function blocks_execute_url_action(&$PAGE, &$pageblocks, $pinned = false) { $blockaction = optional_param('blockaction', '', PARAM_ALPHA); if (empty($blockaction) || !$PAGE->user_allowed_editing() || !confirm_sesskey()) { return; } $instanceid = optional_param('instanceid', 0, PARAM_INT); $blockid = optional_param('blockid', 0, PARAM_INT); if (!empty($blockid)) { blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), $blockid, $pinned); } else { if (!empty($instanceid)) { $instance = blocks_find_instance($instanceid, $pageblocks); blocks_execute_action($PAGE, $pageblocks, strtolower($blockaction), $instance, $pinned); } } }
$beforeid = optional_param('beforeId', 0, PARAM_INT); $value = optional_param('value', 0, PARAM_INT); $column = optional_param('column', 0, PARAM_ALPHA); $id = optional_param('id', 0, PARAM_INT); $summary = optional_param('summary', '', PARAM_RAW); $sequence = optional_param('sequence', '', PARAM_SEQUENCE); $visible = optional_param('visible', 0, PARAM_INT); // Authorise the user and verify some incoming data if (!($course = get_record('course', 'id', $courseid))) { error_log('AJAX commands.php: Course does not exist'); die; } $PAGE = page_create_object(PAGE_COURSE_VIEW, $course->id); $pageblocks = blocks_setup($PAGE, BLOCKS_PINNED_BOTH); if (!empty($instanceid)) { $blockinstance = blocks_find_instance($instanceid, $pageblocks); if (!$blockinstance || $blockinstance->pageid != $course->id || $blockinstance->pagetype != 'course-view') { error_log('AJAX commands.php: Bad block ID ' . $instanceid); die; } } $context = get_context_instance(CONTEXT_COURSE, $course->id); require_login($course->id); require_capability('moodle/course:update', $context); // OK, now let's process the parameters and do stuff switch ($_SERVER['REQUEST_METHOD']) { case 'POST': switch ($class) { case 'block': switch ($field) { case 'visible':