blocks/html/block_html.php

   1 <?php
   2
   3 // This file is part of Moodle - http://moodle.org/
   4 //
   5 // Moodle is free software: you can redistribute it and/or modify
   6 // it under the terms of the GNU General Public License as published by
   7 // the Free Software Foundation, either version 3 of the License, or
   8 // (at your option) any later version.
   9 //
  10 // Moodle is distributed in the hope that it will be useful,
  11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 // GNU General Public License for more details.
  14 //
  15 // You should have received a copy of the GNU General Public License
  16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 /**
  19  * Form for editing HTML block instances.
  20  *
  21  * @package   block_html
  22  * @copyright 1999 onwards Martin Dougiamas (http://dougiamas.com)
  23  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  24  */
  25
  26 class block_html extends block_base {
  27
  28     function init() {
  29         $this->title = get_string('pluginname', 'block_html');
  30     }
  31
  32     function applicable_formats() {
  33         return array('all' => true);
  34     }
  35
  36     function specialization() {
  37         $this->title = isset($this->config->title) ? format_string($this->config->title) : format_string(get_string('newhtmlblock', 'block_html'));
  38     }
  39
  40     function instance_allow_multiple() {
  41         return true;
  42     }
  43
  44     function get_content() {
  45         global $CFG;
  46
  47         require_once($CFG->libdir . '/filelib.php');
  48
  49         if ($this->content !== NULL) {
  50             return $this->content;
  51         }
  52
  53         $filteropt = new stdClass;
  54         $filteropt->overflowdiv = true;
  55         if ($this->content_is_trusted()) {
  56             // fancy html allowed only on course, category and system blocks.
  57             $filteropt->noclean = true;
  58         }
  59
  60         $this->content = new stdClass;
  61         $this->content->footer = '';
  62         if (isset($this->config->text)) {
  63             // rewrite url
  64             $this->config->text = file_rewrite_pluginfile_urls($this->config->text, 'pluginfile.php', $this->context->id, 'block_html', 'content', NULL);
  65             // Default to FORMAT_HTML which is what will have been used before the
  66             // editor was properly implemented for the block.
  67             $format = FORMAT_HTML;
  68             // Check to see if the format has been properly set on the config
  69             if (isset($this->config->format)) {
  70                 $format = $this->config->format;
  71             }
  72             $this->content->text = format_text($this->config->text, $format, $filteropt);
  73         } else {
  74             $this->content->text = '';
  75         }
  76
  77         unset($filteropt); // memory footprint
  78
  79         return $this->content;
  80     }
  81
  82
  83     /**
  84      * Serialize and store config data
  85      */
  86     function instance_config_save($data, $nolongerused = false) {
  87         global $DB;
  88
  89         $config = clone($data);
  90         // Move embedded files into a proper filearea and adjust HTML links to match
  91         $config->text = file_save_draft_area_files($data->text['itemid'], $this->context->id, 'block_html', 'content', 0, array('subdirs'=>true), $data->text['text']);
  92         $config->format = $data->text['format'];
  93
  94         parent::instance_config_save($config, $nolongerused);
  95     }
  96
  97     function instance_delete() {
  98         global $DB;
  99         $fs = get_file_storage();
 100         $fs->delete_area_files($this->context->id, 'block_html');
 101         return true;
 102     }
 103
 104     function content_is_trusted() {
 105         global $SCRIPT;
 106
 107         if (!$context = get_context_instance_by_id($this->instance->parentcontextid)) {
 108             return false;
 109         }
 110         //find out if this block is on the profile page
 111         if ($context->contextlevel == CONTEXT_USER) {
 112             if ($SCRIPT === '/my/index.php') {
 113                 // this is exception - page is completely private, nobody else may see content there
 114                 // that is why we allow JS here
 115                 return true;
 116             } else {
 117                 // no JS on public personal pages, it would be a big security issue
 118                 return false;
 119             }
 120         }
 121
 122         return true;
 123     }
 124 }