/// Parameter constants - every call to optional_param(), required_param() ///
/// or clean_param() should have a specified type of parameter. //////////////
+
+
/**
- * PARAM_RAW specifies a parameter that is not cleaned/processed in any way;
- * originally was 0, but changed because we need to detect unknown
- * parameter types and swiched order in clean_param().
+ * PARAM_ALPHA - contains only english ascii letters a-zA-Z.
*/
-define('PARAM_RAW', 666);
+define('PARAM_ALPHA', 'alpha');
/**
- * PARAM_CLEAN - obsoleted, please try to use more specific type of parameter.
- * It was one of the first types, that is why it is abused so much ;-)
+ * PARAM_ALPHAEXT the same contents as PARAM_ALPHA plus the chars in quotes: "_-" allowed
+ * NOTE: originally this allowed "/" too, please use PARAM_SAFEPATH if "/" needed
*/
-define('PARAM_CLEAN', 0x0001);
+define('PARAM_ALPHAEXT', 'alphaext');
/**
- * PARAM_INT - integers only, use when expecting only numbers.
+ * PARAM_ALPHANUM - expected numbers and letters only.
*/
-define('PARAM_INT', 0x0002);
+define('PARAM_ALPHANUM', 'alphanum');
/**
- * PARAM_INTEGER - an alias for PARAM_INT
+ * PARAM_ALPHANUMEXT - expected numbers, letters only and _-.
*/
-define('PARAM_INTEGER', 0x0002);
+define('PARAM_ALPHANUMEXT', 'alphanumext');
/**
- * PARAM_FLOAT - a real/floating point number.
+ * PARAM_AUTH - actually checks to make sure the string is a valid auth plugin
*/
-define('PARAM_FLOAT', 0x000a);
+define('PARAM_AUTH', 'auth');
/**
- * PARAM_NUMBER - alias of PARAM_FLOAT, deprecated - do not use
+ * PARAM_BASE64 - Base 64 encoded format
*/
-define('PARAM_NUMBER', 0x000a);
+define('PARAM_BASE64', 'base64');
/**
- * PARAM_ALPHA - contains only english ascii letters a-zA-Z.
+ * PARAM_BOOL - converts input into 0 or 1, use for switches in forms and urls.
*/
-define('PARAM_ALPHA', 0x0004);
+define('PARAM_BOOL', 'bool');
/**
- * PARAM_ALPHAEXT the same contents as PARAM_ALPHA plus the chars in quotes: "_-" allowed
- * NOTE: originally this allowed "/" too, please use PARAM_SAFEPATH if "/" needed
+ * PARAM_CAPABILITY - A capability name, like 'moodle/role:manage'. Actually
+ * checked against the list of capabilties in the database.
*/
-define('PARAM_ALPHAEXT', 0x2000);
+define('PARAM_CAPABILITY', 'capability');
/**
- * PARAM_ALPHANUM - expected numbers and letters only.
+ * PARAM_CLEANHTML - cleans submitted HTML code and removes slashes. It stays as HTML.
*/
-define('PARAM_ALPHANUM', 0x0400);
+define('PARAM_CLEANHTML', 'cleanhtml');
/**
- * PARAM_ALPHANUMEXT - expected numbers, letters only and _-.
+ * PARAM_FILE - safe file name, all dangerous chars are stripped, protects against XSS, SQL injections and directory traversals
*/
-define('PARAM_ALPHANUMEXT', 0x4000);
+define('PARAM_FILE', 'file');
/**
- * PARAM_ACTION - an alias for PARAM_ALPHANUMEXT, use for various actions in formas and urls
- * NOTE: originally alias for PARAM_APLHA
+ * PARAM_FLOAT - a real/floating point number.
*/
-define('PARAM_ACTION', 0x4000);
+define('PARAM_FLOAT', 'float');
/**
- * PARAM_FORMAT - an alias for PARAM_ALPHANUMEXT, use for names of plugins, formats, etc.
- * NOTE: originally alias for PARAM_APLHA
+ * PARAM_HOST - expected fully qualified domain name (FQDN) or an IPv4 dotted quad (IP address)
+ */
+define('PARAM_HOST', 'host');
+
+/**
+ * PARAM_INT - integers only, use when expecting only numbers.
*/
-define('PARAM_FORMAT', 0x4000);
+define('PARAM_INT', 'int');
+
+/**
+ * PARAM_LANG - checks to see if the string is a valid installed language in the current site.
+ */
+define('PARAM_LANG', 'lang');
+
+/**
+ * PARAM_LOCALURL - expected properly formatted URL as well as one that refers to the local server itself. (NOT orthogonal to the others! Implies PARAM_URL!)
+ */
+define('PARAM_LOCALURL', 'localurl');
/**
* PARAM_NOTAGS - all html tags are stripped from the text. Do not abuse this type.
*/
-define('PARAM_NOTAGS', 0x0008);
+define('PARAM_NOTAGS', 'notags');
/**
- * PARAM_MULTILANG - alias of PARAM_TEXT.
+ * PARAM_PATH - safe relative path name, all dangerous chars are stripped, protects against XSS, SQL injections and directory traversals
+ * note: the leading slash is not removed, window drive letter is not allowed
*/
-define('PARAM_MULTILANG', 0x0009);
+define('PARAM_PATH', 'path');
/**
- * PARAM_TEXT - general plain text compatible with multilang filter, no other html tags.
+ * PARAM_PEM - Privacy Enhanced Mail format
*/
-define('PARAM_TEXT', 0x0009);
+define('PARAM_PEM', 'pem');
/**
- * PARAM_FILE - safe file name, all dangerous chars are stripped, protects against XSS, SQL injections and directory traversals
+ * PARAM_PERMISSION - A permission, one of CAP_INHERIT, CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT.
*/
-define('PARAM_FILE', 0x0010);
+define('PARAM_PERMISSION', 'permission');
/**
- * PARAM_CLEANFILE - alias of PARAM_FILE; originally was removing regional chars too
- * NOTE: obsoleted do not use anymore
+ * PARAM_RAW specifies a parameter that is not cleaned/processed in any way
*/
-define('PARAM_CLEANFILE',0x0010);
+define('PARAM_RAW', 'raw');
/**
- * PARAM_TAG - one tag (interests, blogs, etc.) - mostly international characters and space, <> not supported
+ * PARAM_SAFEDIR - safe directory name, suitable for include() and require()
*/
-define('PARAM_TAG', 0x0011);
+define('PARAM_SAFEDIR', 'safedir');
/**
- * PARAM_TAGLIST - list of tags separated by commas (interests, blogs, etc.)
+ * PARAM_SAFEPATH - several PARAM_SAFEDIR joined by "/", suitable for include() and require(), plugin paths, etc.
*/
-define('PARAM_TAGLIST', 0x0012);
+define('PARAM_SAFEPATH', 'safepath');
/**
- * PARAM_PATH - safe relative path name, all dangerous chars are stripped, protects against XSS, SQL injections and directory traversals
- * note: the leading slash is not removed, window drive letter is not allowed
+ * PARAM_SEQUENCE - expects a sequence of numbers like 8 to 1,5,6,4,6,8,9. Numbers and comma only.
*/
-define('PARAM_PATH', 0x0020);
+define('PARAM_SEQUENCE', 'sequence');
/**
- * PARAM_HOST - expected fully qualified domain name (FQDN) or an IPv4 dotted quad (IP address)
+ * PARAM_TAG - one tag (interests, blogs, etc.) - mostly international characters and space, <> not supported
*/
-define('PARAM_HOST', 0x0040);
+define('PARAM_TAG', 'tag');
/**
- * PARAM_URL - expected properly formatted URL. Please note that domain part is required, http://localhost/ is not acceppted but http://localhost.localdomain/ is ok.
+ * PARAM_TAGLIST - list of tags separated by commas (interests, blogs, etc.)
*/
-define('PARAM_URL', 0x0080);
+define('PARAM_TAGLIST', 'taglist');
/**
- * PARAM_LOCALURL - expected properly formatted URL as well as one that refers to the local server itself. (NOT orthogonal to the others! Implies PARAM_URL!)
+ * PARAM_TEXT - general plain text compatible with multilang filter, no other html tags.
*/
-define('PARAM_LOCALURL', 0x0180);
+define('PARAM_TEXT', 'text');
/**
- * PARAM_BOOL - converts input into 0 or 1, use for switches in forms and urls.
+ * PARAM_THEME - Checks to see if the string is a valid theme name in the current site
*/
-define('PARAM_BOOL', 0x0800);
+define('PARAM_THEME', 'theme');
/**
- * PARAM_CLEANHTML - cleans submitted HTML code and removes slashes
+ * PARAM_URL - expected properly formatted URL. Please note that domain part is required, http://localhost/ is not acceppted but http://localhost.localdomain/ is ok.
*/
-define('PARAM_CLEANHTML',0x1000);
+define('PARAM_URL', 'url');
+
+
+///// DEPRECATED PARAM TYPES OR ALIASES - DO NOT USE FOR NEW CODE /////
/**
- * PARAM_SAFEDIR - safe directory name, suitable for include() and require()
+ * PARAM_CLEAN - obsoleted, please use a more specific type of parameter.
+ * It was one of the first types, that is why it is abused so much ;-)
*/
-define('PARAM_SAFEDIR', 0x4000);
+define('PARAM_CLEAN', 'clean');
/**
- * PARAM_SAFEPATH - several PARAM_SAFEDIR joined by "/", suitable for include() and require(), plugin paths, etc.
+ * PARAM_INTEGER - deprecated alias for PARAM_INT
*/
-define('PARAM_SAFEPATH', 0x4001);
+define('PARAM_INTEGER', 'int');
/**
- * PARAM_SEQUENCE - expects a sequence of numbers like 8 to 1,5,6,4,6,8,9. Numbers and comma only.
+ * PARAM_NUMBER - deprecated alias of PARAM_FLOAT
*/
-define('PARAM_SEQUENCE', 0x8000);
+define('PARAM_NUMBER', 'float');
/**
- * PARAM_PEM - Privacy Enhanced Mail format
+ * PARAM_ACTION - deprecated alias for PARAM_ALPHANUMEXT, use for various actions in formas and urls
+ * NOTE: originally alias for PARAM_APLHA
*/
-define('PARAM_PEM', 0x10000);
+define('PARAM_ACTION', 'alphanumext');
/**
- * PARAM_BASE64 - Base 64 encoded format
+ * PARAM_FORMAT - deprecated alias for PARAM_ALPHANUMEXT, use for names of plugins, formats, etc.
+ * NOTE: originally alias for PARAM_APLHA
*/
-define('PARAM_BASE64', 0x20000);
+define('PARAM_FORMAT', 'alphanumext');
/**
- * PARAM_CAPABILITY - A capability name, like 'moodle/role:manage'. Actually
- * checked against the list of capabilties in the database.
+ * PARAM_MULTILANG - deprecated alias of PARAM_TEXT.
*/
-define('PARAM_CAPABILITY', 0x40000);
+define('PARAM_MULTILANG', 'text');
/**
- * PARAM_PERMISSION - A permission, one of CAP_INHERIT, CAP_ALLOW, CAP_PREVENT or CAP_PROHIBIT.
+ * PARAM_CLEANFILE - deprecated alias of PARAM_FILE; originally was removing regional chars too
*/
-define('PARAM_PERMISSION', 0x80000);
+define('PARAM_CLEANFILE', 'file');
+
+
+
/// Page types ///
/**
return CAP_INHERIT;
}
+ case PARAM_AUTH:
+ $param = clean_param($param, PARAM_SAFEDIR);
+ if (exists_auth_plugin($param)) {
+ return $param;
+ } else {
+ return '';
+ }
+
+ case PARAM_LANG:
+ $param = clean_param($param, PARAM_SAFEDIR);
+ $langs = get_list_of_languages(false, true);
+ if (in_array($param, $langs)) {
+ return $param;
+ } else {
+ return ''; // Specified language is not installed
+ }
+
+ case PARAM_THEME:
+ $param = clean_param($param, PARAM_SAFEDIR);
+ if (file_exists($CFG->dirroot.'/theme/'.$param)) {
+ return $param;
+ } else {
+ return ''; // Specified theme is not installed
+ }
+
default: // throw error, switched parameters in optional_param or another serious problem
- print_error("unknowparamtype", '', '', $type);
+ print_error("unknownparamtype", '', '', $type);
}
}
projects / moodle.git / commitdiff