/**
* Return full url with all extra parameters
* @param string $url
* @param object $cm
* @param object $course
* @return string url
*/
function url_get_full_url($url, $cm, $course, $config = null)
{
$parameters = empty($url->parameters) ? array() : unserialize($url->parameters);
if (empty($parameters)) {
// easy - no params
return $url->externalurl;
}
if (!$config) {
$config = get_config('url');
}
$paramvalues = url_get_variable_values($url, $cm, $course, $config);
foreach ($parameters as $parse => $parameter) {
if (isset($paramvalues[$parameter])) {
$parameters[$parse] = urlencode($parse) . '=' . urlencode($paramvalues[$parameter]);
} else {
unset($parameters[$parse]);
}
}
if (empty($parameters)) {
// easy - no params available
return $url->externalurl;
}
if (stripos($url->externalurl, 'teamspeak://') === 0) {
return $url->externalurl . '?' . implode('?', $parameters);
} else {
$join = strpos($url->externalurl, '?') === false ? '?' : '&';
return $url->externalurl . $join . implode('&', $parameters);
}
}
/**
* Return full url with all extra parameters
*
* This function does not include any XSS protection.
*
* @param string $url
* @param object $cm
* @param object $course
* @param object $config
* @return string url with & encoded as &
*/
function url_get_full_url($url, $cm, $course, $config = null)
{
$parameters = empty($url->parameters) ? array() : unserialize($url->parameters);
// make sure there are no encoded entities, it is ok to do this twice
$fullurl = html_entity_decode($url->externalurl, ENT_QUOTES, 'UTF-8');
if (preg_match('/^(\\/|https?:|ftp:)/i', $fullurl) or preg_match('|^/|', $fullurl)) {
// encode extra chars in URLs - this does not make it always valid, but it helps with some UTF-8 problems
$allowed = "a-zA-Z0-9" . preg_quote(';/?:@=&$_.+!*(),-#%', '/');
$fullurl = preg_replace_callback("/[^{$allowed}]/", 'url_filter_callback', $fullurl);
} else {
// encode special chars only
$fullurl = str_replace('"', '%22', $fullurl);
$fullurl = str_replace('\'', '%27', $fullurl);
$fullurl = str_replace(' ', '%20', $fullurl);
$fullurl = str_replace('<', '%3C', $fullurl);
$fullurl = str_replace('>', '%3E', $fullurl);
}
// add variable url parameters
if (!empty($parameters)) {
if (!$config) {
$config = get_config('url');
}
$paramvalues = url_get_variable_values($url, $cm, $course, $config);
foreach ($parameters as $parse => $parameter) {
if (isset($paramvalues[$parameter])) {
$parameters[$parse] = rawurlencode($parse) . '=' . rawurlencode($paramvalues[$parameter]);
} else {
unset($parameters[$parse]);
}
}
if (!empty($parameters)) {
if (stripos($fullurl, 'teamspeak://') === 0) {
$fullurl = $fullurl . '?' . implode('?', $parameters);
} else {
$join = strpos($fullurl, '?') === false ? '?' : '&';
$fullurl = $fullurl . $join . implode('&', $parameters);
}
}
}
// encode all & to & entity
$fullurl = str_replace('&', '&', $fullurl);
return $fullurl;
}
