search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-15942 - separate data escaped for database entry from unescaped data
[moodle-linuxchix.git] / blog / index.php
blobcecb7b7005d17c818cb572318b34d8186f253358
1 <?php // $Id$
2
3 /**
4 * file index.php
5 * index page to view blogs. if no blog is specified then site wide entries are shown
6 * if a blog id is specified then the latest entries from that blog are shown
7 */
8
9 require_once('../config.php');
10 require_once($CFG->dirroot .'/blog/lib.php');
11 require_once($CFG->libdir .'/blocklib.php');
12
13 $id = optional_param('id', 0, PARAM_INT);
14 $start = optional_param('formstart', 0, PARAM_INT);
15 $userid = optional_param('userid', 0, PARAM_INT);
16 $tag = optional_param('tag', '', PARAM_NOTAGS);
17 $tagid = optional_param('tagid', 0, PARAM_INT);
18 $postid = optional_param('postid', 0, PARAM_INT);
19 $filtertype = optional_param('filtertype', '', PARAM_ALPHA);
20 $filterselect = optional_param('filterselect', 0, PARAM_INT);
21
22 $edit = optional_param('edit', -1, PARAM_BOOL);
23 $courseid = optional_param('courseid', 0, PARAM_INT); // needed for user tabs and course tracking
24
25
26 if (empty($CFG->bloglevel)) {
27 error('Blogging is disabled!');
28 }
29
30 $sitecontext = get_context_instance(CONTEXT_SYSTEM);
31
32
33 // change block edit staus if not guest and logged in
34 if (isloggedin() and !isguest() and $edit != -1) {
35 $SESSION->blog_editing_enabled = $edit;
36 }
37
38 if (empty($filtertype)) {
39 if ($userid) { // default to user if specified
40 $filtertype = 'user';
41 $filterselect = $userid;
42 } else if (has_capability('moodle/blog:view', $sitecontext) and $CFG->bloglevel > BLOG_USER_LEVEL) {
43 if ($postid) {
44 $filtertype = 'user';
45 if (!$postobject = get_record('post', 'module', 'blog', 'id', $postid)) {
46 error('No such blog entry');
47 }
48 $filterselect = $postobject->userid;
49 } else {
50 $filtertype = 'site';
51 $filterselect = '';
52 }
53 } else {
54 // user might have capability to write blogs, but not read blogs at site level
55 // users might enter this url manually without parameters
56 $filtertype = 'user';
57 $filterselect = $USER->id;
58 }
59 }
60 /// check access and prepare filters
61
62 switch ($filtertype) {
63
64 case 'site':
65 if ($CFG->bloglevel < BLOG_SITE_LEVEL) {
66 error('Site blogs is not enabled');
67 }
68 if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
69 require_login();
70 }
71 if (!has_capability('moodle/blog:view', $sitecontext)) {
72 error('You do not have the required permissions to view all site blogs');
73 }
74 break;
75
76 case 'course':
77 if ($CFG->bloglevel < BLOG_COURSE_LEVEL) {
78 error('Course blogs is not enabled');
79 }
80 if (!$course = get_record('course', 'id', $filterselect)) {
81 error('Incorrect course id specified');
82 }
83 $courseid = $course->id;
84 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
85 require_login($course);
86 if (!has_capability('moodle/blog:view', $coursecontext)) {
87 error('You do not have the required permissions to view blogs in this course');
88 }
89 break;
90
91 case 'group':
92 if ($CFG->bloglevel < BLOG_GROUP_LEVEL) {
93 error('Group blogs is not enabled');
94 }
95
96 // fix for MDL-9268
97 if (! $group = groups_get_group($filterselect)) { //TODO:check.
98 error('Incorrect group id specified');
99 }
100 if (!$course = get_record('course', 'id', $group->courseid)) {
101 error('Incorrect course id specified');
102 }
103 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);
104 $courseid = $course->id;
105 require_login($course);
106 if (!has_capability('moodle/blog:view', $coursecontext)) {
107 error('You do not have the required permissions to view blogs in this course/group');
108 }
109 if (groups_get_course_groupmode($course) == SEPARATEGROUPS
110 and !has_capability('moodle/site:accessallgroups', $coursecontext)) {
111 if (!groups_is_member($filterselect)) {
112 error ('You are not a member of this course group');
113 }
114 }
115
116 break;
117
118 case 'user':
119 if ($CFG->bloglevel < BLOG_USER_LEVEL) {
120 error('Blogs is not enabled');
121 }
122 if (!$user = get_record('user', 'id', $filterselect)) {
123 error('Incorrect user id');
124 }
125 if ($user->deleted) {
126 print_header();
127 print_heading(get_string('userdeleted'));
128 print_footer();
129 die;
130 }
131
132 if ($USER->id == $filterselect) {
133 if (!has_capability('moodle/blog:create', $sitecontext)
134 and !has_capability('moodle/blog:view', $sitecontext)) {
135 error('You do not have your own blog, sorry.');
136 }
137 } else {
138 $personalcontext = get_context_instance(CONTEXT_USER, $filterselect);
139 if (!has_capability('moodle/blog:view', $sitecontext)
140 and !has_capability('moodle/user:readuserblogs', $personalcontext)) {
141 error('You do not have the required permissions to read user blogs');
142 }
143 if (!blog_user_can_view_user_post($filterselect)) {
144 error('You can not view blog of this user, sorry.');
145 }
146 }
147 $userid = $filterselect;
148
149 if (!empty($courseid)) {
150 require_login($courseid);
151 }
152
153 break;
154
155 default:
156 error('Incorrect blog filter type specified');
157 break;
158 }
159
160 if (empty($courseid)) {
161 $courseid = SITEID;
162 }
163
164 include($CFG->dirroot .'/blog/header.php');
165
166 blog_print_html_formatted_entries($postid, $filtertype, $filterselect, $tagid, $tag);
167
168 add_to_log($courseid, 'blog', 'view', 'index.php?filtertype='.$filtertype.'&amp;filterselect='.$filterselect.'&amp;postid='.$postid.'&amp;tagid='.$tagid.'&amp;tag='.$tag, 'view blog entry');
169
170 include($CFG->dirroot .'/blog/footer.php');
171
172
173 ?>
Moodle Repo, with LinuxChix modifications