/**
  * Overriding the normal constructor in order to use
  * our extended version of MoodleQuickForm, which
  * will enable this form to use slides
  * @param string $action Form destination
  * @param array $customdata Custom data for pre-populating form fields
  * @param string $method Method of form submission - GET or POST
  * @param string $target Form's target
  * @param array $attributes HTML form attributes
  * @param boolean $editable Whether the form can be edited
  * @version 2013050801
  * @since 2011101901
  */
 public function __construct($action = null, array $customdata = array(), $method = 'post', $target = '', array $attributes = array(), $editable = true)
 {
     if (empty($action)) {
         $action = strip_querystring(qualified_me());
     }
     $this->_formname = get_class($this);
     // '_form' suffix kept in order to prevent collisions of form id and other element
     $this->_customdata = $customdata;
     $this->_form = new MoodleQuickFormWithSlides($this->_formname, $method, $action, $target, $attributes);
     if (!$editable) {
         $this->_form->hardFreeze();
     }
     $this->definition();
     $this->_form->addElement('hidden', 'sesskey', null);
     // automatic sesskey protection
     $this->_form->setType('sesskey', PARAM_RAW);
     $this->_form->setDefault('sesskey', sesskey());
     $this->_form->addElement('hidden', '_qf__' . $this->_formname, null);
     // form submission marker
     $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW);
     $this->_form->setDefault('_qf__' . $this->_formname, 1);
     $this->_form->_setDefaultRuleMessages();
     // Moodle 2.5 and above have auto-collapsing forms. Not appropriate here!
     // (Using method_exists() so that 2.0-2.4 and 2.5+ can share the same code base)
     if (method_exists($this->_form, 'setDisableShortforms')) {
         $this->_form->setDisableShortforms(true);
     }
     // we have to know all input types before processing submission ;-)
     $this->_process_submission($method);
 }
 /**
  * This is identical to the overridden function except that it calls ilp_MoodleQuickForm instead
  * of MoodleQuickForm
  * @param <type> $action
  * @param <type> $customdata
  * @param <type> $method
  * @param <type> $target
  * @param <type> $attributes
  * @param <type> $editable
  */
 function ilp_moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true)
 {
     if (empty($action)) {
         $action = strip_querystring(qualified_me());
     }
     $this->_formname = get_class($this);
     // '_form' suffix kept in order to prevent collisions of form id and other element
     $this->_customdata = $customdata;
     $this->_form =& new ilp_MoodleQuickForm($this->_formname, $method, $action, $target, $attributes);
     if (!$editable) {
         $this->_form->hardFreeze();
     }
     //TODO find a way to emulate moodle 2 functionality in 1.9 and check if file manager
     //$this->set_upload_manager(new upload_manager());
     $this->definition();
     $this->_form->addElement('hidden', 'sesskey', null);
     // automatic sesskey protection
     $this->_form->setType('sesskey', PARAM_RAW);
     $this->_form->setDefault('sesskey', sesskey());
     $this->_form->addElement('hidden', '_qf__' . $this->_formname, null);
     // form submission marker
     $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW);
     $this->_form->setDefault('_qf__' . $this->_formname, 1);
     $this->_form->_setDefaultRuleMessages();
     // we have to know all input types before processing submission ;-)
     $this->_process_submission($method);
 }
Example #3
0
/**
 * Extracts file argument either from file parameter or PATH_INFO. 
 * @param string $scriptname name of the calling script
 * @return string file path (only safe characters)
 */
function get_file_argument_limited($scriptname)
{
    $relativepath = FALSE;
    // first try normal parameter (compatible method == no relative links!)
    if (isset($_GET['file'])) {
        return makesafe($_GET['file']);
    }
    // then try extract file from PATH_INFO (slasharguments method)
    if (!empty($_SERVER['PATH_INFO'])) {
        $path_info = $_SERVER['PATH_INFO'];
        // check that PATH_INFO works == must not contain the script name
        if (!strpos($path_info, $scriptname)) {
            return makesafe(rawurldecode($path_info));
        }
    }
    // now if both fail try the old way
    // (for compatibility with misconfigured or older buggy php implementations)
    $arr = get_query($scriptname);
    if (!empty($arr[1])) {
        return makesafe(rawurldecode(strip_querystring($arr[1])));
    }
    error('Unexpected PHP set up. Turn off the smartpix config option.');
}
Example #4
0
 /**
  * The constructor function calls the abstract function definition() and it will then
  * process and clean and attempt to validate incoming data.
  *
  * It will call your custom validate method to validate data and will also check any rules
  * you have specified in definition using addRule
  *
  * The name of the form (id attribute of the form) is automatically generated depending on
  * the name you gave the class extending moodleform. You should call your class something
  * like
  *
  * @param string $action the action attribute for the form. If empty defaults to auto detect the
  *                  current url.
  * @param array $customdata if your form defintion method needs access to data such as $course
  *               $cm, etc. to construct the form definition then pass it in this array. You can
  *               use globals for somethings.
  * @param string $method if you set this to anything other than 'post' then _GET and _POST will
  *               be merged and used as incoming data to the form.
  * @param string $target target frame for form submission. You will rarely use this. Don't use
  *                  it if you don't need to as the target attribute is deprecated in xhtml
  *                  strict.
  * @param mixed $attributes you can pass a string of html attributes here or an array.
