$mnet_session->confirm_timeout = time() + $this->config->rpc_negotiation_timeout;
$mnet_session->expires = time() + (integer)ini_get('session.gc_maxlifetime');
$mnet_session->session_id = session_id();
- if (! $mnet_session->id = insert_record('mnet_session', $mnet_session)) {
+ if (! $mnet_session->id = insert_record('mnet_session', addslashes_object($mnet_session))) {
error(get_string('databaseerror', 'mnet'));
}
} else {
$mnet_session->confirm_timeout = time() + $this->config->rpc_negotiation_timeout;
$mnet_session->expires = time() + (integer)ini_get('session.gc_maxlifetime');
$mnet_session->session_id = session_id();
- if (false == update_record('mnet_session', $mnet_session)) {
+ if (false == update_record('mnet_session', addslashes_object($mnet_session))) {
error(get_string('databaseerror', 'mnet'));
}
}
error(get_string('nolocaluser', 'mnet'));
}
$remoteuser->mnethostid = $remotehost->id;
- if (! insert_record('user', $remoteuser)) {
+ if (! insert_record('user', addslashes_object($remoteuser))) {
error(get_string('databaseerror', 'mnet'));
}
$firsttime = true;
- if (! $localuser = get_record('user', 'username', $remoteuser->username, 'mnethostid', $remotehost->id)) {
+ if (! $localuser = get_record('user', 'username', addslashes($remoteuser->username), 'mnethostid', $remotehost->id)) {
error(get_string('nolocaluser', 'mnet'));
}
}
$localuser->mnethostid = $remotepeer->id;
- $bool = update_record('user', $localuser);
+ $bool = update_record('user', addslashes_object($localuser));
if (!$bool) {
// TODO: Jonathan to clean up mess
// Actually, this should never happen (modulo race conditions) - ML
$mnet_session->confirm_timeout = time();
$mnet_session->expires = time() + (integer)$session_gc_maxlifetime;
$mnet_session->session_id = session_id();
- if (! $mnet_session->id = insert_record('mnet_session', $mnet_session)) {
+ if (! $mnet_session->id = insert_record('mnet_session', addslashes_object($mnet_session))) {
error(get_string('databaseerror', 'mnet'));
}
} else {
$mnet_session->expires = time() + (integer)$session_gc_maxlifetime;
- update_record('mnet_session', $mnet_session);
+ update_record('mnet_session', addslashes_object($mnet_session));
}
if (!$firsttime) {
// First up - do we have a record for this course?
if (!array_key_exists($course['remoteid'], $currentcourses)) {
// No record - we must create it
- $course['id'] = insert_record('mnet_enrol_course', (object)$course);
+ $course['id'] = insert_record('mnet_enrol_course', addslashes_object((object)$course));
$currentcourse = (object)$course;
} else {
// Pointer to current course:
}
if ($saveflag) {
- update_record('mnet_enrol_course', $currentcourse);
+ update_record('mnet_enrol_course', addslashes_object($currentcourse));
}
if (isset($currentcourse->assignmentid) && is_numeric($currentcourse->assignmentid)) {
$assignObj->hostid = (int)$MNET_REMOTE_CLIENT->id;
$assignObj->courseid = $course['id'];
$assignObj->rolename = $course['defaultrolename'];
- $assignObj->id = insert_record('mnet_enrol_assignments', $assignObj);
+ $assignObj->id = insert_record('mnet_enrol_assignments', addslashes_object($assignObj));
}
}
unset($logEntryObj->username);
- $insertok = insert_record('mnet_log', $logEntryObj, false);
+ $insertok = insert_record('mnet_log', addslashes_object($logEntryObj), false);
if ($insertok) {
$MNET_REMOTE_CLIENT->last_log_id = $logEntryObj->remoteid;
from
{$CFG->prefix}mnet_session s
where
- s.username = '$username' AND
+ s.username = '".addslashes($username)."' AND
s.useragent = '$useragent' AND
s.mnethostid = '{$USER->mnethostid}'";
$mnetsessions = get_records_sql($sql);
$ignore = delete_records('mnet_session',
- 'username', $username,
+ 'username', addslashes($username),
'useragent', $useragent,
'mnethostid', $USER->mnethostid);
global $CFG, $USER, $MNET_REMOTE_CLIENT;
require_once $CFG->dirroot.'/mnet/xmlrpc/client.php';
- $userid = get_field('user', 'id', 'mnethostid', $CFG->mnet_localhost_id, 'username', $username);
+ $userid = get_field('user', 'id', 'mnethostid', $CFG->mnet_localhost_id, 'username', addslashes($username));
$returnstring = '';
$sql = "
*/
function kill_child($username, $useragent) {
global $CFG, $MNET_REMOTE_CLIENT;
- $session = get_record('mnet_session', 'username', $username, 'mnethostid', $MNET_REMOTE_CLIENT->id, 'useragent', $useragent);
+ $session = get_record('mnet_session', 'username', addslashes($username), 'mnethostid', $MNET_REMOTE_CLIENT->id, 'useragent', $useragent);
if (false != $session) {
$start = ob_start();
function fetch_user_image($username) {
global $CFG;
- if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
+ if ($user = get_record('user', 'username', addslashes($username), 'mnethostid', $CFG->mnet_localhost_id)) {
$filename1 = "{$CFG->dataroot}/users/{$user->id}/f1.jpg";
$filename2 = "{$CFG->dataroot}/users/{$user->id}/f2.jpg";
$return = array();
*/
function can_login_remotely($username, $mnethostid) {
$accessctrl = 'allow';
- $aclrecord = get_record('mnet_sso_access_control', 'username', $username, 'mnet_host_id', $mnethostid);
+ $aclrecord = get_record('mnet_sso_access_control', 'username', addslashes($username), 'mnet_host_id', $mnethostid);
if (!empty($aclrecord)) {
$accessctrl = $aclrecord->accessctrl;
}
projects / moodle.git / commitdiff