/lib/weblib.php
PHP | 3290 lines | 1683 code | 387 blank | 1220 comment | 390 complexity | 82150a642eb2cd0e656ee2ce6389f7fe MD5 | raw file
Possible License(s): GPL-3.0, LGPL-2.1, BSD-3-Clause
Large files files are truncated, but you can click here to view the full file
- <?php
- // This file is part of Moodle - http://moodle.org/
- //
- // Moodle is free software: you can redistribute it and/or modify
- // it under the terms of the GNU General Public License as published by
- // the Free Software Foundation, either version 3 of the License, or
- // (at your option) any later version.
- //
- // Moodle is distributed in the hope that it will be useful,
- // but WITHOUT ANY WARRANTY; without even the implied warranty of
- // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- // GNU General Public License for more details.
- //
- // You should have received a copy of the GNU General Public License
- // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
- /**
- * Library of functions for web output
- *
- * Library of all general-purpose Moodle PHP functions and constants
- * that produce HTML output
- *
- * Other main libraries:
- * - datalib.php - functions that access the database.
- * - moodlelib.php - general-purpose Moodle functions.
- *
- * @package core
- * @subpackage lib
- * @copyright 1999 onwards Martin Dougiamas {@link http://moodle.com}
- * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
- defined('MOODLE_INTERNAL') || die();
- /// Constants
- /// Define text formatting types ... eventually we can add Wiki, BBcode etc
- /**
- * Does all sorts of transformations and filtering
- */
- define('FORMAT_MOODLE', '0'); // Does all sorts of transformations and filtering
- /**
- * Plain HTML (with some tags stripped)
- */
- define('FORMAT_HTML', '1'); // Plain HTML (with some tags stripped)
- /**
- * Plain text (even tags are printed in full)
- */
- define('FORMAT_PLAIN', '2'); // Plain text (even tags are printed in full)
- /**
- * Wiki-formatted text
- * Deprecated: left here just to note that '3' is not used (at the moment)
- * and to catch any latent wiki-like text (which generates an error)
- */
- define('FORMAT_WIKI', '3'); // Wiki-formatted text
- /**
- * Markdown-formatted text http://daringfireball.net/projects/markdown/
- */
- define('FORMAT_MARKDOWN', '4'); // Markdown-formatted text http://daringfireball.net/projects/markdown/
- /**
- * A moodle_url comparison using this flag will return true if the base URLs match, params are ignored
- */
- define('URL_MATCH_BASE', 0);
- /**
- * A moodle_url comparison using this flag will return true if the base URLs match and the params of url1 are part of url2
- */
- define('URL_MATCH_PARAMS', 1);
- /**
- * A moodle_url comparison using this flag will return true if the two URLs are identical, except for the order of the params
- */
- define('URL_MATCH_EXACT', 2);
- /**
- * Allowed tags - string of html tags that can be tested against for safe html tags
- * @global string $ALLOWED_TAGS
- * @name $ALLOWED_TAGS
- */
- global $ALLOWED_TAGS;
- $ALLOWED_TAGS =
- '<p><br><b><i><u><font><table><tbody><thead><tfoot><span><div><tr><td><th><ol><ul><dl><li><dt><dd><h1><h2><h3><h4><h5><h6><hr><img><a><strong><emphasis><em><sup><sub><address><cite><blockquote><pre><strike><param><acronym><nolink><lang><tex><algebra><math><mi><mn><mo><mtext><mspace><ms><mrow><mfrac><msqrt><mroot><mstyle><merror><mpadded><mphantom><mfenced><msub><msup><msubsup><munder><mover><munderover><mmultiscripts><mtable><mtr><mtd><maligngroup><malignmark><maction><cn><ci><apply><reln><fn><interval><inverse><sep><condition><declare><lambda><compose><ident><quotient><exp><factorial><divide><max><min><minus><plus><power><rem><times><root><gcd><and><or><xor><not><implies><forall><exists><abs><conjugate><eq><neq><gt><lt><geq><leq><ln><log><int><diff><partialdiff><lowlimit><uplimit><bvar><degree><set><list><union><intersect><in><notin><subset><prsubset><notsubset><notprsubset><setdiff><sum><product><limit><tendsto><mean><sdev><variance><median><mode><moment><vector><matrix><matrixrow><determinant><transpose><selector><annotation><semantics><annotation-xml><tt><code>';
- /**
- * Allowed protocols - array of protocols that are safe to use in links and so on
- * @global string $ALLOWED_PROTOCOLS
- */
- $ALLOWED_PROTOCOLS = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'teamspeak', 'gopher', 'mms',
- 'color', 'callto', 'cursor', 'text-align', 'font-size', 'font-weight', 'font-style', 'font-family',
- 'border', 'border-bottom', 'border-left', 'border-top', 'border-right', 'margin', 'margin-bottom', 'margin-left', 'margin-top', 'margin-right',
- 'padding', 'padding-bottom', 'padding-left', 'padding-top', 'padding-right', 'vertical-align',
- 'background', 'background-color', 'text-decoration'); // CSS as well to get through kses
- /// Functions
- /**
- * Add quotes to HTML characters
- *
- * Returns $var with HTML characters (like "<", ">", etc.) properly quoted.
- * This function is very similar to {@link p()}
- *
- * @todo Remove obsolete param $obsolete if not used anywhere
- *
- * @param string $var the string potentially containing HTML characters
- * @param boolean $obsolete no longer used.
- * @return string
- */
- function s($var, $obsolete = false) {
- if ($var === '0' or $var === false or $var === 0) {
- return '0';
- }
- return preg_replace("/&#(\d+|x[0-7a-fA-F]+);/i", "&#$1;", htmlspecialchars($var, ENT_QUOTES, 'UTF-8', true));
- }
- /**
- * Add quotes to HTML characters
- *
- * Prints $var with HTML characters (like "<", ">", etc.) properly quoted.
- * This function simply calls {@link s()}
- * @see s()
- *
- * @todo Remove obsolete param $obsolete if not used anywhere
- *
- * @param string $var the string potentially containing HTML characters
- * @param boolean $obsolete no longer used.
- * @return string
- */
- function p($var, $obsolete = false) {
- echo s($var, $obsolete);
- }
- /**
- * Does proper javascript quoting.
- *
- * Do not use addslashes anymore, because it does not work when magic_quotes_sybase is enabled.
- *
- * @param mixed $var String, Array, or Object to add slashes to
- * @return mixed quoted result
- */
- function addslashes_js($var) {
- if (is_string($var)) {
- $var = str_replace('\\', '\\\\', $var);
- $var = str_replace(array('\'', '"', "\n", "\r", "\0"), array('\\\'', '\\"', '\\n', '\\r', '\\0'), $var);
- $var = str_replace('</', '<\/', $var); // XHTML compliance
- } else if (is_array($var)) {
- $var = array_map('addslashes_js', $var);
- } else if (is_object($var)) {
- $a = get_object_vars($var);
- foreach ($a as $key=>$value) {
- $a[$key] = addslashes_js($value);
- }
- $var = (object)$a;
- }
- return $var;
- }
- /**
- * Remove query string from url
- *
- * Takes in a URL and returns it without the querystring portion
- *
- * @param string $url the url which may have a query string attached
- * @return string The remaining URL
- */
- function strip_querystring($url) {
- if ($commapos = strpos($url, '?')) {
- return substr($url, 0, $commapos);
- } else {
- return $url;
- }
- }
- /**
- * Returns the URL of the HTTP_REFERER, less the querystring portion if required
- *
- * @uses $_SERVER
- * @param boolean $stripquery if true, also removes the query part of the url.
- * @return string The resulting referer or empty string
- */
- function get_referer($stripquery=true) {
- if (isset($_SERVER['HTTP_REFERER'])) {
- if ($stripquery) {
- return strip_querystring($_SERVER['HTTP_REFERER']);
- } else {
- return $_SERVER['HTTP_REFERER'];
- }
- } else {
- return '';
- }
- }
- /**
- * Returns the name of the current script, WITH the querystring portion.
- *
- * This function is necessary because PHP_SELF and REQUEST_URI and SCRIPT_NAME
- * return different things depending on a lot of things like your OS, Web
- * server, and the way PHP is compiled (ie. as a CGI, module, ISAPI, etc.)
- * <b>NOTE:</b> This function returns false if the global variables needed are not set.
- *
- * @global string
- * @return mixed String, or false if the global variables needed are not set
- */
- function me() {
- global $ME;
- return $ME;
- }
- /**
- * Returns the name of the current script, WITH the full URL.
- *
- * This function is necessary because PHP_SELF and REQUEST_URI and SCRIPT_NAME
- * return different things depending on a lot of things like your OS, Web
- * server, and the way PHP is compiled (ie. as a CGI, module, ISAPI, etc.
- * <b>NOTE:</b> This function returns false if the global variables needed are not set.
- *
- * Like {@link me()} but returns a full URL
- * @see me()
- *
- * @global string
- * @return mixed String, or false if the global variables needed are not set
- */
- function qualified_me() {
- global $FULLME;
- return $FULLME;
- }
- /**
- * Class for creating and manipulating urls.
- *
- * It can be used in moodle pages where config.php has been included without any further includes.
- *
- * It is useful for manipulating urls with long lists of params.
- * One situation where it will be useful is a page which links to itself to perform various actions
- * and / or to process form data. A moodle_url object :
- * can be created for a page to refer to itself with all the proper get params being passed from page call to
- * page call and methods can be used to output a url including all the params, optionally adding and overriding
- * params and can also be used to
- * - output the url without any get params
- * - and output the params as hidden fields to be output within a form
- *
- * @link http://docs.moodle.org/en/Development:lib/weblib.php_moodle_url See short write up here
- * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- * @package moodlecore
- */
- class moodle_url {
- /**
- * Scheme, ex.: http, https
- * @var string
- */
- protected $scheme = '';
- /**
- * hostname
- * @var string
- */
- protected $host = '';
- /**
- * Port number, empty means default 80 or 443 in case of http
- * @var unknown_type
- */
- protected $port = '';
- /**
- * Username for http auth
- * @var string
- */
- protected $user = '';
- /**
- * Password for http auth
- * @var string
- */
- protected $pass = '';
- /**
- * Script path
- * @var string
- */
- protected $path = '';
- /**
- * Optional slash argument value
- * @var string
- */
- protected $slashargument = '';
- /**
- * Anchor, may be also empty, null means none
- * @var string
- */
- protected $anchor = null;
- /**
- * Url parameters as associative array
- * @var array
- */
- protected $params = array(); // Associative array of query string params
- /**
- * Create new instance of moodle_url.
- *
- * @param moodle_url|string $url - moodle_url means make a copy of another
- * moodle_url and change parameters, string means full url or shortened
- * form (ex.: '/course/view.php'). It is strongly encouraged to not include
- * query string because it may result in double encoded values. Use the
- * $params instead. For admin URLs, just use /admin/script.php, this
- * class takes care of the $CFG->admin issue.
- * @param array $params these params override current params or add new
- */
- public function __construct($url, array $params = null) {
- global $CFG;
- if ($url instanceof moodle_url) {
- $this->scheme = $url->scheme;
- $this->host = $url->host;
- $this->port = $url->port;
- $this->user = $url->user;
- $this->pass = $url->pass;
- $this->path = $url->path;
- $this->slashargument = $url->slashargument;
- $this->params = $url->params;
- $this->anchor = $url->anchor;
- } else {
- // detect if anchor used
- $apos = strpos($url, '#');
- if ($apos !== false) {
- $anchor = substr($url, $apos);
- $anchor = ltrim($anchor, '#');
- $this->set_anchor($anchor);
- $url = substr($url, 0, $apos);
- }
- // normalise shortened form of our url ex.: '/course/view.php'
- if (strpos($url, '/') === 0) {
- // we must not use httpswwwroot here, because it might be url of other page,
- // devs have to use httpswwwroot explicitly when creating new moodle_url
- $url = $CFG->wwwroot.$url;
- }
- // now fix the admin links if needed, no need to mess with httpswwwroot
- if ($CFG->admin !== 'admin') {
- if (strpos($url, "$CFG->wwwroot/admin/") === 0) {
- $url = str_replace("$CFG->wwwroot/admin/", "$CFG->wwwroot/$CFG->admin/", $url);
- }
- }
- // parse the $url
- $parts = parse_url($url);
- if ($parts === false) {
- throw new moodle_exception('invalidurl');
- }
- if (isset($parts['query'])) {
- // note: the values may not be correctly decoded,
- // url parameters should be always passed as array
- parse_str(str_replace('&', '&', $parts['query']), $this->params);
- }
- unset($parts['query']);
- foreach ($parts as $key => $value) {
- $this->$key = $value;
- }
- // detect slashargument value from path - we do not support directory names ending with .php
- $pos = strpos($this->path, '.php/');
- if ($pos !== false) {
- $this->slashargument = substr($this->path, $pos + 4);
- $this->path = substr($this->path, 0, $pos + 4);
- }
- }
- $this->params($params);
- }
- /**
- * Add an array of params to the params for this url.
- *
- * The added params override existing ones if they have the same name.
- *
- * @param array $params Defaults to null. If null then returns all params.
- * @return array Array of Params for url.
- */
- public function params(array $params = null) {
- $params = (array)$params;
- foreach ($params as $key=>$value) {
- if (is_int($key)) {
- throw new coding_exception('Url parameters can not have numeric keys!');
- }
- if (!is_string($value)) {
- if (is_array($value)) {
- throw new coding_exception('Url parameters values can not be arrays!');
- }
- if (is_object($value) and !method_exists($value, '__toString')) {
- throw new coding_exception('Url parameters values can not be objects, unless __toString() is defined!');
- }
- }
- $this->params[$key] = (string)$value;
- }
- return $this->params;
- }
- /**
- * Remove all params if no arguments passed.
- * Remove selected params if arguments are passed.
- *
- * Can be called as either remove_params('param1', 'param2')
- * or remove_params(array('param1', 'param2')).
- *
- * @param mixed $params either an array of param names, or a string param name,
- * @param string $params,... any number of additional param names.
- * @return array url parameters
- */
- public function remove_params($params = null) {
- if (!is_array($params)) {
- $params = func_get_args();
- }
- foreach ($params as $param) {
- unset($this->params[$param]);
- }
- return $this->params;
- }
- /**
- * Remove all url parameters
- * @param $params
- * @return void
- */
- public function remove_all_params($params = null) {
- $this->params = array();
- $this->slashargument = '';
- }
- /**
- * Add a param to the params for this url.
- *
- * The added param overrides existing one if they have the same name.
- *
- * @param string $paramname name
- * @param string $newvalue Param value. If new value specified current value is overriden or parameter is added
- * @return mixed string parameter value, null if parameter does not exist
- */
- public function param($paramname, $newvalue = '') {
- if (func_num_args() > 1) {
- // set new value
- $this->params(array($paramname=>$newvalue));
- }
- if (isset($this->params[$paramname])) {
- return $this->params[$paramname];
- } else {
- return null;
- }
- }
- /**
- * Merges parameters and validates them
- * @param array $overrideparams
- * @return array merged parameters
- */
- protected function merge_overrideparams(array $overrideparams = null) {
- $overrideparams = (array)$overrideparams;
- $params = $this->params;
- foreach ($overrideparams as $key=>$value) {
- if (is_int($key)) {
- throw new coding_exception('Overridden parameters can not have numeric keys!');
- }
- if (is_array($value)) {
- throw new coding_exception('Overridden parameters values can not be arrays!');
- }
- if (is_object($value) and !method_exists($value, '__toString')) {
- throw new coding_exception('Overridden parameters values can not be objects, unless __toString() is defined!');
- }
- $params[$key] = (string)$value;
- }
- return $params;
- }
- /**
- * Get the params as as a query string.
- * This method should not be used outside of this method.
- *
- * @param boolean $escaped Use & as params separator instead of plain &
- * @param array $overrideparams params to add to the output params, these
- * override existing ones with the same name.
- * @return string query string that can be added to a url.
- */
- public function get_query_string($escaped = true, array $overrideparams = null) {
- $arr = array();
- if ($overrideparams !== null) {
- $params = $this->merge_overrideparams($overrideparams);
- } else {
- $params = $this->params;
- }
- foreach ($params as $key => $val) {
- $arr[] = rawurlencode($key)."=".rawurlencode($val);
- }
- if ($escaped) {
- return implode('&', $arr);
- } else {
- return implode('&', $arr);
- }
- }
- /**
- * Shortcut for printing of encoded URL.
- * @return string
- */
- public function __toString() {
- return $this->out(true);
- }
- /**
- * Output url
- *
- * If you use the returned URL in HTML code, you want the escaped ampersands. If you use
- * the returned URL in HTTP headers, you want $escaped=false.
- *
- * @param boolean $escaped Use & as params separator instead of plain &
- * @param array $overrideparams params to add to the output url, these override existing ones with the same name.
