/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
$tableparam = required_param('table', PARAM_CLEAN);
$fieldparam = required_param('field', PARAM_CLEAN);
$o.= ' <p align="center">' . $this->str['confirmdeletefield'] . '<br /><br />' . $fieldparam . '</p>';
$o.= ' <table align="center" cellpadding="20"><tr><td>';
$o.= ' <div class="singlebutton">';
- $o.= ' <form action="index.php?action=delete_field&confirmed=yes&postaction=edit_table&field=' . $fieldparam . '&table=' . $tableparam . '&dir=' . urlencode($dirpath) . '" method="post">';
+ $o.= ' <form action="index.php?action=delete_field&confirmed=yes&postaction=edit_table&field=' . $fieldparam . '&table=' . $tableparam . '&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '" method="post">';
$o.= ' <input type="submit" value="'. $this->str['yes'] .'" /></form></div>';
$o.= ' </td><td>';
$o.= ' <div class="singlebutton">';
- $o.= ' <form action="index.php?action=edit_table&table=' . $tableparam . '&dir=' . urlencode($dirpath) . '" method="post">';
+ $o.= ' <form action="index.php?action=edit_table&table=' . $tableparam . '&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '" method="post">';
$o.= ' <input type="submit" value="'. $this->str['no'] .'" /></form></div>';
$o.= ' </td></tr>';
$o.= ' </table>';
/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Add the main form
$o = '<form name="form" id="form" action="index.php" method="post">';
- $o.= ' <input type="hidden" name ="dir" value="' . $dirpath . '" />';
+ $o.= ' <input type="hidden" name ="dir" value="' . str_replace($CFG->dirroot, '', $dirpath) . '" />';
$o.= ' <input type="hidden" name ="table" value="' . $tableparam .'" />';
$o.= ' <input type="hidden" name ="field" value="' . $fieldparam .'" />';
$o.= ' <input type="hidden" name ="action" value="edit_field_save" />';
$b = ' <p align="center" class="buttons">';
/// The view original XML button
if ($table->getField($fieldparam)) {
- $b .= ' <a href="index.php?action=view_field_xml&dir=' . urlencode($dirpath) . '&select=original&table=' . $tableparam . '&field=' . $fieldparam . '" target="_blank">[' . $this->str['vieworiginal'] . ']</a>';
+ $b .= ' <a href="index.php?action=view_field_xml&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&select=original&table=' . $tableparam . '&field=' . $fieldparam . '" target="_blank">[' . $this->str['vieworiginal'] . ']</a>';
} else {
$b .= ' [' . $this->str['vieworiginal'] . ']';
}
/// The view edited XML button
if ($field->hasChanged()) {
- $b .= ' <a href="index.php?action=view_field_xml&dir=' . urlencode($dirpath) . '&select=edited&table=' . $tableparam . '&field=' . $fieldparam . '" target="_blank">[' . $this->str['viewedited'] . ']</a>';
+ $b .= ' <a href="index.php?action=view_field_xml&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&select=edited&table=' . $tableparam . '&field=' . $fieldparam . '" target="_blank">[' . $this->str['viewedited'] . ']</a>';
} else {
$b .= ' [' . $this->str['viewedited'] . ']';
}
/// The back to edit table button
- $b .= ' <a href="index.php?action=edit_table&table=' . $tableparam . '&dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a>';
+ $b .= ' <a href="index.php?action=edit_table&table=' . $tableparam . '&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a>';
$b .= '</p>';
$o .= $b;
/// Do the job, setting result as needed
+ if (!data_submitted('nomatch')) { ///Basic prevention
+ error('Wrong action call');
+ }
+
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
$dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the file parameter
- $field = required_param('field', PARAM_CLEAN);
- $table = required_param('table', PARAM_CLEAN);
+ $field = required_param('field', PARAM_PATH);
+ $table = required_param('table', PARAM_PATH);
$select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dir
if ($select == 'original') {
/// Do the job, setting result as needed
/// Get the dir containing the file
- $dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = stripslashes_safe($dirpath);
+ $dirpath = required_param('dir', PARAM_PATH);
+ $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// ADD YOUR CODE HERE
/// Get parameters
- $tableparam = required_param('table', PARAM_CLEAN);
+ $tableparam = required_param('table', PARAM_PATH);
if (!$table =& $structure->getTable($tableparam)) {
$this->errormsg = 'Wrong table specified: ' . $tableparm;
return false;
}
- $generatorparam = optional_param('generator', null, PARAM_CLEAN);
+ $generatorparam = optional_param('generator', null, PARAM_ALPHANUM);
if (empty($generatorparam)) {
$generatorparam = $CFG->dbtype;
}
/// The back to edit table button
$b = ' <p align="center" class="buttons">';
- $b .= '<a href="index.php?action=edit_table&table=' . $tableparam . '&dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a>';
+ $b .= '<a href="index.php?action=edit_table&table=' . $tableparam . '&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a>';
$b .= '</p>';
$o = $b;
$o.= ' <tr><td align="center">' . $this->str['selectdb'];
/// Show the popup of generators
- $url = 'index.php?action=view_table_sql&table=' . $tableparam . '&dir=' . urlencode($dirpath) . '&generator=';
+ $url = 'index.php?action=view_table_sql&table=' . $tableparam . '&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&generator=';
$o.= popup_form($url, $generators, 'selectgenerator', $generatorparam, '', '', '' , true);
$o.= ' </td></tr>';
$o.= ' <tr><td><textarea cols="80" rows="32">';
projects / moodle.git / commitdiff