Commit 984fc55a authored by Donal McMullan's avatar Donal McMullan
Browse files
parents 6645a7e5 10a451fe
......@@ -36,6 +36,7 @@ $string['attachedfiles'] = 'Attached files';
$string['attachments'] = 'Attachments';
$string['blogdesc'] = 'Description';
$string['blogdescdesc'] = 'e.g., ‘A record of Jill\'s experiences and reflections’.';
$string['blogdoesnotexist'] = 'You are trying to access a blog that does not exist';
$string['blogfilesdirdescription'] = 'Files uploaded as blog post attachments';
$string['blogfilesdirname'] = 'blogfiles';
$string['blogpost'] = 'blog post';
......@@ -105,6 +106,7 @@ $string['title'] = 'Title';
$string['update'] = 'Update';
$string['verticalspace'] = 'Vertical space';
$string['viewblog'] = 'View Blog';
$string['youarenottheownerofthisblog'] = 'You are not the owner of this blog';
$string['youarenottheownerofthisblogpost'] = 'You are not the owner of this blog post';
$string['cannotdeleteblogpost'] = 'An error occured removing this blog post.';
......
......@@ -135,20 +135,30 @@ class ArtefactTypeBlog extends ArtefactType {
* @param object
*/
public function __construct($id = 0, $data = null) {
global $USER;
parent::__construct($id, $data);
if (!$data && $this->id
&& ($blogdata = get_record('artefact_blog_blog', 'blog', $this->id))) {
foreach($blogdata as $name => $value) {
if (property_exists($this, $name)) {
$this->$name = $value;
if (!$data) {
if ($this->id
&& ($blogdata = get_record('artefact_blog_blog', 'blog', $this->id))) {
foreach($blogdata as $name => $value) {
if (property_exists($this, $name)) {
$this->$name = $value;
}
}
}
else {
// This should never happen unless the user is playing around with blog IDs in the location bar or similar
throw new ArtefactNotFoundException(get_string('blogdoesnotexist', 'artefact.blog'));
}
}
if (empty($this->id)) {
$this->container = 1;
}
else if ($this->owner != $USER->get('id')) {
throw new AccessDeniedException(get_string('youarenottheownerofthisblogpost', 'artefact.blog'));
}
}
public function is_container() {
......@@ -424,15 +434,26 @@ class ArtefactTypeBlogPost extends ArtefactType {
* @param object
*/
public function __construct($id = 0, $data = null) {
global $USER;
parent::__construct($id, $data);
if (!$data && $this->id
&& ($bpdata = get_record('artefact_blog_blogpost', 'blogpost', $this->id))) {
foreach($bpdata as $name => $value) {
if (property_exists($this, $name)) {
$this->$name = $value;
if (!$data) {
if ($this->id
&& ($bpdata = get_record('artefact_blog_blogpost', 'blogpost', $this->id))) {
foreach($bpdata as $name => $value) {
if (property_exists($this, $name)) {
$this->$name = $value;
}
}
}
else {
// This should never happen unless the user is playing around with blog post IDs in the location bar or similar
throw new ArtefactNotFoundException(get_string('blogpostdoesnotexist', 'artefact.blog'));
}
}
if ($this->owner != $USER->get('id')) {
throw new AccessDeniedException(get_string('youarenottheownerofthisblogpost', 'artefact.blog'));
}
}
......
......@@ -52,6 +52,12 @@ $SESSION->set('createid', $createid + 1);
$blogpost = param_integer('blogpost', 0);
if (!$blogpost) {
$blog = param_integer('blog');
if (!get_record('artefact', 'id', $blog, 'owner', $USER->get('id'))) {
// Blog security is also checked closer to when blogs are added, this
// check ensures that malicious users do not even see the screen for
// adding a post to a blog that is not theirs
throw new AccessDeniedException(get_string('youarenottheownerofthisblog', 'artefact.blog'));
}
$title = '';
$description = '';
$checked = '';
......@@ -62,9 +68,6 @@ if (!$blogpost) {
}
else {
$blogpostobj = new ArtefactTypeBlogPost($blogpost);
if ($blogpostobj->get('owner') != $USER->get('id')) {
return;
}
$blog = $blogpostobj->get('parent');
$title = $blogpostobj->get('title');
$description = $blogpostobj->get('description');
......@@ -674,7 +677,7 @@ EOF;
// the execcommand_callback.
$content_css = json_encode(theme_get_url('style/tinymce.css'));
$language = substr(get_config('lang'), 0, 2);
$language = substr(current_language(), 0, 2);
$tinymceinit = <<<EOF
<script type="text/javascript">
tinyMCE.init({
......
