Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
- Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
/repository/ -> filepicker.php (source)
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
//
/**
* This file is used to browse repositories in non-javascript mode
*
* @since Moodle 2.0
* @package core
* @subpackage repository
* @copyright 2009 Dongsheng Cai <dongsheng@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require_once('../config.php');
require_once($CFG->libdir.'/filelib.php');
require_once('lib.php');
/// Wait as long as it takes for this script to finish
core_php_time_limit::raise();
require_sesskey();
require_login();
// disable blocks in this page
$PAGE->set_pagelayout('embedded');
// general parameters
$action = optional_param('action', '', PARAM_ALPHA);
$client_id = optional_param('client_id', '', PARAM_RAW); // client ID
$itemid = optional_param('itemid', '', PARAM_INT);
// parameters for repository
$callback = optional_param('callback', '', PARAM_CLEANHTML);
$contextid = optional_param('ctx_id', SYSCONTEXTID, PARAM_INT); // context ID
$courseid = optional_param('course', SITEID, PARAM_INT); // course ID
$env = optional_param('env', 'filepicker', PARAM_ALPHA); // opened in file picker, file manager or html editor
$filename = optional_param('filename', '', PARAM_FILE);
$fileurl = optional_param('fileurl', '', PARAM_RAW);
$thumbnail = optional_param('thumbnail', '', PARAM_RAW);
$targetpath = optional_param('targetpath', '', PARAM_PATH);
$repo_id = optional_param('repo_id', 0, PARAM_INT); // repository ID
$req_path = optional_param('p', '', PARAM_RAW); // the path in repository
$curr_page = optional_param('page', '', PARAM_RAW); // What page in repository?
$search_text = optional_param('s', '', PARAM_CLEANHTML);
$maxfiles = optional_param('maxfiles', -1, PARAM_INT); // maxfiles
$maxbytes = optional_param('maxbytes', 0, PARAM_INT); // maxbytes
$subdirs = optional_param('subdirs', 0, PARAM_INT); // maxbytes
$areamaxbytes = optional_param('areamaxbytes', FILE_AREA_MAX_BYTES_UNLIMITED, PARAM_INT); // Area maxbytes.
$accepted_types = optional_param_array('accepted_types', '*', PARAM_RAW);
// the path to save files
$savepath = optional_param('savepath', '/', PARAM_PATH);
// path in draft area
$draftpath = optional_param('draftpath', '/', PARAM_PATH);
// user context
$user_context = context_user::instance($USER->id);
$PAGE->set_context($user_context);
if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
< print_error('invalidcourseid');
> throw new \moodle_exception('invalidcourseid');
}
$PAGE->set_course($course);
if ($repo_id) {
// Get repository instance information
$repooptions = array(
'ajax' => false,
'mimetypes' => $accepted_types
);
$repo = repository::get_repository_by_id($repo_id, $contextid, $repooptions);
// Check permissions
$repo->check_capability();
}
$context = context::instance_by_id($contextid);
// Make sure maxbytes passed is within site filesize limits.
$maxbytes = get_user_max_upload_file_size($context, $CFG->maxbytes, $course->maxbytes, $maxbytes);
$params = array('ctx_id' => $contextid, 'itemid' => $itemid, 'env' => $env, 'course'=>$courseid, 'maxbytes'=>$maxbytes, 'areamaxbytes'=>$areamaxbytes, 'maxfiles'=>$maxfiles, 'subdirs'=>$subdirs, 'sesskey'=>sesskey());
$params['action'] = 'browse';
$params['draftpath'] = $draftpath;
$home_url = new moodle_url('/repository/draftfiles_manager.php', $params);
$params['savepath'] = $savepath;
$params['repo_id'] = $repo_id;
$url = new moodle_url("/repository/filepicker.php", $params);
$PAGE->set_url('/repository/filepicker.php', $params);
switch ($action) {
case 'upload':
// The uploaded file has been processed in plugin construct function
// redirect to default page
try {
$repo->upload('', $maxbytes);
redirect($home_url, get_string('uploadsucc','repository'));
} catch (moodle_exception $e) {
// inject target URL
$e->link = $PAGE->url->out();
echo $OUTPUT->header(); // hack: we need the embedded header here, standard error printing would not use it
throw $e;
}
break;
case 'search':
echo '<div><a href="' . $home_url->out() . '">'.get_string('back', 'repository')."</a></div>";
try {
$search_result = $repo->search($search_text);
$search_result['issearchresult'] = true;
$search_result['repo_id'] = $repo_id;
// TODO: need a better solution
$purl = new moodle_url($url, array('search_paging' => 1, 'action' => 'search', 'repo_id' => $repo_id));
$pagingbar = new paging_bar($search_result['total'], $search_result['page'] - 1, $search_result['perpage'], $purl, 'p');
echo $OUTPUT->render($pagingbar);
echo '<table>';
foreach ($search_result['list'] as $item) {
echo '<tr>';
echo '<td>';
$style = '';
if (isset($item['thumbnail_height'])) {
$style .= 'max-height:'.$item['thumbnail_height'].'px;';
}
if (isset($item['thumbnail_width'])) {
$style .= 'max-width:'.$item['thumbnail_width'].'px;';
}
echo html_writer::empty_tag('img', array('src' => $item['thumbnail'], 'alt' => '', 'style' => $style));
echo '</td><td>';
if (!empty($item['url'])) {
echo html_writer::link($item['url'], s($item['title']), array('target'=>'_blank'));
} else {
echo s($item['title']);
}
echo '</td>';
echo '<td>';
echo '<form method="post">';
echo '<input type="hidden" name="fileurl" value="'.s($item['source']).'"/>';
echo '<input type="hidden" name="action" value="confirm"/>';
echo '<input type="hidden" name="filename" value="'.s($item['title']).'"/>';
echo '<input type="hidden" name="thumbnail" value="'.s($item['thumbnail']).'"/>';
echo '<input type="submit" value="'.s(get_string('select','repository')).'" />';
echo '</form>';
echo '</td>';
echo '</tr>';
}
echo '</table>';
} catch (repository_exception $e) {
}
break;
case 'list':
case 'sign':
echo $OUTPUT->header();
echo $OUTPUT->container_start();
echo html_writer::link($url, get_string('back', 'repository'));
echo $OUTPUT->container_end();
if ($repo->check_login()) {
$list = $repo->get_listing($req_path, $curr_page);
$dynload = !empty($list['dynload'])?true:false;
if (!empty($list['upload'])) {
echo '<form action="'.$url->out().'" method="post" enctype="multipart/form-data" style="display:inline">';
echo '<label>'.$list['upload']['label'].': </label>';
echo '<input type="file" name="repo_upload_file" /><br />';
echo '<input type="hidden" name="action" value="upload" /><br />';
echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
echo '<input type="hidden" name="repo_id" value="'.s($repo_id).'" /><br />';
echo '<input type="submit" value="'.s(get_string('upload', 'repository')).'" />';
echo '</form>';
} else {
if (!empty($list['path'])) {
foreach ($list['path'] as $p) {
//echo '<form method="post" style="display:inline">';
//echo '<input type="hidden" name="p" value="'.s($p['path']).'"';
//echo '<input type="hidden" name="action" value="list"';
//echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
//echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
//echo '<input style="display:inline" type="submit" value="'.s($p['name']).'" />';
//echo '</form>';
$pathurl = new moodle_url($url, array(
'p'=>$p['path'],
'action'=>'list',
'draftpath'=>$draftpath,
'savepath'=>$savepath
));
echo '<strong>' . html_writer::link($pathurl, s($p['name'])) . '</strong>';
echo '<span> / </span>';
}
}
if (!empty($list['page'])) {
// TODO MDL-28482: need a better solution
// paging_bar is not a good option because it starts page numbering from 0 and
// repositories number pages starting from 1.
$pagingurl = new moodle_url("/repository/filepicker.php?action=list&itemid=$itemid&ctx_id=$contextid&repo_id=$repo_id&course=$courseid&sesskey=". sesskey());
if (!isset($list['perpage']) && !isset($list['total'])) {
$list['perpage'] = 10; // instead of setting perpage&total we use number of pages, the result is the same
}
if (empty($list['total'])) {
if ($list['pages'] == -1) {
$total = ($list['page'] + 2) * $list['perpage'];
} else {
$total = $list['pages'] * $list['perpage'];
}
} else {
$total = $list['total'];
}
echo $OUTPUT->paging_bar($total, $list['page'], $list['perpage'], $pagingurl);
}
echo '<table>';
foreach ($list['list'] as $item) {
echo '<tr>';
echo '<td>';
$style = '';
if (isset($item['thumbnail_height'])) {
$style .= 'max-height:'.$item['thumbnail_height'].'px;';
}
if (isset($item['thumbnail_width'])) {
$style .= 'max-width:'.$item['thumbnail_width'].'px;';
}
echo html_writer::empty_tag('img', array('src' => $item['thumbnail'], 'style' => $style));
echo '</td><td>';
if (!empty($item['url'])) {
echo html_writer::link($item['url'], s($item['title']), array('target'=>'_blank'));
} else {
echo s($item['title']);
}
echo '</td>';
echo '<td>';
if (!isset($item['children'])) {
echo '<form method="post">';
echo '<input type="hidden" name="fileurl" value="'.s($item['source']).'"/>';
echo '<input type="hidden" name="action" value="confirm"/>';
echo '<input type="hidden" name="draftpath" value="'.s($draftpath).'" /><br />';
echo '<input type="hidden" name="savepath" value="'.s($savepath).'" /><br />';
echo '<input type="hidden" name="filename" value="'.s($item['title']).'"/>';
echo '<input type="hidden" name="thumbnail" value="'.s($item['thumbnail']).'"/>';
echo '<input type="submit" value="'.s(get_string('select','repository')).'" />';
echo '</form>';
} else {
echo '<form method="post">';
echo '<input type="hidden" name="p" value="'.s($item['path']).'"/>';
echo '<input type="submit" value="'.s(get_string('enter', 'repository')).'" />';
echo '</form>';
}
echo '</td>';
echo '</tr>';
}
echo '</table>';
}
} else {
echo '<form method="post">';
echo '<input type="hidden" name="action" value="sign" />';
echo '<input type="hidden" name="repo_id" value="'.s($repo_id).'" />';
$repo->print_login();
echo '</form>';
}
echo $OUTPUT->footer();
break;
case 'download':
// Check that user has permission to access this file
if (!$repo->file_is_accessible($fileurl)) {
< print_error('storedfilecannotread');
> throw new \moodle_exception('storedfilecannotread');
}
$record = new stdClass();
$reference = $repo->get_file_reference($fileurl);
$sourcefield = $repo->get_file_source_info($fileurl);
$record->source = repository::build_source_field($sourcefield);
// If file is already a reference, set $fileurl = file source, $repo = file repository
// note that in this case user may not have permission to access the source file directly
// so no file_browser/file_info can be used below
if ($repo->has_moodle_files()) {
$file = repository::get_moodle_file($reference);
if ($file && $file->is_external_file()) {
$sourcefield = $file->get_source(); // remember the original source
$record->source = $repo::build_source_field($sourcefield);
$reference = $file->get_reference();
$repo_id = $file->get_repository_id();
$repo = repository::get_repository_by_id($repo_id, $contextid, $repooptions);
}
}
$record->filepath = $savepath;
$record->filename = $filename;
$record->component = 'user';
$record->filearea = 'draft';
$record->itemid = $itemid;
$record->license = '';
$record->author = '';
$now = time();
$record->timecreated = $now;
$record->timemodified = $now;
$record->userid = $USER->id;
$record->contextid = $user_context->id;
$record->sortorder = 0;
if ($repo->has_moodle_files()) {
$fileinfo = $repo->copy_to_area($reference, $record, $maxbytes, $areamaxbytes);
redirect($home_url, get_string('downloadsucc', 'repository'));
} else {
$thefile = $repo->get_file($reference, $filename);
if (!empty($thefile['path'])) {
$filesize = filesize($thefile['path']);
if ($maxbytes != -1 && $filesize>$maxbytes) {
unlink($thefile['path']);
< print_error('maxbytes');
> throw new \moodle_exception('maxbytes');
}
// Ensure the file will not make the area exceed its size limit.
if (file_is_draft_area_limit_reached($record->itemid, $areamaxbytes, $filesize)) {
unlink($thefile['path']);
< print_error('maxareabytes');
> throw new \moodle_exception('maxareabytes');
}
// Ensure the user does not upload too many draft files in a short period.
if (file_is_draft_areas_limit_reached($USER->id)) {
unlink($thefile['path']);
< print_error('maxdraftitemids');
> throw new \moodle_exception('maxdraftitemids');
}
try {
$info = repository::move_to_filepool($thefile['path'], $record);
redirect($home_url, get_string('downloadsucc', 'repository'));
} catch (moodle_exception $e) {
// inject target URL
$e->link = $PAGE->url->out();
echo $OUTPUT->header(); // hack: we need the embedded header here, standard error printing would not use it
throw $e;
}
} else {
< print_error('cannotdownload', 'repository');
> throw new \moodle_exception('cannotdownload', 'repository');
}
}
break;
case 'confirm':
echo $OUTPUT->header();
echo '<div><a href="'.s($PAGE->url->out(false)).'">'.get_string('back', 'repository').'</a></div>';
echo '<img src="'.$thumbnail.'" />';
echo '<form method="post">';
echo '<table>';
echo ' <tr>';
echo ' <td>'. html_writer::label(get_string('filename', 'repository'), 'filename'). '</td>';
echo ' <td><input type="text" id="filename" name="filename" value="'.s($filename).'" /></td>';
echo ' <td><input type="hidden" name="fileurl" value="'.s($fileurl).'" /></td>';
echo ' <td><input type="hidden" name="action" value="download" /></td>';
echo ' <td><input type="hidden" name="itemid" value="'.s($itemid).'" /></td>';
echo ' </tr>';
echo '</table>';
echo '<div>';
// the save path
echo ' <input name="draftpath" type="hidden" value="'.s($draftpath).'" />';
echo ' <input name="savepath" type="hidden" value="'.s($savepath).'" />';
echo ' <input type="submit" value="'.s(get_string('download', 'repository')).'" />';
echo '</div>';
echo '</form>';
echo $OUTPUT->footer();
break;
default:
case 'plugins':
$params = array();
$params['context'] = array($user_context, context_system::instance());
$params['currentcontext'] = $PAGE->context;
$params['return_types'] = FILE_INTERNAL;
$repos = repository::get_instances($params);
echo $OUTPUT->header();
echo html_writer::link($home_url->out(false), get_string('backtodraftfiles', 'repository'));
echo '<div>';
echo '<ul>';
foreach($repos as $repo) {
$info = $repo->get_meta();
$aurl = clone($url);
$aurl->params(array('savepath'=>$savepath, 'action' => 'list', 'repo_id' => $info->id, 'draftpath'=>$draftpath));
echo '<li>';
echo html_writer::empty_tag('img', array('src'=>$info->icon, 'alt'=>$info->name, 'class'=>'icon icon-pre'));
echo html_writer::link($aurl, s($info->name));
echo '</li>';
}
echo '</ul>';
echo '</div>';
echo $OUTPUT->footer();
break;
}
