}
return true;
}
-
- /**
- * get_formatted_karma_link
- *
- * @return string If allowed a link to set karma for this entry will be returned
- * @uses $USER
- * @uses $CFG
- */
- function get_formatted_karma_link() {
- global $USER, $CFG;
- $str = '';
- if (!empty($CFG->blog_ratename)) {
- $str .= $CFG->blog_ratename .': ';
- }
- $str .= $this->entryKarma;
- if ( !isguest() && blog_isLoggedIn()) {
- $str .= ' ( <a href="'. $CFG->wwwroot .'/blog/karma.php?op=add&userid='. $this->entryuserid .'&postid='. $this->entryId .'">+</a> / <a href="'. $CFG->wwwroot .'/blog/karma.php?op=sub&userid='. $this->entryuserid .'&postid='. $this->entryId .'">-</a> )';
- }
- return $str;
- }
-
- /**
- * get_formatted_category_link
- *
- * @return string unordered list of categories this entry is associated with
- * @uses $CFG
- */
- function get_formatted_category_link() {
- global $CFG;
- $returnstring = '<span class="post-category">';
-
- if (!empty($this->entryCategoryIds)) {
- $count = count($this->entryCategoryIds);
- foreach ($this->entryCategoryIds as $categoryid) {
- $returnstring .= '<a href="'. $CFG->wwwroot .'/blog/index.php?user='. $this->entryuserid .'&categoryid='. $categoryid .'">'. $this->entryCategories[$categoryid] .'</a>';
- $count--;
- if ($count != 0) {
- $returnstring .= ', ';
- }
- $returnstring .= "\n";
- }
- }
-
- return $returnstring.'</span>' . "\n";
- }
-
-
- /**
- * get_formatted_course_link
- *
- * @return string Returns and unordered list of courses that this entry is associated with
- * @uses $CFG
- */
- function get_formatted_course_link() {
- global $CFG;
- $returnstring = '<span class="post-course">';
- $courseid = $this->entryCourseId;
- if ( !empty($courseid) && !($courseid == 0 || $courseid == '' || ! is_numeric($courseid) )) {
- if ($course = get_record('course', 'id', $courseid, '', '', '', '', 'fullname')) {
- $returnstring .= '<a href="'. $CFG->wwwroot .'/course/view.php?id='. $courseid .'">'. $course->fullname .'</a>' . "\n";
- }
- }
-
- return $returnstring.'</span>' . "\n";
- }
/**
* get_formatted_entry_link
return $str;
}
-
+
/**
* get_blog_this_URL added by Daryl Hawes for moodle integration
*
} else {
$blogThisString = get_string('blogthis', 'blog');
}
- if (!$showImage) {
- $str .= '(';
+ if (!$showImage) {
+ $str .= '(';
}
$str .= '<a href="'. $this->get_entryblogthisurl() .'">'. $blogThisString .'</a>';
- if (!$showImage) {
- $str .= ')';
+ if (!$showImage) {
+ $str .= ')';
}
}
return $str;
}
return stripslashes_safe($this->entryBody);
}
-
+
/**
* get_unformatted_entry_body
* getter for ->entryBody
}
// find all the tags this post uses
- if (isset($post->id)) {
+ if (isset($post->postid)) {
if ($tagsused = get_records('blog_tag_instance', 'entryid', $post->postid)) {
foreach ($tagsused as $usedtag) {
$usedtags[] = $usedtag -> tagid;
?>
-
<!-- the following form is based on moodle/mod/forum/post.html -->
<form name="entry" method="post" action="<?php echo $CFG->wwwroot;?>/blog/edit.php" id="entry" <?php echo $onsubmit; ?> enctype="multipart/form-data">
-
+<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<input type="hidden" name="realcourse" value="0" />
<input type="hidden" name="realgroup" value="0" />
</select>
</td>
-
<td>
<select name="ptags[]" multiple="multiple" size="8">
<?php
</td>
</tr>
-
<tr>
<td>
<?php
</small></small>
</td>
</tr>
-
- <?php
- if ($CFG->blog_enable_trackback_out || $CFG->blog_enable_pingback_out) {
- print '<tr valign="top">';
- print '<td align="right"><strong>';
- print_string('advancedoptions', 'blog');
- print '</strong></td><td align="left">';
-
-
