';
/**
* Allowed protocols - array of protocols that are safe to use in links and so on
* @global string $ALLOWED_PROTOCOLS
*/
$ALLOWED_PROTOCOLS = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'teamspeak', 'gopher', 'mms',
'color', 'callto', 'cursor', 'text-align', 'font-size', 'font-weight', 'font-style', 'font-family',
'border', 'margin', 'padding', 'background', 'text-decoration'); // CSS as well to get through kses
/// Functions
/**
* Add quotes to HTML characters
*
* Returns $var with HTML characters (like "<", ">", etc.) properly quoted.
* This function is very similar to {@link p()}
*
* @param string $var the string potentially containing HTML characters
* @param boolean $strip to decide if we want to strip slashes or no. Default to false.
* true should be used to print data from forms and false for data from DB.
* @return string
*/
function s($var, $strip=false) {
if ($var == '0') { // for integer 0, boolean false, string '0'
return '0';
}
if ($strip) {
return preg_replace("/&(#\d+);/i", "&$1;", htmlspecialchars(stripslashes_safe($var)));
} else {
return preg_replace("/&(#\d+);/i", "&$1;", htmlspecialchars($var));
}
}
/**
* Add quotes to HTML characters
*
* Prints $var with HTML characters (like "<", ">", etc.) properly quoted.
* This function is very similar to {@link s()}
*
* @param string $var the string potentially containing HTML characters
* @param boolean $strip to decide if we want to strip slashes or no. Default to false.
* true should be used to print data from forms and false for data from DB.
* @return string
*/
function p($var, $strip=false) {
echo s($var, $strip);
}
/**
* Does proper javascript quoting.
* Do not use addslashes anymore, because it does not work when magic_quotes_sybase is enabled.
*
* @since 1.8 - 22/02/2007
* @param mixed value
* @return mixed quoted result
*/
function addslashes_js($var) {
if (is_string($var)) {
$var = str_replace('\\', '\\\\', $var);
$var = str_replace(array('\'', '"', "\n", "\r", "\0"), array('\\\'', '\\"', '\\n', '\\r', '\\0'), $var);
$var = str_replace('', '<\/', $var); // XHTML compliance
} else if (is_array($var)) {
$var = array_map('addslashes_js', $var);
} else if (is_object($var)) {
$a = get_object_vars($var);
foreach ($a as $key=>$value) {
$a[$key] = addslashes_js($value);
}
$var = (object)$a;
}
return $var;
}
/**
* Remove query string from url
*
* Takes in a URL and returns it without the querystring portion
*
* @param string $url the url which may have a query string attached
* @return string
*/
function strip_querystring($url) {
if ($commapos = strpos($url, '?')) {
return substr($url, 0, $commapos);
} else {
return $url;
}
}
/**
* Returns the URL of the HTTP_REFERER, less the querystring portion if required
* @return string
*/
function get_referer($stripquery=true) {
if (isset($_SERVER['HTTP_REFERER'])) {
if ($stripquery) {
return strip_querystring($_SERVER['HTTP_REFERER']);
} else {
return $_SERVER['HTTP_REFERER'];
}
} else {
return '';
}
}
/**
* Returns the name of the current script, WITH the querystring portion.
* this function is necessary because PHP_SELF and REQUEST_URI and SCRIPT_NAME
* return different things depending on a lot of things like your OS, Web
* server, and the way PHP is compiled (ie. as a CGI, module, ISAPI, etc.)
* NOTE: This function returns false if the global variables needed are not set.
