From: skodak <skodak>
Date: Sat, 27 Jan 2007 23:23:44 +0000 (+0000)
Subject: Editor related fixes:
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=1e94fe068cc22494d967402f0d8d3538c67c9033;p=moodle.git

Editor related fixes:
MDL-7545 HTML Editor does not send http headers for character encoding;
MDL-8323 added proper require_course_login()
+ fixed javascript in coursefiles broken by XHTML strict
+ general cleanup and fixing in coursefiles (themes, javascript, obsoleted functions, etc.)
---

diff --git a/lib/editor/htmlarea/coursefiles.php b/lib/editor/htmlarea/coursefiles.php
index 843cfd432f..6f2206f439 100644
--- a/lib/editor/htmlarea/coursefiles.php
+++ b/lib/editor/htmlarea/coursefiles.php
@@ -30,8 +30,7 @@
         error("That's an invalid course id");
     }
 
-    require_login($course->id);
-
+    require_login($course);
     require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id));
 
     function html_footer() {
@@ -50,7 +49,9 @@
         <meta http-equiv="content-type" content="text/html; charset=utf-8" />
         <title>coursefiles</title>
         <script type="text/javascript">
-        <!--
+//<![CDATA[
+
+
         function set_value(params) {
             /// function's argument is an object containing necessary values
             /// to export parent window (url,isize,itype,iwidth,iheight, imodified)
@@ -118,9 +119,8 @@
         }
 
         function set_rename(strfile) {
-            if(window.parent.document.irename != null) {
-                window.parent.document.irename.file.value = strfile;
-            }
+            var upper = window.parent.document;
+            upper.getElementById('irename').value = strfile;
             return true;
         }
 
@@ -138,11 +138,8 @@
                     }
                 }
             }
+            upper.getElementById('irename').value = 'xx';
 
-            var ren = upper.getElementById('irename');
-            if(ren != null) {
-                upper.irename.file.value = "";
-            }
             var prev = window.parent.ipreview;
             if(prev != null) {
                 prev.location.replace('about:blank');
@@ -151,13 +148,12 @@
             if(uploader != null) {
                 uploader.reset();
             }
-            set_dir('<?php print(!empty($_REQUEST['wdir'])) ? $_REQUEST['wdir'] : "";?>');
+            set_dir('<?php print($wdir);?>');
             return true;
         }
-        -->
+//]]>
         </script>
         <style type="text/css">
-        <!--
         body {
             background-color: white;
             margin-top: 2px;
@@ -169,11 +165,17 @@
             font-size: 11px;
         }
         select {
-        position: absolute;
-        top: -20px;
-        left: 0px;
+            position: absolute;
+            top: -20px;
+            left: 0px;
+        }
+        img.icon {
+          vertical-align:middle;
+          margin-right:4px;
+          width:16px;
+          height:16px;
+          border:0px;
         }
-        -->
         </style>
         </head>
         <body onload="reset_value();">
@@ -190,18 +192,10 @@
 //  End of configuration and access control
 
 
-    if (!$wdir) {
-        $wdir="/";
+    if ($wdir == '') {
+        $wdir='/';
     }
 
-    if (($wdir != '/' and detect_munged_arguments($wdir, 0))
-      or ($file != '' and detect_munged_arguments($file, 0))) {
-        $message = "Error: Directories can not contain \"..\"";
-        $wdir = "/";
-        $action = "";
-    }
-
-
     switch ($action) {
 
         case "upload":
@@ -316,10 +310,9 @@
             if (!empty($name) and confirm_sesskey()) {
                 html_header($course, $wdir);
                 $name    = clean_filename($name);
-                $oldname = clean_filename($oldname);
                 if (file_exists($basedir.$wdir."/".$name)) {
                     echo "Error: $name already exists!";
-                } else if (!rename($basedir.$wdir."/".$oldname, $basedir.$wdir."/".$name)) {
+                } else if (!@rename($basedir.$wdir."/".$oldname, $basedir.$wdir."/".$name)) {
                     echo "Error: could not rename $oldname to $name";
                 }
                 displaydir($wdir);
@@ -336,7 +329,7 @@
                 echo " <input type=\"hidden\" name=\"wdir\" value=\"$wdir\" />\n";
                 echo " <input type=\"hidden\" name=\"action\" value=\"rename\" />\n";
                 echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />\n";
-                echo " <input type=\"hidden\" name=oldname value=\"$file\" />\n";
+                echo " <input type=\"hidden\" name=\"oldname\" value=\"$file\" />\n";
                 echo " <input type=\"text\" name=\"name\" size=\"35\" value=\"$file\" />\n";
                 echo " <input type=\"submit\" value=\"$strrename\" />\n";
                 echo "</form>\n";
@@ -718,14 +711,13 @@ function displaydir ($wdir) {
             $count++;
 
