require_variable($id); // Course Module ID
optional_variable($eid); // Entry ID
- optional_variable($mode,"approval");
- optional_variable($hook,"ALL");
-
- $mode = strip_tags(urldecode($mode)); //XSS
- $hook = strip_tags(urldecode($hook)); //XSS
+ $mode = optional_param('mode','approval');
+ $hook = optional_param('hook','ALL');
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
require_variable($eid); // Entry ID
optional_variable($cid,0); // Comment ID
- optional_variable($action,"add"); // Action to perform
optional_variable($confirm,0); // Confirm the action
- $action = strip_tags(urldecode($action)); //XSS
+ $action = optional_param('action','add');
$action = strtolower($action);
require_variable($id); // course module ID
optional_variable($confirm); // commit the operation?
optional_variable($entry); // entry id
- require_variable($prevmode); // current frame
- optional_variable($hook); // pivot id
- $prevmode = strip_tags(urldecode($prevmode)); //XSS
- $hook = strip_tags(urldecode($hook)); //XSS
+ $prevmode = required_param('prevmode');
+ $hook = optional_param('hook');
$strglossary = get_string("modulename", "glossary");
$strglossaries = get_string("modulenameplural", "glossary");
optional_variable($e); // EntryID
optional_variable($confirm,0); // proceed. Edit the edtry
-optional_variable($mode); // categories if by category?
-optional_variable($hook); // CategoryID
-
-$mode = strip_tags(urldecode($mode)); //XSS
-$hook = strip_tags(urldecode($hook)); //XSS
+$mode = optional_param('mode'); // categories if by category?
+$hook = optional_param('hook'); // CategoryID
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
require_once("lib.php");
require_variable($id); // Course Module ID, or
- optional_variable($mode); // cat
- optional_variable($hook,0); // category ID
- optional_variable($action); // what to do
optional_variable($usedynalink); // category ID
optional_variable($confirm); // confirm the action
$name = clean_text($name);
- $action = strip_tags(urldecode($action)); //XSS
- $hook = strip_tags(urldecode($hook)); //XSS
- $mode = strip_tags(urldecode($mode)); //XSS
+ $action = optional_param('action'); // what to do
+ $hook = optional_param('hook',0); // category ID
+ $mode = optional_param('mode'); // cat
$action = strtolower($action);
require_variable($id); // course module ID
require_variable($entry); // Entry ID
optional_variable($confirm); // confirmation
- optional_variable($mode);
- optional_variable($hook);
- $hook = strip_tags(urldecode($hook)); //XSS
- $mode = strip_tags(urldecode($mode)); //XSS
+ $hook = optional_param('hook');
+ $mode = optional_param('mode');
global $THEME, $USER, $CFG;
global $CFG, $THEME;
require_variable($id);
- optional_variable($mode);
- $mode = strip_tags(urldecode($mode)); //XSS
+ $mode = optional_param('mode');
require_login();
if ( !isadmin() ) {
require_once("lib.php");
require_variable($id); // Course Module ID
- require_variable($mode,"letter"); // mode to show the entries
- optional_variable($hook,"ALL"); // what to show
- optional_variable($sortkey,"UPDATE"); // Sorting key
optional_variable($sortorder,"asc"); // Sorting order
optional_variable($offset); // number of entries to bypass
optional_variable($displayformat,-1);
- $mode = strip_tags(urldecode($mode)); //XSS
- $hook = strip_tags(urldecode($hook)); //XSS
- $sortkey = strip_tags(urldecode($sortkey)); //XSS
+ $mode = required_param('mode'); // mode to show the entries
+ $hook = optional_param('hook','ALL'); // what to show
+ $sortkey = optional_param('sortkey','UPDATE'); // Sorting key
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
optional_variable($tab,GLOSSARY_NO_VIEW); // browsing entries by categories?
- optional_variable($mode,""); // [ "term" | "entry" | "cat" | "date" |
- // "letter" | "search" | "author" | "approval" ]
- optional_variable($hook,""); // the term, entry, cat, etc... to look for based on mode
-
- optional_variable($fullsearch,0); // full search (concept and definition) when searching?
-
- optional_variable($sortkey,""); // Sorted view:
- // [ CREATION | UPDATE | FIRSTNAME | LASTNAME |
- // concept | timecreated | ... ]
- optional_variable($sortorder,""); // it defines the order of the sorting (ASC or DESC)
-
- optional_variable($offset,0); // entries to bypass (for paging purpouses)
-
- optional_variable($show,""); // [ concept | alias ] => mode=term hook=$show
optional_variable($displayformat,-1); // override of the glossary display format
- $mode = strip_tags(urldecode($mode)); //XSS
- $hook = strip_tags(urldecode($hook)); //XSS
- $fullsearch = strip_tags(urldecode($fullsearch)); //XSS
- $sortkey = strip_tags(urldecode($sortkey)); //XSS
- $sortorder = strip_tags(urldecode($sortorder)); //XSS
- $offset = strip_tags(urldecode($offset)); //XSS
- $show = strip_tags(urldecode($show)); //XSS
+ $mode = optional_param('mode'); // term entry cat date letter search author approval
+ $hook = optional_param('hook'); // the term, entry, cat, etc... to look for based on mode
+ $fullsearch = optional_param('fullsearch',0);// full search (concept and definition) when searching?
+ $sortkey = optional_param('sortkey'); // Sorted view: CREATION | UPDATE | FIRSTNAME | LASTNAME...
+ $sortorder = optional_param('sortorder'); // it defines the order of the sorting (ASC or DESC)
+ $offset = optional_param('offset',0); // entries to bypass (for paging purpouses)
+ $show = optional_param('show'); // [ concept | alias ] => mode=term hook=$show
if (!empty($id)) {
if (! $cm = get_record("course_modules", "id", $id)) {
projects / moodle.git / commitdiff