......@@ -83,6 +83,20 @@ $cfg->log_environ_targets = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;
// but probably only warnings are useful on a live site.
$cfg->log_backtrace_levels = LOG_LEVEL_WARN | LOG_LEVEL_ENVIRON;
// Developer mode
// When set, the following things (among others) will happen:
//
// * 'debug.js' will be included on each page. You can edit this file to add
// debugging javascript at your discretion
// * 'debug.css' will be included on each page. You can edit this file to add
// debugging CSS at your discretion
// * firebuglite will be included, if you are not using Firefox
// * the unpacked version of MochiKit will be used
//
// These options are a performance hit otherwise, enable when you are
// developing for Mahara
$cfg->developermode = false;
// capture performance information and print it
// $cfg->perftofoot = true; // needs a call to mahara_performance_info (smarty callback) - see default theme's footer.tpl
// $cfg->perftolog = true;
......
MochiKit.js
\ No newline at end of file
/*
* debug.js - for developer use
*
* If you're developing for Mahara, you can put any javascript you want to use
* for debugging in here.
*
* This file will only be included if the configuration setting 'developermode'
* is enabled. You can enable this in config.php
*/
/*
* gives a nice, stable string representation for objects,
* ignoring any methods
*/
debugObject = function (obj) {
// gives a nice, stable string representation for objects,
// ignoring any methods
var keyValuePairs = [];
for (var k in obj) {
var v = obj[k];
......@@ -17,8 +29,10 @@ debugObject = function (obj) {
).join(", ") + "}");
};
/*
* gives a nice, stable string representation for objects
*/
debugObjectAll = function (obj) {
// gives a nice, stable string representation for objects
var keyValuePairs = [];
for (var k in obj) {
var v = obj[k];
......
html, body {
margin: 0;
background: #FFFFFF;
font-family: Lucida Grande, Tahoma, sans-serif;
font-size: 11px;
overflow: hidden;
}
a {
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
.toolbar {
height: 14px;
border-top: 1px solid ThreeDHighlight;
border-bottom: 1px solid ThreeDShadow;
padding: 2px 6px;
background: ThreeDFace;
}
.toolbarRight {
position: absolute;
top: 4px;
right: 6px;
}
#log {
overflow: auto;
position: absolute;
left: 0;
width: 100%;
}
#commandLine {
position: absolute;
bottom: 0;
left: 0;
width: 100%;
height: 18px;
border: none;
border-top: 1px solid ThreeDShadow;
}
/************************************************************************************************/
.logRow {
position: relative;
border-bottom: 1px solid #D7D7D7;
padding: 2px 4px 1px 6px;
background-color: #FFFFFF;
}
.logRow-command {
font-family: Monaco, monospace;
color: blue;
}
.objectBox-null {
padding: 0 2px;
border: 1px solid #666666;
background-color: #888888;
color: #FFFFFF;
}
.objectBox-string {
font-family: Monaco, monospace;
color: red;
white-space: pre;
}
.objectBox-number {
color: #000088;
}
.objectBox-function {
font-family: Monaco, monospace;
color: DarkGreen;
}
.objectBox-object {
color: DarkGreen;
font-weight: bold;
}
/************************************************************************************************/
.logRow-info,
.logRow-error,
.logRow-warning {
background: #FFFFFF no-repeat 2px 2px;
padding-left: 20px;
padding-bottom: 3px;
}
.logRow-info {
background-image: url(infoIcon.png);
}
.logRow-warning {
background-color: cyan;
background-image: url(warningIcon.png);
}
.logRow-error {
background-color: LightYellow;
background-image: url(errorIcon.png);
}
.errorMessage {
vertical-align: top;
color: #FF0000;
}
.objectBox-sourceLink {
position: absolute;
right: 4px;
top: 2px;
padding-left: 8px;
font-family: Lucida Grande, sans-serif;
font-weight: bold;
color: #0000FF;
}
/************************************************************************************************/
.logRow-group {
background: #EEEEEE;
border-bottom: none;
}
.logGroup {
background: #EEEEEE;
}
.logGroupBox {
margin-left: 24px;
border-top: 1px solid #D7D7D7;
border-left: 1px solid #D7D7D7;
}
/************************************************************************************************/
.selectorTag,
.selectorId,
.selectorClass {
font-family: Monaco, monospace;
font-weight: normal;
}
.selectorTag {
color: #0000FF;
}
.selectorId {
color: DarkBlue;
}
.selectorClass {
color: red;
}