*
* @return string
*/
function me() {
if (!empty($_SERVER['REQUEST_URI'])) {
return $_SERVER['REQUEST_URI'];
} else if (!empty($_SERVER['PHP_SELF'])) {
if (!empty($_SERVER['QUERY_STRING'])) {
return $_SERVER['PHP_SELF'] .'?'. $_SERVER['QUERY_STRING'];
}
return $_SERVER['PHP_SELF'];
} else if (!empty($_SERVER['SCRIPT_NAME'])) {
if (!empty($_SERVER['QUERY_STRING'])) {
return $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['QUERY_STRING'];
}
return $_SERVER['SCRIPT_NAME'];
} else if (!empty($_SERVER['URL'])) { // May help IIS (not well tested)
if (!empty($_SERVER['QUERY_STRING'])) {
return $_SERVER['URL'] .'?'. $_SERVER['QUERY_STRING'];
}
return $_SERVER['URL'];
} else {
notify('Warning: Could not find any of these web server variables: $REQUEST_URI, $PHP_SELF, $SCRIPT_NAME or $URL');
return false;
}
}
/**
* Like {@link me()} but returns a full URL
* @see me()
* @return string
*/
function qualified_me() {
global $CFG;
if (!empty($CFG->wwwroot)) {
$url = parse_url($CFG->wwwroot);
}
if (!empty($url['host'])) {
$hostname = $url['host'];
} else if (!empty($_SERVER['SERVER_NAME'])) {
$hostname = $_SERVER['SERVER_NAME'];
} else if (!empty($_ENV['SERVER_NAME'])) {
$hostname = $_ENV['SERVER_NAME'];
} else if (!empty($_SERVER['HTTP_HOST'])) {
$hostname = $_SERVER['HTTP_HOST'];
} else if (!empty($_ENV['HTTP_HOST'])) {
$hostname = $_ENV['HTTP_HOST'];
} else {
notify('Warning: could not find the name of this server!');
return false;
}
if (!empty($url['port'])) {
$hostname .= ':'.$url['port'];
} else if (!empty($_SERVER['SERVER_PORT'])) {
if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
$hostname .= ':'.$_SERVER['SERVER_PORT'];
}
}
// TODO, this does not work in the situation described in MDL-11061, but
// I don't know how to fix it. Possibly believe $CFG->wwwroot ahead of what
// the server reports.
if (isset($_SERVER['HTTPS'])) {
$protocol = ($_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
} else if (isset($_SERVER['SERVER_PORT'])) { # Apache2 does not export $_SERVER['HTTPS']
$protocol = ($_SERVER['SERVER_PORT'] == '443') ? 'https://' : 'http://';
} else {
$protocol = 'http://';
}
$url_prefix = $protocol.$hostname;
return $url_prefix . me();
}
/**
* Determine if there is data waiting to be processed from a form
*
* Used on most forms in Moodle to check for data
* Returns the data as an object, if it's found.
* This object can be used in foreach loops without
* casting because it's cast to (array) automatically
*
* Checks that submitted POST data exists and returns it as object.
*
* @param string $url not used anymore
* @return mixed false or object
*/
function data_submitted($url='') {
if (empty($_POST)) {
return false;
} else {
return (object)$_POST;
}
}
/**
* Moodle replacement for php stripslashes() function,
* works also for objects and arrays.
*
* The standard php stripslashes() removes ALL backslashes
* even from strings - so C:\temp becomes C:temp - this isn't good.
* This function should work as a fairly safe replacement
* to be called on quoted AND unquoted strings (to be sure)
*
* @param mixed something to remove unsafe slashes from
* @return mixed
*/
function stripslashes_safe($mixed) {
// there is no need to remove slashes from int, float and bool types
if (empty($mixed)) {
//nothing to do...
} else if (is_string($mixed)) {
if (ini_get_bool('magic_quotes_sybase')) { //only unescape single quotes
$mixed = str_replace("''", "'", $mixed);
} else { //the rest, simple and double quotes and backslashes
$mixed = str_replace("\\'", "'", $mixed);
$mixed = str_replace('\\"', '"', $mixed);
$mixed = str_replace('\\\\', '\\', $mixed);
}
} else if (is_array($mixed)) {
foreach ($mixed as $key => $value) {
$mixed[$key] = stripslashes_safe($value);
}
} else if (is_object($mixed)) {
$vars = get_object_vars($mixed);
foreach ($vars as $key => $value) {
$mixed->$key = stripslashes_safe($value);
}
}
return $mixed;
}
/**
* Recursive implementation of stripslashes()
*
* This function will allow you to strip the slashes from a variable.
* If the variable is an array or object, slashes will be stripped
* from the items (or properties) it contains, even if they are arrays
* or objects themselves.
*
* @param mixed the variable to remove slashes from
* @return mixed
*/
function stripslashes_recursive($var) {
if(is_object($var)) {
$properties = get_object_vars($var);
foreach($properties as $property => $value) {
$var->$property = stripslashes_recursive($value);
}
}
else if(is_array($var)) {
foreach($var as $property => $value) {
$var[$property] = stripslashes_recursive($value);
}
}
else if(is_string($var)) {
$var = stripslashes($var);
}
return $var;
}
/**
* Recursive implementation of addslashes()
*
* This function will allow you to add the slashes from a variable.
* If the variable is an array or object, slashes will be added
* to the items (or properties) it contains, even if they are arrays
* or objects themselves.
*
* @param mixed the variable to add slashes from
* @return mixed
*/
function addslashes_recursive($var) {
if(is_object($var)) {
$properties = get_object_vars($var);
foreach($properties as $property => $value) {
$var->$property = addslashes_recursive($value);
}
}
else if(is_array($var)) {
foreach($var as $property => $value) {
$var[$property] = addslashes_recursive($value);
}
}
else if(is_string($var)) {
$var = addslashes($var);
}
return $var;
}
/**
* Given some normal text this function will break up any
* long words to a given size by inserting the given character
*
* It's multibyte savvy and doesn't change anything inside html tags.
*
* @param string $string the string to be modified
* @param int $maxsize maximum length of the string to be returned
* @param string $cutchar the string used to represent word breaks
* @return string
*/
function break_up_long_words($string, $maxsize=20, $cutchar=' ') {
/// Loading the textlib singleton instance. We are going to need it.
$textlib = textlib_get_instance();
/// First of all, save all the tags inside the text to skip them
$tags = array();
filter_save_tags($string,$tags);
/// Process the string adding the cut when necessary
$output = '';
$length = $textlib->strlen($string);
$wordlength = 0;
for ($i=0; $i<$length; $i++) {
$char = $textlib->substr($string, $i, 1);
if ($char == ' ' or $char == "\t" or $char == "\n" or $char == "\r" or $char == "<" or $char == ">") {
$wordlength = 0;
} else {
$wordlength++;
if ($wordlength > $maxsize) {
$output .= $cutchar;
$wordlength = 0;
}
}
$output .= $char;
}
/// Finally load the tags back again
if (!empty($tags)) {
$output = str_replace(array_keys($tags), $tags, $output);
}
return $output;
}
/**
* This does a search and replace, ignoring case
* This function is only used for versions of PHP older than version 5
* which do not have a native version of this function.
* Taken from the PHP manual, by bradhuizenga @ softhome.net
*
* @param string $find the string to search for
* @param string $replace the string to replace $find with
* @param string $string the string to search through
* return string
*/
if (!function_exists('str_ireplace')) { /// Only exists in PHP 5
function str_ireplace($find, $replace, $string) {
if (!is_array($find)) {
$find = array($find);
}
if(!is_array($replace)) {
if (!is_array($find)) {
$replace = array($replace);
} else {
// this will duplicate the string into an array the size of $find
$c = count($find);
$rString = $replace;
unset($replace);
for ($i = 0; $i < $c; $i++) {
$replace[$i] = $rString;
}
}
}
foreach ($find as $fKey => $fItem) {
$between = explode(strtolower($fItem),strtolower($string));
$pos = 0;
foreach($between as $bKey => $bItem) {
$between[$bKey] = substr($string,$pos,strlen($bItem));
$pos += strlen($bItem) + strlen($fItem);
}
$string = implode($replace[$fKey],$between);
}
return ($string);
}
}
/**
* Locate the position of a string in another string
*
* This function is only used for versions of PHP older than version 5
* which do not have a native version of this function.
* Taken from the PHP manual, by dmarsh @ spscc.ctc.edu
*
* @param string $haystack The string to be searched
* @param string $needle The string to search for
* @param int $offset The position in $haystack where the search should begin.
*/
if (!function_exists('stripos')) { /// Only exists in PHP 5
function stripos($haystack, $needle, $offset=0) {
return strpos(strtoupper($haystack), strtoupper($needle), $offset);
}
}
/**
* This function will create a HTML link that will work on both
* Javascript and non-javascript browsers.
* Relies on the Javascript function openpopup in javascript.php
*
* $url must be relative to home page eg /mod/survey/stuff.php
* @param string $url Web link relative to home page
* @param string $name Name to be assigned to the popup window
* @param string $linkname Text to be displayed as web link
* @param int $height Height to assign to popup window
* @param int $width Height to assign to popup window
* @param string $title Text to be displayed as popup page title
* @param string $options List of additional options for popup window
* @todo Add code examples and list of some options that might be used.
* @param boolean $return Should the link to the popup window be returned as a string (true) or printed immediately (false)?
* @return string
* @uses $CFG
*/
function link_to_popup_window ($url, $name='popup', $linkname='click here',
$height=400, $width=500, $title='Popup window',
$options='none', $return=false) {
global $CFG;
if ($options == 'none') {
$options = 'menubar=0,location=0,scrollbars,resizable,width='. $width .',height='. $height;
}
$fullscreen = 0;
if (!(strpos($url,$CFG->wwwroot) === false)) { // some log url entries contain _SERVER[HTTP_REFERRER] in which case wwwroot is already there.
$url = substr($url, strlen($CFG->wwwroot));
}
$link = '$linkname ";
if ($return) {
return $link;
} else {
echo $link;
}
}
/**
* This function will print a button submit form element
* that will work on both Javascript and non-javascript browsers.
* Relies on the Javascript function openpopup in javascript.php
*
* $url must be relative to home page eg /mod/survey/stuff.php
* @param string $url Web link relative to home page
* @param string $name Name to be assigned to the popup window
* @param string $linkname Text to be displayed as web link
* @param int $height Height to assign to popup window
* @param int $width Height to assign to popup window
* @param string $title Text to be displayed as popup page title
* @param string $options List of additional options for popup window
* @param string $return If true, return as a string, otherwise print
* @return string
* @uses $CFG
*/
function button_to_popup_window ($url, $name='popup', $linkname='click here',
$height=400, $width=500, $title='Popup window', $options='none', $return=false,
$id='', $class='') {
global $CFG;
if ($options == 'none') {
$options = 'menubar=0,location=0,scrollbars,resizable,width='. $width .',height='. $height;
}
if ($id) {
$id = ' id="'.$id.'" ';
}
if ($class) {
$class = ' class="'.$class.'" ';
}
$fullscreen = 0;
$button = ' \n";
if ($return) {
return $button;
} else {
echo $button;
}
}
/**
* Prints a simple button to close a window
*/
function close_window_button($name='closewindow', $return=false) {
global $CFG;
$output = '';
$output .= '' . "\n";
$output .= '
';
$output .= '
' . "\n";
if ($return) {
return $output;
} else {
echo $output;
}
}
/*
* Try and close the current window immediately using Javascript
*/
function close_window($delay=0) {
?>
element as an onchange handler.
* @param string $nothingvalue The value corresponding to the $nothing option. Defaults to 0.
* @param boolean $return if false (the default) the the output is printed directly, If true, the
* generated HTML is returned as a string.
* @param boolean $disabled if true, the select is generated in a disabled state. Default, false.
* @param int $tabindex if give, sets the tabindex attribute on the <select> element. Default none.
* @param string $id value to use for the id attribute of the <select> element. If none is given,
* then a suitable one is constructed.
*/
function choose_from_menu ($options, $name, $selected='', $nothing='choose', $script='',
$nothingvalue='0', $return=false, $disabled=false, $tabindex=0, $id='') {
if ($nothing == 'choose') {
$nothing = get_string('choose') .'...';
}
$attributes = ($script) ? 'onchange="'. $script .'"' : '';
if ($disabled) {
$attributes .= ' disabled="disabled"';
}
if ($tabindex) {
$attributes .= ' tabindex="'.$tabindex.'"';
}
if ($id ==='') {
$id = 'menu'.$name;
// name may contaion [], which would make an invalid id. e.g. numeric question type editing form, assignment quickgrading
$id = str_replace('[', '', $id);
$id = str_replace(']', '', $id);
}
$output = '' . "\n";
if ($nothing) {
$output .= ' ' . "\n";
}
if (!empty($options)) {
foreach ($options as $value => $label) {
$output .= ' ' . "\n";
} else {
$output .= '>'. $label .' ' . "\n";
}
}
}
$output .= ' ' . "\n";
if ($return) {
return $output;
} else {
echo $output;
}
}
/**
* Choose value 0 or 1 from a menu with options 'No' and 'Yes'.
* Other options like choose_from_menu.
*/
function choose_from_menu_yesno($name, $selected, $script = '',
$return = false, $disabled = false, $tabindex = 0) {
return choose_from_menu(array(get_string('no'), get_string('yes')), $name,
$selected, '', $script, '0', $return, $disabled, $tabindex);
}
/**
* Just like choose_from_menu, but takes a nested array (2 levels) and makes a dropdown menu
* including option headings with the first level.
