/**
* Is current user trusted to enter no dangerous XSS in this context?
*
* Please note the user must be in fact trusted everywhere on this server!!
*
* @param object $context
* @return bool true if user trusted
*/
function trusttext_trusted($context)
{
return trusttext_active() and has_capability('moodle/site:trustcontent', $context);
}
/**
* Print a single blog post
*
* @param object $oublog Blog object
* @param object $post Structure containing all post info and comments
* @param string $baseurl Base URL of current page
* @param string $blogtype Blog level ie course or above
* @param bool $canmanageposts Has capability toggle
* @param bool $canaudit Has capability toggle
* @param bool $cancomment Has capability toggle
* @param bool $forexport Export output rendering toggle
* @param bool $email Email output rendering toggle
* @return bool
*/
public function render_post($cm, $oublog, $post, $baseurl, $blogtype, $canmanageposts = false, $canaudit = false, $commentcount = true, $forexport = false, $format = false, $email = false)
{
global $CFG, $USER;
$output = '';
$modcontext = context_module::instance($cm->id);
// Get rid of any existing tag from the URL as we only support one at a time.
$baseurl = preg_replace('~&tag=[^&]*~', '', $baseurl);
$strcomment = get_string('comment', 'oublog');
$strtags = get_string('tags', 'oublog');
$stredit = get_string('edit', 'oublog');
$strdelete = get_string('delete', 'oublog');
$strpermalink = get_string('permalink', 'oublog');
$row = '';
if (isset($post->row)) {
$row = $post->row % 2 ? 'oublog-odd' : 'oublog-even';
}
$extraclasses = $post->deletedby ? ' oublog-deleted' : '';
$extraclasses .= ' oublog-hasuserpic';
$extraclasses .= ' ' . $row;
$output .= html_writer::start_tag('div', array('class' => 'oublog-post' . $extraclasses));
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-top'));
$fs = get_file_storage();
if ($files = $fs->get_area_files($modcontext->id, 'mod_oublog', 'attachment', $post->id, "timemodified", false)) {
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-attachments'));
$output .= get_string('attachments', 'mod_oublog') . ': ';
foreach ($files as $file) {
if (!$forexport && !$email) {
$filename = $file->get_filename();
$mimetype = $file->get_mimetype();
$iconimage = html_writer::empty_tag('img', array('src' => $this->output->pix_url(file_mimetype_icon($mimetype)), 'alt' => $mimetype, 'class' => 'icon'));
if ($post->visibility == OUBLOG_VISIBILITY_PUBLIC) {
$fileurlbase = '/mod/oublog/pluginfile.php';
} else {
$fileurlbase = '/pluginfile.php';
}
$filepath = '/' . $modcontext->id . '/mod_oublog/attachment/' . $post->id . '/' . $filename;
$path = moodle_url::make_file_url($fileurlbase, $filepath, true);
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-attachment'));
$output .= html_writer::tag('a', $iconimage, array('href' => $path));
$output .= html_writer::tag('a', s($filename), array('href' => $path));
$output .= html_writer::end_tag('div');
} else {
$filename = $file->get_filename();
if (is_object($format)) {
$output .= $format->file_output($file) . ' ';
} else {
$output .= $filename . ' ';
}
}
}
$output .= html_writer::end_tag('div');
}
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-top-content'));
if (!$forexport) {
$output .= html_writer::start_tag('div', array('class' => 'oublog-userpic'));
$postuser = new object();
$postuser->id = $post->userid;
$postuser->firstname = $post->firstname;
$postuser->lastname = $post->lastname;
$postuser->email = $post->email;
$postuser->imagealt = $post->imagealt;
$postuser->picture = $post->picture;
$postuser->firstnamephonetic = $post->firstnamephonetic;
$postuser->lastnamephonetic = $post->lastnamephonetic;
$postuser->middlename = $post->middlename;
$postuser->alternatename = $post->alternatename;
$output .= $this->output->user_picture($postuser, array('courseid' => $oublog->course, 'size' => 70));
$output .= html_writer::end_tag('div');
}
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-top-details'));
$formattedtitle = format_string($post->title);
if (trim($formattedtitle) !== '') {
$output .= html_writer::tag('h2', format_string($post->title), array('class' => 'oublog-title'));
} else {
if (!$forexport) {
$posttitle = get_accesshide(get_string('newpost', 'mod_oublog', oublog_get_displayname($oublog)));
$output .= html_writer::tag('h2', $posttitle, array('class' => 'oublog-title'));
}
}
if ($post->deletedby) {
$deluser = new stdClass();
// Get user name fields.
