← Back to branch summary

~ubuntu-branches/ubuntu/hoary/moodle/hoary

« back to all changes in this revision

Viewing changes to mod/glossary/edit.php

  • Committer: Bazaar Package Importer
  • Author(s): Isaac Clerencia
  • Date: 2004-12-29 00:49:52 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20041229004952-gliyqzpj2w3e7clx
Tags: 1.4.3-1
http://bugs.debian.org/285842
http://bugs.debian.org/285842
* Urgency high as upstream release fixes several security bugs
* New upstream release
* Write database creation errors and warn the user about it, 
closes: #285842, #285842

Show diffs side-by-side

added added

removed removed

Lines of Context:
mod/glossary/edit.php
1
 
<?PHP // $Id: edit.php,v 1.29 2004/05/14 19:14:41 stronk7 Exp $
 
1
<?PHP // $Id: edit.php,v 1.31.2.12 2004/11/23 22:58:30 mjollnir_ Exp $
2
2
 
3
3
require_once("../../config.php");
4
4
require_once("lib.php");
9
9
optional_variable($e);    // EntryID
10
10
optional_variable($confirm,0);    // proceed. Edit the edtry
11
11
 
12
 
optional_variable($mode);   // categories if by category?
13
 
optional_variable($hook);    // CategoryID
 
12
$mode = optional_param('mode'); // categories if by category?
 
13
$hook = optional_param('hook'); // CategoryID
14
14
 
15
15
if (! $cm = get_record("course_modules", "id", $id)) {
16
16
    error("Course Module ID was incorrect");
29
29
if (! $glossary = get_record("glossary", "id", $cm->instance)) {
30
30
    error("Course module is incorrect");
31
31
}
 
32
 
 
33
if (!$glossary->studentcanpost && !isteacher($glossary->course)) {
 
34
    error("You can't add/edit entries to this glossary!");
 
35
}
32
36
if ( $confirm ) {
33
37
    $form = data_submitted();
34
38
    if ( !isset($form->usedynalink) ) {
41
45
        $form->fullmatch = 0;
42
46
    }
43
47
    $timenow = time();
44
 
    $form->text = clean_text($form->text, $form->format);
 
48
    //$form->text = clean_text($form->text, $form->format);
45
49
 
46
50
    $newentry->course = $glossary->course;
47
51
    $newentry->glossaryid = $glossary->id;
48
52
 
49
 
    $newentry->concept = trim($form->concept);
 
53
    $newentry->concept = clean_text(trim($form->concept));
50
54
    $newentry->definition = $form->text;
51
55
    $newentry->format = $form->format;
52
56
    $newentry->usedynalink = $form->usedynalink;
53
57
    $newentry->casesensitive = $form->casesensitive;
54
58
    $newentry->fullmatch = $form->fullmatch;
55
 
    $newentry->timemodified = $timenow;         
 
59
    $newentry->timemodified = $timenow;
56
60
    $newentry->approved = 0;
57
61
    if ( $glossary->defaultapproval or isteacher($course->id) ) {
58
62
        $newentry->approved = 1;
66
70
 
67
71
        if ($usehtmleditor = can_use_richtext_editor()) {
68
72
            $defaultformat = FORMAT_HTML;
69
 
            $onsubmit = "onsubmit=\"copyrichtext(form.text);\"";
70
73
        } else {
71
74
            $defaultformat = FORMAT_MOODLE;
72
 
            $onsubmit = "";
73
75
        }
74
76
 
75
 
        print_header(strip_tags("$course->shortname: $glossary->name"), "$course->fullname",
76
 
             "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> -> 
77
 
              <A HREF=\"index.php?id=$course->id\">$strglossaries</A> -> 
 
77
        print_header_simple(strip_tags("$glossary->name"), "",
 
78
             "<A HREF=\"index.php?id=$course->id\">$strglossaries</A> ->
78
79
              <A HREF=\"view.php?id=$cm->id\">$glossary->name</A> -> $stredit", "form.text",
79
80
              "", true, "", navmenu($course, $cm));
80
81
 
87
88
    }
88
89
 
89
90
    if ($e) {
 
91
        //We are updating an entry, so we compare current session user with
 
92
        //existing entry user to avoid some potential problems if secureforms=off
 
93
        //Perhaps too much security? Anyway thanks to skodak (Bug 1823)
 
94
        $old = get_record('glossary_entries', 'id', $e);
 
95
        $ineditperiod = ((time() - $old->timecreated <  $CFG->maxeditingtime) || $glossary->editalways);
 
96
        if ( (!$ineditperiod  || $USER->id != $old->userid) and !isteacher($course->id) and $e) {
 
97
            if ( $USER->id != $old->userid ) {
 
98
                error("You can't edit other people's entries!"); 
 
99
            } elseif (!$ineditperiod) {
 
100
                error("You can't edit this. Time expired!"); 
 
101
            }           
 
102
            die;        
 
103
        }
 
104
 
90
105
        $newentry->id = $e;
91
 
    
 
106
 
92
107
        $permissiongranted = 1;
93
108
        if ( !$glossary->allowduplicatedentries ) {
94
 
            if ($dupentries = get_records("glossary_entries","UCASE(concept)", strtoupper($newentry->concept))) {
 
109
            $ucase = db_uppercase();
 
110
            if ($dupentries = get_records("glossary_entries","$ucase(concept)", strtoupper($newentry->concept))) {
95
111
                foreach ($dupentries as $curentry) {
96
112
                    if ( $glossary->id == $curentry->glossaryid ) {
97
113
                       if ( $curentry->id != $e ) {
102
118
                }
103
119
            }
104
120
        }
105
 
    
 
121
 
106
122
        if ( $permissiongranted ) {
107
123
            $newentry->attachment = $_FILES["attachment"];
108
124
            if ($newfilename = glossary_add_attachment($newentry, $newentry->attachment)) {
115
131
                error("Could not update your glossary");
116
132
            } else {
117
133
                add_to_log($course->id, "glossary", "update entry", "view.php?id=$cm->id&mode=entry&hook=$newentry->id", $newentry->id,$cm->id);
118
 
                }
 
134
            }
119
135
        } else {
120
136
            error("Could not update this glossary entry because this concept already exist.");
121
137
        }
125
141
        $newentry->timecreated = $timenow;
126
142
        $newentry->sourceglossaryid = 0;
127
143
        $newentry->teacherentry = isteacher($course->id);
128
 
        
 
144
 
129
145
        $permissiongranted = 1;
130
146
        if ( !$glossary->allowduplicatedentries ) {
131
 
            if ($dupentries = get_record("glossary_entries","UCASE(concept)", strtoupper($newentry->concept), "glossaryid", $glossary->id)) {
 
147
            $ucase = db_uppercase();
 
148
            if ($dupentries = get_record("glossary_entries","$ucase(concept)", strtoupper($newentry->concept), "glossaryid", $glossary->id)) {
132
149
                $permissiongranted = 0;
133
150
            }
134
151
        }
166
183
        }
167
184
    }
168
185
    if ( isset($form->aliases) ) {
169
 
        if ( $aliases = explode("\n",$form->aliases) ) {
 
186
        if ( $aliases = explode("\n",clean_text($form->aliases)) ) {
170
187
            foreach ($aliases as $alias) {
171
188
                $alias = trim($alias);
172
189
                if ($alias) {
195
212
        $newentry->casesensitive = $form->casesensitive;
196
213
        $newentry->fullmatch = $form->fullmatch;
197
214
        $newentry->aliases = "";
 
215
        $newentry->userid = $form->userid;
 
216
        $newentry->timecreated = $form->timecreated;
198
217
 
199
218
        if ( $aliases = get_records("glossary_alias","entryid",$e) ) {
200
219
            foreach ($aliases as $alias) {
203
222
        }
204
223
    }
205
224
}
206
 
//Fill and print the form. 
 
225
//Fill and print the form.
207
226
//We check every field has a default values here!!
208
227
if (!isset($newentry->concept)) {
209
228
    $newentry->concept = "";
223
242
        $newentry->casesensitive = $CFG->glossary_casesensitive;
224
243
    } else {
225
244
        $newentry->casesensitive = 0;
226
 
    }         
 
245
    }
227
246
}
228
247
if (!isset($newentry->fullmatch)) {
229
248
    if (isset($CFG->glossary_fullmatch)) {
230
249
        $newentry->fullmatch = $CFG->glossary_fullmatch;
231
250
    } else {
232
251
        $newentry->fullmatch = 0;
233
 
    }  
 
252
    }
234
253
}
235
254
if (!isset($newentry->definition)) {
236
255
    $newentry->definition = "";
237
256
}
 
257
if (!isset($newentry->timecreated)) {
 
258
    $newentry->timecreated = 0;
 
259
}
 
260
if (!isset($newentry->userid)) {
 
261
    $newentry->userid = $USER->id;
 
262
}
238
263
$strglossary = get_string("modulename", "glossary");
239
264
$strglossaries = get_string("modulenameplural", "glossary");
240
265
$stredit = get_string("edit");
241
266
 
242
267
if ($usehtmleditor = can_use_richtext_editor()) {
243
268
    $defaultformat = FORMAT_HTML;
244
 
    $onsubmit = "onsubmit=\"copyrichtext(form.text);\"";
245
269
} else {
246
270
    $defaultformat = FORMAT_MOODLE;
247
 
    $onsubmit = "";
248
271
}
249
272
 
250
 
print_header(strip_tags("$course->shortname: $glossary->name"), "$course->fullname",
251
 
             "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> -> 
252
 
              <A HREF=\"index.php?id=$course->id\">$strglossaries</A> -> 
 
273
print_header_simple(strip_tags("$glossary->name"), "",
 
274
             "<A HREF=\"index.php?id=$course->id\">$strglossaries</A> ->
253
275
              <A HREF=\"view.php?id=$cm->id\">$glossary->name</A> -> $stredit", "",
254
276
              "", true, "", navmenu($course, $cm));
255
277
 
 
278
$ineditperiod = ((time() - $newentry->timecreated <  $CFG->maxeditingtime) || $glossary->editalways);
 
279
if ( (!$ineditperiod  || $USER->id != $newentry->userid) and !isteacher($course->id) and $e) {
 
280
    if ( $USER->id != $newentry->userid ) {
 
281
        error("You can't edit other people's entries!");
 
282
    } elseif (!$ineditperiod) {
 
283
        error("You can't edit this. Time expired!");
 
284
    }
 
285
    die;
 
286
}
 
287
 
256
288
    echo '<p align="center"><font size="3"><b>' . stripslashes_safe($glossary->name);
257
289
    echo '</b></font></p>';
258
290
 
273
305
echo '</center>';
274
306
glossary_print_tabbed_table_end();
275
307
 
 
308
    // Lets give IE more time to load the whole page
 
309
    // before trying to load the editor.
 
310
    if ($usehtmleditor) {
 
311
       use_html_editor("text");
 
312
    }
 
313
 
276
314
print_footer($course);
277
315
 
278
316
?>