$string['nonprimative'] = 'A non primative value was passed as a callback argument to portfolio_add_button. Refusing to continue. The key was $a->key and the value was $a->value';
$string['notexportable'] = 'Sorry, but the type of content you are trying to export is not exportable';
$string['notimplemented'] = 'Sorry, but you are trying to export content in some format that is not yet implemented ($a)';
+$string['notyours'] = 'You are trying to resume a portfolio export that doesn\'t belong to you!';
$string['nouploaddirectory'] = 'Could not create a temporary directory to package your data into';
$string['portfolio'] = 'Portfolio';
$string['portfolios'] = 'Portfolios';
*/
private $id;
+ private $sesskey;
+
/**
* construct a new exporter for use
*
return $this->{$field};
}
$a = (object)array('property' => $field, 'class' => get_class($this));
- throw new portfolio_export_exception($this, 'invalidproperty', 'portfolio', $a);
+ throw new portfolio_export_exception($this, 'invalidproperty', 'portfolio', '', $a);
}
/**
);
}
+ public function verify_rewaken() {
+ global $USER;
+ if ($this->get('user')->id != $USER->id) {
+ throw new portfolio_exception('notyours', 'portfolio');
+ }
+ if (!confirm_sesskey($this->get('sesskey'))) {
+ throw new portfolio_exception('confirmsesskeybad');
+ }
+ }
}
/**
$exporter = null;
$dataid = 0;
-if (!$dataid = optional_param('id') ) {
+if (!$dataid = optional_param('id', '', PARAM_INT) ) {
if (isset($SESSION->portfolioexport)) {
$dataid = $SESSION->portfolioexport;
}
}
if ($dataid) {
$exporter = portfolio_exporter::rewaken_object($dataid);
+ $exporter->verify_rewaken();
if ($cancel = optional_param('cancel', 0, PARAM_RAW)) {
$exporter->cancel_request();
}
}
$instance->set('user', $USER);
$exporter->set('instance', $instance);
+ $exporter->set('sesskey', sesskey());
$exporter->save();
}
}
projects / moodle.git / commitdiff