/** * Overriding the normal constructor in order to use * our extended version of MoodleQuickForm, which * will enable this form to use slides * @param string $action Form destination * @param array $customdata Custom data for pre-populating form fields * @param string $method Method of form submission - GET or POST * @param string $target Form's target * @param array $attributes HTML form attributes * @param boolean $editable Whether the form can be edited * @version 2013050801 * @since 2011101901 */ public function __construct($action = null, array $customdata = array(), $method = 'post', $target = '', array $attributes = array(), $editable = true) { if (empty($action)) { $action = strip_querystring(qualified_me()); } $this->_formname = get_class($this); // '_form' suffix kept in order to prevent collisions of form id and other element $this->_customdata = $customdata; $this->_form = new MoodleQuickFormWithSlides($this->_formname, $method, $action, $target, $attributes); if (!$editable) { $this->_form->hardFreeze(); } $this->definition(); $this->_form->addElement('hidden', 'sesskey', null); // automatic sesskey protection $this->_form->setType('sesskey', PARAM_RAW); $this->_form->setDefault('sesskey', sesskey()); $this->_form->addElement('hidden', '_qf__' . $this->_formname, null); // form submission marker $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW); $this->_form->setDefault('_qf__' . $this->_formname, 1); $this->_form->_setDefaultRuleMessages(); // Moodle 2.5 and above have auto-collapsing forms. Not appropriate here! // (Using method_exists() so that 2.0-2.4 and 2.5+ can share the same code base) if (method_exists($this->_form, 'setDisableShortforms')) { $this->_form->setDisableShortforms(true); } // we have to know all input types before processing submission ;-) $this->_process_submission($method); }
/** * This is identical to the overridden function except that it calls ilp_MoodleQuickForm instead * of MoodleQuickForm * @param <type> $action * @param <type> $customdata * @param <type> $method * @param <type> $target * @param <type> $attributes * @param <type> $editable */ function ilp_moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true) { if (empty($action)) { $action = strip_querystring(qualified_me()); } $this->_formname = get_class($this); // '_form' suffix kept in order to prevent collisions of form id and other element $this->_customdata = $customdata; $this->_form =& new ilp_MoodleQuickForm($this->_formname, $method, $action, $target, $attributes); if (!$editable) { $this->_form->hardFreeze(); } //TODO find a way to emulate moodle 2 functionality in 1.9 and check if file manager //$this->set_upload_manager(new upload_manager()); $this->definition(); $this->_form->addElement('hidden', 'sesskey', null); // automatic sesskey protection $this->_form->setType('sesskey', PARAM_RAW); $this->_form->setDefault('sesskey', sesskey()); $this->_form->addElement('hidden', '_qf__' . $this->_formname, null); // form submission marker $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW); $this->_form->setDefault('_qf__' . $this->_formname, 1); $this->_form->_setDefaultRuleMessages(); // we have to know all input types before processing submission ;-) $this->_process_submission($method); }
/** * Extracts file argument either from file parameter or PATH_INFO. * @param string $scriptname name of the calling script * @return string file path (only safe characters) */ function get_file_argument_limited($scriptname) { $relativepath = FALSE; // first try normal parameter (compatible method == no relative links!) if (isset($_GET['file'])) { return makesafe($_GET['file']); } // then try extract file from PATH_INFO (slasharguments method) if (!empty($_SERVER['PATH_INFO'])) { $path_info = $_SERVER['PATH_INFO']; // check that PATH_INFO works == must not contain the script name if (!strpos($path_info, $scriptname)) { return makesafe(rawurldecode($path_info)); } } // now if both fail try the old way // (for compatibility with misconfigured or older buggy php implementations) $arr = get_query($scriptname); if (!empty($arr[1])) { return makesafe(rawurldecode(strip_querystring($arr[1]))); } error('Unexpected PHP set up. Turn off the smartpix config option.'); }
/** * The constructor function calls the abstract function definition() and it will then * process and clean and attempt to validate incoming data. * * It will call your custom validate method to validate data and will also check any rules * you have specified in definition using addRule * * The name of the form (id attribute of the form) is automatically generated depending on * the name you gave the class extending moodleform. You should call your class something * like * * @param string $action the action attribute for the form. If empty defaults to auto detect the * current url. * @param array $customdata if your form defintion method needs access to data such as $course * $cm, etc. to construct the form definition then pass it in this array. You can * use globals for somethings. * @param string $method if you set this to anything other than 'post' then _GET and _POST will * be merged and used as incoming data to the form. * @param string $target target frame for form submission. You will rarely use this. Don't use * it if you don't need to as the target attribute is deprecated in xhtml * strict. * @param mixed $attributes you can pass a string of html attributes here or an array. * @return moodleform */ function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null) { if (empty($action)) { $action = strip_querystring(qualified_me()); } $this->_formname = get_class($this); // '_form' suffix kept in order to prevent collisions of form id and other element $this->_customdata = $customdata; $this->_form =& new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes); $this->set_upload_manager(new upload_manager()); $this->definition(); $this->_form->addElement('hidden', 'sesskey', null); // automatic sesskey protection $this->_form->setDefault('sesskey', sesskey()); $this->_form->addElement('hidden', '_qf__' . $this->_formname, null); // form submission marker $this->_form->setDefault('_qf__' . $this->_formname, 1); $this->_form->_setDefaultRuleMessages(); // we have to know all input types before processing submission ;-) $this->_process_submission($method); // update form definition based on final data $this->definition_after_data(); }
/** * Returns the URL of the HTTP_REFERER, less the querystring portion if required * * @uses $_SERVER * @param boolean $stripquery if true, also removes the query part of the url. * @return string The resulting referer or empty string */ function get_referer($stripquery = true) { if (isset($_SERVER['HTTP_REFERER'])) { if ($stripquery) { return strip_querystring($_SERVER['HTTP_REFERER']); } else { return $_SERVER['HTTP_REFERER']; } } else { return ''; } }
/** * The constructor function calls the abstract function definition() and it will then * process and clean and attempt to validate incoming data. * * It will call your custom validate method to validate data and will also check any rules * you have specified in definition using addRule * * The name of the form (id attribute of the form) is automatically generated depending on * the name you gave the class extending moodleform. You should call your class something * like * * @param mixed $action the action attribute for the form. If empty defaults to auto detect the * current url. If a moodle_url object then outputs params as hidden variables. * @param mixed $customdata if your form defintion method needs access to data such as $course * $cm, etc. to construct the form definition then pass it in this array. You can * use globals for somethings. * @param string $method if you set this to anything other than 'post' then _GET and _POST will * be merged and used as incoming data to the form. * @param string $target target frame for form submission. You will rarely use this. Don't use * it if you don't need to as the target attribute is deprecated in xhtml strict. * @param mixed $attributes you can pass a string of html attributes here or an array. * @param bool $editable */ function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true) { global $CFG, $FULLME; // no standard mform in moodle should allow autocomplete with the exception of user signup if (empty($attributes)) { $attributes = array('autocomplete' => 'off'); } else { if (is_array($attributes)) { $attributes['autocomplete'] = 'off'; } else { if (strpos($attributes, 'autocomplete') === false) { $attributes .= ' autocomplete="off" '; } } } if (empty($action)) { // do not rely on PAGE->url here because dev often do not setup $actualurl properly in admin_externalpage_setup() $action = strip_querystring($FULLME); if (!empty($CFG->sslproxy)) { // return only https links when using SSL proxy $action = preg_replace('/^http:/', 'https:', $action, 1); } //TODO: use following instead of FULLME - see MDL-33015 //$action = strip_querystring(qualified_me()); } // Assign custom data first, so that get_form_identifier can use it. $this->_customdata = $customdata; $this->_formname = $this->get_form_identifier(); $this->_form = new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes); if (!$editable) { $this->_form->hardFreeze(); } // HACK to prevent browsers from automatically inserting the user's password into the wrong fields. $element = $this->_form->addElement('hidden'); $element->setType('password'); $this->definition(); $this->_form->addElement('hidden', 'sesskey', null); // automatic sesskey protection $this->_form->setType('sesskey', PARAM_RAW); $this->_form->setDefault('sesskey', sesskey()); $this->_form->addElement('hidden', '_qf__' . $this->_formname, null); // form submission marker $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW); $this->_form->setDefault('_qf__' . $this->_formname, 1); $this->_form->_setDefaultRuleMessages(); // we have to know all input types before processing submission ;-) $this->_process_submission($method); }
/** * The constructor function calls the abstract function definition() and it will then * process and clean and attempt to validate incoming data. * * It will call your custom validate method to validate data and will also check any rules * you have specified in definition using addRule * * The name of the form (id attribute of the form) is automatically generated depending on * the name you gave the class extending moodleform. You should call your class something * like * * @param mixed $action the action attribute for the form. If empty defaults to auto detect the * current url. If a moodle_url object then outputs params as hidden variables. * @param array $customdata if your form defintion method needs access to data such as $course * $cm, etc. to construct the form definition then pass it in this array. You can * use globals for somethings. * @param string $method if you set this to anything other than 'post' then _GET and _POST will * be merged and used as incoming data to the form. * @param string $target target frame for form submission. You will rarely use this. Don't use * it if you don't need to as the target attribute is deprecated in xhtml * strict. * @param mixed $attributes you can pass a string of html attributes here or an array. * @param bool $editable * @return object moodleform */ function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true) { if (empty($action)) { $action = strip_querystring(qualified_me()); } // Assign custom data first, so that get_form_identifier can use it. $this->_customdata = $customdata; $this->_formname = $this->get_form_identifier(); $this->_form = new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes); if (!$editable) { $this->_form->hardFreeze(); } $this->definition(); $this->_form->addElement('hidden', 'sesskey', null); // automatic sesskey protection $this->_form->setType('sesskey', PARAM_RAW); $this->_form->setDefault('sesskey', sesskey()); $this->_form->addElement('hidden', '_qf__' . $this->_formname, null); // form submission marker $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW); $this->_form->setDefault('_qf__' . $this->_formname, 1); $this->_form->_setDefaultRuleMessages(); // we have to know all input types before processing submission ;-) $this->_process_submission($method); }
function get_baseurl($filtertype, $filterselect) { $getcopy = $_GET; unset($getcopy['blogpage']); $strippedurl = strip_querystring(qualified_me()); if (!empty($getcopy)) { $first = false; $querystring = ''; foreach ($getcopy as $var => $val) { if (!$first) { $first = true; if ($var != 'filterselect' && $var != 'filtertype') { $querystring .= '?' . $var . '=' . $val; $hasparam = true; } else { $querystring .= '?'; } } else { if ($var != 'filterselect' && $var != 'filtertype') { $querystring .= '&' . $var . '=' . $val; $hasparam = true; } } } if (isset($hasparam)) { $querystring .= '&'; } else { $querystring = '?'; } } else { $querystring = '?'; } return strip_querystring(qualified_me()) . $querystring . 'filtertype=' . $filtertype . '&filterselect=' . $filterselect . '&'; }
/** * Will get called before the login page is shownr. Ff NTLM SSO * is enabled, and the user is in the right network, we'll redirect * to the magic NTLM page for SSO... * */ function loginpage_hook() { global $CFG, $SESSION; // HTTPS is potentially required //httpsrequired(); - this must be used before setting the URL, it is already done on the login/index.php if (($_SERVER['REQUEST_METHOD'] === 'GET' || $_SERVER['REQUEST_METHOD'] === 'POST' && get_local_referer() != strip_querystring(qualified_me())) && !empty($this->config->ntlmsso_enabled) && !empty($this->config->ntlmsso_subnet) && empty($_GET['authldap_skipntlmsso']) && (isguestuser() || !isloggedin()) && address_in_subnet(getremoteaddr(), $this->config->ntlmsso_subnet)) { // First, let's remember where we were trying to get to before we got here if (empty($SESSION->wantsurl)) { $SESSION->wantsurl = null; $referer = get_local_referer(false); if ($referer && $referer != $CFG->wwwroot && $referer != $CFG->wwwroot . '/' && $referer != $CFG->httpswwwroot . '/login/' && $referer != $CFG->httpswwwroot . '/login/index.php') { $SESSION->wantsurl = $referer; } } // Now start the whole NTLM machinery. if ($this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESATTEMPT || $this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESFORM) { if (core_useragent::is_ie()) { $sesskey = sesskey(); redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey=' . $sesskey); } else { if ($this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESFORM) { redirect($CFG->httpswwwroot . '/login/index.php?authldap_skipntlmsso=1'); } } } redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_attempt.php'); } // No NTLM SSO, Use the normal login page instead. // If $SESSION->wantsurl is empty and we have a 'Referer:' header, the login // page insists on redirecting us to that page after user validation. If // we clicked on the redirect link at the ntlmsso_finish.php page (instead // of waiting for the redirection to happen) then we have a 'Referer:' header // we don't want to use at all. As we can't get rid of it, just point // $SESSION->wantsurl to $CFG->wwwroot (after all, we came from there). if (empty($SESSION->wantsurl) && get_local_referer() == $CFG->httpswwwroot . '/auth/ldap/ntlmsso_finish.php') { $SESSION->wantsurl = $CFG->wwwroot; } }
/** * Returns the cleaned local URL of the HTTP_REFERER less the URL query string parameters if required. * * @param bool $stripquery if true, also removes the query part of the url. * @return string The resulting referer or empty string. */ function get_local_referer($stripquery = true) { if (isset($_SERVER['HTTP_REFERER'])) { $referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL); if ($stripquery) { return strip_querystring($referer); } else { return $referer; } } else { return ''; } }
print_header_simple('report', '', $navigation, '', "<meta http-equiv='Refresh' content='30;{$FULLME}'>"); print_memorybank_report3($qid); } if ($what === 'studentlist') { $navlinks[] = array('name' => get_string("student_report", "memorybank"), 'link' => '', 'type' => ''); $navigation = build_navigation($navlinks); print_header_simple('report', '', $navigation, '', "<meta http-equiv='Refresh' content='30;{$FULLME}'>"); print_memorybank_report2($memorybank->id, $course); } if ($what === 'add') { global $FULLME; $question = optional_param('question', null); if (!empty($question)) { make_question($memorybank); //echo($FULLME); redirect(strip_querystring($FULLME) . '?what=add&instid=' . $instid); } } if ($what === 'edit') { global $FULLME; $qid = optional_param('qid', null); if (!empty($qid)) { update_questionbank($qid); //redirect('http://moodlehacks.com/mod/memorybank/view.php?id=20',5); //redirect(strip_querystring($FULLME).'?instid=1&qid='.$qid); } } } else { //what is empty if (isset($level)) { $question = get_record('memorybank_bank', 'id', $qid);
/** * Generates the login form for the sideblock * * {@internal{Not sure why this form definition doesn't use * auth_get_login_form, but keep that in mind when making changes.}} */ function auth_generate_login_form() { if (!get_config('installed')) { return; } $action = ''; if (get_config('httpswwwroot')) { $action = rtrim(get_config('httpswwwroot'), '/') . strip_querystring(get_relative_script_path()); } require_once 'pieforms/pieform.php'; if (count_records('institution', 'registerallowed', 1, 'suspended', 0)) { $registerlink = '<a href="' . get_config('wwwroot') . 'register.php" tabindex="2">' . get_string('register') . '</a><br>'; } else { $registerlink = ''; } $loginform = get_login_form_js(pieform(array('name' => 'login', 'renderer' => 'div', 'submit' => false, 'action' => $action, 'plugintype' => 'auth', 'pluginname' => 'internal', 'autofocus' => false, 'elements' => array('login_username' => array('type' => 'text', 'title' => get_string('username') . ':', 'description' => get_string('usernamedescription'), 'defaultvalue' => isset($_POST['login_username']) ? $_POST['login_username'] : '', 'rules' => array('required' => true)), 'login_password' => array('type' => 'password', 'title' => get_string('password') . ':', 'description' => get_string('passworddescription'), 'defaultvalue' => '', 'rules' => array('required' => true)), 'submit' => array('type' => 'submit', 'value' => get_string('login')), 'register' => array('value' => '<div id="login-helplinks">' . $registerlink . '<a href="' . get_config('wwwroot') . 'forgotpass.php" tabindex="2">' . get_string('lostusernamepassword') . '</a></div>'))))); return $loginform; }
function get_baseurl($filtertype, $filterselect) { unset($_GET['blogpage']); $strippedurl = strip_querystring(qualified_me()); if (!empty($_GET)) { $first = false; $querystring = ''; foreach ($_GET as $var => $val) { $var = clean_param($var, PARAM_ALPHANUM); // See MDL-22631 $val = clean_param($val, PARAM_CLEAN); if (!$first) { $first = true; if ($var != 'filterselect' && $var != 'filtertype') { $querystring .= '?' . $var . '=' . $val; $hasparam = true; } else { $querystring .= '?'; } } else { if ($var != 'filterselect' && $var != 'filtertype') { $querystring .= '&' . $var . '=' . $val; $hasparam = true; } } } if (isset($hasparam)) { $querystring .= '&'; } else { $querystring = '?'; } } else { $querystring = '?'; } return strip_querystring(qualified_me()) . $querystring . 'filtertype=' . $filtertype . '&filterselect=' . $filterselect . '&'; }
/** * Prints or returns the code for the "Back to X" where is is the name * of a page format page. * * @return void **/ function page_theme_print_backto_button($return = false) { global $CFG, $SESSION, $COURSE; if (page_theme_config('page_backtobutton')) { if ($COURSE->format == 'page') { $url = qualified_me(); $url = strip_querystring($url); // URLs where the format could be displayed $locations = array($CFG->wwwroot, $CFG->wwwroot . '/', $CFG->wwwroot . '/index.php', $CFG->wwwroot . '/course/view.php', $CFG->wwwroot . '/course/format/page/format.php'); // See if we aren't on a course format page already if (!in_array($url, $locations)) { require_once $CFG->dirroot . '/course/format/page/lib.php'; // Make sure we have a page to go to if ($page = page_get_current_page($COURSE->id)) { if ($COURSE->id == SITEID) { $baseurl = $CFG->wwwroot . '/index.php'; } else { $baseurl = "{$CFG->wwwroot}/course/view.php"; } $output = print_single_button($baseurl, array('id' => $page->courseid, 'page' => $page->id), get_string('backtopage', 'format_page', page_get_name($page)), 'get', '_self', true); if ($return) { return $output; } print $output; } } } } }
/** * Pass no arguments to create a url that refers to this page. Use empty string to create empty url. * * @param string $url url default null means use this page url with no query string * empty string means empty url. * if you pass any other type of url it will be parsed into it's bits, including query string * @param array $params these params override anything in the query string where params have the same name. */ function moodle_url($url = null, $params = array()) { global $FULLME; if ($url !== '') { if ($url === null) { $url = strip_querystring($FULLME); } $parts = parse_url($url); if ($parts === FALSE) { error('invalidurl'); } if (isset($parts['query'])) { parse_str(str_replace('&', '&', $parts['query']), $this->params); } unset($parts['query']); foreach ($parts as $key => $value) { $this->{$key} = $value; } $this->params($params); } }
/** * The constructor function calls the abstract function definition() and it will then * process and clean and attempt to validate incoming data. * * It will call your custom validate method to validate data and will also check any rules * you have specified in definition using addRule * * The name of the form (id attribute of the form) is automatically generated depending on * the name you gave the class extending moodleform. You should call your class something * like * * @param mixed $action the action attribute for the form. If empty defaults to auto detect the * current url. If a moodle_url object then outputs params as hidden variables. * @param mixed $customdata if your form defintion method needs access to data such as $course * $cm, etc. to construct the form definition then pass it in this array. You can * use globals for somethings. * @param string $method if you set this to anything other than 'post' then _GET and _POST will * be merged and used as incoming data to the form. * @param string $target target frame for form submission. You will rarely use this. Don't use * it if you don't need to as the target attribute is deprecated in xhtml strict. * @param mixed $attributes you can pass a string of html attributes here or an array. * @param bool $editable */ function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true) { global $CFG; if (empty($CFG->xmlstrictheaders)) { // no standard mform in moodle should allow autocomplete with the exception of user signup // this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0 if (empty($attributes)) { $attributes = array('autocomplete' => 'off'); } else { if (is_array($attributes)) { $attributes['autocomplete'] = 'off'; } else { if (strpos($attributes, 'autocomplete') === false) { $attributes .= ' autocomplete="off" '; } } } } if (empty($action)) { $action = strip_querystring(qualified_me()); } // Assign custom data first, so that get_form_identifier can use it. $this->_customdata = $customdata; $this->_formname = $this->get_form_identifier(); $this->_form = new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes); if (!$editable) { $this->_form->hardFreeze(); } $this->definition(); $this->_form->addElement('hidden', 'sesskey', null); // automatic sesskey protection $this->_form->setType('sesskey', PARAM_RAW); $this->_form->setDefault('sesskey', sesskey()); $this->_form->addElement('hidden', '_qf__' . $this->_formname, null); // form submission marker $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW); $this->_form->setDefault('_qf__' . $this->_formname, 1); $this->_form->_setDefaultRuleMessages(); // we have to know all input types before processing submission ;-) $this->_process_submission($method); }
/** * Extracts file argument either from file parameter or PATH_INFO * * @param string $scriptname name of the calling script * @return string file path (only safe characters) */ function get_file_argument($scriptname) { global $_SERVER; $relativepath = FALSE; // first try normal parameter (compatible method == no relative links!) $relativepath = optional_param('file', FALSE, PARAM_PATH); if ($relativepath === '/testslasharguments') { echo 'test -1 : Incorrect use - try "file.php/testslasharguments" instead'; //indicate fopen/fread works for health center die; } // then try extract file from PATH_INFO (slasharguments method) if (!$relativepath and !empty($_SERVER['PATH_INFO'])) { $path_info = $_SERVER['PATH_INFO']; // check that PATH_INFO works == must not contain the script name if (!strpos($path_info, $scriptname)) { $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH); if ($relativepath === '/testslasharguments') { echo 'test 1 : Slasharguments test passed. Server confguration is compatible with file.php/1/pic.jpg slashargument setting.'; //indicate ok for health center die; } } } // now if both fail try the old way // (for compatibility with misconfigured or older buggy php implementations) if (!$relativepath) { $arr = explode($scriptname, me()); if (!empty($arr[1])) { $path_info = strip_querystring($arr[1]); $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH); if ($relativepath === '/testslasharguments') { echo 'test 2 : Slasharguments test passed (compatibility hack). Server confguration may be compatible with file.php/1/pic.jpg slashargument setting'; //indicate ok for health center die; } } } return $relativepath; }
/** * Returns the URL of the HTTP_REFERER, less the querystring portion if required. * * @deprecated since Moodle 3.0 MDL-49360 - please do not use this function any more. * @todo MDL-50265 Remove this function in Moodle 3.4. * @param boolean $stripquery if true, also removes the query part of the url. * @return string The resulting referer or empty string. */ function get_referer($stripquery = true) { debugging('get_referer() is deprecated. Please use get_local_referer() instead.', DEBUG_DEVELOPER); if (isset($_SERVER['HTTP_REFERER'])) { if ($stripquery) { return strip_querystring($_SERVER['HTTP_REFERER']); } else { return $_SERVER['HTTP_REFERER']; } } else { return ''; } }
/** * Prints the "Back to X" where is is the name * of a page format page. * * @return void **/ function page_theme_print_backto_button() { global $CFG, $SESSION, $COURSE; if (page_theme_config('page_backtobutton')) { if (isset($COURSE->format) and $COURSE->format == 'page') { $url = qualified_me(); $url = strip_querystring($url); // URLs where the format could be displayed $locations = array($CFG->wwwroot, $CFG->wwwroot . '/', $CFG->wwwroot . '/index.php', $CFG->wwwroot . '/course/view.php', $CFG->wwwroot . '/course/format/page/format.php'); // See if we aren't on a course format page already if (!in_array($url, $locations)) { require_once $CFG->dirroot . '/course/format/page/lib.php'; // Make sure we have a page to go to if ($page = page_get_current_page($COURSE->id)) { echo '<p><span class="button"><a href="' . $CFG->wwwroot . '/course/view.php?id=' . $page->courseid . '&page=' . $page->id . '">' . get_string('backtopage', 'theme_page', page_get_name($page)) . '</a></span></p>'; } } } } }
// Trim whitespace off search query $query = urldecode(trim($query)); // Clean query to remove xss vulnerabilities // urlencoded parameters will be missed by standard optional_param cleaning, so need to double-check after decoding // e.g. a urlencoded <script> in the query will appear to optional_param as %3Cscript%3E and be ignored $query = clean_param($query, PARAM_TEXT); // This url $data = array( 'search' => true, 'query' => urlencode($query), 'searchtype' => $searchtype, 'page' => $page ); $thisurl = new moodle_url(strip_querystring(qualified_me()), array_merge($data, $this->urlparams)); // Extra form data $formdata = array( 'hidden' => $this->urlparams, 'query' => $query, 'searchtype' => $searchtype ); // Generate SQL // Search SQL information $search_info = new stdClass(); $search_info->id = 'id'; $search_info->fullname = 'fullname'; $search_info->sql = null;
/** * helper function for the theme to figure out what header graphic to use */ function tao_header_image() { global $CFG, $COURSE, $db; // first figure out the url mapping $me = me(); $pathinfo = strstr(substr(strstr($CFG->wwwroot, '//'), 2), '/'); //strip out http://mywebsite.com and https://mywebsite.com $me = str_replace($pathinfo, '', $me); //remove any prepended directories $me = strip_querystring($me); //remove any params! // this is dangerous, so use prepared statements. if (!empty($COURSE->id)) { $coursehdrs = get_records('header_image', 'courseid', $COURSE->id, 'sortorder'); if (!empty($coursehdrs)) { foreach ($coursehdrs as $ch) { if (empty($ch->url)) { //if url is empty then all pages with this id must use this image. return tao_header_image_location($ch->image); } elseif (strpos($me, $ch->url) !== false) { return tao_header_image_location($ch->image); } } } } $sth = $db->prepare("SELECT * FROM " . $CFG->prefix . "header_image WHERE url like ? || '%' ORDER BY sortorder LIMIT 1"); if (!($resultset = $db->execute($sth, array($me)))) { if (isset($CFG->defaultcustomheader)) { return $CFG->defaultcustomheader; } return; } if ($resultset->recordCount() == 1) { $image = $resultset->fields['image']; } else { $image = $CFG->defaultcustomheader; } return tao_header_image_location($image); }
/** * Returns the URL of the HTTP_REFERER, less the querystring portion * @return string */ function get_referer() { return strip_querystring(nvl($_SERVER['HTTP_REFERER'])); }
/** * Returns the current page set in the session or * returns the default first page. * * @param int $courseid (Optional) The course in which to check for a page. Defaults to global $COURSE->id * @param boolean $disablehack (Optional) Disable any hacks this funtion may employ * @return mixed A page object if found or false **/ function page_get_current_page($courseid = 0, $disablehack = true) { global $CFG, $USER, $COURSE; if (empty($courseid)) { $courseid = $COURSE->id; } // HACK! This method can be called anywhere - so check to see if // we are navigating and we are now viewing a new page but have not // hit format.php yet (Example: call this method from theme header) if (!$disablehack and $pageid = optional_param('page', 0, PARAM_INT)) { $url = qualified_me(); $url = strip_querystring($url); // URLs where the format could be displayed $locations = array($CFG->wwwroot, $CFG->wwwroot . '/', $CFG->wwwroot . '/index.php', $CFG->wwwroot . '/course/view.php', $CFG->wwwroot . '/course/format/page/format.php'); // See if we are on a course format page already if (in_array($url, $locations)) { if ($page = page_validate_pageid($pageid, $courseid)) { return $page; } } } // Check session for current page ID if (isset($USER->formatpage_display[$courseid])) { if ($page = page_validate_pageid($USER->formatpage_display[$courseid], $courseid)) { return $page; } } // Last try, attempt to get the default page for the course if ($page = page_get_default_page($courseid)) { return $page; } return false; }
