From: skodak Date: Mon, 20 Apr 2009 10:05:50 +0000 (+0000) Subject: MDL-18901 reimplemented trusstext support in glossary + standardising format column... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=cbc2b5df03ec836311198ee42e119976bdd79289;p=moodle.git MDL-18901 reimplemented trusstext support in glossary + standardising format column for text fields --- diff --git a/blocks/glossary_random/block_glossary_random.php b/blocks/glossary_random/block_glossary_random.php index 0923d2d74b..0140db8a84 100644 --- a/blocks/glossary_random/block_glossary_random.php +++ b/blocks/glossary_random/block_glossary_random.php @@ -86,8 +86,8 @@ class block_glossary_random extends block_base { } $options = new object; - $options->trusttext = true; - $text .= format_text($entry->definition, $entry->format, $options); + $options->trusted = $entry->definitiontrust; + $text .= format_text($entry->definition, $entry->definitionformat, $options); $this->config->nexttime = usergetmidnight(time()) + DAYSECS * $this->config->refresh; $this->config->previous = $i; diff --git a/lib/weblib.php b/lib/weblib.php index 3fea9a8ed0..d3dcf377fc 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -1227,12 +1227,16 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL return ''; // no need to do any filters and cleaning } - if (!isset($options->trusttext)) { - $options->trusttext = false; + if (!isset($options->trusted)) { + $options->trusted = false; } - if (!isset($options->noclean)) { - $options->noclean=false; + if ($options->trusted and trusttext_active()) { + // no cleaning if text trusted and noclean not specified + $options->noclean=true; + } else { + $options->noclean=false; + } } if (!isset($options->nocache)) { $options->nocache=false; @@ -1262,7 +1266,7 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL if (!empty($CFG->cachetext) and empty($options->nocache)) { $hashstr .= $text.'-'.$filtermanager->text_filtering_hash($context, $courseid).'-'.(int)$courseid.'-'.current_language().'-'. - (int)$format.(int)$options->trusttext.(int)$options->noclean.(int)$options->smiley. + (int)$format.(int)$options->trusted.(int)$options->noclean.(int)$options->smiley. (int)$options->filter.(int)$options->para.(int)$options->newlines; $time = time() - $CFG->cachetext; @@ -1288,24 +1292,6 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL } } - // trusttext overrides the noclean option! - if ($options->trusttext) { - if (trusttext_present($text)) { - $text = trusttext_strip($text); - if (!empty($CFG->enabletrusttext)) { - $options->noclean = true; - } else { - $options->noclean = false; - } - } else { - $options->noclean = false; - } - } else if (!debugging('', DEBUG_DEVELOPER)) { - // strip any forgotten trusttext in non-developer mode - // do not forget to disable text cache when debugging trusttext!! - $text = trusttext_strip($text); - } - switch ($format) { case FORMAT_HTML: if ($options->smiley) { @@ -1580,10 +1566,7 @@ function trusttext_present($text) { } /** - * This funtion MUST be called before the cleaning or any other - * function that modifies the data! We do not know the origin of trusttext - * in database, if it gets there in tweaked form we must not convert it - * to supported form!!! + * Legacy function, used for cleaning of old forum and glossary text only. * @param string $text text that may contain TRUSTTEXT marker * @return text without any TRUSTTEXT marker */ @@ -1592,7 +1575,7 @@ function trusttext_strip($text) { while (true) { //removing nested TRUSTTEXT $orig = $text; - $text = str_replace(TRUSTTEXT, '', $text); + $text = str_replace('#####TRUSTTEXT#####', '', $text); if (strcmp($orig, $text) === 0) { return $text; } @@ -1606,6 +1589,7 @@ function trusttext_strip($text) { * it into database! */ function trusttext_mark($text) { +//TODO: delete global $CFG; if (!empty($CFG->enabletrusttext) and (strpos($text, TRUSTTEXT) === FALSE)) { return TRUSTTEXT.