- if ($CFG->blog_enable_pingback_out) {
- print '<input type="checkbox" name="sendpingbacks" value="1" id="sendpingpacks" /><small><small>';
- print_string('sendpingback', 'blog');
- helpbutton('pingback', get_string('helppingback', 'blog'), 'blog');
- print '</small></small><br />';
- }
-
- if ($CFG->blog_enable_trackback_out) {
- print '<input type="checkbox" name="sendtrackbacks" value="1" id="sendtrackbacks" /><small><small>';
- print_string('sendtrackback', 'blog');
- helpbutton('trackback', get_string('helptrackback', 'blog'), 'blog');
- print '</small></small><br />';
- }
-
- print '</td></tr>';
- }
- ?>
<tr>
<td align="center" colspan="3">
<input type="hidden" name="editform" value="1" id="editform" />
error(get_string('noguestpost', 'forum'), $referrer);
}
-optional_variable($userid, 0);
-optional_variable($editid, '');
-optional_variable($sendpingbacks, 0);
-optional_variable($sendtrackbacks, 0);
+$userid = optional_param('userid', 0);
+$editid = optional_param('editid', '');
global $USER, $CFG;
include($CFG->dirroot .'/blog/header.php');
-if (!empty($course)) {
- $courseid = $course->id;
-} else if (!isadmin() && $CFG->blog_enable_moderation) {
- // the user is not an admin, blog moderation is on and there is no course association
- //Daryl Hawes note: possible bug here if editing a personal post that existed before blog moderation was enabled for the site.
- error('Blog moderation is enabled. Your entries must be associated with a course.');
-}
-
//print_object($PAGE->bloginfo); //debug
//check if user is in blog's acl
$onsubmit = '';
}
-if ($post = data_submitted( get_referer() ) ) {
+if (($post = data_submitted( get_referer() )) && confirm_sesskey()) {
if (!empty($post->editform)) { //make sure we're processing the edit form here
- //print_object($post); //debug
+ print_object($post); //debug
///these varaibles needs to be changed because of the javascript hack
///post->courseid
$post->error = get_string('emptymessage', 'forum');
}
if ($post->act == 'save') {
- do_save($post, $PAGE->bloginfo, $sendpingbacks, $sendtrackbacks);
+ do_save($post, $PAGE->bloginfo);
} else if ($post->act == 'update') {
- do_update($post, $PAGE->bloginfo, $sendpingbacks, $sendtrackbacks);
+ do_update($post, $PAGE->bloginfo);
} else if ($post->act == 'del') {
require_variable($postid);
do_delete($PAGE->bloginfo, $postid);
}
if (isset($post->postid) && ($post->postid != -1) ) {
- $formHeading = get_string('updateentrywithid', 'blog', $post->postid);
+
+ $formHeading = get_string('updateentrywithid', 'blog');
+
} else {
$formHeading = get_string('addnewentry', 'blog');
}
* @param object $post argument is a reference to the post object which is used to store information for the form
* @param object $bloginfo_arg argument is reference to a blogInfo object.
*/
-function do_save(&$post, &$bloginfo_arg, $sendpingbacks, $sendtrackbacks) {
+function do_save(&$post, &$bloginfo_arg) {
global $USER, $CFG;
// echo 'Debug: Post object in do_save function of edit.php<br />'; //debug
// print_object($post); //debug
add_to_log($site->id, 'blog', 'add', 'archive.php?userid='. $bloginfo_arg->userid .'&postid='. $entryID, 'created new blog entry with entry id# '. $entryID);
}
//to debug this save function comment out the following redirect code
- if ($courseid == 1 || $courseid == 0 || $courseid == '') {
+ if ($courseid == SITEID || $courseid == 0 || $courseid == '') {
redirect($CFG->wwwroot .'/blog/index.php?userid='. $bloginfo_arg->userid);
} else {
redirect($CFG->wwwroot .'/course/view.php?id='. $courseid);
* @param . $bloginfo_arg argument is reference to a blogInfo object.