  * @return moodleform
  */
 function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null)
 {
     if (empty($action)) {
         $action = strip_querystring(qualified_me());
     }
     $this->_formname = get_class($this);
     // '_form' suffix kept in order to prevent collisions of form id and other element
     $this->_customdata = $customdata;
     $this->_form =& new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes);
     $this->set_upload_manager(new upload_manager());
     $this->definition();
     $this->_form->addElement('hidden', 'sesskey', null);
     // automatic sesskey protection
     $this->_form->setDefault('sesskey', sesskey());
     $this->_form->addElement('hidden', '_qf__' . $this->_formname, null);
     // form submission marker
     $this->_form->setDefault('_qf__' . $this->_formname, 1);
     $this->_form->_setDefaultRuleMessages();
     // we have to know all input types before processing submission ;-)
     $this->_process_submission($method);
     // update form definition based on final data
     $this->definition_after_data();
 }
Example #5
0
/**
 * Returns the URL of the HTTP_REFERER, less the querystring portion if required
 *
 * @uses $_SERVER
 * @param boolean $stripquery if true, also removes the query part of the url.
 * @return string The resulting referer or empty string
 */
function get_referer($stripquery = true)
{
    if (isset($_SERVER['HTTP_REFERER'])) {
        if ($stripquery) {
            return strip_querystring($_SERVER['HTTP_REFERER']);
        } else {
            return $_SERVER['HTTP_REFERER'];
        }
    } else {
        return '';
    }
}
Example #6
0
 /**
  * The constructor function calls the abstract function definition() and it will then
  * process and clean and attempt to validate incoming data.
  *
  * It will call your custom validate method to validate data and will also check any rules
  * you have specified in definition using addRule
  *
  * The name of the form (id attribute of the form) is automatically generated depending on
  * the name you gave the class extending moodleform. You should call your class something
  * like
  *
  * @param mixed $action the action attribute for the form. If empty defaults to auto detect the
  *              current url. If a moodle_url object then outputs params as hidden variables.
  * @param mixed $customdata if your form defintion method needs access to data such as $course
  *              $cm, etc. to construct the form definition then pass it in this array. You can
  *              use globals for somethings.
  * @param string $method if you set this to anything other than 'post' then _GET and _POST will
  *               be merged and used as incoming data to the form.
  * @param string $target target frame for form submission. You will rarely use this. Don't use
  *               it if you don't need to as the target attribute is deprecated in xhtml strict.
  * @param mixed $attributes you can pass a string of html attributes here or an array.
  * @param bool $editable
  */
 function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true)
 {
     global $CFG, $FULLME;
     // no standard mform in moodle should allow autocomplete with the exception of user signup
     if (empty($attributes)) {
         $attributes = array('autocomplete' => 'off');
     } else {
         if (is_array($attributes)) {
             $attributes['autocomplete'] = 'off';
         } else {
             if (strpos($attributes, 'autocomplete') === false) {
                 $attributes .= ' autocomplete="off" ';
             }
         }
     }
     if (empty($action)) {
         // do not rely on PAGE->url here because dev often do not setup $actualurl properly in admin_externalpage_setup()
         $action = strip_querystring($FULLME);
         if (!empty($CFG->sslproxy)) {
             // return only https links when using SSL proxy
             $action = preg_replace('/^http:/', 'https:', $action, 1);
         }
         //TODO: use following instead of FULLME - see MDL-33015
         //$action = strip_querystring(qualified_me());
     }
     // Assign custom data first, so that get_form_identifier can use it.
     $this->_customdata = $customdata;
     $this->_formname = $this->get_form_identifier();
     $this->_form = new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes);
     if (!$editable) {
         $this->_form->hardFreeze();
     }
     // HACK to prevent browsers from automatically inserting the user's password into the wrong fields.
     $element = $this->_form->addElement('hidden');
     $element->setType('password');
     $this->definition();
     $this->_form->addElement('hidden', 'sesskey', null);
     // automatic sesskey protection
     $this->_form->setType('sesskey', PARAM_RAW);
     $this->_form->setDefault('sesskey', sesskey());
     $this->_form->addElement('hidden', '_qf__' . $this->_formname, null);
     // form submission marker
     $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW);
     $this->_form->setDefault('_qf__' . $this->_formname, 1);
     $this->_form->_setDefaultRuleMessages();
     // we have to know all input types before processing submission ;-)
     $this->_process_submission($method);
 }
 /**
  * The constructor function calls the abstract function definition() and it will then
  * process and clean and attempt to validate incoming data.
  *
  * It will call your custom validate method to validate data and will also check any rules
  * you have specified in definition using addRule
  *
  * The name of the form (id attribute of the form) is automatically generated depending on
  * the name you gave the class extending moodleform. You should call your class something
  * like
  *
  * @param mixed $action the action attribute for the form. If empty defaults to auto detect the
  *                  current url. If a moodle_url object then outputs params as hidden variables.
  * @param array $customdata if your form defintion method needs access to data such as $course
  *               $cm, etc. to construct the form definition then pass it in this array. You can
  *               use globals for somethings.
  * @param string $method if you set this to anything other than 'post' then _GET and _POST will
  *               be merged and used as incoming data to the form.
  * @param string $target target frame for form submission. You will rarely use this. Don't use
  *                  it if you don't need to as the target attribute is deprecated in xhtml
  *                  strict.
  * @param mixed $attributes you can pass a string of html attributes here or an array.
  * @param bool $editable
  * @return object moodleform
  */
 function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true)
 {
     if (empty($action)) {
         $action = strip_querystring(qualified_me());
     }
     // Assign custom data first, so that get_form_identifier can use it.