$delusernamefields = get_all_user_name_fields(false, null, 'del');
foreach ($delusernamefields as $namefield => $retnamefield) {
$deluser->{$namefield} = $post->{$retnamefield};
}
$a = new stdClass();
$a->fullname = html_writer::tag('a', fullname($deluser), array('href' => $CFG->wwwroot . '/user/view.php?id=' . $post->deletedby));
$a->timedeleted = oublog_date($post->timedeleted);
$output .= html_writer::tag('div', get_string('deletedby', 'oublog', $a), array('class' => 'oublog-post-deletedby'));
}
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-date'));
$output .= oublog_date($post->timeposted);
$output .= html_writer::empty_tag('br', array());
$output .= ' ';
if ($blogtype == 'course' || strpos($_SERVER['REQUEST_URI'], 'allposts.php') != 0) {
$output .= html_writer::start_tag('div', array('class' => 'oublog-postedby'));
if (!$forexport) {
$output .= get_string('postedby', 'oublog', '<a href="' . $CFG->wwwroot . '/user/view.php?id=' . $post->userid . '&course=' . $oublog->course . '">' . fullname($post) . '</a>');
} else {
$output .= get_string('postedby', 'oublog', fullname($post));
}
$output .= html_writer::end_tag('div');
}
$output .= html_writer::end_tag('div');
if (!$oublog->individual) {
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-visibility'));
$output .= oublog_get_visibility_string($post->visibility, $blogtype == 'personal');
$output .= html_writer::end_tag('div');
}
if (isset($post->edits) && ($canaudit || $post->userid == $USER->id)) {
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-editsummary'));
foreach ($post->edits as $edit) {
$a = new stdClass();
$a->editby = fullname($edit);
$a->editdate = oublog_date($edit->timeupdated);
if (!$forexport && !$email) {
if ($edit->userid == $post->userid) {
$output .= '- ' . html_writer::tag('a', get_string('editsummary', 'oublog', $a), array('href' => $CFG->wwwroot . '/mod/oublog/viewedit.php?edit=' . $edit->id));
} else {
$output .= '- ' . html_writer::tag('a', get_string('editonsummary', 'oublog', $a), array('href' => $CFG->wwwroot . '/mod/oublog/viewedit.php?edit=' . $edit->id));
}
} else {
if ($edit->userid == $post->userid) {
$output .= '- ' . get_string('editsummary', 'oublog', $a);
} else {
$output .= '- ' . get_string('editonsummary', 'oublog', $a);
}
}
$output .= html_writer::empty_tag('br', array());
}
$output .= html_writer::end_tag('div');
} else {
if ($post->lasteditedby) {
$edit = new StdClass();
// Get user name fields.
$editusernamefields = get_all_user_name_fields(false, null, 'ed');
foreach ($editusernamefields as $namefield => $retnamefield) {
$edit->{$namefield} = $post->{$retnamefield};
}
$a = new stdClass();
$a->editby = fullname($edit);
$a->editdate = oublog_date($post->timeupdated);
$output .= html_writer::tag('div', get_string('editsummary', 'oublog', $a), array('class' => 'oublog-post-editsummary'));
}
}
$output .= html_writer::end_tag('div');
$output .= html_writer::end_tag('div');
$output .= html_writer::end_tag('div');
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-content'));
if (!$forexport) {
if ($post->visibility == OUBLOG_VISIBILITY_PUBLIC || $email) {
$fileurlbase = 'mod/oublog/pluginfile.php';
} else {
$fileurlbase = 'pluginfile.php';
}
$post->message = file_rewrite_pluginfile_urls($post->message, $fileurlbase, $modcontext->id, 'mod_oublog', 'message', $post->id);
} else {
require_once $CFG->libdir . '/portfoliolib.php';
$post->message = portfolio_rewrite_pluginfile_urls($post->message, $modcontext->id, 'mod_oublog', 'message', $post->id, $format);
}
$posttextoptions = new stdClass();
if (trusttext_active() && has_capability('moodle/site:trustcontent', $modcontext, $post->userid)) {
// Support trusted text when initial author is safe (post editors are not checked!).
