MDL-14679 towards /admin/auth conversion

diff --git a/auth/cas/auth.php b/auth/cas/auth.php
index ad7c2109ad4180412edbfeb380e3d0b85596cd2f..bc6a2015f0fa848189775b36dfd98fa28ac95448 100644 (file)
--- a/auth/cas/auth.php
+++ b/auth/cas/auth.php
@@ -796,7 +796,7 @@ error('fix temporary table code in CAS');
                 $maxxcount = 100;
                 foreach ($users as $user) {
                     echo "\t"; print_string('auth_dbupdatinguser', 'auth', array($user->username, $user->id));
-                    if (!$this->update_user_record(addslashes($user->username), $updatekeys)) {
+                    if (!$this->update_user_record($user->username, $updatekeys)) {
                         echo " - ".get_string('skipped');
                     }
                     echo "\n";
@@ -880,14 +880,15 @@ error('fix temporary table code in CAS');
      * If you don't pass $updatekeys, there is a performance hit and
      * values removed from LDAP won't be removed from moodle.
      *
-     * @param string $username username (with system magic quotes)
+     * @param string $username username
      */
     function update_user_record($username, $updatekeys = false) {
-        global $CFG;
+        global $CFG, $DB;
+
         //just in case check text case
         $username = trim(moodle_strtolower($username));
         // get the current user record
-        $user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
+        $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id));
         if (empty($user)) { // trouble
             error_log("Cannot update non-existent user: ".stripslashes($username));
             print_error('auth_dbusernotexist','auth',$username);
@@ -908,14 +909,14 @@ error('fix temporary table code in CAS');
                 }
                 if (!empty($this->config->{'field_updatelocal_' . $key})) {
                     if ($user->{$key} != $value) { // only update if it's changed
-                        set_field('user', $key, addslashes($value), 'id', $userid);
+                        $DB->set_field('user', $key, $value, array('id'=>$userid));
                     }
                 }
             }
         } else {
             return false;
         }
-        return get_record_select('user', "id = $userid AND deleted = 0");
+        return $DB->get_record('user', array('id'=>$userid, 'deleted'=>0));
     }
     /**
      * Bulk insert in SQL's temp table

diff --git a/auth/db/auth.php b/auth/db/auth.php
index d913a0ed9403dbc1f0d31f0bff26315f1fd1ff84..cbff82a70ebe2005a42d28ffb8c2fff544a30b42 100644 (file)
--- a/auth/db/auth.php
+++ b/auth/db/auth.php
@@ -306,7 +306,7 @@ class auth_plugin_db extends auth_plugin_base {
 
                     foreach ($update_users as $user) {
                         echo "\t"; print_string('auth_dbupdatinguser', 'auth', array($user->username, $user->id));
-                        if (!$this->update_user_record(addslashes($user->username), $updatekeys)) {
+                        if (!$this->update_user_record($user->username, $updatekeys)) {
                             echo " - ".get_string('skipped');
                         }
                         echo "\n";
@@ -451,16 +451,16 @@ class auth_plugin_db extends auth_plugin_base {
      * If you don't pass $updatekeys, there is a performance hit and
      * values removed from DB won't be removed from moodle.
      *
-     * @param string $username username (with system magic quotes)
+     * @param string $username username
      */
     function update_user_record($username, $updatekeys=false) {
-        global $CFG;
+        global $CFG, $DB;
 
         //just in case check text case
         $username = trim(moodle_strtolower($username));
 
         // get the current user record
-        $user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
+        $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id));
         if (empty($user)) { // trouble
             error_log("Cannot update non-existent user: $username");
             print_error('auth_dbusernotexist','auth',$username);
@@ -486,12 +486,12 @@ class auth_plugin_db extends auth_plugin_base {
 
                 if (!empty($this->config->{'field_updatelocal_' . $key})) {
                     if ($user->{$key} != $value) { // only update if it's changed
-                        set_field('user', $key, addslashes($value), 'id', $userid);
+                        $DB->set_field('user', $key, $value, array('id'=>$userid));
                     }
                 }
             }
         }
-        return get_record_select('user', "id = $userid AND deleted = 0");
+        return $DB->get_record('user', array('id'=>$userid, 'deleted'=>0));
     }
 
     /**

diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index 3334e27527dc36cf128178239dfd7868047778e0..73c38a89549e5695289434bc46254f73cfb0dcbc 100644 (file)
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -755,7 +755,7 @@ error('fix temporary table code in CAS');
 
                 foreach ($users as $user) {
                     echo "\t"; print_string('auth_dbupdatinguser', 'auth', array($user->username, $user->id));
-                    if (!$this->update_user_record(addslashes($user->username), $updatekeys)) {
+                    if (!$this->update_user_record($user->username, $updatekeys)) {
                         echo " - ".get_string('skipped');
                     }
                     echo "\n";
@@ -850,7 +850,7 @@ error('fix temporary table code in CAS');
      * If you don't pass $updatekeys, there is a performance hit and
      * values removed from LDAP won't be removed from moodle.
      *
-     * @param string $username username (with system magic quotes)
+     * @param string $username username
      */
     function update_user_record($username, $updatekeys = false) {
         global $CFG;
@@ -859,9 +859,9 @@ error('fix temporary table code in CAS');
         $username = trim(moodle_strtolower($username));
 
         // get the current user record
-        $user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
+        $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id));
         if (empty($user)) { // trouble
-            error_log("Cannot update non-existent user: ".stripslashes($username));
+            error_log("Cannot update non-existent user: ".$username);
             print_error('auth_dbusernotexist','auth','',$username);
             die;
         }
@@ -885,14 +885,14 @@ error('fix temporary table code in CAS');
 
                 if (!empty($this->config->{'field_updatelocal_' . $key})) {
                     if ($user->{$key} != $value) { // only update if it's changed
-                        set_field('user', $key, addslashes($value), 'id', $userid);
+                        $DB->set_field('user', $key, $value, array('id'=>$userid));
                     }
                 }
             }
         } else {
             return false;
         }
-        return get_record_select('user', "id = $userid AND deleted = 0");
+        return $DB->get_record('user', array('id'=>$userid, 'deleted'=>0));
     }
 
     /**

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index cc829ff790c3431eb2e0e610b1c3bd6c95d9b505..d454d7667462dee78202913d68ad289e7ba00b48 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -2884,7 +2884,6 @@ function update_user_record($username, $authplugin) {
                 continue;
             }
             if ($confval === 'onlogin') {
-                $value = addslashes(stripslashes($value));   // Just in case
                 // MDL-4207 Don't overwrite modified user profile values with
                 // empty LDAP values when 'unlocked if empty' is set. The purpose
                 // of the setting 'unlocked if empty' is to allow the user to fill