     $this->_customdata = $customdata;
     $this->_formname = $this->get_form_identifier();
     $this->_form = new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes);
     if (!$editable) {
         $this->_form->hardFreeze();
     }
     $this->definition();
     $this->_form->addElement('hidden', 'sesskey', null);
     // automatic sesskey protection
     $this->_form->setType('sesskey', PARAM_RAW);
     $this->_form->setDefault('sesskey', sesskey());
     $this->_form->addElement('hidden', '_qf__' . $this->_formname, null);
     // form submission marker
     $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW);
     $this->_form->setDefault('_qf__' . $this->_formname, 1);
     $this->_form->_setDefaultRuleMessages();
     // we have to know all input types before processing submission ;-)
     $this->_process_submission($method);
 }
Example #8
0
function get_baseurl($filtertype, $filterselect)
{
    $getcopy = $_GET;
    unset($getcopy['blogpage']);
    $strippedurl = strip_querystring(qualified_me());
    if (!empty($getcopy)) {
        $first = false;
        $querystring = '';
        foreach ($getcopy as $var => $val) {
            if (!$first) {
                $first = true;
                if ($var != 'filterselect' && $var != 'filtertype') {
                    $querystring .= '?' . $var . '=' . $val;
                    $hasparam = true;
                } else {
                    $querystring .= '?';
                }
            } else {
                if ($var != 'filterselect' && $var != 'filtertype') {
                    $querystring .= '&amp;' . $var . '=' . $val;
                    $hasparam = true;
                }
            }
        }
        if (isset($hasparam)) {
            $querystring .= '&amp;';
        } else {
            $querystring = '?';
        }
    } else {
        $querystring = '?';
    }
    return strip_querystring(qualified_me()) . $querystring . 'filtertype=' . $filtertype . '&amp;filterselect=' . $filterselect . '&amp;';
}
Example #9
0
 /**
  * Will get called before the login page is shownr. Ff NTLM SSO
  * is enabled, and the user is in the right network, we'll redirect
  * to the magic NTLM page for SSO...
  *
  */
 function loginpage_hook()
 {
     global $CFG, $SESSION;
     // HTTPS is potentially required
     //httpsrequired(); - this must be used before setting the URL, it is already done on the login/index.php
     if (($_SERVER['REQUEST_METHOD'] === 'GET' || $_SERVER['REQUEST_METHOD'] === 'POST' && get_local_referer() != strip_querystring(qualified_me())) && !empty($this->config->ntlmsso_enabled) && !empty($this->config->ntlmsso_subnet) && empty($_GET['authldap_skipntlmsso']) && (isguestuser() || !isloggedin()) && address_in_subnet(getremoteaddr(), $this->config->ntlmsso_subnet)) {
         // First, let's remember where we were trying to get to before we got here
         if (empty($SESSION->wantsurl)) {
             $SESSION->wantsurl = null;
             $referer = get_local_referer(false);
             if ($referer && $referer != $CFG->wwwroot && $referer != $CFG->wwwroot . '/' && $referer != $CFG->httpswwwroot . '/login/' && $referer != $CFG->httpswwwroot . '/login/index.php') {
                 $SESSION->wantsurl = $referer;
             }
         }
         // Now start the whole NTLM machinery.
         if ($this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESATTEMPT || $this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESFORM) {
             if (core_useragent::is_ie()) {
                 $sesskey = sesskey();
                 redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey=' . $sesskey);
             } else {
                 if ($this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESFORM) {
                     redirect($CFG->httpswwwroot . '/login/index.php?authldap_skipntlmsso=1');
                 }
             }
         }
         redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_attempt.php');
     }
     // No NTLM SSO, Use the normal login page instead.
     // If $SESSION->wantsurl is empty and we have a 'Referer:' header, the login
     // page insists on redirecting us to that page after user validation. If
     // we clicked on the redirect link at the ntlmsso_finish.php page (instead
     // of waiting for the redirection to happen) then we have a 'Referer:' header
     // we don't want to use at all. As we can't get rid of it, just point
     // $SESSION->wantsurl to $CFG->wwwroot (after all, we came from there).
     if (empty($SESSION->wantsurl) && get_local_referer() == $CFG->httpswwwroot . '/auth/ldap/ntlmsso_finish.php') {
         $SESSION->wantsurl = $CFG->wwwroot;
     }
 }
Example #10
0
/**
 * Returns the cleaned local URL of the HTTP_REFERER less the URL query string parameters if required.
 *
 * @param bool $stripquery if true, also removes the query part of the url.
 * @return string The resulting referer or empty string.
 */
function get_local_referer($stripquery = true) {
    if (isset($_SERVER['HTTP_REFERER'])) {
        $referer = clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL);
        if ($stripquery) {
            return strip_querystring($referer);
        } else {
            return $referer;
        }
    } else {
        return '';
    }
}
Example #11
0
        print_header_simple('report', '', $navigation, '', "<meta http-equiv='Refresh' content='30;{$FULLME}'>");
        print_memorybank_report3($qid);
    }
    if ($what === 'studentlist') {
        $navlinks[] = array('name' => get_string("student_report", "memorybank"), 'link' => '', 'type' => '');
        $navigation = build_navigation($navlinks);
        print_header_simple('report', '', $navigation, '', "<meta http-equiv='Refresh' content='30;{$FULLME}'>");
        print_memorybank_report2($memorybank->id, $course);
    }
    if ($what === 'add') {
        global $FULLME;
        $question = optional_param('question', null);
        if (!empty($question)) {
            make_question($memorybank);
            //echo($FULLME);
            redirect(strip_querystring($FULLME) . '?what=add&instid=' . $instid);
        }
    }
    if ($what === 'edit') {
        global $FULLME;
        $qid = optional_param('qid', null);
        if (!empty($qid)) {
            update_questionbank($qid);
            //redirect('http://moodlehacks.com/mod/memorybank/view.php?id=20',5);
            //redirect(strip_querystring($FULLME).'?instid=1&qid='.$qid);
        }
    }
} else {
    //what is empty
    if (isset($level)) {
        $question = get_record('memorybank_bank', 'id', $qid);
Example #12
0
/**
 * Generates the login form for the sideblock
 *
 * {@internal{Not sure why this form definition doesn't use 
 * auth_get_login_form, but keep that in mind when making changes.}}
 */
function auth_generate_login_form()
{
    if (!get_config('installed')) {
        return;
    }
    $action = '';
    if (get_config('httpswwwroot')) {
        $action = rtrim(get_config('httpswwwroot'), '/') . strip_querystring(get_relative_script_path());
    }
    require_once 'pieforms/pieform.php';
    if (count_records('institution', 'registerallowed', 1, 'suspended', 0)) {
        $registerlink = '<a href="' . get_config('wwwroot') . 'register.php" tabindex="2">' . get_string('register') . '</a><br>';
    } else {
        $registerlink = '';
    }
    $loginform = get_login_form_js(pieform(array('name' => 'login', 'renderer' => 'div', 'submit' => false, 'action' => $action, 'plugintype' => 'auth', 'pluginname' => 'internal', 'autofocus' => false, 'elements' => array('login_username' => array('type' => 'text', 'title' => get_string('username') . ':', 'description' => get_string('usernamedescription'), 'defaultvalue' => isset($_POST['login_username']) ? $_POST['login_username'] : '', 'rules' => array('required' => true)), 'login_password' => array('type' => 'password', 'title' => get_string('password') . ':', 'description' => get_string('passworddescription'), 'defaultvalue' => '', 'rules' => array('required' => true)), 'submit' => array('type' => 'submit', 'value' => get_string('login')), 'register' => array('value' => '<div id="login-helplinks">' . $registerlink . '<a href="' . get_config('wwwroot') . 'forgotpass.php" tabindex="2">' . get_string('lostusernamepassword') . '</a></div>')))));
    return $loginform;
}
Example #13
0
function get_baseurl($filtertype, $filterselect)
{
    unset($_GET['blogpage']);
    $strippedurl = strip_querystring(qualified_me());
    if (!empty($_GET)) {
        $first = false;
        $querystring = '';
        foreach ($_GET as $var => $val) {
            $var = clean_param($var, PARAM_ALPHANUM);
            // See MDL-22631
            $val = clean_param($val, PARAM_CLEAN);
            if (!$first) {
                $first = true;
                if ($var != 'filterselect' && $var != 'filtertype') {
                    $querystring .= '?' . $var . '=' . $val;
                    $hasparam = true;
                } else {
                    $querystring .= '?';
                }
            } else {
                if ($var != 'filterselect' && $var != 'filtertype') {
                    $querystring .= '&amp;' . $var . '=' . $val;
                    $hasparam = true;
                }
            }
        }
        if (isset($hasparam)) {
            $querystring .= '&amp;';
        } else {
            $querystring = '?';
        }
    } else {
        $querystring = '?';
    }
    return strip_querystring(qualified_me()) . $querystring . 'filtertype=' . $filtertype . '&amp;filterselect=' . $filterselect . '&amp;';
}
/**
 * Prints or returns the code for the "Back to X" where is is the name
 * of a page format page.
 *
 * @return void
 **/
function page_theme_print_backto_button($return = false)
{
    global $CFG, $SESSION, $COURSE;
    if (page_theme_config('page_backtobutton')) {
        if ($COURSE->format == 'page') {
            $url = qualified_me();
            $url = strip_querystring($url);
            // URLs where the format could be displayed
            $locations = array($CFG->wwwroot, $CFG->wwwroot . '/', $CFG->wwwroot . '/index.php', $CFG->wwwroot . '/course/view.php', $CFG->wwwroot . '/course/format/page/format.php');
            // See if we aren't on a course format page already
            if (!in_array($url, $locations)) {
                require_once $CFG->dirroot . '/course/format/page/lib.php';
                // Make sure we have a page to go to
                if ($page = page_get_current_page($COURSE->id)) {
                    if ($COURSE->id == SITEID) {
                        $baseurl = $CFG->wwwroot . '/index.php';
                    } else {
                        $baseurl = "{$CFG->wwwroot}/course/view.php";
                    }
                    $output = print_single_button($baseurl, array('id' => $page->courseid, 'page' => $page->id), get_string('backtopage', 'format_page', page_get_name($page)), 'get', '_self', true);
                    if ($return) {
                        return $output;
                    }
                    print $output;
                }
            }
        }
    }
}
Example #15
0
 /**
  * Pass no arguments to create a url that refers to this page. Use empty string to create empty url.
  *
  * @param string $url url default null means use this page url with no query string
  *                      empty string means empty url.
  *                      if you pass any other type of url it will be parsed into it's bits, including query string
  * @param array $params these params override anything in the query string where params have the same name.
  */
 function moodle_url($url = null, $params = array())
 {
     global $FULLME;
     if ($url !== '') {
         if ($url === null) {
             $url = strip_querystring($FULLME);
         }
         $parts = parse_url($url);
         if ($parts === FALSE) {
             error('invalidurl');
         }
         if (isset($parts['query'])) {
             parse_str(str_replace('&amp;', '&', $parts['query']), $this->params);
         }
         unset($parts['query']);
         foreach ($parts as $key => $value) {
             $this->{$key} = $value;
         }
         $this->params($params);
     }
 }
Example #16
0
 /**
  * The constructor function calls the abstract function definition() and it will then
  * process and clean and attempt to validate incoming data.
  *
  * It will call your custom validate method to validate data and will also check any rules
  * you have specified in definition using addRule
  *
  * The name of the form (id attribute of the form) is automatically generated depending on
  * the name you gave the class extending moodleform. You should call your class something
  * like
  *
  * @param mixed $action the action attribute for the form. If empty defaults to auto detect the
  *              current url. If a moodle_url object then outputs params as hidden variables.
  * @param mixed $customdata if your form defintion method needs access to data such as $course
  *              $cm, etc. to construct the form definition then pass it in this array. You can
  *              use globals for somethings.
  * @param string $method if you set this to anything other than 'post' then _GET and _POST will
  *               be merged and used as incoming data to the form.
  * @param string $target target frame for form submission. You will rarely use this. Don't use
  *               it if you don't need to as the target attribute is deprecated in xhtml strict.
  * @param mixed $attributes you can pass a string of html attributes here or an array.
  * @param bool $editable
  */
 function moodleform($action = null, $customdata = null, $method = 'post', $target = '', $attributes = null, $editable = true)
 {
     global $CFG;
     if (empty($CFG->xmlstrictheaders)) {
         // no standard mform in moodle should allow autocomplete with the exception of user signup
         // this is valid attribute in html5, sorry, we have to ignore validation errors in legacy xhtml 1.0
         if (empty($attributes)) {
             $attributes = array('autocomplete' => 'off');
         } else {
             if (is_array($attributes)) {
                 $attributes['autocomplete'] = 'off';
             } else {
                 if (strpos($attributes, 'autocomplete') === false) {
                     $attributes .= ' autocomplete="off" ';
                 }
             }
         }
     }
     if (empty($action)) {
         $action = strip_querystring(qualified_me());
     }
     // Assign custom data first, so that get_form_identifier can use it.
     $this->_customdata = $customdata;
     $this->_formname = $this->get_form_identifier();
     $this->_form = new MoodleQuickForm($this->_formname, $method, $action, $target, $attributes);
     if (!$editable) {
         $this->_form->hardFreeze();
     }
     $this->definition();
     $this->_form->addElement('hidden', 'sesskey', null);
     // automatic sesskey protection
     $this->_form->setType('sesskey', PARAM_RAW);
     $this->_form->setDefault('sesskey', sesskey());
     $this->_form->addElement('hidden', '_qf__' . $this->_formname, null);
     // form submission marker
     $this->_form->setType('_qf__' . $this->_formname, PARAM_RAW);
     $this->_form->setDefault('_qf__' . $this->_formname, 1);
     $this->_form->_setDefaultRuleMessages();
     // we have to know all input types before processing submission ;-)
     $this->_process_submission($method);
 }
Example #17
0
/**
 * Extracts file argument either from file parameter or PATH_INFO
 *
 * @param string $scriptname name of the calling script
 * @return string file path (only safe characters)
 */
function get_file_argument($scriptname)
{
    global $_SERVER;
    $relativepath = FALSE;
    // first try normal parameter (compatible method == no relative links!)
    $relativepath = optional_param('file', FALSE, PARAM_PATH);
    if ($relativepath === '/testslasharguments') {
        echo 'test -1      : Incorrect use - try "file.php/testslasharguments" instead';
        //indicate fopen/fread works for health center
        die;
    }
    // then try extract file from PATH_INFO (slasharguments method)
    if (!$relativepath and !empty($_SERVER['PATH_INFO'])) {
        $path_info = $_SERVER['PATH_INFO'];
        // check that PATH_INFO works == must not contain the script name
        if (!strpos($path_info, $scriptname)) {
            $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH);
            if ($relativepath === '/testslasharguments') {
                echo 'test 1      : Slasharguments test passed. Server confguration is compatible with file.php/1/pic.jpg slashargument setting.';
                //indicate ok for health center
                die;
            }
        }
    }
    // now if both fail try the old way
    // (for compatibility with misconfigured or older buggy php implementations)
    if (!$relativepath) {
        $arr = explode($scriptname, me());
        if (!empty($arr[1])) {
            $path_info = strip_querystring($arr[1]);
            $relativepath = clean_param(rawurldecode($path_info), PARAM_PATH);
            if ($relativepath === '/testslasharguments') {
                echo 'test 2      : Slasharguments test passed (compatibility hack). Server confguration may be compatible with file.php/1/pic.jpg slashargument setting';
                //indicate ok for health center
                die;
            }
        }
    }
    return $relativepath;
}
Example #18
0
/**
 * Returns the URL of the HTTP_REFERER, less the querystring portion if required.
 *
 * @deprecated since Moodle 3.0 MDL-49360 - please do not use this function any more.
 * @todo MDL-50265 Remove this function in Moodle 3.4.
 * @param boolean $stripquery if true, also removes the query part of the url.
 * @return string The resulting referer or empty string.
 */
function get_referer($stripquery = true)
{
    debugging('get_referer() is deprecated. Please use get_local_referer() instead.', DEBUG_DEVELOPER);
    if (isset($_SERVER['HTTP_REFERER'])) {
        if ($stripquery) {
            return strip_querystring($_SERVER['HTTP_REFERER']);
        } else {
            return $_SERVER['HTTP_REFERER'];
        }
    } else {
        return '';
    }
}
Example #19
0
/**
 * Prints the "Back to X" where is is the name
 * of a page format page.
 *
 * @return void
 **/
function page_theme_print_backto_button()
{
    global $CFG, $SESSION, $COURSE;
    if (page_theme_config('page_backtobutton')) {
        if (isset($COURSE->format) and $COURSE->format == 'page') {
            $url = qualified_me();
            $url = strip_querystring($url);
            // URLs where the format could be displayed
            $locations = array($CFG->wwwroot, $CFG->wwwroot . '/', $CFG->wwwroot . '/index.php', $CFG->wwwroot . '/course/view.php', $CFG->wwwroot . '/course/format/page/format.php');
            // See if we aren't on a course format page already
            if (!in_array($url, $locations)) {
                require_once $CFG->dirroot . '/course/format/page/lib.php';
                // Make sure we have a page to go to
                if ($page = page_get_current_page($COURSE->id)) {
                    echo '<p><span class="button"><a href="' . $CFG->wwwroot . '/course/view.php?id=' . $page->courseid . '&amp;page=' . $page->id . '">' . get_string('backtopage', 'theme_page', page_get_name($page)) . '</a></span></p>';
                }
            }
        }
    }
}
Example #20
0
// Trim whitespace off search query
$query = urldecode(trim($query));

// Clean query to remove xss vulnerabilities
// urlencoded parameters will be missed by standard optional_param cleaning, so need to double-check after decoding
// e.g. a urlencoded <script> in the query will appear to optional_param as %3Cscript%3E and be ignored
$query = clean_param($query, PARAM_TEXT);

// This url
$data = array(
    'search'        => true,
    'query'         => urlencode($query),
    'searchtype'    => $searchtype,
    'page'          => $page
);
$thisurl = new moodle_url(strip_querystring(qualified_me()), array_merge($data, $this->urlparams));

// Extra form data
$formdata = array(
    'hidden'        => $this->urlparams,
    'query'         => $query,
    'searchtype'    => $searchtype
);


// Generate SQL
// Search SQL information
$search_info = new stdClass();
$search_info->id = 'id';
$search_info->fullname = 'fullname';
$search_info->sql = null;
Example #21
0
/**
* helper function for the theme to figure out what header graphic to use
*/
function tao_header_image()
{
    global $CFG, $COURSE, $db;
    // first figure out the url mapping
    $me = me();
    $pathinfo = strstr(substr(strstr($CFG->wwwroot, '//'), 2), '/');
    //strip out http://mywebsite.com and https://mywebsite.com
    $me = str_replace($pathinfo, '', $me);
    //remove any prepended directories
    $me = strip_querystring($me);
    //remove any params!
    // this is dangerous, so use prepared statements.
    if (!empty($COURSE->id)) {
        $coursehdrs = get_records('header_image', 'courseid', $COURSE->id, 'sortorder');
        if (!empty($coursehdrs)) {
            foreach ($coursehdrs as $ch) {
                if (empty($ch->url)) {
                    //if url is empty then all pages with this id must use this image.
                    return tao_header_image_location($ch->image);
                } elseif (strpos($me, $ch->url) !== false) {
                    return tao_header_image_location($ch->image);
                }
            }
        }
    }
    $sth = $db->prepare("SELECT * FROM " . $CFG->prefix . "header_image WHERE url like ? || '%' ORDER BY sortorder LIMIT 1");
    if (!($resultset = $db->execute($sth, array($me)))) {
        if (isset($CFG->defaultcustomheader)) {
            return $CFG->defaultcustomheader;
        }
        return;
    }
    if ($resultset->recordCount() == 1) {
        $image = $resultset->fields['image'];
    } else {
        $image = $CFG->defaultcustomheader;
    }
    return tao_header_image_location($image);
}
Example #22
0
/**
 * Returns the URL of the HTTP_REFERER, less the querystring portion
 * @return string
 */
function get_referer()
{
    return strip_querystring(nvl($_SERVER['HTTP_REFERER']));
}
Example #23
0
/**
 * Returns the current page set in the session or
 * returns the default first page.
 *
 * @param int $courseid (Optional) The course in which to check for a page.  Defaults to global $COURSE->id
 * @param boolean $disablehack (Optional) Disable any hacks this funtion may employ
 * @return mixed A page object if found or false
 **/
function page_get_current_page($courseid = 0, $disablehack = true)
{
    global $CFG, $USER, $COURSE;
    if (empty($courseid)) {
        $courseid = $COURSE->id;
    }
    // HACK! This method can be called anywhere - so check to see if
    // we are navigating and we are now viewing a new page but have not
    // hit format.php yet (Example: call this method from theme header)
    if (!$disablehack and $pageid = optional_param('page', 0, PARAM_INT)) {
        $url = qualified_me();
        $url = strip_querystring($url);
        // URLs where the format could be displayed
        $locations = array($CFG->wwwroot, $CFG->wwwroot . '/', $CFG->wwwroot . '/index.php', $CFG->wwwroot . '/course/view.php', $CFG->wwwroot . '/course/format/page/format.php');
        // See if we are on a course format page already
        if (in_array($url, $locations)) {
            if ($page = page_validate_pageid($pageid, $courseid)) {
                return $page;
            }
        }
    }
    // Check session for current page ID
    if (isset($USER->formatpage_display[$courseid])) {
        if ($page = page_validate_pageid($USER->formatpage_display[$courseid], $courseid)) {
            return $page;
        }
    }
    // Last try, attempt to get the default page for the course
    if ($page = page_get_default_page($courseid)) {
        return $page;
    }
    return false;
}
Example #24
0
* @package feedback
*/
require_once "../../config.php";
require_once "lib.php";
require_once 'edit_form.php';
$id = required_param('id', PARAM_INT);
if ($formdata = data_submitted() and !confirm_sesskey()) {
    print_error('invalidsesskey');
}
$do_show = optional_param('do_show', 'edit', PARAM_ALPHA);
$moveupitem = optional_param('moveupitem', false, PARAM_INT);
$movedownitem = optional_param('movedownitem', false, PARAM_INT);
$moveitem = optional_param('moveitem', false, PARAM_INT);
$movehere = optional_param('movehere', false, PARAM_INT);
$switchitemrequired = optional_param('switchitemrequired', false, PARAM_INT);
$ME = strip_querystring($FULLME);
//sometimes it is not correct set
// $SESSION->feedback->current_tab = $do_show;
$current_tab = $do_show;
if ($id) {
    if (!($cm = get_coursemodule_from_id('feedback', $id))) {
        print_error('invalidcoursemodule');
    }
    if (!($course = $DB->get_record("course", array("id" => $cm->course)))) {
        print_error('coursemisconf');
    }
    if (!($feedback = $DB->get_record("feedback", array("id" => $cm->instance)))) {
        print_error('invalidcoursemodule');
    }
}
$capabilities = feedback_load_capabilities($cm->id);
Example #25
0
    /**
     * Will get called before the login page is shownr. Ff NTLM SSO
     * is enabled, and the user is in the right network, we'll redirect
     * to the magic NTLM page for SSO...
     *
     */
    function loginpage_hook() {
        global $CFG, $SESSION;

        // HTTPS is potentially required
        //httpsrequired(); - this must be used before setting the URL, it is already done on the login/index.php

        if (($_SERVER['REQUEST_METHOD'] === 'GET'         // Only on initial GET of loginpage
             || ($_SERVER['REQUEST_METHOD'] === 'POST'
                 && (get_referer() != strip_querystring(qualified_me()))))
                                                          // Or when POSTed from another place
                                                          // See MDL-14071
            && !empty($this->config->ntlmsso_enabled)     // SSO enabled
            && !empty($this->config->ntlmsso_subnet)      // have a subnet to test for
            && empty($_GET['authldap_skipntlmsso'])       // haven't failed it yet
            && (isguestuser() || !isloggedin())           // guestuser or not-logged-in users
            && address_in_subnet(getremoteaddr(), $this->config->ntlmsso_subnet)) {

            // First, let's remember where we were trying to get to before we got here
            if (empty($SESSION->wantsurl)) {
                $SESSION->wantsurl = (array_key_exists('HTTP_REFERER', $_SERVER) &&
                                      $_SERVER['HTTP_REFERER'] != $CFG->wwwroot &&
                                      $_SERVER['HTTP_REFERER'] != $CFG->wwwroot.'/' &&
                                      $_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/' &&
                                      $_SERVER['HTTP_REFERER'] != $CFG->httpswwwroot.'/login/index.php')
                    ? $_SERVER['HTTP_REFERER'] : NULL;
            }

            // Now start the whole NTLM machinery.
            if(!empty($this->config->ntlmsso_ie_fastpath)) {
                // Shortcut for IE browsers: skip the attempt page
                if(check_browser_version('MSIE')) {
                    $sesskey = sesskey();
                    redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_magic.php?sesskey='.$sesskey);
                } else {
                    redirect($CFG->httpswwwroot.'/login/index.php?authldap_skipntlmsso=1');
                }
            } else {
                redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_attempt.php');
            }
        }

        // No NTLM SSO, Use the normal login page instead.

        // If $SESSION->wantsurl is empty and we have a 'Referer:' header, the login
        // page insists on redirecting us to that page after user validation. If
        // we clicked on the redirect link at the ntlmsso_finish.php page (instead
        // of waiting for the redirection to happen) then we have a 'Referer:' header
        // we don't want to use at all. As we can't get rid of it, just point
        // $SESSION->wantsurl to $CFG->wwwroot (after all, we came from there).
        if (empty($SESSION->wantsurl)
            && (get_referer() == $CFG->httpswwwroot.'/auth/ldap/ntlmsso_finish.php')) {

            $SESSION->wantsurl = $CFG->wwwroot;
        }
    }
 /**
  * Must be called after table is defined. Use methods above first. Cannot
  * use functions below till after calling this method.
  * @return type?
  */
 function setup()
 {
     global $SESSION, $CFG;
     if (empty($this->columns) || empty($this->uniqueid)) {
         return false;
     }
     if (!isset($SESSION->flextable)) {
         $SESSION->flextable = array();
     }
     if (!isset($SESSION->flextable[$this->uniqueid])) {
         $SESSION->flextable[$this->uniqueid] = new stdClass();
         $SESSION->flextable[$this->uniqueid]->uniqueid = $this->uniqueid;
         $SESSION->flextable[$this->uniqueid]->collapse = array();
         $SESSION->flextable[$this->uniqueid]->sortby = array();
         $SESSION->flextable[$this->uniqueid]->i_first = '';
         $SESSION->flextable[$this->uniqueid]->i_last = '';
     }
     $this->sess =& $SESSION->flextable[$this->uniqueid];
     if (!empty($_GET[$this->request[ILP_TABLE_VAR_SHOW]]) && isset($this->columns[$_GET[$this->request[ILP_TABLE_VAR_SHOW]]])) {
         // Show this column
         $this->sess->collapse[$_GET[$this->request[ILP_TABLE_VAR_SHOW]]] = false;
     } else {
         if (!empty($_GET[$this->request[ILP_TABLE_VAR_HIDE]]) && isset($this->columns[$_GET[$this->request[ILP_TABLE_VAR_HIDE]]])) {
             // Hide this column
             $this->sess->collapse[$_GET[$this->request[ILP_TABLE_VAR_HIDE]]] = true;
             if (array_key_exists($_GET[$this->request[ILP_TABLE_VAR_HIDE]], $this->sess->sortby)) {
                 unset($this->sess->sortby[$_GET[$this->request[ILP_TABLE_VAR_HIDE]]]);
             }
         }
     }
     // Now, update the column attributes for collapsed columns
     foreach (array_keys($this->columns) as $column) {
         if (!empty($this->sess->collapse[$column])) {
             $this->column_style[$column]['width'] = '10px';
         }
     }
     if (!empty($_GET[$this->request[ILP_TABLE_VAR_SORT]]) && $this->is_sortable($_GET[$this->request[ILP_TABLE_VAR_SORT]]) && (isset($this->columns[$_GET[$this->request[ILP_TABLE_VAR_SORT]]]) || ($_GET[$this->request[ILP_TABLE_VAR_SORT]] == 'firstname' || $_GET[$this->request[ILP_TABLE_VAR_SORT]] == 'lastname') && isset($this->columns['fullname']))) {
         if (empty($this->sess->collapse[$_GET[$this->request[ILP_TABLE_VAR_SORT]]])) {
             if (array_key_exists($_GET[$this->request[ILP_TABLE_VAR_SORT]], $this->sess->sortby)) {
                 // This key already exists somewhere. Change its sortorder and bring it to the top.
                 $sortorder = $this->sess->sortby[$_GET[$this->request[ILP_TABLE_VAR_SORT]]] == SORT_ASC ? SORT_DESC : SORT_ASC;
                 unset($this->sess->sortby[$_GET[$this->request[ILP_TABLE_VAR_SORT]]]);
                 $this->sess->sortby = array_merge(array($_GET[$this->request[ILP_TABLE_VAR_SORT]] => $sortorder), $this->sess->sortby);
             } else {
                 // Key doesn't exist, so just add it to the beginning of the array, ascending order
                 $this->sess->sortby = array_merge(array($_GET[$this->request[ILP_TABLE_VAR_SORT]] => SORT_ASC), $this->sess->sortby);
             }
             // Finally, make sure that no more than $this->maxsortkeys are present into the array
             if (!empty($this->maxsortkeys) && ($sortkeys = count($this->sess->sortby)) > $this->maxsortkeys) {
                 while ($sortkeys-- > $this->maxsortkeys) {
                     array_pop($this->sess->sortby);
                 }
             }
         }
     }
     // If we didn't sort just now, then use the default sort order if one is defined and the column exists
     if (empty($this->sess->sortby) && !empty($this->sort_default_column)) {
         $this->sess->sortby = array($this->sort_default_column => $this->sort_default_order == SORT_DESC ? SORT_DESC : SORT_ASC);
     }
     if (isset($_GET[$this->request[ILP_TABLE_VAR_ILAST]])) {
         if (empty($_GET[$this->request[ILP_TABLE_VAR_ILAST]]) || is_numeric(strpos(get_string('alphabet'), $_GET[$this->request[ILP_TABLE_VAR_ILAST]]))) {
             $this->sess->i_last = $_GET[$this->request[ILP_TABLE_VAR_ILAST]];
         }
     }
     if (isset($_GET[$this->request[ILP_TABLE_VAR_IFIRST]])) {
         if (empty($_GET[$this->request[ILP_TABLE_VAR_IFIRST]]) || is_numeric(strpos(get_string('alphabet'), $_GET[$this->request[ILP_TABLE_VAR_IFIRST]]))) {
             $this->sess->i_first = $_GET[$this->request[ILP_TABLE_VAR_IFIRST]];
         }
     }
     if (empty($this->baseurl)) {
         $getcopy = $_GET;
         unset($getcopy[$this->request[ILP_TABLE_VAR_SHOW]]);
         unset($getcopy[$this->request[ILP_TABLE_VAR_HIDE]]);
         unset($getcopy[$this->request[ILP_TABLE_VAR_SORT]]);
         unset($getcopy[$this->request[ILP_TABLE_VAR_IFIRST]]);
         unset($getcopy[$this->request[ILP_TABLE_VAR_ILAST]]);
         unset($getcopy[$this->request[ILP_TABLE_VAR_PAGE]]);
         $strippedurl = strip_querystring(qualified_me());
         if (!empty($getcopy)) {
             $first = false;
             $querystring = '';
             foreach ($getcopy as $var => $val) {
                 if (!$first) {
                     $first = true;
                     $querystring .= '?' . $var . '=' . $val;
                 } else {
                     $querystring .= '&amp;' . $var . '=' . $val;
                 }
             }
             $this->reseturl = $strippedurl . $querystring;
             $querystring .= '&amp;';
         } else {
             $this->reseturl = $strippedurl;
             $querystring = '?';
         }
         $this->baseurl = strip_querystring(qualified_me()) . $querystring;
     }
     // If it's "the first time" we 've been here, forget the previous initials filters
     if (qualified_me() == $this->reseturl) {
         $this->sess->i_first = '';
         $this->sess->i_last = '';
     }
     $this->currpage = optional_param($this->request[ILP_TABLE_VAR_PAGE], 0, PARAM_INT);
     $this->setup = true;
     /// Always introduce the "flexible" class for the table if not specified
     /// No attributes, add flexible class
     if (empty($this->attributes)) {
         $this->attributes['class'] = 'flexible';
         /// No classes, add flexible class
     } else {
         if (!isset($this->attributes['class'])) {
             $this->attributes['class'] = 'flexible';
             /// No flexible class in passed classes, add flexible class
         } else {
             if (!in_array('flexible', explode(' ', $this->attributes['class']))) {
                 $this->attributes['class'] = trim('flexible ' . $this->attributes['class']);
             }
         }
     }
 }
Example #27
0
function perf_to_log($info = null)
{
    if (!get_config('perftolog')) {
        return true;
    }
    if (empty($info)) {
        $info = get_performance_info();
    }
    $logstring = 'PERF: ' . strip_querystring(get_script_path()) . ': ';
    $logstring .= ' memory_total: ' . $info['memory_total'] . 'B (' . display_size($info['memory_total']) . ') memory_growth: ' . $info['memory_growth'] . 'B (' . display_size($info['memory_growth']) . ')';
    $logstring .= ' time: ' . $info['realtime'] . 's';
    $logstring .= ' includecount: ' . $info['includecount'];
    $logstring .= ' dbqueries: ' . $info['dbreads'] . ' reads, ' . $info['dbwrites'] . ' writes, ' . $info['dbcached'] . ' cached';
    $logstring .= ' ticks: ' . $info['ticks'] . ' user: ' . $info['utime'] . ' sys: ' . $info['stime'] . ' cuser: ' . $info['cutime'] . ' csys: ' . $info['cstime'];
    $logstring .= ' serverload: ' . $info['serverload'];
    log_debug($logstring);
}
Example #28
0
 public function get_baseurl()
 {
     $getcopy = $_GET;
     unset($getcopy['blogpage']);
     if (!empty($getcopy)) {
         $first = false;
         $querystring = '';
         foreach ($getcopy as $var => $val) {
             if (!$first) {
                 $first = true;
                 $querystring .= "?{$var}={$val}";
             } else {
                 $querystring .= '&amp;' . $var . '=' . $val;
                 $hasparam = true;
             }
         }
     } else {
         $querystring = '?';
     }
     return strip_querystring(qualified_me()) . $querystring;
 }
Example #29
0
function me()
{
    /* returns the name of the current script, without the querystring portion */
    global $PHP_SELF, $REQUEST_URI;
    $my_url = isset($REQUEST_URI) ? $REQUEST_URI : $PHP_SELF;
    return strip_querystring($my_url);
}