* @todo complete documenting this function. enable trackback and pingback between entries on the same server
*/
-function do_update(&$post, &$bloginfo, $sendpingbacks, $sendtrackbacks) {
+function do_update(&$post, &$bloginfo) {
global $CFG, $USER;
require_once($CFG->libdir .'/blocklib.php');
require_once($CFG->dirroot .'/course/lib.php');
-optional_param('blockaction');
-optional_param('instanceid', 0, PARAM_INT);
-optional_param('blockid', 0, PARAM_INT);
-optional_param('groupid', 0, PARAM_INT);
-optional_param('userid', 0, PARAM_INT);
-
-optional_variable($categoryid, '');
-optional_variable($groupid, '');
-optional_variable($pageTitle, '');
-optional_variable($pageHeading, ''/*$site->fullname*/);
-optional_variable($pageFocus, '');
-optional_variable($pageMeta, '');
-optional_variable($pageNavigation, '');
+$blockaction = optional_param('blockaction');
+$instanceid = optional_param('instanceid', 0, PARAM_INT);
+$blockid = optional_param('blockid', 0, PARAM_INT);
+$groupid = optional_param('groupid', 0, PARAM_INT);
+$userid = optional_param('userid', 0, PARAM_INT);
+
+$pageTitle = optional_param('pageTitle');
+$pageHeading = optional_param('pageHeading'/*$site->fullname*/);
+$pageFocus = optional_param('pageFocus');
+$pageMeta = optional_param('pageMeta');
+$pageNavigation = optional_param('pageNavigation');
if (!isset($courseid)) {
$courseid = optional_param('courseid', SITEID, PARAM_INT);
}
-//header('X-Pingback: '. $CFG->wwwroot .'/blog/api.php'."\n");
-
if (!$site = get_site()) {
redirect($CFG->wwwroot.'/index.php');
}
require_login($course->id);
}
-// ensure that if a group is specified that the user is in fact a member of that group
-/*
-if ($groupid) {
- if (!ismember($groupid) && !isteacher($course->id)) {
- error('You are not a member of the specified group. Group with id#('. $groupid .')');
- }
-}*/
-
// Bounds for block widths within this page
define('BLOCK_L_MIN_WIDTH', 160);
define('BLOCK_L_MAX_WIDTH', 210);
$filterselect = $USER->id;
}
+/// navigations
+/// site blogs - sitefullname -> blogs -> (?tag)
+/// course blogs - sitefullname -> course fullname ->blogs ->(?tag)
+/// group blogs - sitefullname -> course fullname ->group ->(?tag)
+/// user blogs - sitefullname -> (?coursefullname) -> participants -> blogs -> (?tag)
$blogstring = get_string('blogs','blog');
$tagstring = get_string('tag','blog');
break;
}
-
-/// site blogs - sitefullname -> blogs -> (?tag)
-/// course blogs - sitefullname -> course fullname ->blogs ->(?tag)
-/// group blogs - sitefullname -> course fullname ->group ->(?tag)
-/// user blogs - sitefullname -> (?coursefullname) -> participants -> blogs -> (?tag)
-
$editing = false;
if ($PAGE->user_allowed_editing()) {
$editing = $PAGE->user_is_editing();
}
// Calculate the preferred width for left, right and center (both center positions will use the same)
-optional_variable($preferred_width_left, blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]));
-optional_variable($preferred_width_right, blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT]));
