]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24c1be8)
sanitize submitted numerical values; merged from MOODLE_16_STABLE
authorskodak <skodak>
Fri, 26 May 2006 11:47:22 +0000 (11:47 +0000)
committerskodak <skodak>
Fri, 26 May 2006 11:47:22 +0000 (11:47 +0000)
mod/lesson/lib.php patch | blob | history

diff --git a/mod/lesson/lib.php b/mod/lesson/lib.php
index 9b028be215d71debaeb9dd34f7a89b4439c9ea65..a6d11420a85c2c9b8887a7abc88f63f21b82bdd5 100644 (file)
--- a/mod/lesson/lib.php
+++ b/mod/lesson/lib.php
@@ -43,12 +43,20 @@ function lesson_add_instance($lesson) {
     $conditions = new stdClass;
     $conditions->timespent = $lesson->timespent;
     $conditions->completed = $lesson->completed;
-    $conditions->gradebetterthan = $lesson->gradebetterthan;
+    $conditions->gradebetterthan = clean_param($lesson->gradebetterthan, PARAM_INT);
     $lesson->conditions = addslashes(serialize($conditions));
     unset($lesson->timespent);
     unset($lesson->completed);
     unset($lesson->gradebetterthan);
-    
+
+    // sanitize given values a bit
+    $lesson->maxtime = clean_param($lesson->maxtime, PARAM_INT);
+    $lesson->width = clean_param($lesson->width, PARAM_INT);
+    $lesson->height = clean_param($lesson->height, PARAM_INT);
+    $lesson->mediawidth = clean_param($lesson->mediawidth, PARAM_INT);
+    $lesson->mediaheight = clean_param($lesson->mediaheight, PARAM_INT);
+    $lesson->maxhighscores = clean_param($lesson->maxhighscores, PARAM_INT);
+
     if (!empty($lesson->password)) {
         $lesson->password = md5($lesson->password);
     } else {
Unnamed repository; edit this file to name it for gitweb.