error("That's an invalid course id");
}
- require_login($course->id);
-
+ require_login($course);
require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id));
function html_footer() {
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>coursefiles</title>
<script type="text/javascript">
- <!--
+//<![CDATA[
+
+
function set_value(params) {
/// function's argument is an object containing necessary values
/// to export parent window (url,isize,itype,iwidth,iheight, imodified)
}
function set_rename(strfile) {
- if(window.parent.document.irename != null) {
- window.parent.document.irename.file.value = strfile;
- }
+ var upper = window.parent.document;
+ upper.getElementById('irename').value = strfile;
return true;
}
}
}
}
+ upper.getElementById('irename').value = 'xx';
- var ren = upper.getElementById('irename');
- if(ren != null) {
- upper.irename.file.value = "";
- }
var prev = window.parent.ipreview;
if(prev != null) {
prev.location.replace('about:blank');
if(uploader != null) {
uploader.reset();
}
- set_dir('<?php print(!empty($_REQUEST['wdir'])) ? $_REQUEST['wdir'] : "";?>');
+ set_dir('<?php print($wdir);?>');
return true;
}
- -->
+//]]>
</script>
<style type="text/css">
- <!--
body {
background-color: white;
margin-top: 2px;
font-size: 11px;
}
select {
- position: absolute;
- top: -20px;
- left: 0px;
+ position: absolute;
+ top: -20px;
+ left: 0px;
+ }
+ img.icon {
+ vertical-align:middle;
+ margin-right:4px;
+ width:16px;
+ height:16px;
+ border:0px;
}
- -->
</style>
</head>
<body onload="reset_value();">
// End of configuration and access control
- if (!$wdir) {
- $wdir="/";
+ if ($wdir == '') {
+ $wdir='/';
}
- if (($wdir != '/' and detect_munged_arguments($wdir, 0))
- or ($file != '' and detect_munged_arguments($file, 0))) {
- $message = "Error: Directories can not contain \"..\"";
- $wdir = "/";
- $action = "";
- }
-
-
switch ($action) {
case "upload":
if (!empty($name) and confirm_sesskey()) {
html_header($course, $wdir);
$name = clean_filename($name);
- $oldname = clean_filename($oldname);
if (file_exists($basedir.$wdir."/".$name)) {
echo "Error: $name already exists!";
- } else if (!rename($basedir.$wdir."/".$oldname, $basedir.$wdir."/".$name)) {
+ } else if (!@rename($basedir.$wdir."/".$oldname, $basedir.$wdir."/".$name)) {
echo "Error: could not rename $oldname to $name";
}
displaydir($wdir);
echo " <input type=\"hidden\" name=\"wdir\" value=\"$wdir\" />\n";
echo " <input type=\"hidden\" name=\"action\" value=\"rename\" />\n";
echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />\n";
- echo " <input type=\"hidden\" name=oldname value=\"$file\" />\n";
+ echo " <input type=\"hidden\" name=\"oldname\" value=\"$file\" />\n";
echo " <input type=\"text\" name=\"name\" size=\"35\" value=\"$file\" />\n";
echo " <input type=\"submit\" value=\"$strrename\" />\n";
echo "</form>\n";
$count++;
$filename = $fullpath."/".$dir;
- $fileurl = rawurlencode($wdir."/".$dir);
- $filesafe = rawurlencode($dir);
+ $fileurl = $wdir."/".$dir;
$filedate = userdate(filemtime($filename), "%d %b %Y, %I:%M %p");
echo "<tr>";
if ($usecheckboxes) {
- print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\"return set_rename('$filesafe');\" />");
+ print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\"return set_rename('$dir');\" />");
}
print_cell("left", "<a href=\"coursefiles.php?id=$id&wdir=$fileurl\" onclick=\"return reset_value();\"><img src=\"$CFG->pixpath/f/folder.gif\" class=\"icon\" alt=\"".get_string('folder')."\" /></a> <a href=\"coursefiles.php?id=$id&wdir=$fileurl&usecheckboxes=$usecheckboxes\" onclick=\"return reset_value();\">".htmlspecialchars($dir)."</a>");
print_cell("right", " ");
$count++;
$filename = $fullpath."/".$file;
$fileurl = "$wdir/$file";
- $filesafe = rawurlencode($file);
- $fileurlsafe = rawurlencode($fileurl);
$filedate = userdate(filemtime($filename), "%d %b %Y, %I:%M %p");
$dimensions = get_image_size($filename);
echo "<tr>\n";
if ($usecheckboxes) {
- print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\"return set_rename('$filesafe');\" />");
+ print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\";return set_rename('$file');\" />");
}
echo "<td align=\"left\" nowrap=\"nowrap\">";
if ($CFG->slasharguments) {
include("../../../config.php");
require_once($CFG->dirroot.'/lib/languages.php');
- $id = optional_param('id', 0, PARAM_INT);