             $filename = $fullpath."/".$dir;
-            $fileurl  = rawurlencode($wdir."/".$dir);
-            $filesafe = rawurlencode($dir);
+            $fileurl  = $wdir."/".$dir;
             $filedate = userdate(filemtime($filename), "%d %b %Y, %I:%M %p");
 
             echo "<tr>";
 
             if ($usecheckboxes) {
-                print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\"return set_rename('$filesafe');\" />");
+                print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\"return set_rename('$dir');\" />");
             }
             print_cell("left", "<a href=\"coursefiles.php?id=$id&amp;wdir=$fileurl\" onclick=\"return reset_value();\"><img src=\"$CFG->pixpath/f/folder.gif\" class=\"icon\" alt=\"".get_string('folder')."\" /></a> <a href=\"coursefiles.php?id=$id&amp;wdir=$fileurl&amp;usecheckboxes=$usecheckboxes\" onclick=\"return reset_value();\">".htmlspecialchars($dir)."</a>");
             print_cell("right", "&nbsp;");
@@ -746,8 +738,6 @@ function displaydir ($wdir) {
             $count++;
             $filename    = $fullpath."/".$file;
             $fileurl     = "$wdir/$file";
-            $filesafe    = rawurlencode($file);
-            $fileurlsafe = rawurlencode($fileurl);
             $filedate    = userdate(filemtime($filename), "%d %b %Y, %I:%M %p");
 
             $dimensions = get_image_size($filename);
@@ -762,7 +752,7 @@ function displaydir ($wdir) {
             echo "<tr>\n";
 
             if ($usecheckboxes) {
-                print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\"return set_rename('$filesafe');\" />");
+                print_cell("center", "<input type=\"checkbox\" name=\"file$count\" value=\"$fileurl\" onclick=\";return set_rename('$file');\" />");
             }
             echo "<td align=\"left\" nowrap=\"nowrap\">";
             if ($CFG->slasharguments) {
diff --git a/lib/editor/htmlarea/htmlarea.php b/lib/editor/htmlarea/htmlarea.php
index d0f2247798..1ec349e8f8 100644
--- a/lib/editor/htmlarea/htmlarea.php
+++ b/lib/editor/htmlarea/htmlarea.php
@@ -2,8 +2,10 @@
     include("../../../config.php");
 	require_once($CFG->dirroot.'/lib/languages.php');
 
-    $id            = optional_param('id', 0, PARAM_INT);
-    $httpsrequired = optional_param('httpsrequired', 0, PARAM_BOOL);//flag indicating editor on page with required https
+    $id            = optional_param('id', SITEID, PARAM_INT);
+    $httpsrequired = optional_param('httpsrequired', 0, PARAM_BOOL); //flag indicating editor on page with required https
+
+    require_course_login($id);
 
     $lastmodified = filemtime("htmlarea.php");
     $lifetime = 1800;
@@ -1650,7 +1652,7 @@ HTMLArea.prototype._insertTable = function() {
     var sel = this._getSelection();
     var range = this._createRange(sel);
     var editor = this;  // for nested functions
-    this._popupDialog("insert_table.php", function(param) {
+    this._popupDialog("insert_table.php?id=<?php echo $id; ?>", function(param) {
         if (!param) {   // user must have pressed Cancel
             return false;
         }
@@ -1709,7 +1711,7 @@ HTMLArea.prototype._insertSmile = function() {
     var sel = this._getSelection();
     var range = this._createRange(sel);
     var editor = this;  // for nested functions
-    this._popupDialog("dlg_ins_smile.php", function(imgString) {
+    this._popupDialog("dlg_ins_smile.php?id=<?php echo $id; ?>", function(imgString) {
         if(!imgString) {
             return false;
         }
@@ -1726,7 +1728,7 @@ HTMLArea.prototype._insertChar = function() {
     var sel = this._getSelection();
     var range = this._createRange(sel);
     var editor = this;  // for nested functions
-    this._popupDialog("dlg_ins_char.php", function(sChar) {
+    this._popupDialog("dlg_ins_char.php?id=<?php echo $id; ?>", function(sChar) {
         if(!sChar) {
             return false;
         }
@@ -1758,7 +1760,7 @@ HTMLArea.prototype._createanchor = function () {
         alert("<?php print_string("alertnoselectedtext","editor");?>");
         return false;
     }
-    this._popupDialog("createanchor.php", function(objAn) {
+    this._popupDialog("createanchor.php?id=<?php echo $id; ?>", function(objAn) {
         if(!objAn) {
             return false;
         }
@@ -1816,7 +1818,7 @@ HTMLArea.prototype._searchReplace = function() {
     };
 
