block_html.php 3.64 KB
Newer Older
1
<?php
2

3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Form for editing HTML block instances.
 *
 * @package   block_html
 * @copyright 1999 onwards Martin Dougiamas (http://dougiamas.com)
 * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

26
27
28
class block_html extends block_base {

    function init() {
29
        $this->title = get_string('pluginname', 'block_html');
30
31
    }

defacer's avatar
   
defacer committed
32
33
34
35
    function applicable_formats() {
        return array('all' => true);
    }

36
    function specialization() {
37
        $this->title = isset($this->config->title) ? format_string($this->config->title) : format_string(get_string('newhtmlblock', 'block_html'));
38
39
40
41
42
43
44
45
46
47
48
    }

    function instance_allow_multiple() {
        return true;
    }

    function get_content() {
        if ($this->content !== NULL) {
            return $this->content;
        }

49
50
        $filteropt = new stdClass;
        $filteropt->overflowdiv = true;
51
        if ($this->content_is_trusted()) {
52
            // fancy html allowed only on course, category and system blocks.
53
54
            $filteropt->noclean = true;
        }
defacer's avatar
   
defacer committed
55

56
57
        $this->content = new stdClass;
        $this->content->footer = '';
58
        if (isset($this->config->text)) {
59
            // rewrite url
60
61
            $this->config->text = file_rewrite_pluginfile_urls($this->config->text, 'pluginfile.php', $this->context->id, 'block_html', 'content', NULL);
            $this->content->text = format_text($this->config->text, $this->config->format, $filteropt);
62
63
64
        } else {
            $this->content->text = '';
        }
65

defacer's avatar
   
defacer committed
66
67
        unset($filteropt); // memory footprint

68
69
        return $this->content;
    }
70

71
72
73
74
75
76
77

    /**
     * Serialize and store config data
     */
    function instance_config_save($data, $nolongerused = false) {
        global $DB;

78
        $config = clone($data);
79
        // Move embedded files into a proper filearea and adjust HTML links to match
80
81
        $config->text = file_save_draft_area_files($data->text['itemid'], $this->context->id, 'block_html', 'content', 0, array('subdirs'=>true), $data->text['text']);
        $config->format = $data->text['format'];
82

83
        parent::instance_config_save($config, $nolongerused);
84
85
    }

86
87
88
    function instance_delete() {
        global $DB;
        $fs = get_file_storage();
89
        $fs->delete_area_files($this->context->id, 'block_html');
90
91
        return true;
    }
92

93
    function content_is_trusted() {
94
95
        global $SCRIPT;

96
97
98
        if (!$context = get_context_instance_by_id($this->instance->parentcontextid)) {
            return false;
        }
99
100
101
102
103
104
105
106
107
108
109
110
111
        //find out if this block is on the profile page
        if ($context->contextlevel == CONTEXT_USER) {
            if ($SCRIPT === '/my/index.php') {
                // this is exception - page is completely private, nobody else may see content there
                // that is why we allow JS here
                return true;
            } else {
                // no JS on public personal pages, it would be a big security issue
                return false;
            }
        }

        return true;
112
    }
113
}