- $httpsrequired = optional_param('httpsrequired', 0, PARAM_BOOL);//flag indicating editor on page with required https
+ $id = optional_param('id', SITEID, PARAM_INT);
+ $httpsrequired = optional_param('httpsrequired', 0, PARAM_BOOL); //flag indicating editor on page with required https
+
+ require_course_login($id);
$lastmodified = filemtime("htmlarea.php");
$lifetime = 1800;
var sel = this._getSelection();
var range = this._createRange(sel);
var editor = this; // for nested functions
- this._popupDialog("insert_table.php", function(param) {
+ this._popupDialog("insert_table.php?id=<?php echo $id; ?>", function(param) {
if (!param) { // user must have pressed Cancel
return false;
}
var sel = this._getSelection();
var range = this._createRange(sel);
var editor = this; // for nested functions
- this._popupDialog("dlg_ins_smile.php", function(imgString) {
+ this._popupDialog("dlg_ins_smile.php?id=<?php echo $id; ?>", function(imgString) {
if(!imgString) {
return false;
}
var sel = this._getSelection();
var range = this._createRange(sel);
var editor = this; // for nested functions
- this._popupDialog("dlg_ins_char.php", function(sChar) {
+ this._popupDialog("dlg_ins_char.php?id=<?php echo $id; ?>", function(sChar) {
if(!sChar) {
return false;
}
alert("<?php print_string("alertnoselectedtext","editor");?>");
return false;
}
- this._popupDialog("createanchor.php", function(objAn) {
+ this._popupDialog("createanchor.php?id=<?php echo $id; ?>", function(objAn) {
if(!objAn) {
return false;
}
};
//Call Search And Replace popup window
- editor._popupDialog( "searchandreplace.php", function( entity ) {
+ editor._popupDialog( "searchandreplace.php?id=<?php echo $id; ?>", function( entity ) {
if ( !entity ) {
//user must have pressed Cancel
return false;
case "hilitecolor":
(HTMLArea.is_ie) && (cmdID = "backcolor");
case "forecolor":
- this._popupDialog("select_color.php", function(color) {
+ this._popupDialog("select_color.php?id=<?php echo $id; ?>", function(color) {
if (color) { // selection not canceled
editor._doc.execCommand(cmdID, false, "#" + color);
}
<?php // $Id$
- include("../../../../config.php");
+ require("../../../../config.php");
+
+ $id = optional_param('id', SITEID, PARAM_INT);
+
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
################################################################################
-->
<?php
- include("../../../../config.php");
+ require("../../../../config.php");
+
+ $id = optional_param('id', SITEID, PARAM_INT);
+
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
##
#################################################################################
- include('../../../../config.php');
+ require("../../../../config.php");
+
+ $id = optional_param('id', SITEID, PARAM_INT);
+
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
+
$pixpath = "$CFG->pixpath/s";
$fullnames = get_list_of_pixnames();
<?php // $Id$
- include("../../../../config.php");
- $id = optional_param('id', 0, PARAM_INT);
+ require("../../../../config.php");
- if ( function_exists('ob_gzhandler') ) {
- ob_start("ob_gzhandler");
- }
+ $id = optional_param('id', SITEID, PARAM_INT);
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<html>
<head><title><?php print_string("fullscreen","editor");?></title>
<?php // $Id$
- include("../../../../config.php");
+ require("../../../../config.php");
- $id = required_param('id', PARAM_INT);
+ $id = optional_param('id', SITEID, PARAM_INT);
- if (!$course = get_record("course", "id", $id)) {
- $course->fullname = ""; // Just to keep display happy, though browsing may fail
- }
+ require_login($id);
+ require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id));
+
+ @header('Content-Type: text/html; charset=utf-8');
$upload_max_filesize = get_max_upload_file_size($CFG->maxbytes);
document.getElementById("f_horiz").value = param["f_horiz"] != -1 ? param["f_horiz"] : 0;
document.getElementById("f_width").value = param["f_width"];
document.getElementById("f_height").value = param["f_height"];
- window.ipreview.location.replace('preview.php?id='+ <?php print($course->id);?> +'&imageurl='+ param.f_url);
+ window.ipreview.location.replace('preview.php?id='+ <?php print($id);?> +'&imageurl='+ param.f_url);
}
document.getElementById("f_url").focus();
};
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="55%" valign="top"><?php
- if(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id))) {