/************************************************************************************************/
.objectBox-element {
font-family: Monaco, monospace;
color: #000088;
}
.nodeChildren {
margin-left: 16px;
}
.nodeTag {
color: blue;
}
.nodeValue {
color: #FF0000;
font-weight: normal;
}
.nodeText,
.nodeComment {
margin: 0 2px;
vertical-align: top;
}
.nodeText {
color: #333333;
}
.nodeComment {
color: DarkGreen;
}
/************************************************************************************************/
.propertyNameCell {
vertical-align: top;
}
.propertyName {
font-weight: bold;
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Firebug</title>
<link rel="stylesheet" type="text/css" href="firebug.css">
</head>
<body>
<div id="toolbar" class="toolbar">
<a href="#" onclick="parent.console.clear()">Clear</a>
<span class="toolbarRight">
<a href="#" onclick="parent.console.close()">Close</a>
</span>
</div>
<div id="log"></div>
<input type="text" id="commandLine">
<script>parent.onFirebugReady(document);</script>
</body>
</html>
if (!("console" in window) || !("firebug" in console)) {
(function()
{
window.console =
{
log: function()
{
logFormatted(arguments, "");
},
debug: function()
{
logFormatted(arguments, "debug");
},
info: function()
{
logFormatted(arguments, "info");
},
warn: function()
{
logFormatted(arguments, "warning");
},
error: function()
{
logFormatted(arguments, "error");
},
assert: function(truth, message)
{
if (!truth)
{
var args = [];
for (var i = 1; i < arguments.length; ++i)
args.push(arguments[i]);
logFormatted(args.length ? args : ["Assertion Failure"], "error");
throw message ? message : "Assertion Failure";
}
},
dir: function(object)
{
var html = [];
var pairs = [];
for (var name in object)
{
try
{
pairs.push([name, object[name]]);
}
catch (exc)
{
}
}
pairs.sort(function(a, b) { return a[0] < b[0] ? -1 : 1; });
html.push('<table>');
for (var i = 0; i < pairs.length; ++i)
{
var name = pairs[i][0], value = pairs[i][1];
html.push('<tr>',
'<td class="propertyNameCell"><span class="propertyName">',
escapeHTML(name), '</span></td>', '<td><span class="propertyValue">');
appendObject(value, html);
html.push('</span></td></tr>');
}
html.push('</table>');
logRow(html, "dir");
},
dirxml: function(node)
{
var html = [];
appendNode(node, html);
logRow(html, "dirxml");
},
group: function()
{
logRow(arguments, "group", pushGroup);
},
groupEnd: function()
{
logRow(arguments, "", popGroup);
},
time: function(name)
{
timeMap[name] = (new Date()).getTime();
},
timeEnd: function(name)
{
if (name in timeMap)
{
var delta = (new Date()).getTime() - timeMap[name];
logFormatted([name+ ":", delta+"ms"]);
delete timeMap[name];
}
},
count: function()
{
this.warn(["count() not supported."]);
},
trace: function()
{
this.warn(["trace() not supported."]);
},
profile: function()
{
this.warn(["profile() not supported."]);
},
profileEnd: function()
{
},
clear: function()
{
consoleBody.innerHTML = "";
},
open: function()
{
toggleConsole(true);
},
close: function()
{
if (frameVisible)
toggleConsole();
}
};
// ********************************************************************************************
var consoleFrame = null;
var consoleBody = null;
var commandLine = null;
var frameVisible = false;
var messageQueue = [];
var groupStack = [];
var timeMap = {};
var clPrefix = ">>> ";
var isFirefox = navigator.userAgent.indexOf("Firefox") != -1;
var isIE = navigator.userAgent.indexOf("MSIE") != -1;
var isOpera = navigator.userAgent.indexOf("Opera") != -1;
var isSafari = navigator.userAgent.indexOf("AppleWebKit") != -1;
// ********************************************************************************************
function toggleConsole(forceOpen)
{
frameVisible = forceOpen || !frameVisible;
if (consoleFrame)
consoleFrame.style.visibility = frameVisible ? "visible" : "hidden";
else
waitForBody();
}
function focusCommandLine()
{
toggleConsole(true);
if (commandLine)
commandLine.focus();
}
function waitForBody()
{
if (document.body)
createFrame();
else
setTimeout(waitForBody, 200);
}
function createFrame()
{
if (consoleFrame)
return;
window.onFirebugReady = function(doc)
{
window.onFirebugReady = null;
var toolbar = doc.getElementById("toolbar");
toolbar.onmousedown = onSplitterMouseDown;
commandLine = doc.getElementById("commandLine");
addEvent(commandLine, "keydown", onCommandLineKeyDown);
addEvent(doc, isIE || isSafari ? "keydown" : "keypress", onKeyDown);