MDL-46227 Fix XSS in scheduled tasks
[moodle.git] / calendar / export.php
blob92c2db337f2df90e137ee3ecdb83e840b143d63c
1 <?php
3 /////////////////////////////////////////////////////////////////////////////
4 // //
5 // NOTICE OF COPYRIGHT //
6 // //
7 // Moodle - Calendar extension //
8 // //
9 // Copyright (C) 2003-2004 Greek School Network www.sch.gr //
10 // //
11 // Designed by: //
12 // Avgoustos Tsinakos (tsinakos@teikav.edu.gr) //
13 // Jon Papaioannou (pj@moodle.org) //
14 // //
15 // Programming and development: //
16 // Jon Papaioannou (pj@moodle.org) //
17 // //
18 // For bugs, suggestions, etc contact: //
19 // Jon Papaioannou (pj@moodle.org) //
20 // //
21 // The current module was developed at the University of Macedonia //
22 // (www.uom.gr) under the funding of the Greek School Network (www.sch.gr) //
23 // The aim of this project is to provide additional and improved //
24 // functionality to the Asynchronous Distance Education service that the //
25 // Greek School Network deploys. //
26 // //
27 // This program is free software; you can redistribute it and/or modify //
28 // it under the terms of the GNU General Public License as published by //
29 // the Free Software Foundation; either version 2 of the License, or //
30 // (at your option) any later version. //
31 // //
32 // This program is distributed in the hope that it will be useful, //
33 // but WITHOUT ANY WARRANTY; without even the implied warranty of //
34 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
35 // GNU General Public License for more details: //
36 // //
37 // http://www.gnu.org/copyleft/gpl.html //
38 // //
39 /////////////////////////////////////////////////////////////////////////////
41 /**
42 * This file is part of the User section Moodle
44 * @copyright 2003-2004 Jon Papaioannou (pj@moodle.org)
45 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v2 or later
46 * @package calendar
49 require_once('../config.php');
50 require_once($CFG->dirroot.'/course/lib.php');
51 require_once($CFG->dirroot.'/calendar/lib.php');
53 if (empty($CFG->enablecalendarexport)) {
54 die('no export');
57 $courseid = optional_param('course', SITEID, PARAM_INT);
58 $action = optional_param('action', '', PARAM_ALPHA);
59 $day = optional_param('cal_d', 0, PARAM_INT);
60 $mon = optional_param('cal_m', 0, PARAM_INT);
61 $year = optional_param('cal_y', 0, PARAM_INT);
62 $time = optional_param('time', 0, PARAM_INT);
63 $generateurl = optional_param('generateurl', 0, PARAM_BOOL);
65 // Get the calendar type we are using.
66 $calendartype = \core_calendar\type_factory::get_calendar_instance();
68 // If a day, month and year were passed then convert it to a timestamp. If these were passed
69 // then we can assume the day, month and year are passed as Gregorian, as no where in core
70 // should we be passing these values rather than the time. This is done for BC.
71 if (!empty($day) && !empty($mon) && !empty($year)) {
72 if (checkdate($mon, $day, $year)) {
73 $time = make_timestamp($year, $mon, $day);
74 } else {
75 $time = time();
77 } else if (empty($time)) {
78 $time = time();
81 if ($courseid != SITEID && !empty($courseid)) {
82 $course = $DB->get_record('course', array('id' => $courseid));
83 $courses = array($course->id => $course);
84 $issite = false;
85 } else {
86 $course = get_site();
87 $courses = calendar_get_default_courses();
88 $issite = true;
90 require_course_login($course);
92 $url = new moodle_url('/calendar/export.php', array('time' => $time));
94 if ($action !== '') {
95 $url->param('action', $action);
98 if ($course !== NULL) {
99 $url->param('course', $course->id);
101 $PAGE->set_url($url);
103 $calendar = new calendar_information(0, 0, 0, $time);
104 $calendar->prepare_for_view($course, $courses);
106 $pagetitle = get_string('export', 'calendar');
107 $now = $calendartype->timestamp_to_date_array($time);
109 // Print title and header
110 if ($issite) {
111 $PAGE->navbar->add($course->shortname, new moodle_url('/course/view.php', array('id'=>$course->id)));
113 $link = new moodle_url(CALENDAR_URL.'view.php', array('view'=>'upcoming', 'course'=>$calendar->courseid));
114 $PAGE->navbar->add(get_string('calendar', 'calendar'), calendar_get_link_href($link, 0, 0, 0, $time));
115 $PAGE->navbar->add($pagetitle);
117 $PAGE->set_title($course->shortname.': '.get_string('calendar', 'calendar').': '.$pagetitle);
118 $PAGE->set_heading($course->fullname);
119 $PAGE->set_pagelayout('standard');
120 $PAGE->set_button(calendar_preferences_button($course));
122 $renderer = $PAGE->get_renderer('core_calendar');
123 $calendar->add_sidecalendar_blocks($renderer);
125 echo $OUTPUT->header();
126 echo $renderer->start_layout();
127 switch($action) {
128 case 'advanced':
129 // Why nothing?
130 break;
131 case '':
132 default:
133 $weekend = CALENDAR_DEFAULT_WEEKEND;
134 if (isset($CFG->calendar_weekend)) {
135 $weekend = intval($CFG->calendar_weekend);
138 // Get the number of days.
139 $numberofdaysinweek = $calendartype->get_num_weekdays();
141 $authtoken = sha1($USER->id . $DB->get_field('user', 'password', array('id'=>$USER->id)). $CFG->calendar_exportsalt);
142 // Let's populate some vars to let "common tasks" be somewhat smart...
143 // If today it's weekend, give the "next week" option.
144 $allownextweek = $weekend & (1 << $now['wday']);
145 // If it's the last week of the month, give the "next month" option.
146 $allownextmonth = calendar_days_in_month($now['mon'], $now['year']) - $now['mday'] < $numberofdaysinweek;
147 // If today it's weekend but tomorrow it isn't, do NOT give the "this week" option.
148 $allowthisweek = !(($weekend & (1 << $now['wday'])) && !($weekend & (1 << (($now['wday'] + 1) % $numberofdaysinweek))));
149 echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $USER->id, $authtoken);
150 break;
153 if (!empty($generateurl)) {
154 $params['userid'] = optional_param('userid', 0, PARAM_INT);
155 $params['authtoken'] = optional_param('authtoken', '', PARAM_ALPHANUM);
156 $params['preset_what'] = optional_param('preset_what', 'all', PARAM_ALPHA);
157 $params['preset_time'] = optional_param('preset_time', 'weeknow', PARAM_ALPHA);
159 $link = new moodle_url('/calendar/export_execute.php', $params);
160 print html_writer::tag('div', get_string('calendarurl', 'calendar', $link->out()), array('class' => 'generalbox calendarurl'));
163 echo $renderer->complete_layout();
164 echo $OUTPUT->footer();