print_string("filebrowser","editor");
echo "<br />";
- echo "<iframe id=\"ibrowser\" name=\"ibrowser\" src=\"{$CFG->wwwroot}/lib/editor/htmlarea/coursefiles.php?usecheckboxes=1&id={$course->id}\" style=\"width: 100%; height: 200px;\"></iframe>";
- } else {
- print "<br />";
- }?>
+ echo "<iframe id=\"ibrowser\" name=\"ibrowser\" src=\"{$CFG->wwwroot}/lib/editor/htmlarea/coursefiles.php?usecheckboxes=1&id=$id\" style=\"width: 100%; height: 200px;\"></iframe>";
+ ?>
</td>
<td width="45%" valign="top"><?php print_string("preview","editor");?>:<br />
<iframe id="ipreview" name="ipreview" src="about:blank" style="width: 100%; height: 200px;"></iframe>
<input name="btnMove" type="submit" id="btnMove" value="<?php print_string("move","editor");?>" onclick="return submit_form('move');" /></td>
<td><form id="izip">
<input name="btnZip" type="submit" id="btnZip" value="<?php print_string("zip","editor");?>" onclick="return submit_form('zip');" /></form></td>
- <td><form id="irename" method="post" action="../coursefiles.php" target="ibrowser">
- <input type="hidden" name="id" value="<?php print($course->id);?>" />
+ <td><form method="post" action="../coursefiles.php" target="ibrowser">
+ <input type="hidden" name="id" value="<?php print($id);?>" />
<input type="hidden" name="wdir" value="" />
- <input type="hidden" name="file" value="" />
+ <input type="hidden" id="irename" name="file" value="" />
<input type="hidden" name="action" value="rename" />
<input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
<input name="btnRename" type="submit" id="btnRename" value="<?php print_string("rename","editor");?>" /></form></td>
</fieldset></td>
</tr>
<tr>
- <td height="22"><?php
- if(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id))) { ?>
+ <td height="22">
<form id="cfolder" action="../coursefiles.php" method="post" target="ibrowser">
- <input type="hidden" name="id" value="<?php print($course->id);?>" />
+ <input type="hidden" name="id" value="<?php print($id);?>" />
<input type="hidden" name="wdir" value="" />
<input type="hidden" name="action" value="mkdir" />
<input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
<input name="btnCfolder" type="submit" id="btnCfolder" value="<?php print_string("createfolder","editor");?>" onclick="return checkvalue('foldername','cfolder');" />
</form>
<div class="space"></div>
- <form action="../coursefiles.php?id=<?php print($course->id);?>" method="post" enctype="multipart/form-data" target="ibrowser" id="uploader">
+ <form action="../coursefiles.php?id=<?php print($id);?>" method="post" enctype="multipart/form-data" target="ibrowser" id="uploader">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php print($upload_max_filesize);?>" />
- <input type="hidden" name="id" VALUE="<?php print($course->id);?>" />
+ <input type="hidden" name="id" VALUE="<?php print($id);?>" />
<input type="hidden" name="wdir" value="" />
<input type="hidden" name="action" value="upload" />
<input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
<input type="file" name="userfile" id="userfile" size="35" />
<input name="save" type="submit" id="save" onclick="return checkvalue('userfile','uploader');" value="<?php print_string("upload","editor");?>" />
</form>
- <?php
- } else {
- print "";
- } ?>
- </td>
+ </td>
</tr>
</table>
<p> </p>
<?php // $Id$
+ require("../../../../config.php");
- include("../../../../config.php");
-
- $id = required_param('id', PARAM_INT);
-
- if (!$course = get_record("course", "id", $id)) {
- $course->fullname = ""; // Just to keep display happy, though browsing may fail
- }
+ $id = optional_param('id', SITEID, PARAM_INT);
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php // $Id$
- include("../../../../config.php");
+ require("../../../../config.php");
+
+ $id = optional_param('id', SITEID, PARAM_INT);
+
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php // $Id$
- include("../../../../config.php");
+ require("../../../../config.php");
- $id = required_param('id', PARAM_INT);
+ $id = optional_param('id', SITEID, PARAM_INT);
- if (!$course = get_record("course", "id", $id)) {
- $course->fullname = ""; // Just to keep display happy, though browsing may fail
- }
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<div class="space"></div>
<?php print(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id)))?
- "<iframe id=\"fbrowser\" name=\"fbrowser\" src=\"../coursefiles.php?id=".$course->id."\" width=\"420\" height=\"180\"></iframe>":
+ "<iframe id=\"fbrowser\" name=\"fbrowser\" src=\"../coursefiles.php?id=".$id."\" width=\"420\" height=\"180\"></iframe>":
""; ?>
<p>
</p>
<td><form id="izip">
<input name="btnZip" type="submit" id="btnZip" value="<?php print_string("zip","editor");?>" onclick="return submit_form('zip');" /></form></td>
<td><form id="irename" method="post" action="../coursefiles.php" target="fbrowser">
- <input type="hidden" name="id" value="<?php print($course->id);?>" />
+ <input type="hidden" name="id" value="<?php print($id);?>" />
<input type="hidden" name="wdir" value="" />
<input type="hidden" name="file" value="" />
<input type="hidden" name="action" value="rename" />
<td height="22"><?php
if(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id))) { ?>
<form id="cfolder" action="../coursefiles.php" method="post" target="fbrowser">
- <input type="hidden" name="id" value="<?php print($course->id);?>" />
+ <input type="hidden" name="id" value="<?php print($id);?>" />
<input type="hidden" name="wdir" value="" />
<input type="hidden" name="action" value="mkdir" />
<input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
<input name="name" type="text" id="foldername" size="35" />
<input name="btnCfolder" type="submit" id="btnCfolder" value="<?php print_string("createfolder","editor");?>" onclick="return checkvalue('foldername','cfolder');" />
</form>
- <form action="../coursefiles.php?id=<?php print($course->id);?>" method="post" enctype="multipart/form-data" target="fbrowser" id="uploader">
+ <form action="../coursefiles.php?id=<?php print($id);?>" method="post" enctype="multipart/form-data" target="fbrowser" id="uploader">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php print($upload_max_filesize);?>" />
- <input type="hidden" name="id" VALUE="<?php print($course->id);?>" />
+ <input type="hidden" name="id" VALUE="<?php print($id);?>" />
<input type="hidden" name="wdir" value="" />
<input type="hidden" name="action" value="upload" />
<input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
<?php // $Id$
- include("../../../../config.php");
+ require("../../../../config.php");
- $id = required_param('id', PARAM_INT);
+ $id = optional_param('id', SITEID, PARAM_INT);
- if (!$course = get_record("course", "id", $id)) {
- $course = get_site();
- $id = SITEID;
- }
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php // $Id$ preview for insert image dialog
- include('../../../../config.php');
+ require("../../../../config.php");
- $id = required_param('id', PARAM_INT);
+ $id = optional_param('id', SITEID, PARAM_INT);
$imageurl = required_param('imageurl', PARAM_RAW);
- if (! $course = get_record('course', 'id', $id) ) {
- error("That's an invalid course id");
- }
+ require_login($id);
+ require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id));
+
+ @header('Content-Type: text/html; charset=utf-8');
- require_login($course->id);
- require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $course->id));
$imagetag = clean_text('<img src="'.htmlSpecialChars(stripslashes_safe($imageurl)).'" alt="" />');
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
-<title>Preview</title>
+<title><?php echo get_string('preview') ?></title>
<style type="text/css">
body { margin: 2px; }
</style>
<?php // $Id$
- require_once('../../../../config.php');
+ require("../../../../config.php");
+
+ $id = optional_param('id', SITEID, PARAM_INT);
+
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
-include("../../../../config.php");
+ require("../../../../config.php");
+
+ $id = optional_param('id', SITEID, PARAM_INT);
+
+ require_course_login($id);
+ @header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
projects / moodle.git / commitdiff