- * @return string Resulting URL
- */
- public function out($escaped = true, array $overrideparams = null) {
- if (!is_bool($escaped)) {
- debugging('Escape parameter must be of type boolean, '.gettype($escaped).' given instead.');
- }
- $uri = $this->out_omit_querystring().$this->slashargument;
- $querystring = $this->get_query_string($escaped, $overrideparams);
- if ($querystring !== '') {
- $uri .= '?' . $querystring;
- }
- if (!is_null($this->anchor)) {
- $uri .= '#'.$this->anchor;
- }
- return $uri;
- }
- /**
- * Returns url without parameters, everything before '?'.
- * @return string
- */
- public function out_omit_querystring() {
- $uri = $this->scheme ? $this->scheme.':'.((strtolower($this->scheme) == 'mailto') ? '':'//'): '';
- $uri .= $this->user ? $this->user.($this->pass? ':'.$this->pass:'').'@':'';
- $uri .= $this->host ? $this->host : '';
- $uri .= $this->port ? ':'.$this->port : '';
- $uri .= $this->path ? $this->path : '';
- return $uri;
- }
- /**
- * Compares this moodle_url with another
- * See documentation of constants for an explanation of the comparison flags.
- * @param moodle_url $url The moodle_url object to compare
- * @param int $matchtype The type of comparison (URL_MATCH_BASE, URL_MATCH_PARAMS, URL_MATCH_EXACT)
- * @return boolean
- */
- public function compare(moodle_url $url, $matchtype = URL_MATCH_EXACT) {
- $baseself = $this->out_omit_querystring();
- $baseother = $url->out_omit_querystring();
- // Append index.php if there is no specific file
- if (substr($baseself,-1)=='/') {
- $baseself .= 'index.php';
- }
- if (substr($baseother,-1)=='/') {
- $baseother .= 'index.php';
- }
- // Compare the two base URLs
- if ($baseself != $baseother) {
- return false;
- }
- if ($matchtype == URL_MATCH_BASE) {
- return true;
- }
- $urlparams = $url->params();
- foreach ($this->params() as $param => $value) {
- if ($param == 'sesskey') {
- continue;
- }
- if (!array_key_exists($param, $urlparams) || $urlparams[$param] != $value) {
- return false;
- }
- }
- if ($matchtype == URL_MATCH_PARAMS) {
- return true;
- }
- foreach ($urlparams as $param => $value) {
- if ($param == 'sesskey') {
- continue;
- }
- if (!array_key_exists($param, $this->params()) || $this->param($param) != $value) {
- return false;
- }
- }
- return true;
- }
- /**
- * Sets the anchor for the URI (the bit after the hash)
- * @param string $anchor null means remove previous
- */
- public function set_anchor($anchor) {
- if (is_null($anchor)) {
- // remove
- $this->anchor = null;
- } else if ($anchor === '') {
- // special case, used as empty link
- $this->anchor = '';
- } else if (preg_match('|[a-zA-Z\_\:][a-zA-Z0-9\_\-\.\:]*|', $anchor)) {
- // Match the anchor against the NMTOKEN spec
- $this->anchor = $anchor;
- } else {
- // bad luck, no valid anchor found
- $this->anchor = null;
- }
- }
- /**
- * Sets the url slashargument value
- * @param string $path usually file path
- * @param string $parameter name of page parameter if slasharguments not supported
- * @param bool $supported usually null, then it depends on $CFG->slasharguments, use true or false for other servers
- * @return void
- */
- public function set_slashargument($path, $parameter = 'file', $supported = NULL) {
- global $CFG;
- if (is_null($supported)) {
- $supported = $CFG->slasharguments;
- }
- if ($supported) {
- $parts = explode('/', $path);
- $parts = array_map('rawurlencode', $parts);
- $path = implode('/', $parts);
- $this->slashargument = $path;
- unset($this->params[$parameter]);
- } else {
- $this->slashargument = '';
- $this->params[$parameter] = $path;
- }
- }
- // == static factory methods ==
- /**
- * General moodle file url.
- * @param string $urlbase the script serving the file
- * @param string $path
- * @param bool $forcedownload
- * @return moodle_url
- */
- public static function make_file_url($urlbase, $path, $forcedownload = false) {
- global $CFG;
- $params = array();
- if ($forcedownload) {
- $params['forcedownload'] = 1;
- }
- $url = new moodle_url($urlbase, $params);
- $url->set_slashargument($path);
- return $url;
- }
- /**
- * Factory method for creation of url pointing to plugin file.
- * Please note this method can be used only from the plugins to
- * create urls of own files, it must not be used outside of plugins!
- * @param int $contextid
- * @param string $component
- * @param string $area
- * @param int $itemid
- * @param string $pathname
- * @param string $filename
- * @param bool $forcedownload
- * @return moodle_url
- */
- public static function make_pluginfile_url($contextid, $component, $area, $itemid, $pathname, $filename, $forcedownload = false) {
- global $CFG;
- $urlbase = "$CFG->httpswwwroot/pluginfile.php";
- if ($itemid === NULL) {
- return self::make_file_url($urlbase, "/$contextid/$component/$area".$pathname.$filename, $forcedownload);
- } else {
- return self::make_file_url($urlbase, "/$contextid/$component/$area/$itemid".$pathname.$filename, $forcedownload);
- }
- }
- /**
- * Factory method for creation of url pointing to draft
- * file of current user.
- * @param int $draftid draft item id
- * @param string $pathname
- * @param string $filename
- * @param bool $forcedownload
- * @return moodle_url
- */
- public static function make_draftfile_url($draftid, $pathname, $filename, $forcedownload = false) {
- global $CFG, $USER;
- $urlbase = "$CFG->httpswwwroot/draftfile.php";
- $context = get_context_instance(CONTEXT_USER, $USER->id);
- return self::make_file_url($urlbase, "/$context->id/user/draft/$draftid".$pathname.$filename, $forcedownload);
- }
- /**
- * Factory method for creating of links to legacy
- * course files.