$posttextoptions->trusted = true;
$posttextoptions->context = $modcontext;
}
$output .= format_text($post->message, FORMAT_HTML, $posttextoptions);
$output .= html_writer::end_tag('div');
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-bottom'));
if (isset($post->tags)) {
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-tags')) . $strtags . ': ';
$tagcounter = 1;
foreach ($post->tags as $taglink) {
$taglinktext = $taglink;
if ($tagcounter < count($post->tags)) {
$taglinktext .= ',';
}
if (!$forexport && !$email) {
$output .= html_writer::tag('a', $taglinktext, array('href' => $baseurl . '&tag=' . urlencode($taglink))) . ' ';
} else {
$output .= $taglinktext . ' ';
}
$tagcounter++;
}
$output .= html_writer::end_tag('div');
}
$output .= html_writer::start_tag('div', array('class' => 'oublog-post-links'));
if (!$forexport && !$email) {
$output .= html_writer::tag('a', $strpermalink, array('href' => $CFG->wwwroot . '/mod/oublog/viewpost.php?post=' . $post->id)) . ' ';
}
if (!$post->deletedby) {
if ($post->userid == $USER->id || $canmanageposts) {
if (!$forexport && !$email) {
$output .= html_writer::tag('a', $stredit, array('href' => $CFG->wwwroot . '/mod/oublog/editpost.php?blog=' . $post->oublogid . '&post=' . $post->id)) . ' ';
if ($post->userid !== $USER->id) {
// Add email and 'oublog_deleteandemail' to delete link.
$output .= html_writer::tag('a', $strdelete, array('href' => $CFG->wwwroot . '/mod/oublog/deletepost.php?blog=' . $post->oublogid . '&post=' . $post->id . '&delete=1', 'class' => 'oublog_deleteandemail_' . $post->id));
self::render_oublog_print_delete_dialog($cm->id, $post->id);
} else {
$output .= html_writer::tag('a', $strdelete, array('href' => $CFG->wwwroot . '/mod/oublog/deletepost.php?blog=' . $post->oublogid . '&post=' . $post->id . '&delete=1'));
}
}
}
// Show portfolio export link.
if (!empty($CFG->enableportfolios) && (has_capability('mod/oublog:exportpost', $modcontext) || $post->userid == $USER->id && has_capability('mod/oublog:exportownpost', $modcontext))) {
if (!$forexport && !$email) {
require_once $CFG->libdir . '/portfoliolib.php';
$button = new portfolio_add_button();
$button->set_callback_options('oublog_portfolio_caller', array('postid' => $post->id), 'mod_oublog');
if (empty($files)) {
$button->set_formats(PORTFOLIO_FORMAT_PLAINHTML);
} else {
$button->set_formats(PORTFOLIO_FORMAT_RICHHTML);
}
$output .= $button->to_html(PORTFOLIO_ADD_TEXT_LINK) . ' ';
}
}
// Show OU Alerts reporting link.
if (isloggedin() && oublog_oualerts_enabled() && oublog_get_reportingemail($oublog) && !($post->userid == $USER->id) && !$post->deletedby) {
$itemnurl = new moodle_url('/mod/oublog/viewpost.php', array('post' => $post->id));
$reportlink = oualerts_generate_alert_form_url('oublog', $modcontext->id, 'post', $post->id, $itemnurl, $itemnurl, '', false, true);
if ($reportlink != '' && !$forexport && !$email) {
$output .= html_writer::tag('a', get_string('postalert', 'oublog'), array('href' => $reportlink));
}
}
// Show comments.
if ($post->allowcomments) {
// If this is the current user's post, show pending comments too.