     //Call Search And Replace popup window
-    editor._popupDialog( "searchandreplace.php", function( entity ) {
+    editor._popupDialog( "searchandreplace.php?id=<?php echo $id; ?>", function( entity ) {
         if ( !entity ) {
             //user must have pressed Cancel
             return false;
@@ -1997,7 +1999,7 @@ HTMLArea.prototype.execCommand = function(cmdID, UI, param) {
         case "hilitecolor":
         (HTMLArea.is_ie) && (cmdID = "backcolor");
         case "forecolor":
-        	this._popupDialog("select_color.php", function(color) {
+        	this._popupDialog("select_color.php?id=<?php echo $id; ?>", function(color) {
 	            if (color) { // selection not canceled
 	                editor._doc.execCommand(cmdID, false, "#" + color);
 	            }
diff --git a/lib/editor/htmlarea/popups/createanchor.php b/lib/editor/htmlarea/popups/createanchor.php
index 5220572029..0aa34ee0b1 100644
--- a/lib/editor/htmlarea/popups/createanchor.php
+++ b/lib/editor/htmlarea/popups/createanchor.php
@@ -1,5 +1,10 @@
 <?php // $Id$
-    include("../../../../config.php");
+    require("../../../../config.php");
+
+    $id = optional_param('id', SITEID, PARAM_INT);
+
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
diff --git a/lib/editor/htmlarea/popups/dlg_ins_char.php b/lib/editor/htmlarea/popups/dlg_ins_char.php
index ea5b0bda3d..e59e57037c 100644
--- a/lib/editor/htmlarea/popups/dlg_ins_char.php
+++ b/lib/editor/htmlarea/popups/dlg_ins_char.php
@@ -45,7 +45,12 @@
 ################################################################################
 -->
 <?php
-    include("../../../../config.php");
+    require("../../../../config.php");
+
+    $id = optional_param('id', SITEID, PARAM_INT);
+
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
diff --git a/lib/editor/htmlarea/popups/dlg_ins_smile.php b/lib/editor/htmlarea/popups/dlg_ins_smile.php
index 0ced0282ab..0f5657dc25 100644
--- a/lib/editor/htmlarea/popups/dlg_ins_smile.php
+++ b/lib/editor/htmlarea/popups/dlg_ins_smile.php
@@ -6,7 +6,13 @@
 ##
 #################################################################################
 
-    include('../../../../config.php');
+    require("../../../../config.php");
+
+    $id = optional_param('id', SITEID, PARAM_INT);
+
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
+
     $pixpath = "$CFG->pixpath/s";
 
     $fullnames = get_list_of_pixnames();
diff --git a/lib/editor/htmlarea/popups/fullscreen.php b/lib/editor/htmlarea/popups/fullscreen.php
index 2f5a39d6cb..a85fb9bfc5 100644
--- a/lib/editor/htmlarea/popups/fullscreen.php
+++ b/lib/editor/htmlarea/popups/fullscreen.php
@@ -1,11 +1,10 @@
 <?php // $Id$
-    include("../../../../config.php");
-    $id = optional_param('id', 0, PARAM_INT);
+    require("../../../../config.php");
 
-    if ( function_exists('ob_gzhandler') ) {
-        ob_start("ob_gzhandler");
-    }
+    $id = optional_param('id', SITEID, PARAM_INT);
 
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <html>
 <head><title><?php print_string("fullscreen","editor");?></title>
diff --git a/lib/editor/htmlarea/popups/insert_image.php b/lib/editor/htmlarea/popups/insert_image.php
index 89d478734c..3a3c4c3476 100644
--- a/lib/editor/htmlarea/popups/insert_image.php
+++ b/lib/editor/htmlarea/popups/insert_image.php
@@ -1,12 +1,13 @@
 <?php // $Id$
 