- * @param int $courseid
- * @param string $filepath
- * @param bool $forcedownload
- * @return moodle_url
- */
- public static function make_legacyfile_url($courseid, $filepath, $forcedownload = false) {
- global $CFG;
- $urlbase = "$CFG->wwwroot/file.php";
- return self::make_file_url($urlbase, '/'.$courseid.'/'.$filepath, $forcedownload);
- }
- }
- /**
- * Determine if there is data waiting to be processed from a form
- *
- * Used on most forms in Moodle to check for data
- * Returns the data as an object, if it's found.
- * This object can be used in foreach loops without
- * casting because it's cast to (array) automatically
- *
- * Checks that submitted POST data exists and returns it as object.
- *
- * @uses $_POST
- * @return mixed false or object
- */
- function data_submitted() {
- if (empty($_POST)) {
- return false;
- } else {
- return (object)$_POST;
- }
- }
- /**
- * Given some normal text this function will break up any
- * long words to a given size by inserting the given character
- *
- * It's multibyte savvy and doesn't change anything inside html tags.
- *
- * @param string $string the string to be modified
- * @param int $maxsize maximum length of the string to be returned
- * @param string $cutchar the string used to represent word breaks
- * @return string
- */
- function break_up_long_words($string, $maxsize=20, $cutchar=' ') {
- /// Loading the textlib singleton instance. We are going to need it.
- $textlib = textlib_get_instance();
- /// First of all, save all the tags inside the text to skip them
- $tags = array();
- filter_save_tags($string,$tags);
- /// Process the string adding the cut when necessary
- $output = '';
- $length = $textlib->strlen($string);
- $wordlength = 0;
- for ($i=0; $i<$length; $i++) {
- $char = $textlib->substr($string, $i, 1);
- if ($char == ' ' or $char == "\t" or $char == "\n" or $char == "\r" or $char == "<" or $char == ">") {
- $wordlength = 0;
- } else {
- $wordlength++;
- if ($wordlength > $maxsize) {
- $output .= $cutchar;
- $wordlength = 0;
- }
- }
- $output .= $char;
- }
- /// Finally load the tags back again
- if (!empty($tags)) {
- $output = str_replace(array_keys($tags), $tags, $output);
- }
- return $output;
- }
- /**
- * Try and close the current window using JavaScript, either immediately, or after a delay.
- *
- * Echo's out the resulting XHTML & javascript
- *
- * @global object
- * @global object
- * @param integer $delay a delay in seconds before closing the window. Default 0.
- * @param boolean $reloadopener if true, we will see if this window was a pop-up, and try
- * to reload the parent window before this one closes.
- */
- function close_window($delay = 0, $reloadopener = false) {
- global $PAGE, $OUTPUT;
- if (!$PAGE->headerprinted) {
- $PAGE->set_title(get_string('closewindow'));
- echo $OUTPUT->header();
- } else {
- $OUTPUT->container_end_all(false);
- }
- if ($reloadopener) {
- // Trigger the reload immediately, even if the reload is after a delay.
- $PAGE->requires->js_function_call('window.opener.location.reload', array(true));
- }
- $OUTPUT->notification(get_string('windowclosing'), 'notifysuccess');
- $PAGE->requires->js_function_call('close_window', array(new stdClass()), false, $delay);
- echo $OUTPUT->footer();
- exit;
- }
- /**
- * Returns a string containing a link to the user documentation for the current
- * page. Also contains an icon by default. Shown to teachers and admin only.
- *
- * @global object
- * @global object
- * @param string $text The text to be displayed for the link
- * @param string $iconpath The path to the icon to be displayed
- * @return string The link to user documentation for this current page
- */
- function page_doc_link($text='') {
- global $CFG, $PAGE, $OUTPUT;
- if (empty($CFG->docroot) || during_initial_install()) {
- return '';
- }
- if (!has_capability('moodle/site:doclinks', $PAGE->context)) {
- return '';
- }
- $path = $PAGE->docspath;
- if (!$path) {
- return '';
- }
- return $OUTPUT->doc_link($path, $text);
- }
- /**
- * Validates an email to make sure it makes sense.
- *
- * @param string $address The email address to validate.
- * @return boolean
- */
- function validate_email($address) {
- return (preg_match('#^[-!\#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+'.
- '(\.[-!\#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+)*'.
- '@'.
- '[-!\#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.
- '[-!\#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$#',
- $address));
- }
- /**
- * Extracts file argument either from file parameter or PATH_INFO
- * Note: $scriptname parameter is not needed anymore
- *
- * @global string
- * @uses $_SERVER
- * @uses PARAM_PATH
- * @return string file path (only safe characters)
- */
- function get_file_argument() {
- global $SCRIPT;
- $relativepath = optional_param('file', FALSE, PARAM_PATH);
- if ($relativepath !== false and $relativepath !== '') {
- return $relativepath;
- }
- $relativepath = false;
- // then try extract file from the slasharguments
- if (stripos($_SERVER['SERVER_SOFTWARE'], 'iis') !== false) {
- // NOTE: ISS tends to convert all file paths to single byte DOS encoding,
- // we can not use other methods because they break unicode chars,
- // the only way is to use URL rewriting
- if (isset($_SERVER['PATH_INFO']) and $_SERVER['PATH_INFO'] !== '') {
- // check that PATH_INFO works == must not contain the script name
- if (strpos($_SERVER['PATH_INFO'], $SCRIPT) === false) {
- $relativepath = clean_param(urldecode($_SERVER['PATH_INFO']), PARAM_PATH);
- }
- }
- } else {
- // all other apache-like servers depend on PATH_INFO
- if (isset($_SERVER['PATH_INFO'])) {
- if (isset($_SERVER['SCRIPT_NAME']) and strpos($_SERVER['PATH_INFO'], $_SERVER['SCRIPT_NAME']) === 0) {
- $relativepath = substr($_SERVER['PATH_INFO'], strlen($_SERVER['SCRIPT_NAME']));
- } else {
- $relativepath = $_SERVER['PATH_INFO'];
- }
- $relativepath = clean_param($relativepath, PARAM_PATH);
- }
- }
- return $relativepath;
- }
- /**
- * Just returns an array of text formats suitable for a popup menu
- *
- * @uses FORMAT_MOODLE
- * @uses FORMAT_HTML
- * @uses FORMAT_PLAIN
- * @uses FORMAT_MARKDOWN
- * @return array
- */
- function format_text_menu() {
- return array (FORMAT_MOODLE => get_string('formattext'),
- FORMAT_HTML => get_string('formathtml'),
- FORMAT_PLAIN => get_string('formatplain'),
- FORMAT_MARKDOWN => get_string('formatmarkdown'));
- }
- /**
- * Given text in a variety of format codings, this function returns
- * the text as safe HTML.
- *
- * This function should mainly be used for long strings like posts,
- * answers, glossary items etc. For short strings @see format_string().
- *
- * <pre>
- * Options:
- * trusted : If true the string won't be cleaned. Default false required noclean=true.
- * noclean : If true the string won't be cleaned. Default false required trusted=true.
- * nocache : If true the strign will not be cached and will be formatted every call. Default false.
- * filter : If true the string will be run through applicable filters as well. Default true.
- * para : If true then the returned string will be wrapped in div tags. Default true.
- * newlines : If true then lines newline breaks will be converted to HTML newline breaks. Default true.
- * context : The context that will be used for filtering.
- * overflowdiv : If set to true the formatted text will be encased in a div
- * with the class no-overflow before being returned. Default false.
- * </pre>
- *
- * @todo Finish documenting this function
- *
- * @staticvar array $croncache
- * @param string $text The text to be formatted. This is raw text originally from user input.
- * @param int $format Identifier of the text format to be used
- * [FORMAT_MOODLE, FORMAT_HTML, FORMAT_PLAIN, FORMAT_MARKDOWN]
- * @param object/array $options text formatting options
- * @param int $courseid_do_not_use deprecated course id, use context option instead
- * @return string
- */
- function format_text($text, $format = FORMAT_MOODLE, $options = NULL, $courseid_do_not_use = NULL) {
- global $CFG, $COURSE, $DB, $PAGE;
- static $croncache = array();
- if ($text === '') {
- return ''; // no need to do any filters and cleaning
- }
- $options = (array)$options; // detach object, we can not modify it
- if (!isset($options['trusted'])) {
- $options['trusted'] = false;
- }
- if (!isset($options['noclean'])) {
- if ($options['trusted'] and trusttext_active()) {
- // no cleaning if text trusted and noclean not specified
- $options['noclean'] = true;
- } else {
- $options['noclean'] = false;
- }
- }
- if (!isset($options['nocache'])) {
- $options['nocache'] = false;
- }
- if (!isset($options['filter'])) {
- $options['filter'] = true;
- }
- if (!isset($options['para'])) {
- $options['para'] = true;
- }
- if (!isset($options['newlines'])) {
- $options['newlines'] = true;
- }
- if (!isset($options['overflowdiv'])) {
- $options['overflowdiv'] = false;
- }
- // Calculate best context
- if (empty($CFG->version) or $CFG->version < 2010072800 or during_initial_install()) {
- // do not filter anything during installation or before upgrade completes
- $context = null;
- } else if (isset($options['context'])) { // first by explicit passed context option
- if (is_object($options['context'])) {
- $context = $options['context'];
- } else {
- $context = get_context_instance_by_id($context);
- }
- } else if ($courseid_do_not_use) {
- // legacy courseid
- $context = get_context_instance(CONTEXT_COURSE, $courseid_do_not_use);
- } else {
- // fallback to $PAGE->context this may be problematic in CLI and other non-standard pages :-(
- $context = $PAGE->context;
- }
- if (!$context) {
- // either install/upgrade or something has gone really wrong because context does not exist (yet?)
- $options['nocache'] = true;
- $options['filter'] = false;
- }
- if ($options['filter']) {
- $filtermanager = filter_manager::instance();
- } else {
- $filtermanager = new null_filter_manager();
- }
- if (!empty($CFG->cachetext) and empty($options['nocache'])) {
- $hashstr = $text.'-'.$filtermanager->text_filtering_hash($context).'-'.$context->id.'-'.current_language().'-'.
- (int)$format.(int)$options['trusted'].(int)$options['noclean'].
- (int)$options['para'].(int)$options['newlines'];
- $time = time() - $CFG->cachetext;
- $md5key = md5($hashstr);
- if (CLI_SCRIPT) {
- if (isset($croncache[$md5key])) {
- return $croncache[$md5key];
- }
- }
- if ($oldcacheitem = $DB->get_record('cache_text', array('md5key'=>$md5key), '*', IGNORE_MULTIPLE)) {
- if ($oldcacheitem->timemodified >= $time) {
- if (CLI_SCRIPT) {
- if (count($croncache) > 150) {
- reset($croncache);
- $key = key($croncache);
- unset($croncache[$key]);
- }
- $croncache[$md5key] = $oldcacheitem->formattedtext;
- }
- return $oldcacheitem->formattedtext;
- }
- }
- }
- switch ($format) {
- case FORMAT_HTML:
- if (!$options['noclean']) {
- $text = clean_text($text, FORMAT_HTML);
- }
- $text = $filtermanager->filter_text($text, $context, array('originalformat' => FORMAT_HTML));
- break;
- case FORMAT_PLAIN:
- $text = s($text); // cleans dangerous JS
- $text = rebuildnolinktag($text);
- $text = str_replace(' ', ' ', $text);
- $text = nl2br($text);
- break;
- case FORMAT_WIKI:
- // this format is deprecated
- $text = '<p>NOTICE: Wiki-like formatting has been removed from Moodle. You should not be seeing
- this message as all texts should have been converted to Markdown format instead.
- Please post a bug report to http://moodle.org/bugs with information about where you
- saw this message.</p>'.s($text);
- break;
- case FORMAT_MARKDOWN:
- $text = markdown_to_html($text);
- if (!$options['noclean']) {
- $text = clean_text($text, FORMAT_HTML);
- }
- $text = $filtermanager->filter_text($text, $context, array('originalformat' => FORMAT_MARKDOWN));
- break;
- default: // FORMAT_MOODLE or anything else
- $text = text_to_html($text, null, $options['para'], $options['newlines']);
- if (!$options['noclean']) {
- $text = clean_text($text, FORMAT_HTML);
- }
- $text = $filtermanager->filter_text($text, $context, array('originalformat' => $format));
- break;
- }
- if ($options['filter']) {
- // at this point there should not be any draftfile links any more,
- // this happens when developers forget to post process the text.
- // The only potential problem is that somebody might try to format
- // the text before storing into database which would be itself big bug.
- $text = str_replace("\"$CFG->httpswwwroot/draftfile.php", "\"$CFG->httpswwwroot/brokenfile.php#", $text);
- }
- // Warn people that we have removed this old mechanism, just in case they
- // were stupid enough to rely on it.
- if (isset($CFG->currenttextiscacheable)) {
- debugging('Once upon a time, Moodle had a truly evil use of global variables ' .
- 'called $CFG->currenttextiscacheable. The good news is that this no ' .
- 'longer exists. The bad news is that you seem to be using a filter that '.
- 'relies on it. Please seek out and destroy that filter code.', DEBUG_DEVELOPER);
- }
- if (!empty($options['overflowdiv'])) {
- $text = html_writer::tag('div', $text, array('class'=>'no-overflow'));
- }
- if (empty($options['nocache']) and !empty($CFG->cachetext)) {
- if (CLI_SCRIPT) {
- // special static cron cache - no need to store it in db if its not already there
- if (count($croncache) > 150) {
- reset($croncache);
- $key = key($croncache);
- unset($croncache[$key]);
- }
- $croncache[$md5key] = $text;
- return $text;
- }
- $newcacheitem = new stdClass();
- $newcacheitem->md5key = $md5key;
- $newcacheitem->formattedtext = $text;
- $newcacheitem->timemodified = time();
- if ($oldcacheitem) { // See bug 4677 for discussion
- $newcacheitem->id = $oldcacheitem->id;
- try {
- $DB->update_record('cache_text', $newcacheitem); // Update existing record in the cache table
- } catch (dml_exception $e) {
- // It's unlikely that the cron cache cleaner could have
- // deleted this entry in the meantime, as it allows
- // some extra time to cover these cases.
- }
- } else {
- try {
- $DB->insert_record('cache_text', $newcacheitem); // Insert a new record in the cache table
- } catch (dml_exception $e) {
- // Again, it's possible that another user has caused this
- // record to be created already in the time that it took
- // to traverse this function. That's OK too, as the
- // call above handles duplicate entries, and eventually
- // the cron cleaner will delete them.
- }
- }
- }
- return $text;
- }
- /**
- * Resets all data related to filters, called during upgrade or when filter settings change.
- *
- * @global object
- * @global object
- * @return void
- */
- function reset_text_filters_cache() {
- global $CFG, $DB;
- $DB->delete_records('cache_text');
- $purifdir = $CFG->dataroot.'/cache/htmlpurifier';
- remove_dir($purifdir, true);
- }
- /**
- * Given a simple string, this function returns the string
- * processed by enabled string filters if $CFG->filterall is enabled
- *
- * This function should be used to print short strings (non html) that
- * need filter processing e.g. activity titles, post subjects,
- * glossary concepts.
- *
- * @global object
- * @global object
- * @global object
- * @staticvar bool $strcache
- * @param string $string The string to be filtered.
- * @param boolean $striplinks To strip any link in the result text.
- Moodle 1.8 default changed from false to true! MDL-8713
- * @param array $options options array/object or courseid
- * @return string
- */
- function format_string($string, $striplinks = true, $options = NULL) {
- global $CFG, $COURSE, $PAGE;
- //We'll use a in-memory cache here to speed up repeated strings
- static $strcache = false;
- if (empty($CFG->version) or $CFG->version < 2010072800 or during_initial_install()) {
- // do not filter anything during installation or before upgrade completes
- return $string = strip_tags($string);
- }
- if ($strcache === false or count($strcache) > 2000) { // this number might need some tuning to limit memory usage in cron
- $strcache = array();
- }
- if (is_numeric($options)) {
- // legacy courseid usage
- $options = array('context'=>get_context_instance(CONTEXT_COURSE, $options));
- } else {
- $options = (array)$options; // detach object, we can not modify it
- }
- if (empty($options['context'])) {
- // fallback to $PAGE->context this may be problematic in CLI and other non-standard pages :-(
- $options['context'] = $PAGE->context;
- } else if (is_numeric($options['context'])) {
- $options['context'] = get_context_instance_by_id($options['context']);
- }
- if (!$options['context']) {
- // we did not find any context? weird
- return $string = strip_tags($string);
- }
- //Calculate md5
- $md5 = md5($string.'<+>'.$striplinks.'<+>'.$options['context']->id.'<+>'.current_language());
- //Fetch from cache if possible
- if (isset($strcache[$md5])) {
- return $strcache[$md5];
- }
- // First replace all ampersands not followed by html entity code
- // Regular expression moved to its own method for easier unit testing
- $string = replace_ampersands_not_followed_by_entity($string);
- if (!empty($CFG->filterall)) {
- $string = filter_manager::instance()->filter_string($string, $options['context']);
- }
- // If the site requires it, strip ALL tags from this string
- if (!empty($CFG->formatstringstriptags)) {
- $string = strip_tags($string);
- } else {
- // Otherwise strip just links if that is required (default)
- if ($striplinks) { //strip links in string
- $string = strip_links($string);
- }
- $string = clean_text($string);
- }
- //Store to cache
- $strcache[$md5] = $string;
- return $string;
- }
- /**
- * Given a string, performs a negative lookahead looking for any ampersand character
- * that is not followed by a proper HTML entity. If any is found, it is replaced
- * by &. The string is then returned.