$showpendingcomments = $post->userid == $USER->id && !empty($post->pendingcomments);
if ((isset($post->comments) || $showpendingcomments) && $commentcount) {
// Show number of comments.
if (isset($post->comments)) {
$linktext = get_string(count($post->comments) == 1 ? 'onecomment' : 'ncomments', 'oublog', count($post->comments));
}
// Show number of pending comments.
if (isset($post->pendingcomments)) {
// Use different string if we already have normal comments too.
if (isset($post->comments)) {
$linktext .= get_string($post->pendingcomments == 1 ? 'onependingafter' : 'npendingafter', 'oublog', $post->pendingcomments);
} else {
$linktext = get_string($post->pendingcomments == 1 ? 'onepending' : 'npending', 'oublog', $post->pendingcomments);
}
}
if (!$forexport) {
// Display link.
$output .= html_writer::tag('a', $linktext, array('href' => $CFG->wwwroot . '/mod/oublog/viewpost.php?post=' . $post->id . '#oublogcomments'));
} else {
$output .= $linktext;
}
// Display information about most recent comment.
if (isset($post->comments)) {
$last = array_pop($post->comments);
array_push($post->comments, $last);
$a = new stdClass();
if ($last->userid) {
$a->fullname = fullname($last);
} else {
$a->fullname = s($last->authorname);
}
$a->timeposted = oublog_date($last->timeposted, true);
$output .= ' ' . get_string('lastcomment', 'oublog', $a);
}
} else {
if (oublog_can_comment($cm, $oublog, $post)) {
if (!$forexport && !$email) {
$output .= html_writer::tag('a', $strcomment, array('href' => $CFG->wwwroot . '/mod/oublog/editcomment.php?blog=' . $post->oublogid . '&post=' . $post->id));
}
}
}
}
}
$output .= html_writer::end_tag('div');
$output .= html_writer::end_tag('div');
$output .= html_writer::end_tag('div');
return $output;
}
/**
* @param mod_forumng $forum Forum object
* @return string Message after format_text and replacing file URLs
*/
public function get_formatted_message($forum)
{
$context = $forum->get_context(true);
$text = file_rewrite_pluginfile_urls($this->draftfields->message, 'pluginfile.php', $context->id, 'mod_forumng', 'draftmessage', $this->draftfields->id);
$textoptions = new stdClass();
// Don't put a <p> tag round post
$textoptions->para = false;
// Does not indicate that we trust the text, only that the
// TRUSTTEXT marker would be supported. At present though it isn't (hm)
$textoptions->trusttext = false;
if (trusttext_active() && $this->get_user_id() && has_capability('moodle/site:trustcontent', $context, $this->get_user_id())) {
// Support trusted text when initial author is safe.
$textoptions->trusted = true;
}
$textoptions->context = $context;
return format_text($text, $this->draftfields->messageformat, $textoptions);
}
/**
* @return string Message after format_text and replacing file URLs
*/
public function get_formatted_message()
{
global $CFG;
require_once $CFG->dirroot . '/lib/filelib.php';
$text = $this->postfields->message;
$forum = $this->get_forum();
// Add clone param to end of pluginfile requests
if ($forum->is_shared()) {
// "@@PLUGINFILE@@/cheese.gif?download=1"
$text = preg_replace('~([\'"]@@PLUGINFILE@@[^\'"?]+)\\?~', '$1?clone=' . $forum->get_course_module_id() . '&', $text);
// "@@PLUGINFILE@@/cheese.gif"
$text = preg_replace('~([\'"]@@PLUGINFILE@@[^\'"?]+)([\'"])~', '$1?clone=' . $forum->get_course_module_id() . '$2', $text);
}
$id = $this->get_id();
if ($this->is_old_version()) {
// If old version get id of parent post as images stored against this.
$id = $this->get_parent()->get_id();
}
$context = $forum->get_context(true);
$text = file_rewrite_pluginfile_urls($text, 'pluginfile.php', $context->id, 'mod_forumng', 'message', $id);
$textoptions = new stdClass();
// Don't put a <p> tag round post
$textoptions->para = false;
// Does not indicate that we trust the text, only that the
// TRUSTTEXT marker would be supported. At present though it isn't (hm)
$textoptions->trusttext = false;
if (trusttext_active() && $this->get_user() && has_capability('moodle/site:trustcontent', $context, $this->get_user())) {
// Support trusted text when initial author is safe (post editors are not checked!).
$textoptions->trusted = true;
}
$textoptions->context = $context;
return format_text($text, $this->postfields->messageformat, $textoptions);
}