+$preferred_width_left = optional_param('preferred_width_left', blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]));
+$preferred_width_right = optional_param('preferred_width_right', blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT]));
$preferred_width_left = min($preferred_width_left, BLOCK_L_MAX_WIDTH);
$preferred_width_left = max($preferred_width_left, BLOCK_L_MIN_WIDTH);
$preferred_width_right = min($preferred_width_right, BLOCK_R_MAX_WIDTH);
$id = optional_param('id');
$limit = optional_param('limit');
-optional_variable($formstart, 'none');
-optional_variable($m, ''); //month
-optional_variable($y, ''); //year
-optional_variable($d, ''); //day
-optional_variable($limit, 'none');
-optional_variable($formstart, 'none');
+$formstart = optional_param('formstart', 'none');
+$m = optional_param('m', ''); //month
+$y = optional_param('y', ''); //year
+$d = optional_param('d', ''); //day
+$limit = optional_param('limit', 'none');
+$formstart = optional_param('formstart', 'none');
$userid = optional_param('userid',0,PARAM_INT);
$groupid = optional_param('groupid',0,PARAM_INT);
$courseid = optional_param('courseid',0,PARAM_INT);
$tag = optional_param('tag');
$tagid = optional_param('tagid');
-$filtertype = optional_param('filtertype','',PARAM_ALPHA);
-$filterselect = optional_param('filterselect','',PARAM_NOTAGS);
+
+$filtertype = optional_param('filtertype', '', PARAM_ALPHA);
+$filterselect = optional_param('filterselect', 0, PARAM_INT);
/// overwrite filter code here
/// the the following code does the rights checkings?
switch ($filtertype) {
case 'site':
- if ($CFG->bloglevel < 4) {
+ if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
error ('site blogs is not enabled');
- } else if ($CFG->bloglevel < 5) {
+ } else if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
require_login();
}
break;
case 'course':
- if ($CFG->bloglevel < 3) {
+ if ($CFG->bloglevel < BLOG_COURSE_LEVEL) {
error ('course blogs is not enabled');
}
/// check if viewer is student
break;
case 'group':
- if ($CFG->bloglevel < 2) {
+ if ($CFG->bloglevel < BLOG_GROUP_LEVEL) {
error ('group blogs is not enabled');
}
if (!isteacheredit($course) and (groupmode($course) == SEPARATEGROUPS)) {
/// check if user is editting teacher, or if spg, is member
break;
case 'user':
- if ($CFG->bloglevel < 1) {
+ if ($CFG->bloglevel < BLOG_USER_LEVEL) {
error ('Blogs is not enabled');
}
$canview = 0; //bad start
}
}
}
- if (!$canview && $CFG->bloglevel < 4) {
+ if (!$canview && $CFG->bloglevel < BLOG_SITE_LEVEL) {
error ('you can not view this user\'s blogs');
}
/// check to see if the viewer is sharing no_group, visible group course.
require_once($CFG->libdir .'/pagelib.php');
require_once($CFG->dirroot .'/blog/blogpage.php');
+/* blog access level constant declaration */
+define ('BLOG_USER_LEVEL', 1);
+define ('BLOG_GROUP_LEVEL', 2);
+define ('BLOG_COURSE_LEVEL', 3);
+define ('BLOG_SITE_LEVEL', 4);
+define ('BLOG_GLOBAL_LEVEL', 5);
+
/**
* Definition of blogcourse page type (blog page with course id present).
*/
if (blog_isLoggedIn()) {
$morelink = '<br /> ';
- $morelink .= $blogFilter->get_complete_link('<a href="'. $CFG->wwwroot .'/blog/edit.php', get_string('addentries', 'blog'))."\n";
+ $morelink .= $blogFilter->get_complete_link('<a href="'. $CFG->wwwroot .'/blog/edit.php', get_string('addnewentry', 'blog'))."\n";
}
}
//yu: testing code
if (blog_isLoggedIn()) {
//the user's blog is enabled and they are viewing their own blog
- $morelink .= $blogFilter->get_complete_link($CFG->wwwroot .'/blog/edit.php', get_string('addentries', 'blog'));
+ $morelink .= $blogFilter->get_complete_link($CFG->wwwroot .'/blog/edit.php', get_string('addnewentry', 'blog'));
}
print $morelink.'<br />'."\n";
if (blog_isLoggedIn()) {
//the user's blog is enabled and they are viewing their own blog
- $output .= $blogFilter->get_complete_link($CFG->wwwroot .'/blog/edit.php', get_string('addentries', 'blog'));
+ $output .= $blogFilter->get_complete_link($CFG->wwwroot .'/blog/edit.php', get_string('addnewentry', 'blog'));
}
print $output;
unset($blogFilter->filtered_entries);
<form method="post" action="preferences.php" name="entry" id="entry">
<table cellpadding="9" cellspacing="0">
-<tr valign="top">
- <td><?php print_string('title', 'blog');?>:</td>
- <td><input type="text" size="20" maxlength="32" name="blogtitle" value="<?php echo $bloginfo->get_blog_title();?>" /></td>
-</tr>
-<tr>
- <td><?php print_string('tagline', 'blog');?>:</td>
- <td><input type="text" size="32" maxlength="128" name="blogtagline" value="<?php echo $bloginfo->get_blog_tagline();?>" /></td>
-</tr>
-
<tr>
<td><?php print_string('pagesize', 'blog');?>:</td>
<td><input type="text" size="32" maxlength="128" name="pagesize" value="<?php echo get_user_preferences('blogpagesize',8);?>" />
<?php } ?>
<tr>
<td colspan="2" align="center">
-
- <input type="hidden" name="format" value="1" />
- <input type="hidden" name="etitle" value="This is a preview of this template" />
- <input type="hidden" name="body" value="Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure d" />
-
<input type="submit" value="<?php print_string("savechanges") ?>" /></td>
</tr>
</table>
//ensure that the logged in user is not using the guest account
if (isguest()) {
- error(get_string('noguestpost', 'forum'), $referrer);
+ error(get_string('noguestpost', 'blog'), $referrer);
}
if (!blog_isLoggedIn() ) {
- error(get_string('noguestpost', 'forum'), $referrer);
+ error(get_string('noguestpost', 'blog'), $referrer);
}
$userid = $USER->id;
$bloginfo =& new BlogInfo($userid);
if ($post = data_submitted()) {
print_header();
- if (!isset($post->blogtitle) || !isset($post->blogtagline) ) {
- error(get_string('settingsupdatederror', 'blog'), $referrer);
- }
- if (! $bloginfo->set_blog_title($post->blogtitle)) {
- error(get_string('settingsupdatederror', 'blog'), $referrer );
- }
-
- if (! $bloginfo->set_blog_tagline($post->blogtagline)) {
- error(get_string('settingsupdatederror', 'blog'), $referrer );
- }
-
- if (isset($post->theme)) {
- if (! $bloginfo->set_blog_theme($post->theme)) {
- error(get_string('settingsupdatederror', 'blog'), $referrer );
- }
- }
-
set_user_preference('blogpagesize', optional_param('pagesize'));
redirect($referrer, get_string('changessaved'), 1);
$site = get_site();
$pageMeta = '<script language="javascript" type="text/javascript" src="'. $CFG->wwwroot .'/blog/blog.js"></script>' . "\n";
- $strpreferences = get_string('preferences', 'calendar');
+ $strpreferences = get_string('preferences','blog');
$navigation = '<a href="'. $bloginfo->get_blog_url() .'">'. $bloginfo->get_blog_title() . '</a> -> '. $strpreferences;
require_once('../config.php');
require_once('lib.php');
- require_variable($_GET['referrer']);
- require_variable($_GET['var']);
- optional_variable($_GET['value']);
- optional_variable($_GET['userid']);
- optional_variable($_GET['courseid']);
- optional_variable($_GET['categoryid']);
- optional_variable($_GET['d']);
- optional_variable($_GET['m']);
- optional_variable($_GET['y']);
+ $referrer = required_param('referrer');
+ $var = required_param('var');
+ $value = optional_param('value');
+ $userid = optional_param('userid');
+ $courseid = optional_param('courseid');
+ $d = optional_param('d');
+ $m = optional_param('m');
+ $y = optional_param('y');
+ $id = optional_param('id');
- switch($_GET['var']) {
+ switch($var) {
case 'setcourse':
- $id = intval($_GET['id']);
+ $id = intval($id);
if($id == 0) {
$SESSION->cal_courses_shown = array();
calendar_set_referring_course(0);
break;
}
redirect($referrer);
-?>
\ No newline at end of file
+?>
<?php
-print_heading(get_string('tagsmanagement','blog'));
+print_heading(get_string('tagmanagement','blog'));
?>
<table>
<tr>
- <td width="50%">Official Tags</td>
- <td width="50%">User Defined Tags</td>
+ <td width="50%"><?php print_string('otags','blog');?></td>
+ <td width="50%"><?php print_string('ptags','blog');?></td>
</tr>
<tr>
<td>
<form action="tags.php" method="POST">
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<?php if (isadmin()){ ?>
<select name="tags[]" multiple="multiple" size="8">
<?php
</select>
<input type="hidden" name="mode" value="delete" />
<br />
- <input type="submit" value="delete" />
+ <input type="submit" value="<?php print_string('delete');?>" />
<?php }
else {
$otags = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'official\' ORDER by text ASC');
<td>
<form action="tags.php" method="POST">
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<select name="tags[]" multiple="multiple" size="8">
<?php
$ptags1 = get_records_sql('SELECT * from '.$CFG->prefix.'tags WHERE type=\'personal\' AND userid = '.$USER->id.' ORDER by text ASC');
</select>
<input type="hidden" name="mode" value="delete" />
<br />
- <input type="submit" value="delete" />
+ <input type="submit" value="<?php print_string('delete');?>" />
</form>
</td>
</tr>
<td>
<?php if (isadmin()) { ?>
<form action="tags.php" method="POST">
- Add Official:<br/>
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
+ <?php print_string('addotags','blog');?>:<br/>
<input type="text" name="otag" />
- <input type="submit" value="add" />
+ <input type="submit" value="<?php print_string('add');?>" />
<input type="hidden" name="mode" value="addofficial" />
</form>
<?php }?>
<td>
<form action="tags.php" method="POST">
- Add Personal:<br/>
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
+ <?php print_string('addptags','blog');?><br/>
<input type="text" name="ptag" />
- <input type="submit" value="add" />
+ <input type="submit" value="<?php print_string('add');?>" />
<input type="hidden" name="mode" value="addpersonal" />
</form>
</td>
</table>
<p align="center">
- <a href="#" onclick="window.close()">close this window</a>
+ <a href="#" onclick="window.close()"><?php print_string('closewindow');?></a>
</p>
switch ($mode) {
case 'addofficial':
+
+ if (!isadmin() || !confirm_sesskey()) {
+ die('you can not add official tags');
+ }
+
if (($otag = optional_param('otag')) && (!get_record('tags','text',$otag))) {
$tag->userid = $USER->id;
$tag->text = $otag;
break;
- case 'addpersonal':
+ case 'addpersonal': /// everyone can add
+ if (!confirm_sesskey() || isguest() || !isset($USER->id)) {
+ error ('you can not add tags');
+ }
+
if (($ptag = optional_param('ptag')) && (!get_record('tags','text',$ptag))) {
$tag->userid = $USER->id;
$tag->text = $ptag;
break;
case 'delete':
+ if (!confirm_sesskey()) {
+ error('you can not delete tags');
+ }
+
$tags = optional_param('tags');
print_object($tags);
foreach ($tags as $tag) {
continue;
}
+ /// Only admin can delete tags that are referenced
if (!isadmin() && get_records('blog_tag_instance','tagid', $tag)) {
notify('tag is used by other users, can not delete!');
continue;
delete_records('tags','id',$tag);
delete_records('blog_tag_instance', 'tagid', $tag);
- //remove parent window option
+ /// remove parent window option via javascript
echo '<script>
var i=0;
while (i < window.opener.document.entry[\'otags[]\'].length) {
projects / moodle.git / commitdiff