- *
- * @param string $string
- * @return string
- */
- function replace_ampersands_not_followed_by_entity($string) {
- return preg_replace("/\&(?![a-zA-Z0-9#]{1,8};)/", "&", $string);
- }
- /**
- * Given a string, replaces all <a>.*</a> by .* and returns the string.
- *
- * @param string $string
- * @return string
- */
- function strip_links($string) {
- return preg_replace('/(<a\s[^>]+?>)(.+?)(<\/a>)/is','$2',$string);
- }
- /**
- * This expression turns links into something nice in a text format. (Russell Jungwirth)
- *
- * @param string $string
- * @return string
- */
- function wikify_links($string) {
- return preg_replace('~(<a [^<]*href=["|\']?([^ "\']*)["|\']?[^>]*>([^<]*)</a>)~i','$3 [ $2 ]', $string);
- }
- /**
- * Replaces non-standard HTML entities
- *
- * @param string $string
- * @return string
- */
- function fix_non_standard_entities($string) {
- $text = preg_replace('/�*([0-9]+);?/', '&#$1;', $string);
- $text = preg_replace('/�*([0-9a-fA-F]+);?/', '&#x$1;', $text);
- $text = preg_replace('[\x00-\x08\x0b-\x0c\x0e-\x1f]', '', $text);
- return $text;
- }
- /**
- * Given text in a variety of format codings, this function returns
- * the text as plain text suitable for plain email.
- *
- * @uses FORMAT_MOODLE
- * @uses FORMAT_HTML
- * @uses FORMAT_PLAIN
- * @uses FORMAT_WIKI
- * @uses FORMAT_MARKDOWN
- * @param string $text The text to be formatted. This is raw text originally from user input.
- * @param int $format Identifier of the text format to be used
- * [FORMAT_MOODLE, FORMAT_HTML, FORMAT_PLAIN, FORMAT_WIKI, FORMAT_MARKDOWN]
- * @return string
- */
- function format_text_email($text, $format) {
- switch ($format) {
- case FORMAT_PLAIN:
- return $text;
- break;
- case FORMAT_WIKI:
- // there should not be any of these any more!
- $text = wikify_links($text);
- return strtr(strip_tags($text), array_flip(get_html_translation_table(HTML_ENTITIES)));
- break;
- case FORMAT_HTML:
- return html_to_text($text);
- break;
- case FORMAT_MOODLE:
- case FORMAT_MARKDOWN:
- default:
- $text = wikify_links($text);
- return strtr(strip_tags($text), array_flip(get_html_translation_table(HTML_ENTITIES)));
- break;
- }
- }
- /**
- * Formats activity intro text
- *
- * @global object
- * @uses CONTEXT_MODULE
- * @param string $module name of module
- * @param object $activity instance of activity
- * @param int $cmid course module id
- * @param bool $filter filter resulting html text
- * @return text
- */
- function format_module_intro($module, $activity, $cmid, $filter=true) {
- global $CFG;
- require_once("$CFG->libdir/filelib.php");
- $context = get_context_instance(CONTEXT_MODULE, $cmid);
- $options = array('noclean'=>true, 'para'=>false, 'filter'=>$filter, 'context'=>$context, 'overflowdiv'=>true);
- $intro = file_rewrite_pluginfile_urls($activity->intro, 'pluginfile.php', $context->id, 'mod_'.$module, 'intro', null);
- return trim(format_text($intro, $activity->introformat, $options, null));
- }
- /**
- * Legacy function, used for cleaning of old forum and glossary text only.
- *
- * @global object
- * @param string $text text that may contain legacy TRUSTTEXT marker
- * @return text without legacy TRUSTTEXT marker
- */
- function trusttext_strip($text) {
- while (true) { //removing nested TRUSTTEXT
- $orig = $text;
- $text = str_replace('#####TRUSTTEXT#####', '', $text);
- if (strcmp($orig, $text) === 0) {
- return $text;
- }
- }
- }
- /**
- * Must be called before editing of all texts
- * with trust flag. Removes all XSS nasties
- * from texts stored in database if needed.
- *
- * @param object $object data object with xxx, xxxformat and xxxtrust fields
- * @param string $field name of text field
- * @param object $context active context
- * @return object updated $object
- */
- function trusttext_pre_edit($object, $field, $context) {
- $trustfield = $field.'trust';
- $formatfield = $field.'format';
- if (!$object->$trustfield or !trusttext_trusted($context)) {
- $object->$field = clean_text($object->$field, $object->$formatfield);
- }
- return $object;
- }
- /**
- * Is current user trusted to enter no dangerous XSS in this context?
- *
- * Please note the user must be in fact trusted everywhere on this server!!
- *
- * @param object $context
- * @return bool true if user trusted
- */
- function trusttext_trusted($context) {
- return (trusttext_active() and has_capability('moodle/site:trustcontent', $context));
- }
- /**
- * Is trusttext feature active?
- *
- * @global object
- * @param object $context
- * @return bool
- */
- function trusttext_active() {
- gl…
Large files files are truncated, but you can click here to view the full file