$text; @@ -1615,6 +1599,7 @@ function trusttext_mark($text) { } function trusttext_after_edit(&$text, $context) { +//TODO: delete if (has_capability('moodle/site:trustcontent', $context)) { $text = trusttext_strip($text); $text = trusttext_mark($text); @@ -1625,7 +1610,7 @@ function trusttext_after_edit(&$text, $context) { function trusttext_prepare_edit(&$text, &$format, $usehtmleditor, $context) { global $CFG; - +//TODO: delete $options = new object(); $options->smiley = false; $options->filter = false; @@ -1645,6 +1630,47 @@ function trusttext_prepare_edit(&$text, &$format, $usehtmleditor, $context) { } } +/** + * Must be called before editing of all texts + * with trust flag. Removes all XSS nasties + * from texts stored in database if needed. + * @param object $object data object with xxx, xxxformat and xxxtrust fields + * @param string $field name of text field + * @param object $context active context + * @return object updated $object + */ +function trusttext_pre_edit($object, $field, $context) { + $trustfield = $field.'trust'; + $formatfield = $field.'format'; + + if (!$object->$trustfield or !trusttext_trusted($context)) { + $object->$field = clean_text($object->$field, $object->$formatfield); + } + + return $object; +} + +/** + * Is user trusted to enter no dangerous XSS in this context? + * Please note the user must be in fact trusted everywhere on this server!! + * @param $context + * @return bool true if user trusted + */ +function trusttext_trusted($context) { + return (trusttext_active() and has_capability('moodle/site:trustcontent', $context)); +} + +/** + * Is trusttext feature active? + * @param $context + * @return bool + */ +function trusttext_active() { + global $CFG; + + return !empty($CFG->enabletrusttext); +} + /** * Given raw text (eg typed in by a user), this function cleans it up * and removes any nasty tags that could mess up Moodle pages. diff --git a/mod/glossary/backuplib.php b/mod/glossary/backuplib.php index 961f21f7d4..4e080f23a5 100644 --- a/mod/glossary/backuplib.php +++ b/mod/glossary/backuplib.php @@ -11,8 +11,8 @@ // | | // glossary_entries --------------------------------glossary_entries_categories // (UL,pk->id, fk->glossaryid, files) | (UL, pk->categoryid,entryid) - // | | - // | |--------------------glossary_ratings + // | | + // | |--------------------glossary_ratings // | | (UL, pk->id, pk->entryid) // glossary_comments | // (UL,pk->id, fk->entryid) |---------------------glossary_alias @@ -47,11 +47,11 @@ function glossary_backup_one_mod($bf,$preferences,$glossary) { global $CFG, $DB; - + if (is_numeric($glossary)) { $glossary = $DB->get_record('glossary', array('id'=>$glossary)); } - + $status = true; //Start mod @@ -159,9 +159,9 @@ $glossary_entries = $DB->get_records("glossary_entries", array("glossaryid"=>$glossary),"id"); //If there is entries - if ($glossary_entries) { + if ($glossary_entries) { $dumped_entries = 0; - + //Iterate over each entry foreach ($glossary_entries as $glo_ent) { //Start entry @@ -178,7 +178,7 @@ fwrite ($bf,full_tag("USERID",6,false,$glo_ent->userid)); fwrite ($bf,full_tag("CONCEPT",6,false,trim($glo_ent->concept))); fwrite ($bf,full_tag("DEFINITION",6,false,$glo_ent->definition)); - fwrite ($bf,full_tag("FORMAT",6,false,$glo_ent->format)); + fwrite ($bf,full_tag("FORMAT",6,false,$glo_ent->definitionformat)); fwrite ($bf,full_tag("ATTACHMENT",6,false,$glo_ent->attachment)); fwrite ($bf,full_tag("SOURCEGLOSSARYID",6,false,$glo_ent->sourceglossaryid)); fwrite ($bf,full_tag("USEDYNALINK",6,false,$glo_ent->usedynalink)); @@ -227,10 +227,10 @@ fwrite ($bf,full_tag("ID",8,false,$comment->id)); fwrite ($bf,full_tag("USERID",8,false,$comment->userid)); fwrite ($bf,full_tag("ENTRYCOMMENT",8,false,$comment->entrycomment)); - fwrite ($bf,full_tag("FORMAT",8,false,$comment->format)); + fwrite ($bf,full_tag("FORMAT",8,false,$comment->entrycommentformat)); fwrite ($bf,full_tag("TIMEMODIFIED",8,false,$comment->timemodified)); - $status =fwrite ($bf,end_tag("COMMENT",7,true)); + $status =fwrite ($bf,end_tag("COMMENT",7,true)); } $status =fwrite ($bf,end_tag("COMMENTS",6,true)); } @@ -260,7 +260,7 @@ } return $status; } - + //Backup glossary_alias contents (executed from backup_glossary_entries) function backup_glossary_aliases ($bf,$preferences,$entryid) { global $CFG, $DB; @@ -275,7 +275,7 @@ fwrite ($bf,full_tag("ALIAS_TEXT",8,false,trim($alias->alias))); - $status =fwrite ($bf,end_tag("ALIAS",7,true)); + $status =fwrite ($bf,end_tag("ALIAS",7,true)); } $status =fwrite ($bf,end_tag("ALIASES",6,true)); } @@ -309,7 +309,7 @@ if ($status) { //Calculate moddata/glossary dir $glo_dir_from = $CFG->dataroot."/".$preferences->backup_course."/".$CFG->moddata."/glossary"; - //Only if it exists !! + //Only if it exists !! if (is_dir($glo_dir_from."/".$glossary."/".$entry)) { $status = backup_copy_file($glo_dir_from."/".$glossary."/".$entry, $glo_dir_to."/".$glossary."/".$entry); @@ -396,7 +396,7 @@ FROM {glossary} a WHERE a.course = ?", array($course)); } - + //Returns an array of glossary_answers id function glossary_entries_ids_by_course ($course) { global $DB; diff --git a/mod/glossary/comment.php b/mod/glossary/comment.php index c6b5dafe17..43f6e427c5 100644 --- a/mod/glossary/comment.php +++ b/mod/glossary/comment.php @@ -60,14 +60,13 @@ function glossary_comment_add() { } if ($data = $mform->get_data()) { - trusttext_after_edit($data->entrycomment, $context); - $newcomment = new object(); - $newcomment->entryid = $entry->id; - $newcomment->entrycomment = $data->entrycomment; - $newcomment->format = $data->format; - $newcomment->timemodified = time(); - $newcomment->userid = $USER->id; + $newcomment->entryid = $entry->id; + $newcomment->entrycomment = $data->entrycomment; + $newcomment->entrycommentformat = $data->entrycommentformat; + $newcomment->entrycommenttrust = trusttext_trusted($context); + $newcomment->timemodified = time(); + $newcomment->userid = $USER->id; if (!$newcomment->id = $DB->insert_record('glossary_comments', $newcomment)) { print_error('cannotinsertcomment'); @@ -175,18 +174,20 @@ function glossary_comment_edit() { print_error('cannoteditcommentexpired'); } + // clean up existing text if needed + $comment = trusttext_pre_edit($comment, 'entrycomment', $context); + $mform = new mod_glossary_comment_form(); - trusttext_prepare_edit($comment->entrycomment, $comment->format, can_use_html_editor(), $context); - $mform->set_data(array('cid'=>$cid, 'action'=>'edit', 'entrycomment'=>$comment->entrycomment, 'format'=>$comment->format)); + $mform->set_data(array('cid'=>$cid, 'action'=>'edit', 'entrycomment'=>$comment->entrycomment, 'entrycommentformat'=>$comment->entrycommentformat)); if ($data = $mform->get_data()) { - trusttext_after_edit($data->entrycomment, $context); $updatedcomment = new object(); - $updatedcomment->id = $cid; - $updatedcomment->entrycomment = $data->entrycomment; - $updatedcomment->format = $data->format; - $updatedcomment->timemodified = time(); + $updatedcomment->id = $cid; + $updatedcomment->entrycomment = $data->entrycomment; + $updatedcomment->entrycommentformat = $data->entrycommentformat; + $updatedcomment->entrycommenttrust = trusttext_trusted($context); + $updatedcomment->timemodified = time(); $DB->update_record('glossary_comments', $updatedcomment); add_to_log($course->id, 'glossary', 'update comment', "comments.php?id=$cm->id&eid=$entry->id", "$updatedcomment->id",$cm->id); @@ -220,7 +221,7 @@ function glossary_comment_print_header($course, $cm, $glossary, $entry, $action) $strglossary = get_string('modulename', 'glossary'); $strcomments = get_string('comments', 'glossary'); - + $navlinks = array(); $navlinks[] = array('name' => $strcomments, 'link' => "comments.php?id=$cm->id&eid=$entry->id", 'type' => 'title'); $navlinks[] = array('name' => $straction, 'link' => '', 'type' => 'action'); diff --git a/mod/glossary/comment_form.php b/mod/glossary/comment_form.php index ceb21bfa68..c9ed5b6019 100644 --- a/mod/glossary/comment_form.php +++ b/mod/glossary/comment_form.php @@ -9,11 +9,11 @@ class mod_glossary_comment_form extends moodleform { // visible elements $mform->addElement('htmleditor', 'entrycomment',get_string('comment', 'glossary')); $mform->addRule('entrycomment', get_string('required'), 'required', null, 'client'); - $mform->setType('entrycomment', PARAM_RAW); // processed by trusttext or cleaned before the display + $mform->setType('entrycomment', PARAM_RAW); // processed by trust text or cleaned before the display $mform->setHelpButton('entrycomment', array('writing', 'richtext2'), false, 'editorhelpbutton'); - $mform->addElement('format', 'format', get_string('format')); - $mform->setHelpButton('format', array('textformat', get_string('helpformatting'))); + $mform->addElement('format', 'entrycommentformat', get_string('format')); + $mform->setHelpButton('entrycommentformat', array('textformat', get_string('helpformatting'))); // hidden optional params $mform->addElement('hidden', 'cid', 0); diff --git a/mod/glossary/db/upgrade.php b/mod/glossary/db/upgrade.php index 9f6ae723d4..40a9056909 100644 --- a/mod/glossary/db/upgrade.php +++ b/mod/glossary/db/upgrade.php @@ -1,6 +1,6 @@ sourceglossaryid and !is_readable($filepath)) { //eh - try the second possible location $filepath = "$CFG->dataroot/$entry->course/$CFG->moddata/glossary/$entry->sourceglossaryid/$entry->id/$entry->attachment"; - + } if (!is_readable($filepath)) { //file missing?? @@ -100,6 +100,96 @@ function xmldb_glossary_upgrade($oldversion) { upgrade_mod_savepoint($result, 2008081900, 'glossary'); } + if ($result && $oldversion < 2009042000) { + + /// Rename field definitionformat on table glossary_entries to NEWNAMEGOESHERE + $table = new xmldb_table('glossary_entries'); + $field = new xmldb_field('format', XMLDB_TYPE_INTEGER, '2', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, '0', 'definition'); + + /// Launch rename field definitionformat + $dbman->rename_field($table, $field, 'definitionformat'); + + /// glossary savepoint reached + upgrade_mod_savepoint($result, 2009042000, 'glossary'); + } + + if ($result && $oldversion < 2009042001) { + + /// Define field definitiontrust to be added to glossary_entries + $table = new xmldb_table('glossary_entries'); + $field = new xmldb_field('definitiontrust', XMLDB_TYPE_INTEGER, '2', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, '0', 'definitionformat'); + + /// Launch add field definitiontrust + $dbman->add_field($table, $field); + + /// glossary savepoint reached + upgrade_mod_savepoint($result, 2009042001, 'glossary'); + } + + if ($result && $oldversion < 2009042002) { + + /// Rename field format on table glossary_comments to NEWNAMEGOESHERE + $table = new xmldb_table('glossary_comments'); + $field = new xmldb_field('format', XMLDB_TYPE_INTEGER, '2', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, '0', 'entrycomment'); + + /// Launch rename field format + $dbman->rename_field($table, $field, 'entrycommentformat'); + + /// glossary savepoint reached + upgrade_mod_savepoint($result, 2009042002, 'glossary'); + } + + if ($result && $oldversion < 2009042003) { + + /// Define field entrycommenttrust to be added to glossary_comments + $table = new xmldb_table('glossary_comments'); + $field = new xmldb_field('entrycommenttrust', XMLDB_TYPE_INTEGER, '2', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, '0', 'entrycommentformat'); + + /// Conditionally launch add field entrycommenttrust + if (!$dbman->field_exists($table, $field)) { + $dbman->add_field($table, $field); + } + + /// glossary savepoint reached + upgrade_mod_savepoint($result, 2009042003, 'glossary'); + } + + if ($result && $oldversion < 2009042004) { + $trustmark = '#####TRUSTTEXT#####'; + $rs = $DB->get_recordset_sql("SELECT * FROM {glossary_entries} WHERE definition LIKE '$trustmark%'"); + foreach ($rs as $entry) { + if (strpos($entry->definition, $trustmark) !== 0) { + // probably lowercase in some DBs + continue; + } + $entry->definition = trusttext_strip($entry->definition); + $entry->definitiontrust = 1; + $DB->update_record('glossary_entries', $entry); + } + $rs->close(); + + /// glossary savepoint reached + upgrade_mod_savepoint($result, 2009042004, 'glossary'); + } + + if ($result && $oldversion < 2009042005) { + $trustmark = '#####TRUSTTEXT#####'; + $rs = $DB->get_recordset_sql("SELECT * FROM {glossary_comments} WHERE entrycomment LIKE '$trustmark%'"); + foreach ($rs as $comment) { + if (strpos($comment->entrycomment, $trustmark) !== 0) { + // probably lowercase in some DBs + continue; + } + $comment->entrycomment = trusttext_strip($comment->entrycomment); + $comment->entrycommenttrust = 1; + $DB->update_record('glossary_comments', $comment); + } + $rs->close(); + + /// glossary savepoint reached + upgrade_mod_savepoint($result, 2009042005, 'glossary'); + } + return $result; } diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php index 28c70c70fd..64f3c1e68e 100644 --- a/mod/glossary/edit.php +++ b/mod/glossary/edit.php @@ -43,8 +43,10 @@ if ($id) { // if entry is specified } } + // clean up text before edit if needed + $entry = trusttext_pre_edit($entry, 'definition', $context); + //prepare extra data - trusttext_prepare_edit($entry->definition, $entry->format, can_use_html_editor(), $context); if ($aliases = $DB->get_records_menu("glossary_alias", array("entryid"=>$id), '', 'id, alias')) { $entry->aliases = implode("\n", $aliases) . "\n"; } @@ -56,16 +58,16 @@ if ($id) { // if entry is specified } else { // new entry require_capability('mod/glossary:write', $context); $entry = new object(); - $entry->id = null; - $entry->definition = ''; - $entry->format = FORMAT_HTML; // TODO: better default value + $entry->id = null; + $entry->definition = ''; + $entry->definitionformat = FORMAT_HTML; // TODO: better default value } $entry->cmid = $cm->id; $draftid_editor = file_get_submitted_draft_itemid('entry'); $currenttext = file_prepare_draft_area($draftid_editor, $context->id, 'glossary_entry', $entry->id, true, $entry->definition); -$entry->entry = array('text'=>$currenttext, 'format'=>$entry->format, 'itemid'=>$draftid_editor); +$entry->entry = array('text'=>$currenttext, 'format'=>$entry->definitionformat, 'itemid'=>$draftid_editor); $draftitemid = file_get_submitted_draft_itemid('attachments'); file_prepare_draft_area($draftitemid, $context->id, 'glossary_attachment', $entry->id , false); @@ -94,14 +96,15 @@ if ($mform->is_cancelled()){ $entry->teacherentry = has_capability('mod/glossary:manageentries', $context); } - $entry->concept = trim($data->concept); - $entry->definition = ''; // updated later - $entry->format = FORMAT_HTML; // updated later - $entry->timemodified = $timenow; - $entry->approved = 0; - $entry->usedynalink = isset($data->usedynalink) ? $data->usedynalink : 0; - $entry->casesensitive = isset($data->casesensitive) ? $data->casesensitive : 0; - $entry->fullmatch = isset($data->fullmatch) ? $data->fullmatch : 0; + $entry->concept = trim($data->concept); + $entry->definition = ''; // updated later + $entry->definitionformat = FORMAT_HTML; // updated later + $entry->definitiontrust = trusttext_trusted($context); + $entry->timemodified = $timenow; + $entry->approved = 0; + $entry->usedynalink = isset($data->usedynalink) ? $data->usedynalink : 0; + $entry->casesensitive = isset($data->casesensitive) ? $data->casesensitive : 0; + $entry->fullmatch = isset($data->fullmatch) ? $data->fullmatch : 0; if ($glossary->defaultapproval or has_capability('mod/glossary:approve', $context)) { $entry->approved = 1; @@ -122,9 +125,8 @@ if ($mform->is_cancelled()){ } // save and relink embedded images - $entry->format = $data->entry['format']; - $entry->definition = file_save_draft_area_files($draftid_editor, $context->id, 'glossary_entry', $entry->id, true, $data->entry['text']); - trusttext_after_edit($entry->definition, $context); + $entry->definitionformat = $data->entry['format']; + $entry->definition = file_save_draft_area_files($draftid_editor, $context->id, 'glossary_entry', $entry->id, true, $data->entry['text']); // save attachments $info = file_get_draft_area_info($draftitemid); diff --git a/mod/glossary/lib.php b/mod/glossary/lib.php index c2242ca81a..3b69bd68be 100644 --- a/mod/glossary/lib.php +++ b/mod/glossary/lib.php @@ -641,30 +641,15 @@ function glossary_print_entry_default ($entry, $glossary, $cm) { $definition = $entry->definition; - // always detect and strip TRUSTTEXT marker before processing and add+strip it afterwards! - if (trusttext_present($definition)) { - $ttpresent = true; - $definition = trusttext_strip($definition); - } else { - $ttpresent = false; - } - $definition = '' . strip_tags($definition) . ''; - // reconstruct the TRUSTTEXT properly after processing - if ($ttpresent) { - $definition = trusttext_mark($definition); - } else { - $definition = trusttext_strip($definition); //make 100% sure TRUSTTEXT marker was not created - } - $context = get_context_instance(CONTEXT_MODULE, $cm->id); $definition = file_rewrite_pluginfile_urls($definition, 'pluginfile.php', $context->id, 'glossary_entry', $entry->id); - + $options = new object(); $options->para = false; - $options->trusttext = true; - $definition = format_text($definition, $entry->format, $options); + $options->trusted = $entry->definitiontrust; + $definition = format_text($definition, $entry->definitionformat, $options); echo ($definition); echo '

'; } @@ -687,14 +672,6 @@ function glossary_print_entry_definition($entry, $glossary, $cm) { $definition = $entry->definition; - // always detect and strip TRUSTTEXT marker before processing and add+strip it afterwards! - if (trusttext_present($definition)) { - $ttpresent = true; - $definition = trusttext_strip($definition); - } else { - $ttpresent = false; - } - global $GLOSSARY_EXCLUDECONCEPTS; //Calculate all the strings to be no-linked @@ -709,23 +686,16 @@ function glossary_print_entry_definition($entry, $glossary, $cm) { $options = new object(); $options->para = false; - $options->trusttext = true; - - // reconstruct the TRUSTTEXT properly after processing - if ($ttpresent) { - $definition = trusttext_mark($definition); - } else { - $definition = trusttext_strip($definition); //make 100% sure TRUSTTEXT marker was not created - } + $options->trusted = $entry->definitiontrust; $context = get_context_instance(CONTEXT_MODULE, $cm->id); $definition = file_rewrite_pluginfile_urls($definition, 'pluginfile.php', $context->id, 'glossary_entry', $entry->id); - - $text = format_text($definition, $entry->format, $options); - + + $text = format_text($definition, $entry->definitionformat, $options); + // Stop excluding concepts from autolinking unset($GLOSSARY_EXCLUDECONCEPTS); - + if (!empty($entry->highlight)) { $text = highlight($entry->highlight, $text); } @@ -863,14 +833,14 @@ function glossary_print_entry_commentslink($course, $cm, $glossary, $entry,$mode } } -function glossary_print_entry_lower_section($course, $cm, $glossary, $entry, $mode, $hook,$printicons,$ratings,$aliases=true) { +function glossary_print_entry_lower_section($course, $cm, $glossary, $entry, $mode, $hook, $printicons, $ratings, $aliases=true) { if ($aliases) { $aliases = glossary_print_entry_aliases($course, $cm, $glossary, $entry, $mode, $hook,'html'); } $icons = ''; $return = ''; - if ( $printicons ) { + if ($printicons) { $icons = glossary_print_entry_icons($course, $cm, $glossary, $entry, $mode, $hook,'html'); } if ($aliases || $icons || $ratings) { @@ -907,10 +877,10 @@ function glossary_print_entry_attachment($entry, $cm, $format=NULL, $align="righ } } -function glossary_print_entry_approval($cm, $entry, $mode,$align="right",$insidetable=true) { +function glossary_print_entry_approval($cm, $entry, $mode, $align="right", $insidetable=true) { global $CFG; - if ( $mode == 'approval' and !$entry->approved ) { + if ($mode == 'approval' and !$entry->approved) { if ($insidetable) { echo '
'; } @@ -1472,8 +1442,8 @@ function glossary_print_comment($course, $cm, $glossary, $entry, $comment) { echo ''; $options = new object(); - $options->trusttext = true; - echo format_text($comment->entrycomment, $comment->format, $options); + $options->trusted = $comment->entrycommenttrust; + echo format_text($comment->entrycomment, $comment->entrycommentformat, $options); echo '
'; @@ -1593,7 +1563,7 @@ function glossary_generate_export_csv($entries, $aliases, $categories) { foreach ($entries as $entry) { $thisaliasesentry = array(); $thiscategoriesentry = array(); - $thiscsventry = array($entry->concept, nl2br(trusttext_strip($entry->definition))); + $thiscsventry = array($entry->concept, nl2br($entry->definition)); if (array_key_exists($entry->id, $aliases) && is_array($aliases[$entry->id])) { $thiscount = count($aliases[$entry->id]); @@ -1681,8 +1651,8 @@ function glossary_generate_export_file($glossary, $hook = "", $hook = 0) { if ( $entry->approved and $permissiongranted ) { $co .= glossary_start_tag("ENTRY",3,true); $co .= glossary_full_tag("CONCEPT",4,false,trim($entry->concept)); - $co .= glossary_full_tag("DEFINITION",4,false,trusttext_strip($entry->definition)); - $co .= glossary_full_tag("FORMAT",4,false,$entry->format); + $co .= glossary_full_tag("DEFINITION",4,false,$entry->definition); + $co .= glossary_full_tag("FORMAT",4,false,$entry->definitionformat); $co .= glossary_full_tag("USEDYNALINK",4,false,$entry->usedynalink); $co .= glossary_full_tag("CASESENSITIVE",4,false,$entry->casesensitive); $co .= glossary_full_tag("FULLMATCH",4,false,$entry->fullmatch); diff --git a/mod/glossary/restorelib.php b/mod/glossary/restorelib.php index f432b037c1..f4b6bc6645 100644 --- a/mod/glossary/restorelib.php +++ b/mod/glossary/restorelib.php @@ -163,7 +163,7 @@ $entry->userid = backup_todb($ent_info['#']['USERID']['0']['#']); $entry->concept = backup_todb(trim($ent_info['#']['CONCEPT']['0']['#'])); $entry->definition = backup_todb($ent_info['#']['DEFINITION']['0']['#']); - $entry->format = backup_todb($ent_info['#']['FORMAT']['0']['#']); + $entry->definitionformat = backup_todb($ent_info['#']['FORMAT']['0']['#']); $entry->attachment = backup_todb($ent_info['#']['ATTACHMENT']['0']['#']); $entry->sourceglossaryid = backup_todb($ent_info['#']['SOURCEGLOSSARYID']['0']['#']); $entry->usedynalink = backup_todb($ent_info['#']['USEDYNALINK']['0']['#']); @@ -250,7 +250,7 @@ $comment->entrycomment = backup_todb($com_info['#']['ENTRYCOMMENT']['0']['#']); } $comment->timemodified = backup_todb($com_info['#']['TIMEMODIFIED']['0']['#']); - $comment->format = backup_todb($com_info['#']['FORMAT']['0']['#']); + $comment->entrycommentformat = backup_todb($com_info['#']['FORMAT']['0']['#']); //We have to recode the userid field $user = backup_getid($restore->backup_unique_code,"user",$comment->userid); @@ -527,13 +527,13 @@ //glossary_decode_content_links_caller() function in each module //in the restore process function glossary_decode_content_links ($content,$restore) { - + global $CFG; - + $result = $content; - + //Link to the list of glossarys - + $searchstring='/\$@(GLOSSARYINDEX)\*([0-9]+)@\$/'; //We look for it preg_match_all($searchstring,$content,$foundset); @@ -550,7 +550,7 @@ if($rec->new_id) { //Now replace it $result= preg_replace($searchstring,$CFG->wwwroot.'/mod/glossary/index.php?id='.$rec->new_id,$result); - } else { + } else { //It's a foreign link so leave it as original $result= preg_replace($searchstring,$restore->original_wwwroot.'/mod/glossary/index.php?id='.$old_id,$result); } @@ -593,7 +593,7 @@ function glossary_decode_content_links_caller($restore) { global $CFG, $DB; $status = true; - + //Process every glossary ENTRY in the course if ($entries = $DB->get_records_sql("SELECT e.id, e.definition FROM {glossary_entries} e, @@ -691,7 +691,7 @@ //Convert to Markdown $wtm = new WikiToMarkdown(); $record->entrycomment = $wtm->convert($record->entrycomment, $restore->course_id); - $record->format = FORMAT_MARKDOWN; + $record->entrycommentformat = FORMAT_MARKDOWN; $status = $DB->update_record('glossary_comments', $record); //Do some output $i++; @@ -725,7 +725,7 @@ //Convert to Markdown $wtm = new WikiToMarkdown(); $record->definition = $wtm->convert($record->definition, $restore->course_id); - $record->format = FORMAT_MARKDOWN; + $record->entrycommentformat = FORMAT_MARKDOWN; $status = $DB->update_record('glossary_entries', $record); //Do some output $i++; @@ -741,7 +741,7 @@ } } - + return $status; } diff --git a/mod/glossary/rsslib.php b/mod/glossary/rsslib.php index f28861235c..596b7ab248 100644 --- a/mod/glossary/rsslib.php +++ b/mod/glossary/rsslib.php @@ -138,7 +138,7 @@ $items = array(); - $params = array('gid'=>$glossary->id, 'newsince'=>$newsince); + $params = array('gid'=>$glossary->id, 'newsince'=>$newsince); if ($newsince) { $newsince = "AND e.timecreated > :newsince"; @@ -146,12 +146,13 @@ $newsince = ""; } - if ($recs = $DB->get_records_sql ("SELECT e.id AS entryid, - e.concept AS entryconcept, - e.definition AS entrydefinition, - e.format AS entryformat, - e.timecreated AS entrytimecreated, - u.id AS userid, + if ($recs = $DB->get_records_sql ("SELECT e.id AS entryid, + e.concept AS entryconcept, + e.definition AS entrydefinition, + e.definitionformat AS entryformat, + e.definitiontrust AS entrytrust, + e.timecreated AS entrytimecreated, + u.id AS userid, u.firstname AS userfirstname, u.lastname AS userlastname FROM {glossary_entries} e, @@ -169,7 +170,7 @@ $articlesleft = $glossary->rssarticles; $formatoptions = new object; - $formatoptions->trusttext = true; + $formatoptions->trusted = $comment->entrytrust; foreach ($recs as $rec) { $item = new object(); @@ -198,7 +199,7 @@ $items = array(); - $params = array('gid'=>$glossary->id, 'newsince'=>$newsince); + $params = array('gid'=>$glossary->id, 'newsince'=>$newsince); if ($newsince) { $newsince = "AND e.timecreated > :newsince"; @@ -209,7 +210,8 @@ if ($recs = $DB->get_records_sql ("SELECT e.id AS entryid, e.concept AS entryconcept, e.definition AS entrydefinition, - e.format AS entryformat, + e.definitionformat AS entryformat, + e.definitiontrust AS entrytrust, e.timecreated AS entrytimecreated, u.id AS userid, u.firstname AS userfirstname, @@ -230,7 +232,7 @@ $articlesleft = $glossary->rssarticles; $formatoptions = new object; - $formatoptions->trusttext = true; + $formatoptions->trusted = $comment->entrytrust; foreach ($recs as $rec) { $item = new object(); diff --git a/mod/glossary/version.php b/mod/glossary/version.php index 64450c2781..90f4c0d8bf 100644 --- a/mod/glossary/version.php +++ b/mod/glossary/version.php @@ -5,8 +5,8 @@ /// This fragment is called by moodle_needs_upgrading() and /admin/index.php ///////////////////////////////////////////////////////////////////////////////// -$module->version = 2008081901; -$module->requires = 2008081600; // Requires this Moodle version +$module->version = 2009042005; +$module->requires = 2009041700; // Requires this Moodle version $module->cron = 0; // Period for cron to check this module (secs) ?>