Commit 8180ea8b authored by Nigel McNie's avatar Nigel McNie
Browse files

Merge commit 'origin/master' into importexport_master

parents fee0b18b 80671ecb
......@@ -53,7 +53,18 @@ if ($disable && !call_static_method(generate_class_name($plugintype, $pluginname
if ($enable || $disable) {
if ($plugintype == 'blocktype') {
$pluginname = blocktype_namespaced_to_single($pluginname);
if (strpos($pluginname, '/') !== false) {
list($artefact, $pluginname) = split('/', $pluginname);
// Don't enable blocktypes unless the artefact plugin that provides them is also enabled
if ($enable && !get_field('artefact_installed', 'active', 'name', $artefact)) {
$SESSION->add_error_msg(get_string('pluginnotenabled', 'mahara', $artefact));
redirect('/admin/extensions/plugins.php');
}
}
}
else if ($plugintype == 'artefact' && $disable) {
// Disable all the artefact's blocktypes too
set_field('blocktype_installed', 'active', 0, 'artefactplugin', $pluginname);
}
set_field($plugintype . '_installed', 'active', $enable, 'name', $pluginname);
$SESSION->add_ok_msg(get_string('plugin' . (($enable) ? 'enabled' : 'disabled')));
......
......@@ -236,6 +236,9 @@ class PluginArtefactFile extends PluginArtefact {
db_commit();
}
public static function can_be_disabled() {
return false;
}
}
abstract class ArtefactTypeFileBase extends ArtefactType {
......
......@@ -206,10 +206,6 @@ class PluginAuthInternal extends PluginAuth {
public static function get_instance_config_options() {
return array();
}
public static function can_be_disabled() {
return false;
}
}
?>
......@@ -1607,6 +1607,9 @@ class PluginAuth extends Plugin {
}
}
public static function can_be_disabled() {
return false;
}
}
?>
......@@ -49,7 +49,7 @@ class PluginBlocktypeTextbox extends SystemBlocktype {
$text = (isset($configdata['text'])) ? $configdata['text'] : '';
safe_require('artefact', 'file');
$text = ArtefactTypeFolder::append_view_url($text,$instance->get('view'));
return $text;
return clean_html($text);
}
/**
......
......@@ -67,7 +67,7 @@ $editgroup = pieform(array(
'grouptype' => array(
'type' => 'select',
'title' => get_string('grouptype', 'group'),
'options' => group_get_grouptype_options(),
'options' => group_get_grouptype_options($group_data->grouptype),
'defaultvalue' => $group_data->grouptype . '.' . $group_data->jointype,
'help' => true,
),
......
......@@ -61,6 +61,7 @@ $string['enable'] = 'Enable';
$string['disable'] = 'Disable';
$string['pluginenabled'] = 'Plugin enabled';
$string['plugindisabled'] = 'Plugin disabled';
$string['pluginnotenabled'] = 'Plugin not enabled. You must enable the %s plugin first.';
$string['next'] = 'Next';
$string['nextpage'] = 'Next page';
......
......@@ -908,8 +908,8 @@ function xmldb_core_upgrade($oldversion=0) {
if (is_postgres()) {
// Ensure all of the indexes and constraints are renamed
execute_sql("
ALTER TABLE {artefact_attachment} RENAME {blogpost} TO {artefact};
ALTER TABLE {artefact_attachment} RENAME {file} TO {attachment};
ALTER TABLE {artefact_attachment} RENAME blogpost TO artefact;
ALTER TABLE {artefact_attachment} RENAME file TO attachment;
ALTER INDEX {arteblogblogfile_blofil_pk} RENAME TO {arteatta_artatt_pk};
ALTER INDEX {arteblogblogfile_blo_ix} RENAME TO {arteatta_art_ix};
......
......@@ -795,10 +795,15 @@ function group_get_grouptypes() {
* If there is more than one group type with the same join type,
* prefix the join types with the group type for display.
*/
function group_get_grouptype_options() {
function group_get_grouptype_options($currentgrouptype=null) {
$groupoptions = array();
$jointypecount = array('open' => 0, 'invite' => 0, 'request' => 0, 'controlled' => 0);
foreach (group_get_grouptypes() as $grouptype) {
$grouptypes = group_get_grouptypes();
$enabled = array_map(create_function('$a', 'return $a->name;'), plugins_installed('grouptype'));
if (is_null($currentgrouptype) || in_array($currentgrouptype, $enabled)) {
$grouptypes = array_intersect($enabled, $grouptypes);
}
foreach ($grouptypes as $grouptype) {
safe_require('grouptype', $grouptype);
if (call_static_method('GroupType' . $grouptype, 'can_be_created_by_user')) {
$grouptypename = get_string('name', 'grouptype.' . $grouptype);
......
