Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
- Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
- PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
/portfolio/ -> add.php (source)
Differences Between: [Versions 311 and 401] [Versions 311 and 402] [Versions 311 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * This file is the main controller to do with the portfolio export wizard. 19 * 20 * @package core_portfolio 21 * @copyright 2008 Penny Leach <penny@catalyst.net.nz>, 22 * Martin Dougiamas <http://dougiamas.com> 23 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL 24 */ 25 require_once(__DIR__ . '/../config.php'); 26 27 if (empty($CFG->enableportfolios)) { 28 print_error('disabled', 'portfolio'); 29 } 30 31 require_once($CFG->libdir . '/portfoliolib.php'); 32 require_once($CFG->libdir . '/portfolio/exporter.php'); 33 require_once($CFG->libdir . '/portfolio/caller.php'); 34 require_once($CFG->libdir . '/portfolio/plugin.php'); 35 36 $dataid = optional_param('id', 0, PARAM_INT); // The ID of partially completed export, corresponds to a record in portfolio_tempdata. 37 $type = optional_param('type', null, PARAM_SAFEDIR); // If we're returning from an external system (postcontrol) for a single-export only plugin. 38 $cancel = optional_param('cancel', 0, PARAM_RAW); // User has cancelled the request. 39 $cancelsure = optional_param('cancelsure', 0, PARAM_BOOL); // Make sure they confirm first. 40 $logreturn = optional_param('logreturn', 0, PARAM_BOOL); // When cancelling, we can also come from the log page, rather than the caller. 41 $instanceid = optional_param('instance', 0, PARAM_INT); // The instance of configured portfolio plugin. 42 $courseid = optional_param('course', 0, PARAM_INT); // The courseid the data being exported belongs to (caller object should provide this later). 43 $stage = optional_param('stage', PORTFOLIO_STAGE_CONFIG, PARAM_INT); // Stage of the export we're at (stored in the exporter). 44 $postcontrol = optional_param('postcontrol', 0, PARAM_INT); // When returning from some bounce to an external system, this gets passed. 45 $callbackcomponent = optional_param('callbackcomponent', null, PARAM_PATH); // Callback component eg mod_forum - the component of the exporting content. 46 $callbackclass = optional_param('callbackclass', null, PARAM_ALPHAEXT); // Callback class eg forum_portfolio_caller - the class to handle the exporting content. 47 $callerformats = optional_param('callerformats', null, PARAM_TAGLIST); // Comma separated list of formats the specific place exporting content supports. 48 49 require_login(); // this is selectively called again with $course later when we know for sure which one we're in. 50 $PAGE->set_context(context_system::instance()); 51 $PAGE->set_url('/portfolio/add.php', array('id' => $dataid, 'sesskey' => sesskey())); 52 $PAGE->set_pagelayout('admin'); 53 $exporter = null; 54 55 if ($postcontrol && $type && !$dataid) { 56 // we're returning from an external system that can't construct dynamic return urls 57 // this is a special "one export of this type only per session" case 58 if (portfolio_static_function($type, 'allows_multiple_exports')) { 59 throw new portfolio_exception('multiplesingleresume', 'portfolio'); 60 } 61 62 if (!$dataid = portfolio_export_type_to_id($type, $USER->id)) { 63 throw new portfolio_exception('invalidtempid', 'portfolio'); 64 } 65 } else { 66 // we can't do this in the above case, because we're redirecting straight back from an external system 67 // this is not really ideal, but since we're in a "staged" wizard, the session key is checked in other stages. 68 require_sesskey(); // pretty much everything in this page is a write that could be hijacked, so just do this at the top here 69 } 70 71 // if we have a dataid, it means we're in the middle of an export, 72 // so rewaken it and continue. 