-    include("../../../../config.php");
+    require("../../../../config.php");
 
-    $id = required_param('id', PARAM_INT);
+    $id = optional_param('id', SITEID, PARAM_INT);
 
-    if (!$course = get_record("course", "id", $id)) {
-        $course->fullname = "";   // Just to keep display happy, though browsing may fail
-    }
+    require_login($id);
+    require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id));
+
+    @header('Content-Type: text/html; charset=utf-8');
 
     $upload_max_filesize = get_max_upload_file_size($CFG->maxbytes);
 
@@ -35,7 +36,7 @@ function Init() {
       document.getElementById("f_horiz").value = param["f_horiz"] != -1 ? param["f_horiz"] : 0;
       document.getElementById("f_width").value = param["f_width"];
       document.getElementById("f_height").value = param["f_height"];
-      window.ipreview.location.replace('preview.php?id='+ <?php print($course->id);?> +'&imageurl='+ param.f_url);
+      window.ipreview.location.replace('preview.php?id='+ <?php print($id);?> +'&imageurl='+ param.f_url);
   }
   document.getElementById("f_url").focus();
 };
@@ -262,13 +263,10 @@ form { margin-bottom: 0px; margin-top: 0px; }
   <table width="100%" border="0" cellspacing="0" cellpadding="0">
     <tr>
       <td width="55%" valign="top"><?php
-      if(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id))) {
           print_string("filebrowser","editor");
           echo "<br />";
-          echo "<iframe id=\"ibrowser\" name=\"ibrowser\" src=\"{$CFG->wwwroot}/lib/editor/htmlarea/coursefiles.php?usecheckboxes=1&id={$course->id}\" style=\"width: 100%; height: 200px;\"></iframe>";
-      } else {
-          print "<br />";
-      }?>
+          echo "<iframe id=\"ibrowser\" name=\"ibrowser\" src=\"{$CFG->wwwroot}/lib/editor/htmlarea/coursefiles.php?usecheckboxes=1&id=$id\" style=\"width: 100%; height: 200px;\"></iframe>";
+      ?>
       </td>
       <td width="45%" valign="top"><?php print_string("preview","editor");?>:<br />
       <iframe id="ipreview" name="ipreview" src="about:blank" style="width: 100%; height: 200px;"></iframe>
@@ -287,10 +285,10 @@ form { margin-bottom: 0px; margin-top: 0px; }
           <input name="btnMove" type="submit" id="btnMove" value="<?php print_string("move","editor");?>" onclick="return submit_form('move');" /></td>
           <td><form id="izip">
           <input name="btnZip" type="submit" id="btnZip" value="<?php print_string("zip","editor");?>" onclick="return submit_form('zip');" /></form></td>
-          <td><form id="irename" method="post" action="../coursefiles.php" target="ibrowser">
-          <input type="hidden" name="id" value="<?php print($course->id);?>" />
+          <td><form method="post" action="../coursefiles.php" target="ibrowser">
+          <input type="hidden" name="id" value="<?php print($id);?>" />
           <input type="hidden" name="wdir" value="" />
-          <input type="hidden" name="file" value="" />
+          <input type="hidden" id="irename" name="file" value="" />
           <input type="hidden" name="action" value="rename" />
           <input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
           <input name="btnRename" type="submit" id="btnRename" value="<?php print_string("rename","editor");?>" /></form></td>
@@ -313,10 +311,9 @@ form { margin-bottom: 0px; margin-top: 0px; }
       </fieldset></td>
     </tr>
     <tr>
-      <td height="22"><?php
-      if(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id))) { ?>
+      <td height="22">
           <form id="cfolder" action="../coursefiles.php" method="post" target="ibrowser">
-          <input type="hidden" name="id" value="<?php print($course->id);?>" />
+          <input type="hidden" name="id" value="<?php print($id);?>" />
           <input type="hidden" name="wdir" value="" />
           <input type="hidden" name="action" value="mkdir" />
           <input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
@@ -324,20 +321,16 @@ form { margin-bottom: 0px; margin-top: 0px; }
           <input name="btnCfolder" type="submit" id="btnCfolder" value="<?php print_string("createfolder","editor");?>" onclick="return checkvalue('foldername','cfolder');" />
           </form>
           <div class="space"></div>
-          <form action="../coursefiles.php?id=<?php print($course->id);?>" method="post" enctype="multipart/form-data" target="ibrowser" id="uploader">
+          <form action="../coursefiles.php?id=<?php print($id);?>" method="post" enctype="multipart/form-data" target="ibrowser" id="uploader">
           <input type="hidden" name="MAX_FILE_SIZE" value="<?php print($upload_max_filesize);?>" />
-          <input type="hidden" name="id" VALUE="<?php print($course->id);?>" />
+          <input type="hidden" name="id" VALUE="<?php print($id);?>" />
           <input type="hidden" name="wdir" value="" />
           <input type="hidden" name="action" value="upload" />
           <input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
           <input type="file" name="userfile" id="userfile" size="35" />
           <input name="save" type="submit" id="save" onclick="return checkvalue('userfile','uploader');" value="<?php print_string("upload","editor");?>" />
           </form>
-          <?php
-          } else {
-              print "";
-          } ?>
-          </td>
+      </td>
     </tr>
   </table>
   <p>&nbsp;</p>
diff --git a/lib/editor/htmlarea/popups/insert_image_std.php b/lib/editor/htmlarea/popups/insert_image_std.php
index cbdb26359f..6f12d9cc63 100644
--- a/lib/editor/htmlarea/popups/insert_image_std.php
+++ b/lib/editor/htmlarea/popups/insert_image_std.php
@@ -1,13 +1,10 @@
 <?php // $Id$
+    require("../../../../config.php");
 