*/
function choose_from_menu_nested($options,$name,$selected='',$nothing='choose',$script = '',
$nothingvalue=0,$return=false,$disabled=false,$tabindex=0) {
if ($nothing == 'choose') {
$nothing = get_string('choose') .'...';
}
$attributes = ($script) ? 'onchange="'. $script .'"' : '';
if ($disabled) {
$attributes .= ' disabled="disabled"';
}
if ($tabindex) {
$attributes .= ' tabindex="'.$tabindex.'"';
}
$output = '' . "\n";
if ($return) {
return $output;
} else {
echo $output;
}
}
/**
* Given an array of values, creates a group of radio buttons to be part of a form
*
* @param array $options An array of value-label pairs for the radio group (values as keys)
* @param string $name Name of the radiogroup (unique in the form)
* @param string $checked The value that is already checked
*/
function choose_from_radio ($options, $name, $checked='', $return=false) {
static $idcounter = 0;
if (!$name) {
$name = 'unnamed';
}
$output = '\n";
if (!empty($options)) {
$currentradio = 0;
foreach ($options as $value => $label) {
$htmlid = 'auto-rb'.sprintf('%04d', ++$idcounter);
$output .= ' ";
$output .= ' '. $value .' ' . "\n";
} else {
$output .= ' /> '. $label .' ' . "\n";
}
$currentradio = ($currentradio + 1) % 2;
}
}
$output .= '' . "\n";
if ($return) {
return $output;
} else {
echo $output;
}
}
/** Display an standard html checkbox with an optional label
*
* @param string $name The name of the checkbox
* @param string $value The valus that the checkbox will pass when checked
* @param boolean $checked The flag to tell the checkbox initial state
* @param string $label The label to be showed near the checkbox
* @param string $alt The info to be inserted in the alt tag
*/
function print_checkbox ($name, $value, $checked = true, $label = '', $alt = '', $script='',$return=false) {
static $idcounter = 0;
if (!$name) {
$name = 'unnamed';
}
if ($alt) {
$alt = strip_tags($alt);
} else {
$alt = 'checkbox';
}
if ($checked) {
$strchecked = ' checked="checked"';
} else {
$strchecked = '';
}
$htmlid = 'auto-cb'.sprintf('%04d', ++$idcounter);
$output = '";
$output .= ' ';
if(!empty($label)) {
$output .= ' '.$label.' ';
}
$output .= ' '."\n";
if (empty($return)) {
echo $output;
} else {
return $output;
}
}
/** Display an standard html text field with an optional label
*
* @param string $name The name of the text field
* @param string $value The value of the text field
* @param string $label The label to be showed near the text field
* @param string $alt The info to be inserted in the alt tag
*/
function print_textfield ($name, $value, $alt = '',$size=50,$maxlength=0, $return=false) {
static $idcounter = 0;
if (empty($name)) {
$name = 'unnamed';
}
if (empty($alt)) {
$alt = 'textfield';
}
if (!empty($maxlength)) {
$maxlength = ' maxlength="'.$maxlength.'" ';
}
$htmlid = 'auto-tf'.sprintf('%04d', ++$idcounter);
$output = '";
$output .= ' ';
$output .= ' '."\n";
if (empty($return)) {
echo $output;
} else {
return $output;
}
}
/**
* Implements a complete little popup form
*
* @uses $CFG
* @param string $common The URL up to the point of the variable that changes
* @param array $options Alist of value-label pairs for the popup list
* @param string $formid Id must be unique on the page (originaly $formname)
* @param string $selected The option that is already selected
* @param string $nothing The label for the "no choice" option
* @param string $help The name of a help page if help is required
* @param string $helptext The name of the label for the help button
* @param boolean $return Indicates whether the function should return the text
* as a string or echo it directly to the page being rendered
* @param string $targetwindow The name of the target page to open the linked page in.
* @param string $selectlabel Text to place in a [label] element - preferred for accessibility.
* @param array $optionsextra TODO, an array?
* @return string If $return is true then the entire form is returned as a string.
* @todo Finish documenting this function
*/
function popup_form($common, $options, $formid, $selected='', $nothing='choose', $help='', $helptext='', $return=false,
$targetwindow='self', $selectlabel='', $optionsextra=NULL) {
global $CFG;
static $go, $choose; /// Locally cached, in case there's lots on a page
if (empty($options)) {
return '';
}
if (!isset($go)) {
$go = get_string('go');
}
if ($nothing == 'choose') {
if (!isset($choose)) {
$choose = get_string('choose');
}
$nothing = $choose.'...';
}
// changed reference to document.getElementById('id_abc') instead of document.abc
// MDL-7861
$output = '