From 0f039283020c963c9067d4b205d8e06afeee5c41 Mon Sep 17 00:00:00 2001
From: scyrma <scyrma>
Date: Mon, 25 Feb 2008 05:48:53 +0000
Subject: [PATCH] MDL-13404 - merge from 1.9

---
 tag/edit.php             |   4 +-
 tag/lib.php              | 109 +++++++++++++++++++--------------------
 tag/locallib.php         |  18 ++++---
 tag/search.php           |   2 +-
 tag/tag_autocomplete.php |   2 +-
 5 files changed, 68 insertions(+), 67 deletions(-)

diff --git a/tag/edit.php b/tag/edit.php
index 6ee097a9dafef..768bd8c08eaaa 100644
--- a/tag/edit.php
+++ b/tag/edit.php
@@ -28,8 +28,8 @@
 require_capability('moodle/tag:edit', $systemcontext);
 
 // set the relatedtags field of the $tag object that will be passed to the form
-//$tag->relatedtags = tag_names_csv(get_item_tags('tag',$tagid));
-$tag->relatedtags = tag_get_related_tags_csv(tag_get_related_tags($tag->id), TAG_RETURN_TEXT);
+// need to use html_entity_decode because formslib does it for us later on.
+$tag->relatedtags = html_entity_decode(tag_get_related_tags_csv(tag_get_related_tags($tag->id), TAG_RETURN_TEXT));
 
 if (can_use_html_editor()) {
     $options = new object();
diff --git a/tag/lib.php b/tag/lib.php
index 3cfed185ae260..14f4d2a17ee13 100644
--- a/tag/lib.php
+++ b/tag/lib.php
@@ -354,7 +354,7 @@ function tag_get_related_tags_csv($related_tags, $html=TAG_RETURN_HTML) {
     $tags_names = array();
     foreach($related_tags as $tag) {
         if ( $html == TAG_RETURN_TEXT) {
-            $tags_names[] = rawurlencode(tag_display_name($tag));
+            $tags_names[] = tag_display_name($tag);
         } else {
             // TAG_RETURN_HTML
             $tags_names[] = '<a href="'. $CFG->wwwroot .'/tag/index.php?tag='. rawurlencode($tag->name) .'">'. tag_display_name($tag) .'</a>';
@@ -672,6 +672,35 @@ function tag_cron() {
     tag_compute_correlations();
 }
 
+/**
+ * Search for tags with names that match some text
+ *
+ * @param string $text escaped string that the tag names will be matched against
+ * @param boolean $ordered If true, tags are ordered by their popularity. If false, no ordering.
+ * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
+ * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
+ * @return mixed an array of objects, or false if no records were found or an error occured.
+ */
+function tag_find_tags($text, $ordered=true, $limitfrom='', $limitnum='') {
+
+    global $CFG;
+
+    $text = array_shift(tag_normalize($text, TAG_CASE_LOWER));
+
+    if ($ordered) {
+        $query = "SELECT tg.id, tg.name, tg.rawname, COUNT(ti.id) AS count ".
+            "FROM {$CFG->prefix}tag tg LEFT JOIN {$CFG->prefix}tag_instance ti ON tg.id = ti.tagid ".
+            "WHERE tg.name LIKE '%{$text}%' ".
+            "GROUP BY tg.id, tg.name, tg.rawname ".
+            "ORDER BY count DESC";
+    } else {
+        $query = "SELECT tg.id, tg.name, tg.rawname ".
+            "FROM {$CFG->prefix}tag tg ".
+            "WHERE tg.name LIKE '%{$text}%'";
+    }
+    return get_records_sql($query, $limitfrom , $limitnum);
+}
+
 /** 
  * Get the name of a tag
  * 
@@ -725,12 +754,14 @@ function tag_get_correlated($tag_id, $limitnum=null) {
  * Function that normalizes a list of tag names.
  *
  * @param mixed $tags array of tags, or a single tag.
- * @param int $case case to use for returned value (default: lower case). Either CASE_LOWER or CASE_UPPER
- * @return array of lowercased normalized tags, indexed by the normalized tag. (Eg: 'Banana' => 'banana')
+ * @param int $case case to use for returned value (default: lower case). 
+ *     Either TAG_CASE_LOWER (default) or TAG_CASE_ORIGINAL
+ * @return array of lowercased normalized tags, indexed by the normalized tag, 
+ *     in the same order as the original array. (Eg: 'Banana' => 'banana').
  */
 function tag_normalize($rawtags, $case = TAG_CASE_LOWER) {
 
-    // cache normalized tags, to prevent (in some cases) costly (repeated) calls to clean_param
+    // cache normalized tags, to prevent costly repeated calls to clean_param
     static $cleaned_tags_lc = array(); // lower case - use for comparison
     static $cleaned_tags_mc = array(); // mixed case - use for saving to database
 
@@ -758,39 +789,33 @@ function tag_normalize($rawtags, $case = TAG_CASE_LOWER) {
     return $result;
 }
 
-
 /**
- * Search for tags with names that match some text
+ * Count how many records are tagged with a specific tag,
  *
- * @param string $text escaped string that the tag names will be matched against
- * @param boolean $ordered If true, tags are ordered by their popularity. If false, no ordering.
- * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
- * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
- * @return mixed an array of objects, or false if no records were found or an error occured.
+ * @param string $record record to look for ('post', 'user', etc.)
+ * @param int $tag is a single tag id
+ * @return int number of mathing tags.
  */
-function tag_find_tags($text, $ordered=true, $limitfrom='', $limitnum='') {
-
-    global $CFG;
-
-    $text = array_shift(tag_normalize($text, TAG_CASE_LOWER));
+function tag_record_count($record_type, $tagid) {
+    return count_records('tag_instance', 'itemtype', $record_type, 'tagid', $tagid);
+}
 
-    if ($ordered) {
-        $query = "SELECT tg.id, tg.name, tg.rawname, COUNT(ti.id) AS count ".
-            "FROM {$CFG->prefix}tag tg LEFT JOIN {$CFG->prefix}tag_instance ti ON tg.id = ti.tagid ".
-            "WHERE tg.name LIKE '%{$text}%' ".
-            "GROUP BY tg.id, tg.name, tg.rawname ".
-            "ORDER BY count DESC";
+/**
+ * Determine if a record is tagged with a specific tag  
+ *
+ * @param string $record_type the record type to look for
+ * @param int $record_id the record id to look for
+ * @param string $tag a tag name
+ * @return bool true if it is tagged, false otherwise
+ */
+function tag_record_tagged_with($record_type, $record_id, $tag) {
+    if ($tagid = tag_get_id($tag)) {
+        return count_records('tag_instance', 'itemtype', $record_type, 'itemid', $record_id, 'tagid', $tagid);
     } else {
-        $query = "SELECT tg.id, tg.name, tg.rawname ".
-            "FROM {$CFG->prefix}tag tg ".
-            "WHERE tg.name LIKE '%{$text}%'";
+        return 0; // tag doesn't exist
     }
-    return get_records_sql($query, $limitfrom , $limitnum);
 }
 
-///////////////////////////////////////////////////////////
-////// functions copied over from the first version //////
-
 /**
  * Flag a tag as inapropriate
  * 
@@ -827,30 +852,4 @@ function tag_unset_flag($tagids) {
     return execute_sql('UPDATE '. $CFG->prefix .'tag tg SET tg.flag = 0, tg.timemodified = '. $timemodified .' WHERE tg.id IN ('. $tagids .')', false);
 }
 
-/**
- * Count how many records are tagged with a specific tag,
- *
- * @param string $record record to look for ('post', 'user', etc.)
- * @param int $tag is a single tag id
- * @return int number of mathing tags.
- */
-function tag_record_count($record_type, $tagid) {
-    return count_records('tag_instance', 'itemtype', $record_type, 'tagid', $tagid);
-}
-
-/**
- * Determine if a record is tagged with a specific tag  
- *
- * @param array $record the record to look for
- * @param string $tag a tag name
- * @return bool true if it is tagged, false otherwise
- */
-function tag_record_tagged_with($record, $tag) {
-    if ($tagid = tag_get_id($tag)) {
-        return count_records('tag_instance', 'itemtype', $record['type'], 'itemid', $record['id'], 'tagid', $tagid);
-    } else {
-        return 0; // tag doesn't exist
-    }
-}
-
 ?>
diff --git a/tag/locallib.php b/tag/locallib.php
index 83884846c02c3..8cd195a70b70d 100644
--- a/tag/locallib.php
+++ b/tag/locallib.php
@@ -148,7 +148,7 @@ function tag_print_management_box($tag_object, $return=false) {
         $links = array();
         
         // Add a link for users to add/remove this from their interests
-        if (tag_record_tagged_with(array('type'=>'user', 'id'=>$USER->id), $tag_object->name)) {
+        if (tag_record_tagged_with('user', $USER->id, $tag_object->name)) {
             $links[] = '<a href="'. $CFG->wwwroot .'/tag/user.php?action=removeinterest&amp;sesskey='. sesskey() .'&amp;tag='. rawurlencode($tag_object->name) .'">'. get_string('removetagfrommyinterests', 'tag', $tagname) .'</a>';
         } else {
             $links[] = '<a href="'. $CFG->wwwroot .'/tag/user.php?action=addinterest&amp;sesskey='. sesskey() .'&amp;tag='. rawurlencode($tag_object->name) .'">'. get_string('addtagtomyinterests', 'tag', $tagname) .'</a>';
@@ -159,7 +159,7 @@ function tag_print_management_box($tag_object, $return=false) {
 
