MDL-81247 calendar: Extra validation for webservices
[moodle.git] / blog / index.php
blobd4baa2f8f0c0b96164a0aaa29388e2e64b057ea8
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17 /**
18 * file index.php
19 * index page to view blogs. if no blog is specified then site wide entries are shown
20 * if a blog id is specified then the latest entries from that blog are shown
23 require_once(__DIR__ . '/../config.php');
24 require_once($CFG->dirroot .'/blog/lib.php');
25 require_once($CFG->dirroot .'/blog/locallib.php');
26 require_once($CFG->dirroot .'/course/lib.php');
27 require_once($CFG->dirroot .'/comment/lib.php');
29 $id = optional_param('id', null, PARAM_INT);
30 $start = optional_param('formstart', 0, PARAM_INT);
31 $tag = optional_param('tag', '', PARAM_NOTAGS);
32 $userid = optional_param('userid', null, PARAM_INT);
33 $tagid = optional_param('tagid', null, PARAM_INT);
34 $modid = optional_param('modid', null, PARAM_INT);
35 $entryid = optional_param('entryid', null, PARAM_INT);
36 $groupid = optional_param('groupid', null, PARAM_INT);
37 $courseid = optional_param('courseid', null, PARAM_INT);
38 $search = optional_param('search', null, PARAM_RAW);
40 comment::init();
42 $urlparams = compact('id', 'start', 'tag', 'userid', 'tagid', 'modid', 'entryid', 'groupid', 'courseid', 'search');
43 foreach ($urlparams as $var => $val) {
44 if (empty($val)) {
45 unset($urlparams[$var]);
48 $PAGE->set_url('/blog/index.php', $urlparams);
50 // Correct tagid if a text tag is provided as a param.
51 if (!empty($tag)) {
52 if ($tagrec = $DB->get_record('tag', array('name' => $tag))) {
53 $tagid = $tagrec->id;
54 } else {
55 unset($tagid);
59 // Set the userid to the entry author if we have the entry ID.
60 if ($entryid and !isset($userid)) {
61 $entry = new blog_entry($entryid);
62 $userid = $entry->userid;
65 if (isset($userid) && empty($courseid) && empty($modid)) {
66 $context = context_user::instance($userid);
67 } else if (!empty($courseid) && $courseid != SITEID) {
68 $context = context_course::instance($courseid);
69 } else {
70 $context = context_system::instance();
72 $PAGE->set_context($context);
74 if (isset($userid) && $USER->id == $userid && !$PAGE->has_secondary_navigation()) {
75 $blognode = $PAGE->navigation->find('siteblog', null);
76 if ($blognode) {
77 $blognode->make_inactive();
81 // Check basic permissions.
82 if ($CFG->bloglevel == BLOG_GLOBAL_LEVEL) {
83 // Everybody can see anything - no login required unless site is locked down using forcelogin.
84 if ($CFG->forcelogin) {
85 require_login();
88 } else if ($CFG->bloglevel == BLOG_SITE_LEVEL) {
89 // Users must log in and can not be guests.
90 require_login();
91 if (isguestuser()) {
92 // They must have entered the url manually.
93 throw new \moodle_exception('noguest');
96 } else if ($CFG->bloglevel == BLOG_USER_LEVEL) {
97 // Users can see own blogs only! with the exception of people with special cap.
98 require_login();
100 } else {
101 // Weird!
102 throw new \moodle_exception('blogdisable', 'blog');
105 if (empty($CFG->enableblogs)) {
106 throw new \moodle_exception('blogdisable', 'blog');
109 list($courseid, $userid) = blog_validate_access($courseid, $modid, $groupid, $entryid, $userid);
111 $courseid = (empty($courseid)) ? SITEID : $courseid;
113 if ($courseid != SITEID) {
114 $course = get_course($courseid);
115 require_login($course);
118 if (!empty($userid)) {
119 $user = core_user::get_user($userid, '*', MUST_EXIST);
120 $PAGE->navigation->extend_for_user($user);
123 $blogheaders = blog_get_headers();
125 $rsscontext = null;
126 $filtertype = null;
127 $thingid = null;
128 $rsstitle = '';
129 if ($CFG->enablerssfeeds) {
130 list($thingid, $rsscontext, $filtertype) = blog_rss_get_params($blogheaders['filters']);
131 if (empty($rsscontext)) {
132 $rsscontext = context_system::instance();
134 $rsstitle = $blogheaders['heading'];
136 // Check we haven't started output by outputting an error message.
137 if ($PAGE->state == moodle_page::STATE_BEFORE_HEADER) {
138 blog_rss_add_http_header($rsscontext, $rsstitle, $filtertype, $thingid, $tagid);
142 $usernode = $PAGE->navigation->find('user'.$userid, null);
143 if ($usernode && $courseid != SITEID) {
144 $courseblogsnode = $PAGE->navigation->find('courseblogs', null);
145 if ($courseblogsnode) {
146 $courseblogsnode->remove();
148 $blogurl = new moodle_url($PAGE->url);
149 $blognode = $usernode->add(get_string('blogscourse', 'blog'), $blogurl);
150 $blognode->make_active();
153 if ($courseid != SITEID) {
154 $PAGE->set_heading($course->fullname);
155 echo $OUTPUT->header();
157 if (!empty($user)) {
158 $backurl = new moodle_url('/user/view.php', ['id' => $user->id, 'course' => $courseid]);
159 echo $OUTPUT->single_button($backurl, get_string('back'), 'get', ['class' => 'mb-3']);
161 $headerinfo = array('heading' => fullname($user), 'user' => $user);
162 echo $OUTPUT->context_header($headerinfo, 2);
164 } else if (isset($userid)) {
165 $PAGE->set_heading(fullname($user));
166 echo $OUTPUT->header();
167 } else if ($courseid == SITEID) {
168 echo $OUTPUT->header();
171 echo $OUTPUT->heading($blogheaders['heading'], 2);
173 $bloglisting = new blog_listing($blogheaders['filters']);
174 $bloglisting->print_entries();
176 if ($CFG->enablerssfeeds) {
177 blog_rss_print_link($rsscontext, $filtertype, $thingid, $tagid, get_string('rssfeed', 'blog'));
180 echo $OUTPUT->footer();
181 $eventparams = array(
182 'other' => array('entryid' => $entryid, 'tagid' => $tagid, 'userid' => $userid, 'modid' => $modid, 'groupid' => $groupid,
183 'search' => $search, 'fromstart' => $start)
185 if (!empty($userid)) {
186 $eventparams['relateduserid'] = $userid;
188 $eventparams['other']['courseid'] = ($courseid === SITEID) ? 0 : $courseid;
189 $event = \core\event\blog_entries_viewed::create($eventparams);
190 $event->trigger();