* @package feedback */ require_once "../../config.php"; require_once "lib.php"; require_once 'edit_form.php'; $id = required_param('id', PARAM_INT); if ($formdata = data_submitted() and !confirm_sesskey()) { print_error('invalidsesskey'); } $do_show = optional_param('do_show', 'edit', PARAM_ALPHA); $moveupitem = optional_param('moveupitem', false, PARAM_INT); $movedownitem = optional_param('movedownitem', false, PARAM_INT); $moveitem = optional_param('moveitem', false, PARAM_INT); $movehere = optional_param('movehere', false, PARAM_INT); $switchitemrequired = optional_param('switchitemrequired', false, PARAM_INT); $ME = strip_querystring($FULLME); //sometimes it is not correct set // $SESSION->feedback->current_tab = $do_show; $current_tab = $do_show; if ($id) { if (!($cm = get_coursemodule_from_id('feedback', $id))) { print_error('invalidcoursemodule'); } if (!($course = $DB->get_record("course", array("id" => $cm->course)))) { print_error('coursemisconf'); } if (!($feedback = $DB->get_record("feedback", array("id" => $cm->instance)))) { print_error('invalidcoursemodule'); } } $capabilities = feedback_load_capabilities($cm->id);
/** * Will get called before the login page is shownr. Ff NTLM SSO * is enabled, and the user is in the right network, we'll redirect * to the magic NTLM page for SSO... * */ function loginpage_hook() { global $CFG, $SESSION; // HTTPS is potentially required //httpsrequired(); - this must be used before setting the URL, it is already done on the login/index.php if (($_SERVER['REQUEST_METHOD'] === 'GET' // Only on initial GET of loginpage || ($_SERVER['REQUEST_METHOD'] === 'POST' && (get_referer() != strip_querystring(qualified_me())))) // Or when POSTed from another place // See MDL-14071 && !empty($this->config->ntlmsso_enabled) // SSO enabled && !empty($this->config->ntlmsso_subnet) // have a subnet to test for && empty($_GET['authldap_skipntlmsso']) // haven't failed it yet && (isguestuser() || !isloggedin()) // guestuser or not-logged-in users && address_in_subnet(getremoteaddr(), $this->config->ntlmsso_subnet)) { // First, let's remember where we were trying to get to before we got here if (empty($SESSION->wantsurl)) { $SESSION->wantsurl = (array_key_exists('HTTP_REFERER', $_SERVER) && $_SERVER['HTTP_REFERER'] != $CFG->wwwroot && $_SERVER['HTTP_REFERER'] != $CFG->wwwroot.'/' && $_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/' && $_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/index.php') ? $_SERVER['HTTP_REFERER'] : NULL; } // Now start the whole NTLM machinery. if(!empty($this->config->ntlmsso_ie_fastpath)) { // Shortcut for IE browsers: skip the attempt page if(check_browser_version('MSIE')) { $sesskey = sesskey(); redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey); } else { redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1'); } } else { redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php'); } } // No NTLM SSO, Use the normal login page instead. // If $SESSION->wantsurl is empty and we have a 'Referer:' header, the login // page insists on redirecting us to that page after user validation. If // we clicked on the redirect link at the ntlmsso_finish.php page (instead // of waiting for the redirection to happen) then we have a 'Referer:' header // we don't want to use at all. As we can't get rid of it, just point // $SESSION->wantsurl to $CFG->wwwroot (after all, we came from there). if (empty($SESSION->wantsurl) && (get_referer() == $CFG->httpswwwroot.'/auth/ldap/ntlmsso_finish.php')) { $SESSION->wantsurl = $CFG->wwwroot; } }
/** * Must be called after table is defined. Use methods above first. Cannot * use functions below till after calling this method. * @return type? */ function setup() { global $SESSION, $CFG; if (empty($this->columns) || empty($this->uniqueid)) { return false; } if (!isset($SESSION->flextable)) { $SESSION->flextable = array(); } if (!isset($SESSION->flextable[$this->uniqueid])) { $SESSION->flextable[$this->uniqueid] = new stdClass(); $SESSION->flextable[$this->uniqueid]->uniqueid = $this->uniqueid; $SESSION->flextable[$this->uniqueid]->collapse = array(); $SESSION->flextable[$this->uniqueid]->sortby = array(); $SESSION->flextable[$this->uniqueid]->i_first = ''; $SESSION->flextable[$this->uniqueid]->i_last = ''; } $this->sess =& $SESSION->flextable[$this->uniqueid]; if (!empty($_GET[$this->request[ILP_TABLE_VAR_SHOW]]) && isset($this->columns[$_GET[$this->request[ILP_TABLE_VAR_SHOW]]])) { // Show this column $this->sess->collapse[$_GET[$this->request[ILP_TABLE_VAR_SHOW]]] = false; } else { if (!empty($_GET[$this->request[ILP_TABLE_VAR_HIDE]]) && isset($this->columns[$_GET[$this->request[ILP_TABLE_VAR_HIDE]]])) { // Hide this column $this->sess->collapse[$_GET[$this->request[ILP_TABLE_VAR_HIDE]]] = true; if (array_key_exists($_GET[$this->request[ILP_TABLE_VAR_HIDE]], $this->sess->sortby)) { unset($this->sess->sortby[$_GET[$this->request[ILP_TABLE_VAR_HIDE]]]); } } } // Now, update the column attributes for collapsed columns foreach (array_keys($this->columns) as $column) { if (!empty($this->sess->collapse[$column])) { $this->column_style[$column]['width'] = '10px'; } } if (!empty($_GET[$this->request[ILP_TABLE_VAR_SORT]]) && $this->is_sortable($_GET[$this->request[ILP_TABLE_VAR_SORT]]) && (isset($this->columns[$_GET[$this->request[ILP_TABLE_VAR_SORT]]]) || ($_GET[$this->request[ILP_TABLE_VAR_SORT]] == 'firstname' || $_GET[$this->request[ILP_TABLE_VAR_SORT]] == 'lastname') && isset($this->columns['fullname']))) { if (empty($this->sess->collapse[$_GET[$this->request[ILP_TABLE_VAR_SORT]]])) { if (array_key_exists($_GET[$this->request[ILP_TABLE_VAR_SORT]], $this->sess->sortby)) { // This key already exists somewhere. Change its sortorder and bring it to the top. $sortorder = $this->sess->sortby[$_GET[$this->request[ILP_TABLE_VAR_SORT]]] == SORT_ASC ? SORT_DESC : SORT_ASC; unset($this->sess->sortby[$_GET[$this->request[ILP_TABLE_VAR_SORT]]]); $this->sess->sortby = array_merge(array($_GET[$this->request[ILP_TABLE_VAR_SORT]] => $sortorder), $this->sess->sortby); } else { // Key doesn't exist, so just add it to the beginning of the array, ascending order $this->sess->sortby = array_merge(array($_GET[$this->request[ILP_TABLE_VAR_SORT]] => SORT_ASC), $this->sess->sortby); } // Finally, make sure that no more than $this->maxsortkeys are present into the array if (!empty($this->maxsortkeys) && ($sortkeys = count($this->sess->sortby)) > $this->maxsortkeys) { while ($sortkeys-- > $this->maxsortkeys) { array_pop($this->sess->sortby); } } } } // If we didn't sort just now, then use the default sort order if one is defined and the column exists if (empty($this->sess->sortby) && !empty($this->sort_default_column)) { $this->sess->sortby = array($this->sort_default_column => $this->sort_default_order == SORT_DESC ? SORT_DESC : SORT_ASC); } if (isset($_GET[$this->request[ILP_TABLE_VAR_ILAST]])) { if (empty($_GET[$this->request[ILP_TABLE_VAR_ILAST]]) || is_numeric(strpos(get_string('alphabet'), $_GET[$this->request[ILP_TABLE_VAR_ILAST]]))) { $this->sess->i_last = $_GET[$this->request[ILP_TABLE_VAR_ILAST]]; } } if (isset($_GET[$this->request[ILP_TABLE_VAR_IFIRST]])) { if (empty($_GET[$this->request[ILP_TABLE_VAR_IFIRST]]) || is_numeric(strpos(get_string('alphabet'), $_GET[$this->request[ILP_TABLE_VAR_IFIRST]]))) { $this->sess->i_first = $_GET[$this->request[ILP_TABLE_VAR_IFIRST]]; } } if (empty($this->baseurl)) { $getcopy = $_GET; unset($getcopy[$this->request[ILP_TABLE_VAR_SHOW]]); unset($getcopy[$this->request[ILP_TABLE_VAR_HIDE]]); unset($getcopy[$this->request[ILP_TABLE_VAR_SORT]]); unset($getcopy[$this->request[ILP_TABLE_VAR_IFIRST]]); unset($getcopy[$this->request[ILP_TABLE_VAR_ILAST]]); unset($getcopy[$this->request[ILP_TABLE_VAR_PAGE]]); $strippedurl = strip_querystring(qualified_me()); if (!empty($getcopy)) { $first = false; $querystring = ''; foreach ($getcopy as $var => $val) { if (!$first) { $first = true; $querystring .= '?' . $var . '=' . $val; } else { $querystring .= '&' . $var . '=' . $val; } } $this->reseturl = $strippedurl . $querystring; $querystring .= '&'; } else { $this->reseturl = $strippedurl; $querystring = '?'; } $this->baseurl = strip_querystring(qualified_me()) . $querystring; } // If it's "the first time" we 've been here, forget the previous initials filters if (qualified_me() == $this->reseturl) { $this->sess->i_first = ''; $this->sess->i_last = ''; } $this->currpage = optional_param($this->request[ILP_TABLE_VAR_PAGE], 0, PARAM_INT); $this->setup = true; /// Always introduce the "flexible" class for the table if not specified /// No attributes, add flexible class if (empty($this->attributes)) { $this->attributes['class'] = 'flexible'; /// No classes, add flexible class } else { if (!isset($this->attributes['class'])) { $this->attributes['class'] = 'flexible'; /// No flexible class in passed classes, add flexible class } else { if (!in_array('flexible', explode(' ', $this->attributes['class']))) { $this->attributes['class'] = trim('flexible ' . $this->attributes['class']); } } } }
function perf_to_log($info = null) { if (!get_config('perftolog')) { return true; } if (empty($info)) { $info = get_performance_info(); } $logstring = 'PERF: ' . strip_querystring(get_script_path()) . ': '; $logstring .= ' memory_total: ' . $info['memory_total'] . 'B (' . display_size($info['memory_total']) . ') memory_growth: ' . $info['memory_growth'] . 'B (' . display_size($info['memory_growth']) . ')'; $logstring .= ' time: ' . $info['realtime'] . 's'; $logstring .= ' includecount: ' . $info['includecount']; $logstring .= ' dbqueries: ' . $info['dbreads'] . ' reads, ' . $info['dbwrites'] . ' writes, ' . $info['dbcached'] . ' cached'; $logstring .= ' ticks: ' . $info['ticks'] . ' user: '******'utime'] . ' sys: ' . $info['stime'] . ' cuser: '******'cutime'] . ' csys: ' . $info['cstime']; $logstring .= ' serverload: ' . $info['serverload']; log_debug($logstring); }
public function get_baseurl() { $getcopy = $_GET; unset($getcopy['blogpage']); if (!empty($getcopy)) { $first = false; $querystring = ''; foreach ($getcopy as $var => $val) { if (!$first) { $first = true; $querystring .= "?{$var}={$val}"; } else { $querystring .= '&' . $var . '=' . $val; $hasparam = true; } } } else { $querystring = '?'; } return strip_querystring(qualified_me()) . $querystring; }
function me() { /* returns the name of the current script, without the querystring portion */ global $PHP_SELF, $REQUEST_URI; $my_url = isset($REQUEST_URI) ? $REQUEST_URI : $PHP_SELF; return strip_querystring($my_url); }