Commit c61916a5 authored by Aaron Wells's avatar Aaron Wells
Browse files

Removing the Web UI for additional HTML items

Bug1073625: Removing this feature per Mahara's security standard of assuming the admin web account
is more easily compromised than the filesystem or database. In order for this feature to be useful,
it needs to be able to print Javascript, on every page in the site, in the header and footer.

Change-Id: Id2337c66d037dced514e0cc347370d97cac80093
parent a2e016f5
<?php
/**
* Mahara: Electronic portfolio, weblog, resume builder and social networking
* Copyright (C) 2012 Catalyst IT Ltd and others; see:
* http://wiki.mahara.org/Contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package mahara
* @subpackage admin
* @author Ruslan Kabalin
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2012 Lancaster University
*
*/
define('INTERNAL', 1);
define('ADMIN', 1);
define('MENUITEM', 'configsite/additionalhtml');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'admin');
define('SECTION_PAGE', 'additionalhtml');
require(dirname(dirname(dirname(__FILE__))).'/init.php');
require_once('pieforms/pieform.php');
define('TITLE', get_string('additionalhtml', 'admin'));
define('DEFAULTPAGE', 'additionalhtmlhead');
$additionalhtmlitemnames = site_content_additional_html_items();
$additionalhtmlitems = get_records_select_assoc(
'site_content',
'name IN (' . join(',', array_fill(0, count($additionalhtmlitemnames), '?')) . ')',
$additionalhtmlitemnames
);
$additionalhtmloptions = array();
$additionalhtmlcontent = array();
foreach ($additionalhtmlitemnames as $itemname) {
$additionalhtmloptions[$itemname] = get_string($additionalhtmlitems[$itemname]->name, 'admin');
$additionalhtmlcontent[$itemname] = $additionalhtmlitems[$itemname]->content;
}
$form = pieform(array(
'name' => 'editadditionalhtmlcontent',
'jsform' => true,
'jssuccesscallback' => 'contentSaved',
'elements' => array(
'contentname' => array(
'type' => 'select',
'title' => get_string('additionalhtmllocation', 'admin'),
'defaultvalue' => DEFAULTPAGE,
'options' => $additionalhtmloptions
),
'contenthtml' => array(
'name' => 'contenthtml',
'type' => 'textarea',
'rows' => 25,
'cols' => 100,
'title' => get_string('additionalhtmlcontent', 'admin'),
'defaultvalue' => $additionalhtmlcontent[DEFAULTPAGE],
'rules' => array(
'maxlength' => 65536,
)
),
'submit' => array(
'type' => 'submit',
'value' => get_string('savechanges', 'admin')
),
)
));
function editadditionalhtmlcontent_submit(Pieform $form, $values) {
global $USER;
$data = new StdClass;
$data->name = $values['contentname'];
$data->content = $values['contenthtml'];
$data->mtime = db_format_timestamp(time());
$data->mauthor = $USER->get('id');
try {
update_record('site_content', $data, 'name');
}
catch (SQLException $e) {
$form->reply(PIEFORM_ERR, get_string('savefailed', 'admin'));
}
$form->reply(PIEFORM_OK, get_string('additionalhtmlsaved', 'admin'));
}
$smarty = smarty(array('adminsitehtmlcontent'), array(), array('admin' => array('discardcontentedits')));
$smarty->assign('contenteditform', $form);
$smarty->assign('PAGEHEADING', TITLE);
$smarty->display('admin/site/additionalhtml.tpl');
/**
* Automatically populates the WYSIWYG box on the site pages screen
* with the content of the appropriate page
* @source: http://gitorious.org/mahara/mahara
*
* @licstart
* Copyright (C) 2012 Catalyst IT Ltd
* Copyright (C) 2012 Lancaster University
*
* The JavaScript code in this page is free software: you can
* redistribute it and/or modify it under the terms of the GNU
* General Public License (GNU GPL) as published by the Free Software
* Foundation, either version 3 of the License, or (at your option)
* any later version. The code is distributed WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
*
* As additional permission under GNU GPL version 3 section 7, you
* may distribute non-source (e.g., minimized or compacted) forms of
* that code without the copy of the GNU GPL normally required by
* section 4, provided you include this license notice and a URL
* through which recipients can access the Corresponding Source.
* @licend
*/
var oldPageContent = '';
var oldPageName = 'additionalhtmlhead';
var checkOldContent = false;
function updateText() {
if (checkOldContent && oldPageContent != $('editadditionalhtmlcontent_contenthtml').value && !confirm(get_string('discardcontentedits', 'admin'))) {
$('editadditionalhtmlcontent_contentname').value = oldPageName;
return;
}
checkOldContent = true;
sendjsonrequest(
'editchangecontent.json.php',
{'contentname' : $('editadditionalhtmlcontent_contentname').value},
'POST',
function(data) {
if (!data.error) {
$('editadditionalhtmlcontent_contenthtml').value = data.content;
oldPageContent = $('editadditionalhtmlcontent_contenthtml').value;
oldPageName = $('editadditionalhtmlcontent_contentname').value;
}
}
);
}
function connectElements() {
connect('editadditionalhtmlcontent_contentname', 'onchange', updateText);
}
/* Pieform callback*/
function contentSaved(form, data) {
connectElements();
oldPageContent = $('editadditionalhtmlcontent_contenthtml').value;
formSuccess(form, data);
}
addLoadEvent(function() {
connectElements();
updateText();
});
......@@ -426,18 +426,6 @@ $string['sitepageloaded'] = 'Site page loaded';
$string['termsandconditions'] = 'Terms and conditions';
$string['uploadcopyright'] = 'Upload copyright statement';
// Additional html content
$string['additionalhtml'] = 'Additional HTML';
$string['additionalhtmlcontent'] = 'Content';
$string['additionalhtmldescription'] = 'Edit HTML content that you want to add to every page. This allows you to embed counters and services like Google Analytics. You can define HTML that will be added before the closing HEAD tag for the page, immediately after the BODY tag has been opened, or immediately before the BODY tag is closed.';
$string['additionalhtmlfooter'] = 'Before BODY is closed';
$string['additionalhtmlhead'] = 'Within HEAD';
$string['additionalhtmllocation'] = 'Location';
$string['additionalhtmlsaved'] = 'Content saved';
$string['additionalhtmltopofbody'] = 'When BODY is opened';
$string['discardcontentedits'] = 'Discard your changes?';
$string['loadsitecontentfailed'] = 'Unable to load any content for %s';
// Links and resources menu editor
$string['sitefile'] = 'Site file';
$string['adminpublicdirname'] = 'public'; // Name of the directory in which to store public admin files
......
......@@ -1911,12 +1911,6 @@ function admin_nav() {
'title' => get_string('Files', 'artefact.file'),
'weight' => 80,
),
'configsite/additionalhtml' => array(
'path' => 'configsite/additionalhtml',
'url' => 'admin/site/additionalhtml.php',
'title' => get_string('additionalhtml', 'admin'),
'weight' => 90
),
'configusers' => array(
'path' => 'configusers',
'url' => 'admin/users/search.php',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment