 }
153                 $str = html_writer::link($url, $text, $attributes);
154             } else {
155                 $str = $url;
156             }
157             return $str;
158         }
159         return false;
160     }
162     function update_content($recordid, $value, $name='') {
163         global $DB;
165         $content = new stdClass();
166         $content->fieldid = $this->field->id;
167         $content->recordid = $recordid;
168         $names = explode('_', $name);
170         switch ($names[2]) {
171             case 0:
172                 // update link
173                 $content->content = clean_param($value, PARAM_URL);
174                 break;
175             case 1:
176                 // add text
177                 $content->content1 = clean_param($value, PARAM_NOTAGS);
178                 break;
179             default:
180                 break;
181         }
183         if (!empty($content->content) && (strpos($content->content, '://') === false)
184                 && (strpos($content->content, '/') !== 0)) {
185             $content->content = 'http://' . $content->content;
186         }
188         if ($oldcontent = $DB->get_record('data_content', array('fieldid'=>$this->field->id, 'recordid'=>$recordid))) {
189             $content->id = $oldcontent->id;
190             return $DB->update_record('data_content', $content);
191         } else {
192             return $DB->insert_record('data_content', $content);
193         }
194     }
196     function notemptyfield($value, $name) {
197         $names = explode('_',$name);
198         $value = clean_param($value, PARAM_URL);
199         //clean first
200         if ($names[2] == '0') {
201             return ($value!='http://' && !empty($value));
202         }
203         return false;
204     }
206     function export_text_value($record) {
207         return $record->content . " " . $record->content1;
208     }