/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
}
/// Now build the form
$o = '<form id="form" action="index.php" method="post">';
- $o.= ' <input type="hidden" name ="dir" value="' . $dirpath . '" />';
+ $o.= ' <input type="hidden" name ="dir" value="' . str_replace($CFG->dirroot, '', $dirpath) . '" />';
$o.= ' <input type="hidden" name ="action" value="new_statement" />';
$o.= ' <input type="hidden" name ="postaction" value="edit_statement" />';
$o.= ' <table id="formelements" align="center" cellpadding="5">';
$o.= ' <tr><td><label for="type" accesskey="t">' . $this->str['statementtype'] .' </label>' . choose_from_menu($typeoptions, 'type', '', 'choose', '', 0, true) . '<label for="table" accesskey="a">' . $this->str['statementtable'] . ' </label>' .choose_from_menu($selecttables, 'table', '', 'choose', '', 0, true) . '</td></tr>';
$o.= ' <tr><td colspan="2" align="center"><input type="submit" value="' .$this->str['create'] . '" /></td></tr>';
- $o.= ' <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a></td></tr>';
+ $o.= ' <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a></td></tr>';
$o.= ' </table>';
$o.= '</form>';
/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
}
/// Now build the form
$o = '<form id="form" action="index.php" method="post">';
- $o.= ' <input type="hidden" name ="dir" value="' . $dirpath . '" />';
+ $o.= ' <input type="hidden" name ="dir" value="' . str_replace($CFG->dirroot, '', $dirpath) . '" />';
$o.= ' <input type="hidden" name ="action" value="new_table_from_mysql" />';
$o.= ' <input type="hidden" name ="postaction" value="edit_table" />';
$o.= ' <table id="formelements" align="center" cellpadding="5">';
$o.= ' <tr><td><label for="table" accesskey="t">' . $this->str['createtable'] .' </label>' . choose_from_menu($selecttables, 'table', '', 'choose', '', 0, true) . '<label for="after" accesskey="a">' . $this->str['aftertable'] . ' </label>' .choose_from_menu($aftertables, 'after', '', 'choose', '', 0, true) . '</td></tr>';
$o.= ' <tr><td colspan="2" align="center"><input type="submit" value="' .$this->str['create'] . '" /></td></tr>';
- $o.= ' <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a></td></tr>';
+ $o.= ' <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a></td></tr>';
$o.= ' </table>';
$o.= '</form>';
/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// ADD YOUR CODE HERE
/// Get parameters
- $generatorparam = optional_param('generator', null, PARAM_CLEAN);
+ $generatorparam = optional_param('generator', null, PARAM_ALPHANUM);
if (empty($generatorparam)) {
$generatorparam = $CFG->dbtype;
}
/// The back to edit table button
$b = ' <p align="center" class="buttons">';
- $b .= '<a href="index.php?action=edit_xml_file&dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a>';
+ $b .= '<a href="index.php?action=edit_xml_file&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a>';
$b .= '</p>';
$o = $b;
$o.= ' <tr><td align="center">' . $this->str['selectdb'];
/// Show the popup of generators
- $url = 'index.php?action=view_structure_sql&dir=' . urlencode($dirpath) . '&generator=';
+ $url = 'index.php?action=view_structure_sql&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&generator=';
$o.= popup_form($url, $generators, 'selectgenerator', $generatorparam, '', '', '' , true);
$o.= ' </td></tr>';
$o.= ' <tr><td><textarea cols="80" rows="32">';
/// Do the job, setting result as needed
/// Get the file parameter
- $select = required_param('select', PARAM_ALPHAEXT); //original/edited
+ $select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dir
if ($select == 'original') {
/// Do the job, setting result as needed
/// Get the file parameter
- $file = required_param('file', PARAM_CLEAN);
- $file = stripslashes_safe($file);
+ $file = required_param('file', PARAM_PATH);
+ $file = $CFG->dirroot . stripslashes_safe($file);
/// File must be under $CFG->wwwroot and
/// under one db directory (simple protection)
if (substr($file, 0, strlen($CFG->dirroot)) == $CFG->dirroot &&
projects / moodle.git / commitdiff