Example #1
0
/**
 * This function saves a new wiki page.
 * @author Patrick Cool <*****@*****.**>, Ghent University
 * @todo consider merging this with the function save_wiki into one single function.
 * @return string Message of success
 **/
function save_new_wiki()
{
    global $charset;
    global $tbl_wiki;
    global $assig_user_id;
    //need for assignments mode
    global $tbl_wiki_conf;
    global $page;
    // cleaning the variables
    $_clean['assignment'] = Database::escape_string($_POST['assignment']);
    // session_id
    $session_id = api_get_session_id();
    if ($_clean['assignment'] == 2 || $_clean['assignment'] == 1) {
        // Unlike ordinary pages of pages of assignments. Allow create a ordinary page although there is a assignment with the same name
        $page = str_replace(' ', '_', $_POST['title'] . "_uass" . $assig_user_id);
    } else {
        $page = str_replace(' ', '_', $_POST['title']);
    }
    $_clean['reflink'] = Database::escape_string(strip_tags(api_htmlentities($page)));
    $_clean['title'] = Database::escape_string(strip_tags(trim($_POST['title'])));
    $_clean['content'] = Database::escape_string($_POST['content']);
    if (api_get_setting('htmlpurifier_wiki') == 'true') {
        $purifier = new HTMLPurifier();
        $_clean['content'] = $purifier->purify($_clean['content']);
    }
    //re-check after strip_tags if the title is empty
    if (empty($_clean['title']) || empty($_clean['reflink'])) {
        return false;
    }
    if ($_clean['assignment'] == 2) {
        //config by default for individual assignment (students)
        $_clean['user_id'] = (int) Database::escape_string($assig_user_id);
        //Identifies the user as a creator, not the teacher who created
        $_clean['visibility'] = 0;
        $_clean['visibility_disc'] = 0;
        $_clean['ratinglock_disc'] = 0;
    } else {
        $_clean['user_id'] = api_get_user_id();
        $_clean['visibility'] = 1;
        $_clean['visibility_disc'] = 1;
        $_clean['ratinglock_disc'] = 1;
    }
    $_clean['comment'] = Database::escape_string($_POST['comment']);
    $_clean['progress'] = Database::escape_string($_POST['progress']);
    $_clean['version'] = 1;
    if (isset($_SESSION['_gid'])) {
        $_clean['group_id'] = (int) $_SESSION['_gid'];
    }
    if (isset($_GET['group_id'])) {
        $_clean['group_id'] = (int) Database::escape_string($_GET['group_id']);
    }
    $_clean['linksto'] = links_to($_clean['content']);
    //check wikilinks
    //cleaning config variables
    $_clean['task'] = Database::escape_string($_POST['task']);
    $_clean['feedback1'] = Database::escape_string($_POST['feedback1']);
    $_clean['feedback2'] = Database::escape_string($_POST['feedback2']);
    $_clean['feedback3'] = Database::escape_string($_POST['feedback3']);
    $_clean['fprogress1'] = Database::escape_string($_POST['fprogress1']);
    $_clean['fprogress2'] = Database::escape_string($_POST['fprogress2']);
    $_clean['fprogress3'] = Database::escape_string($_POST['fprogress3']);
    if ($_POST['initstartdate'] == 1) {
        $_clean['startdate_assig'] = Database::escape_string(get_date_from_select('startdate_assig'));
    } else {
        $_clean['startdate_assig'] = Database::escape_string($_POST['startdate_assig']);
    }
    if ($_POST['initenddate'] == 1) {
        $_clean['enddate_assig'] = Database::escape_string(get_date_from_select('enddate_assig'));
    } else {
        $_clean['enddate_assig'] = Database::escape_string($_POST['enddate_assig']);
    }
    $_clean['delayedsubmit'] = Database::escape_string($_POST['delayedsubmit']);
    $_clean['max_text'] = Database::escape_string($_POST['max_text']);
    $_clean['max_version'] = Database::escape_string($_POST['max_version']);
    $course_id = api_get_course_int_id();
    //filter no _uass
    if (api_eregi('_uass', $_POST['title']) || (api_strtoupper(trim($_POST['title'])) == 'INDEX' || api_strtoupper(trim(api_htmlentities($_POST['title'], ENT_QUOTES, $charset))) == api_strtoupper(api_htmlentities(get_lang('DefaultTitle'), ENT_QUOTES, $charset)))) {
        $message = get_lang('GoAndEditMainPage');
        Display::display_warning_message($message, false);
    } else {
        $var = $_clean['reflink'];
        $group_id = Security::remove_XSS($_GET['group_id']);
        if (!checktitle($var)) {
            return get_lang('WikiPageTitleExist') . '<a href="index.php?action=edit&amp;title=' . $var . '&group_id=' . $group_id . '">' . $_POST['title'] . '</a>';
        } else {
            $dtime = date("Y-m-d H:i:s");
            $sql = "INSERT INTO " . $tbl_wiki . " (c_id, reflink, title, content, user_id, group_id, dtime, visibility, visibility_disc, ratinglock_disc, assignment, comment, progress, version, linksto, user_ip, session_id) VALUES\n            \t\t({$course_id}, '" . $_clean['reflink'] . "','" . $_clean['title'] . "','" . $_clean['content'] . "','" . $_clean['user_id'] . "','" . $_clean['group_id'] . "','" . $dtime . "','" . $_clean['visibility'] . "','" . $_clean['visibility_disc'] . "','" . $_clean['ratinglock_disc'] . "','" . $_clean['assignment'] . "','" . $_clean['comment'] . "','" . $_clean['progress'] . "','" . $_clean['version'] . "','" . $_clean['linksto'] . "','" . Database::escape_string($_SERVER['REMOTE_ADDR']) . "', '" . Database::escape_string($session_id) . "')";