73 if (!empty($dataid)) { 74 try { 75 $exporter = portfolio_exporter::rewaken_object($dataid); 76 } catch (portfolio_exception $e) { 77 // this can happen in some cases, a cancel request is sent when something is already broken 78 // so process it elegantly and move on. 79 if ($cancel) { 80 if ($logreturn) { 81 redirect($CFG->wwwroot . '/user/portfoliologs.php'); 82 } 83 redirect($CFG->wwwroot); 84 } else { 85 throw $e; 86 } 87 } 88 // we have to wake it up first before we can cancel it 89 // so temporary directories etc get cleaned up. 90 if ($cancel) { 91 if ($cancelsure) { 92 $exporter->cancel_request($logreturn); 93 } else { 94 portfolio_export_pagesetup($PAGE, $exporter->get('caller')); 95 $exporter->print_header(get_string('confirmcancel', 'portfolio')); 96 echo $OUTPUT->box_start(); 97 $yesbutton = new single_button(new moodle_url('/portfolio/add.php', array('id' => $dataid, 'cancel' => 1, 'cancelsure' => 1, 'logreturn' => $logreturn)), get_string('yes')); 98 if ($logreturn) { 99 $nobutton = new single_button(new moodle_url('/user/portfoliologs.php'), get_string('no')); 100 } else { 101 $nobutton = new single_button(new moodle_url('/portfolio/add.php', array('id' => $dataid)), get_string('no')); 102 } 103 echo $OUTPUT->confirm(get_string('confirmcancel', 'portfolio'), $yesbutton, $nobutton); 104 echo $OUTPUT->box_end(); 105 echo $OUTPUT->footer(); 106 exit; 107 } 108 } 109 // verify we still belong to the correct user and permissions are still ok 110 $exporter->verify_rewaken(); 111 // if we don't have an instanceid in the exporter 112 // it means we've just posted from the 'choose portfolio instance' page 113 // so process that and start up the portfolio plugin 114 if (!$exporter->get('instance')) { 115 if ($instanceid) { 116 try { 117 $instance = portfolio_instance($instanceid); 118 } catch (portfolio_exception $e) { 119 portfolio_export_rethrow_exception($exporter, $e); 120 } 121 // this technically shouldn't happen but make sure anyway 122 if ($broken = portfolio_instance_sanity_check($instance)) { 123 throw new portfolio_export_exception($exporter, $broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin')); 124 } 125 // now we're all set up, ready to go 126 $instance->set('user', $USER); 127 $exporter->set('instance', $instance); 128 $exporter->save(); 129 } 130 } 131 132 portfolio_export_pagesetup($PAGE, $exporter->get('caller')); // this calls require_login($course) if it can.. 133 134 // completely new request, look to see what information we've been passed and set up the exporter object. 135 } else { 136 // you cannot get here with no information for us, we must at least have the caller. 137 if (empty($_GET) && empty($_POST)) { 138 portfolio_exporter::print_expired_export(); 139 } 140 // we'e just posted here for the first time and have might the instance already 141 if ($instanceid) { 142 // this can throw exceptions but there's no point catching and rethrowing here 143 // as the exporter isn't created yet. 144 $instance = portfolio_instance($instanceid); 145 if ($broken = portfolio_instance_sanity_check($instance)) { 146 throw new portfolio_exception($broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin')); 147 } 148 $instance->set('user', $USER); 149 } else { 150 $instance = null; 151 } 152 153 // we must be passed this from the caller, we cannot start a new export 154 // without knowing information about what part of moodle we come from. 155 if (empty($callbackcomponent) || empty($callbackclass)) { 156 debugging('no callback file or class'); 157 portfolio_exporter::print_expired_export(); 158 } 159 160 // so each place in moodle can pass callback args here 161 // process the entire request looking for ca_* 162 // be as lenient as possible while still being secure 163 // so only accept certain parameter types. 164 $callbackargs = array(); 165 foreach (array_keys(array_merge($_GET, $_POST)) as $key) { 166 if (strpos($key, 'ca_') === 0) { 167 if (!$value = optional_param($key, false, PARAM_ALPHAEXT)) { 168 if (!$value = optional_param($key, false, PARAM_FLOAT)) { 169 $value = optional_param($key, false, PARAM_PATH); 170 } 171 } 172 // strip off ca_ for niceness 173 $callbackargs[substr($key, 3)] = $value; 174 } 175 } 176 177 // Ensure that we found a file we can use, if not throw an exception. 178 portfolio_include_callback_file($callbackcomponent, $callbackclass); 179 180 $caller = new $callbackclass($callbackargs); 181 $caller->set('user', $USER); 182 if ($formats = explode(',', $callerformats)) { 183 $caller->set_formats_from_button($formats); 184 } 185 $caller->load_data(); 186 // this must check capabilities and either throw an exception or return false. 187 if (!$caller->check_permissions()) { 188 throw new portfolio_caller_exception('nopermissions', 'portfolio', $caller->get_return_url()); 189 } 190 191 portfolio_export_pagesetup($PAGE, $caller); // this calls require_login($course) if it can.. 192 193 // finally! set up the exporter object with the portfolio instance, and caller information elements 194 $exporter = new portfolio_exporter($instance, $caller, $callbackcomponent); 195 196 // set the export-specific variables, and save. 197 $exporter->set('user', $USER); 198 $exporter->save(); 199 } 200 201 if (!$exporter->get('instance')) { 202 // we've just arrived but have no instance 203 // in this case the exporter object and the caller object have been set up above 204 // so just make a little form to select the portfolio plugin instance, 205 // which is the last thing to do before starting the export. 206 // 207 // first check to make sure there is actually a point 208 $options = portfolio_instance_select( 209 portfolio_instances(), 210 $exporter->get('caller')->supported_formats(), 211 get_class($exporter->get('caller')), 212 $exporter->get('caller')->get_mimetype(), 213 'instance', 214 true, 215 true 216 ); 217 if (empty($options)) { 218 throw new portfolio_export_exception($exporter, 'noavailableplugins', 'portfolio'); 219 } else if (count($options) == 1) { 220 // no point displaying a form, just redirect. 221 $optionskeys = array_keys($options); 222 $instance = array_shift($optionskeys); 223 redirect($CFG->wwwroot . '/portfolio/add.php?id= ' . $exporter->get('id') . '&instance=' . $instance . '&sesskey=' . sesskey()); 224 } 225 // be very selective about not including this unless we really need to 226 require_once($CFG->libdir . '/portfolio/forms.php'); 227 $mform = new portfolio_instance_select('', array('id' => $exporter->get('id'), 'caller' => $exporter->get('caller'), 'options' => $options)); 228 if ($mform->is_cancelled()) { 229 $exporter->cancel_request(); 230 } else if ($fromform = $mform->get_data()){ 231 redirect($CFG->wwwroot . '/portfolio/add.php?instance=' . $fromform->instance . '&id=' . $exporter->get('id')); 232 exit; 233 } 234 else { 235 $exporter->print_header(get_string('selectplugin', 'portfolio')); 236 echo $OUTPUT->box_start(); 237 $mform->display(); 238 echo $OUTPUT->box_end(); 239 echo $OUTPUT->footer(); 240 exit; 241 } 242 } 243 244 // if we haven't been passed &stage= grab it from the exporter. 245 if (!$stage) { 246 $stage = $exporter->get('stage'); 247 } 248 249 // for places returning control to pass (rather than PORTFOLIO_STAGE_PACKAGE 250 // which is unstable if they can't get to the constant (eg external system) 251 $alreadystolen = false; 252 if ($postcontrol) { // the magic request variable plugins must pass on returning here 253 try { 254 // allow it to read whatever gets sent back in the request 255 // this is useful for plugins that redirect away and back again 256 // adding a token to the end of the url, for example box.net 257 $exporter->instance()->post_control($stage, array_merge($_GET, $_POST)); 258 } catch (portfolio_plugin_exception $e) { 259 portfolio_export_rethrow_exception($exporter, $e); 260 } 261 $alreadystolen = true; // remember this so we don't get caught in a steal control loop! 262 } 263 264 // actually do the work now.. 265 $exporter->process_stage($stage, $alreadystolen); 266 267
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