-    include("../../../../config.php");
-
-    $id = required_param('id', PARAM_INT);
-
-    if (!$course = get_record("course", "id", $id)) {
-        $course->fullname = "";   // Just to keep display happy, though browsing may fail
-    }
+    $id = optional_param('id', SITEID, PARAM_INT);
 
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
diff --git a/lib/editor/htmlarea/popups/insert_table.php b/lib/editor/htmlarea/popups/insert_table.php
index 1dfa446c47..1055855476 100644
--- a/lib/editor/htmlarea/popups/insert_table.php
+++ b/lib/editor/htmlarea/popups/insert_table.php
@@ -1,5 +1,10 @@
 <?php // $Id$
-    include("../../../../config.php");
+    require("../../../../config.php");
+
+    $id = optional_param('id', SITEID, PARAM_INT);
+
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
diff --git a/lib/editor/htmlarea/popups/link.php b/lib/editor/htmlarea/popups/link.php
index 38e245b668..fd9b451520 100644
--- a/lib/editor/htmlarea/popups/link.php
+++ b/lib/editor/htmlarea/popups/link.php
@@ -1,11 +1,10 @@
 <?php // $Id$
-    include("../../../../config.php");
+    require("../../../../config.php");
 
-    $id = required_param('id', PARAM_INT);
+    $id = optional_param('id', SITEID, PARAM_INT);
 
-    if (!$course = get_record("course", "id", $id)) {
-        $course->fullname = "";   // Just to keep display happy, though browsing may fail
-    }
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -89,7 +88,7 @@ form { margin-bottom: 1px; margin-top: 1px; }
 