            $result = Database::query($sql);
            $Id = Database::insert_id();
            if ($Id > 0) {
                //insert into item_property
                api_item_property_update(api_get_course_info(), TOOL_WIKI, $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']);
            }
            $sql = 'UPDATE ' . $tbl_wiki . ' SET page_id="' . $Id . '" WHERE c_id = ' . $course_id . ' AND id="' . $Id . '"';
            Database::query($sql);
            //insert wiki config
            $sql = "INSERT INTO " . $tbl_wiki_conf . " (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit) VALUES\n          \t\t({$course_id}, '" . $Id . "','" . $_clean['task'] . "','" . $_clean['feedback1'] . "','" . $_clean['feedback2'] . "','" . $_clean['feedback3'] . "','" . $_clean['fprogress1'] . "','" . $_clean['fprogress2'] . "','" . $_clean['fprogress3'] . "','" . $_clean['max_text'] . "','" . $_clean['max_version'] . "','" . $_clean['startdate_assig'] . "','" . $_clean['enddate_assig'] . "','" . $_clean['delayedsubmit'] . "')";
            Database::query($sql);
            check_emailcue(0, 'A');
            return get_lang('NewWikiSaved');
        }
    }
    //end filter no _uass
}
Example #2
0
function printheader($generate, $pagename, $desc = "", $templ = "")
{
    global $set, $pagenum, $editextra, $selected, $langmessage, $cntt, $LNEversion, $prefix;
    if ($generate) {
        $out .= "\n<?php\n\tprint checktitle();\n?>\n";
    } else {
        $out .= checktitle();
    }
    $out .= "<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\n";
    $out .= "<meta http-equiv='Content-Language' content='" . $set['language'] . "' />\n";
    $out .= "<meta http-equiv='Content-Script-Type' content='text/javascript' />\n";
    $out .= "<meta http-equiv='Content-Style-Type' content='text/css' />\n";
    $out .= "<meta name='keywords' content='" . $set['keywords'] . "' />\n";
    $out .= "<meta name='description' content=\"";
    if ($desc != "") {
        $out .= $desc;
    } else {
        $out .= $set['description'];
    }
    $out .= "\" />\n";
    $out .= "<meta name='author' content='" . $set['author'] . "' />\n";
    $out .= "<meta name='generator' content='LightNEasy " . $LNEversion . "' />\n";
    $out .= "<meta name='Robots' content='index,follow' />\n";
    $out .= "<meta http-equiv='imagetoolbar' content='no' /><!-- disable IE's image toolbar -->\n";
    if (num_rows(dbquery("SELECT titulo FROM " . $prefix . "noticias"))) {
        $out .= "<link rel=\"alternate\" type=\"application/rss+xml\" title=\"LightNEasy RSS Feed\" href=\"LightNEasy/rss.php\" />\n";
        $out .= "<link rel=\"alternate\" type=\"application/atom+xml\" title=\"LightNEasy Atom Feed\" href=\"LightNEasy/atom.php\" />\n";
    }
    $out .= "<link rel='stylesheet' type='text/css' href='templates/";
    if ($templ != "") {
        $out .= $templ;
    } else {
        if ($selected['template'] != "") {
            $out .= $selected['template'];
        } else {
            $out .= $set['template'];
        }
    }
    $out .= "/style.css' />\n";
    $out .= "<link rel='stylesheet' type='text/css' href='css/lightneasy.css' />\n";
    if ($generate) {
        $out .= "<?php\n\tprint checkaddons();\n?>\n";
    } else {
        $out .= checkaddons();
    }
    if ($generate) {
        $out .= credits();
    }
    return $out;
}
Example #3
0
            $table->set_header(3, get_lang('Date'), true);
            $table->display();
        }
    }
}
// Adding a new page
// Display the form for adding a new wiki page
echo '<div style="overflow:hidden">';
if ($_GET['action'] == 'addnew') {
    if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false, true) == false) {
        api_not_allowed();
    }
    echo '<div class="actions">' . get_lang('AddNew') . '</div>';
    echo '<br/>';
    //first, check if page index was created. chektitle=false
    if (checktitle('index')) {
        if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group($_user['user_id'], $_SESSION['_gid'])) {
            Display::display_normal_message(get_lang('GoAndEditMainPage'));
        } else {
            return Display::display_normal_message(get_lang('WikiStandBy'));
        }
    } elseif (check_addnewpagelock() == 0 && (api_is_allowed_to_edit(false, true) == false || api_is_platform_admin() == false)) {
        Display::display_error_message(get_lang('AddPagesLocked'));
    } else {
        if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group($_user['user_id'], $_SESSION['_gid']) || Security::remove_XSS($_GET['group_id']) == 0) {
            display_new_wiki_form();
        } else {
            Display::display_normal_message(get_lang('OnlyAddPagesGroupMembers'));
        }
    }
}