         // Edit tag: Only people with moodle/tag:edit capability who either have it as an interest or can manage tags
         if (has_capability('moodle/tag:edit', $systemcontext) && 
-                (tag_record_tagged_with(array('type'=>'user', 'id'=>$USER->id), $tag_object->name) || 
+                (tag_record_tagged_with('user', $USER->id, $tag_object->name) || 
                  has_capability('moodle/tag:manage', $systemcontext))) {
             $links[] = '<a href="'. $CFG->wwwroot .'/tag/edit.php?tag='. rawurlencode($tag_object->name) .'">'. get_string('edittag', 'tag') .'</a>';
         }
@@ -213,10 +213,12 @@ function tag_print_search_results($query,  $page, $perpage, $return=false) {
 
     global $CFG, $USER;
 
-    $count = sizeof(tag_search($query, false));
+    $query = array_shift(tag_normalize($query, TAG_CASE_ORIGINAL));
+
+    $count = sizeof(tag_find_tags($query, false));
     $tags = array();
 
-    if ( $found_tags = tag_search($query, true,  $page * $perpage, $perpage) ) {
+    if ( $found_tags = tag_find_tags($query, true,  $page * $perpage, $perpage) ) {
         $tags = array_values($found_tags);
     }
 
@@ -225,13 +227,13 @@ function tag_print_search_results($query,  $page, $perpage, $return=false) {
 
     // link "Add $query to my interests"
     $addtaglink = '';
-    if( !is_item_tagged_with('user', $USER->id, $query) ) {
+    if( !tag_record_tagged_with('user', $USER->id, $query) ) {
         $addtaglink = '<a href="'. $CFG->wwwroot .'/tag/user.php?action=addinterest&amp;sesskey='. sesskey() .'&amp;tag='. rawurlencode($query) .'">';
-        $addtaglink .= get_string('addtagtomyinterests', 'tag', rawurlencode($query)) .'</a>';
+        $addtaglink .= get_string('addtagtomyinterests', 'tag', htmlspecialchars($query)) .'</a>';
     }
 
     if ( !empty($tags) ) { // there are results to display!!
-        $output .= print_heading(get_string('searchresultsfor', 'tag', rawurlencode($query)) ." : {$count}", '', 3, 'main', true);
+        $output .= print_heading(get_string('searchresultsfor', 'tag', htmlspecialchars($query)) ." : {$count}", '', 3, 'main', true);
 
         //print a link "Add $query to my interests"
         if (!empty($addtaglink)) {
@@ -256,7 +258,7 @@ function tag_print_search_results($query,  $page, $perpage, $return=false) {
         $output .= print_paging_bar($count, $page, $perpage, $baseurl .'&amp;', 'page', false, true);
     }
     else { //no results were found!!
-        $output .= print_heading(get_string('noresultsfor', 'tag', rawurlencode($query)), '', 3, 'main' , true);
+        $output .= print_heading(get_string('noresultsfor', 'tag', htmlspecialchars($query)), '', 3, 'main' , true);
 
         //print a link "Add $query to my interests"
         if (!empty($addtaglink)) {
diff --git a/tag/search.php b/tag/search.php
index 78ac430731e29..3358512ce3465 100644
--- a/tag/search.php
+++ b/tag/search.php
@@ -11,7 +11,7 @@
     error(get_string('tagsaredisabled', 'tag'));
 }
 
-$query      = optional_param('query', '', PARAM_TEXT);
+$query      = optional_param('query', '', PARAM_RAW);
 $page        = optional_param('page', 0, PARAM_INT);      // which page to show
 $perpage     = optional_param('perpage', 18, PARAM_INT);
 
diff --git a/tag/tag_autocomplete.php b/tag/tag_autocomplete.php
index fb088c987974b..48109e098deb7 100644
--- a/tag/tag_autocomplete.php
+++ b/tag/tag_autocomplete.php
@@ -9,7 +9,7 @@
     error(get_string('tagsaredisabled', 'tag'));
 }
 
-$query = optional_param('query', '', PARAM_TEXT);  
+$query = addslashes(optional_param('query', '', PARAM_RAW));  
 
 if ($similar_tags = tag_autocomplete($query)) {
     foreach ($similar_tags as $tag){