         <div class="space"></div>
         <?php print(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id)))?
-        "<iframe id=\"fbrowser\" name=\"fbrowser\" src=\"../coursefiles.php?id=".$course->id."\" width=\"420\" height=\"180\"></iframe>":
+        "<iframe id=\"fbrowser\" name=\"fbrowser\" src=\"../coursefiles.php?id=".$id."\" width=\"420\" height=\"180\"></iframe>":
         ""; ?>
         <p>
         </p>
@@ -109,7 +108,7 @@ form { margin-bottom: 1px; margin-top: 1px; }
           <td><form id="izip">
           <input name="btnZip" type="submit" id="btnZip" value="<?php print_string("zip","editor");?>" onclick="return submit_form('zip');" /></form></td>
           <td><form id="irename" method="post" action="../coursefiles.php" target="fbrowser">
-          <input type="hidden" name="id" value="<?php print($course->id);?>" />
+          <input type="hidden" name="id" value="<?php print($id);?>" />
           <input type="hidden" name="wdir" value="" />
           <input type="hidden" name="file" value="" />
           <input type="hidden" name="action" value="rename" />
@@ -128,16 +127,16 @@ form { margin-bottom: 1px; margin-top: 1px; }
       <td height="22"><?php
       if(has_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id))) { ?>
           <form id="cfolder" action="../coursefiles.php" method="post" target="fbrowser">
-          <input type="hidden" name="id" value="<?php print($course->id);?>" />
+          <input type="hidden" name="id" value="<?php print($id);?>" />
           <input type="hidden" name="wdir" value="" />
           <input type="hidden" name="action" value="mkdir" />
           <input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
           <input name="name" type="text" id="foldername" size="35" />
           <input name="btnCfolder" type="submit" id="btnCfolder" value="<?php print_string("createfolder","editor");?>" onclick="return checkvalue('foldername','cfolder');" />
           </form>
-          <form action="../coursefiles.php?id=<?php print($course->id);?>" method="post" enctype="multipart/form-data" target="fbrowser" id="uploader">
+          <form action="../coursefiles.php?id=<?php print($id);?>" method="post" enctype="multipart/form-data" target="fbrowser" id="uploader">
           <input type="hidden" name="MAX_FILE_SIZE" value="<?php print($upload_max_filesize);?>" />
-          <input type="hidden" name="id" VALUE="<?php print($course->id);?>" />
+          <input type="hidden" name="id" VALUE="<?php print($id);?>" />
           <input type="hidden" name="wdir" value="" />
           <input type="hidden" name="action" value="upload" />
           <input type="hidden" name="sesskey" value="<?php p($USER->sesskey) ?>" />
diff --git a/lib/editor/htmlarea/popups/link_std.php b/lib/editor/htmlarea/popups/link_std.php
index 310d5d7f9e..f3f354ad7e 100644
--- a/lib/editor/htmlarea/popups/link_std.php
+++ b/lib/editor/htmlarea/popups/link_std.php
@@ -1,12 +1,10 @@
 <?php // $Id$
-    include("../../../../config.php");
+    require("../../../../config.php");
 
-    $id = required_param('id', PARAM_INT);
+    $id = optional_param('id', SITEID, PARAM_INT);
 
-    if (!$course = get_record("course", "id", $id)) {
-        $course = get_site();
-        $id = SITEID;
-    }
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
diff --git a/lib/editor/htmlarea/popups/preview.php b/lib/editor/htmlarea/popups/preview.php
index f4e02e1521..204302ed10 100644
--- a/lib/editor/htmlarea/popups/preview.php
+++ b/lib/editor/htmlarea/popups/preview.php
@@ -1,16 +1,15 @@
 <?php // $Id$ preview for insert image dialog
 
-    include('../../../../config.php');
+    require("../../../../config.php");
 
-    $id       = required_param('id', PARAM_INT);
+    $id = optional_param('id', SITEID, PARAM_INT);
     $imageurl = required_param('imageurl', PARAM_RAW);
 
-    if (! $course = get_record('course', 'id', $id) ) {
-        error("That's an invalid course id");
-    }
+    require_login($id);
+    require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $id));
+
+    @header('Content-Type: text/html; charset=utf-8');
 
-    require_login($course->id);
-    require_capability('moodle/course:managefiles', get_context_instance(CONTEXT_COURSE, $course->id));
 
     $imagetag = clean_text('<img src="'.htmlSpecialChars(stripslashes_safe($imageurl)).'" alt="" />');
 
@@ -19,7 +18,7 @@
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html>
 <head>
-<title>Preview</title>
+<title><?php echo get_string('preview') ?></title>
 <style type="text/css">
  body { margin: 2px; }
 </style>
diff --git a/lib/editor/htmlarea/popups/searchandreplace.php b/lib/editor/htmlarea/popups/searchandreplace.php
index 05492b515e..0b3e817786 100644
--- a/lib/editor/htmlarea/popups/searchandreplace.php
+++ b/lib/editor/htmlarea/popups/searchandreplace.php
@@ -1,5 +1,10 @@
 <?php // $Id$
-    require_once('../../../../config.php');
+    require("../../../../config.php");
+
+    $id = optional_param('id', SITEID, PARAM_INT);
+
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
diff --git a/lib/editor/htmlarea/popups/select_color.php b/lib/editor/htmlarea/popups/select_color.php
index a364f263b9..8ec7f7c12a 100644
--- a/lib/editor/htmlarea/popups/select_color.php
+++ b/lib/editor/htmlarea/popups/select_color.php
@@ -1,5 +1,10 @@
 <?php
-include("../../../../config.php");
+    require("../../../../config.php");
+
+    $id = optional_param('id', SITEID, PARAM_INT);
+
+    require_course_login($id);
+    @header('Content-Type: text/html; charset=utf-8');
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">