......@@ -15,3 +15,4 @@ Changes:
* Patched to not indent <p> at all, and not to indent <li>s with tabs
* Patched to not uppercase <b>, <strong>, h1-3 or th - it looks horrible and
messes with the link generation
* Security patch applied to remove use of /e modifier - see debian bug 524778
......@@ -149,8 +149,6 @@ class html2text
'/<script[^>]*>.*?<\/script>/i', // <script>s -- which strip_tags supposedly has problems with
'/<style[^>]*>.*?<\/style>/i', // <style>s -- which strip_tags supposedly has problems with
//'/<!-- .* -->/', // Comments -- which strip_tags might have problem a with
'/<h[123][^>]*>(.*?)<\/h[123]>/ie', // H1 - H3
'/<h[456][^>]*>(.*?)<\/h[456]>/ie', // H4 - H6
'/<p[^>]*>/i', // <P>
'/<br[^>]*>/i', // <br>
'/<b[^>]*>(.*?)<\/b>/i', // <b>
......@@ -161,14 +159,11 @@ class html2text
'/(<ol[^>]*>|<\/ol>)/i', // <ol> and </ol>
'/<li[^>]*>(.*?)<\/li>/i', // <li> and </li>
'/<li[^>]*>/i', // <li>
'/<a [^>]*href="([^"]+)"[^>]*>(.*?)<\/a>/ie',
// <a href="">
'/<hr[^>]*>/i', // <hr>
'/<img[^>]*alt="([^"]+)"[^>]*>/i', // <img>
'/(<table[^>]*>|<\/table>)/i', // <table> and </table>
'/(<tr[^>]*>|<\/tr>)/i', // <tr> and </tr>
'/<td[^>]*>(.*?)<\/td>/i', // <td> and </td>
'/<th[^>]*>(.*?)<\/th>/ie', // <th> and </th>
'/&(nbsp|#160);/i', // Non-breaking space
'/&(quot|rdquo|ldquo|#8220|#8221|#147|#148);/i',
// Double quotes
......@@ -202,8 +197,6 @@ class html2text
'', // <script>s -- which strip_tags supposedly has problems with
'', // <style>s -- which strip_tags supposedly has problems with
//'', // Comments -- which strip_tags might have problem a with
"ucwords(\"\n\n_\\1_\n\n\")", // H1 - H3
"ucwords(\"\n\n\\1\n\n\")", // H4 - H6
"\n\n", // <P>
"\n", // <br>
'_\\1_', // <b>
......@@ -214,14 +207,11 @@ class html2text
"\n\n", // <ol> and </ol>
" * \\1\n", // <li> and </li>
"\n * ", // <li>
'$this->_build_link_list("\\1", "\\2")',
// <a href="">
"\n-------------------------\n", // <hr>
"[\\1]", // <img>
"\n\n", // <table> and </table>
"\n", // <tr> and </tr>
"\t\t\\1\n", // <td> and </td>
"ucwords(\"\t\t\\1\n\")", // <th> and </th>
' ', // Non-breaking space
'"', // Double quotes
"'", // Single quotes
......@@ -240,6 +230,21 @@ class html2text
' ' // Runs of spaces, post-handling
);
/**
* List of preg* regular expression patterns to search for
* and replace using callback function.
*
* @var array $callback_search
* @access public
*/
var $callback_search = array(
'/<(h[123456])[^>]*>(.*?)<\/h[123456]>/i', // H1 - H6
'/<(a) [^>]*href=("|\')([^"\']+)\2[^>]*>(.*?)<\/a>/i',
// <a href="">
'/<(th)[^>]*>(.*?)<\/th>/i', // <th> and </th>
);
/**
* Contains a list of HTML tags to allow in the resulting text.
*
......@@ -424,6 +429,7 @@ class html2text
// Run our defined search-and-replace
$text = preg_replace($this->search, $this->replace, $text);
$text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
// Strip any other HTML tags
$text = strip_tags($text, $this->allowed_tags);
......@@ -486,6 +492,32 @@ class html2text
return $display . $additional;
}
/**
* Callback function for preg_replace_callback use.
*
* @param array PREG matches
* @return string
* @access private
*/
function _preg_callback($matches)
{
switch($matches[1])
{
case 'th':
return "\t\t" . ucwords($matches[2]) . "\n";
case 'h1':
case 'h2':
case 'h3':
return "\n\n_". ucwords($matches[2]) ."_\n\n";
case 'h4':
case 'h5':
case 'h6':
return "\n\n". ucwords($matches[2]) ."\n\n";
case 'a':
return $this->_build_link_list($matches[3], $matches[4]);
}
}
}
?>
......@@ -260,7 +260,7 @@ function mahara_clam_scan_file($file) {
throw new SystemException('clam_scan_file: not called correctly, read phpdoc for this function');
}
$pathtoclam = trim(get_config('pathtoclam'));
$pathtoclam = escapeshellcmd(trim(get_config('pathtoclam')));
if (!$pathtoclam || !file_exists($pathtoclam) || !is_executable($pathtoclam)) {
clam_mail_admins(get_string('clamlost', 'mahara', $pathtoclam));
......@@ -268,7 +268,7 @@ function mahara_clam_scan_file($file) {
return get_string('clambroken');
}
$cmd = $pathtoclam .' '. $fullpath ." 2>&1";
$cmd = $pathtoclam .' '. escapeshellarg($fullpath) ." 2>&1";
// before we do anything we need to change perms so that clamscan
// can read the file (clamdscan won't work otherwise)
......
......@@ -96,10 +96,6 @@ class PluginNotificationInternal extends PluginNotification {
public static function deleteuser($event, $user) {
delete_records('notification_internal_activity', 'usr', $user['id']);
}
public static function can_be_disabled() {
return false;
}
}
?>
......@@ -30,5 +30,8 @@ abstract class PluginNotification extends Plugin {
public abstract static function notify_user($user, $data);
public static function can_be_disabled() {
return false;
}
}
?>
......@@ -59,7 +59,7 @@ $title = $view->get('title');
define('TITLE', $title);
$submittedgroup = (int)$view->get('submittedto');
if ($submittedgroup && group_user_can_assess_submitted_views($submittedgroup, $USER->get('id'))) {
if ($USER->is_logged_in() && $submittedgroup && group_user_can_assess_submitted_views($submittedgroup, $USER->get('id'))) {
// The user is a tutor of the group that this view has
// been submitted to, and is entitled to release the view, and to
// upload an additional file when submitting feedback.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment