MDL-14679 removed magic quotes from forms validation() method, fixed some minor problems

diff --git a/course/import/activities/index.php b/course/import/activities/index.php
index 6cdb5f1c177215cdc39ec8caebcc5020f766f4b0..6ad1aea6f0ea91de073c1606c4d30a8275937e32 100644 (file)
--- a/course/import/activities/index.php
+++ b/course/import/activities/index.php
@@ -14,7 +14,7 @@
 
     $strimportactivities = get_string('importactivities');
 
-    if (! ($course = get_record("course", "id", $id)) ) {
+    if (! ($course = $DB->get_record("course", array("id"=>$id)))) {
         print_error("invalidcourseid");
     }
 
@@ -38,7 +38,7 @@
         $creator = true;
     }
 
-    if ($from = get_record('course', 'id', $fromcourse)) {
+    if ($from = $DB->get_record('course', array('id'=>$fromcourse))) {
         if (!has_capability('moodle/course:manageactivities', $fromcontext)) {
             print_error('nopermissiontoimportact');
         }

diff --git a/course/moodleform_mod.php b/course/moodleform_mod.php
index 1947afc2b03184451e8a5e4795879a6187d5c427..974f0e146f5d7fa57ebe33ea037a338241b7682a 100644 (file)
--- a/course/moodleform_mod.php
+++ b/course/moodleform_mod.php
@@ -121,7 +121,7 @@ class moodleform_mod extends moodleform {
 
     // form verification
     function validation($data, $files) {
-        global $COURSE;
+        global $COURSE, $DB;
         $errors = parent::validation($data, $files);
 
         $mform =& $this->_form;
@@ -138,7 +138,7 @@ class moodleform_mod extends moodleform {
         $grade_item = grade_item::fetch(array('itemtype'=>'mod', 'itemmodule'=>$data['modulename'],
                      'iteminstance'=>$data['instance'], 'itemnumber'=>0, 'courseid'=>$COURSE->id));
         if ($data['coursemodule']) {
-            $cm = get_record('course_modules', 'id', $data['coursemodule']);
+            $cm = $DB->get_record('course_modules', array('id'=>$data['coursemodule']));
         } else {
             $cm = null;
         }

diff --git a/course/request_form.php b/course/request_form.php
index 6598e5d66e56ca573ac83438b44b0640066e4199..3654969ff36ba161a6c1f637eb81b6f63c36e9d7 100644 (file)
--- a/course/request_form.php
+++ b/course/request_form.php
@@ -32,13 +32,15 @@ class course_request_form extends moodleform {
     }
 
     function validation($data, $files) {
+        global $DB;
+
         $errors = parent::validation($data, $files);
         $foundcourses = null;
         $foundreqcourses = null;
 
         if (!empty($data['shortname'])) {
-            $foundcourses = get_records('course', 'shortname', $data['shortname']);
-            $foundreqcourses = get_records('course_request', 'shortname', $data['shortname']);
+            $foundcourses = $DB->get_records('course', array('shortname'=>$data['shortname']));
+            $foundreqcourses = $DB->get_records('course_request', array('shortname'=>$data['shortname']));
         }
         if (!empty($foundreqcourses)) {
             if (!empty($foundcourses)) {
@@ -59,7 +61,7 @@ class course_request_form extends moodleform {
                         $foundcoursenames[] = $foundcourse->fullname;
                     }
                 }
-                $foundcoursenamestring = addslashes(implode(',', $foundcoursenames));
+                $foundcoursenamestring = implode(',', $foundcoursenames);
 
                 $errors['shortname'] = get_string('shortnametaken', '', $foundcoursenamestring);
                 if (!empty($pending)) {

diff --git a/grade/edit/scale/edit_form.php b/grade/edit/scale/edit_form.php
index 3194b7a05771c37700d82e8083db1b2ca7811fea..79902ed178e2a871226919740bdf3d8bc88d0c8b 100644 (file)
--- a/grade/edit/scale/edit_form.php
+++ b/grade/edit/scale/edit_form.php
@@ -107,7 +107,7 @@ class edit_scale_form extends moodleform {
 
 /// perform extra validation before submission
     function validation($data, $files) {
-        global $CFG, $COURSE;
+        global $CFG, $COURSE, $DB;
 
         $errors = parent::validation($data, $files);
 
@@ -128,7 +128,7 @@ class edit_scale_form extends moodleform {
         }
 
         if (array_key_exists('scale', $data)) {
-            $count = count_records('scale', 'courseid', $courseid, 'scale', $data['scale']);
+            $count = $DB->count_records('scale', array('courseid'=>$courseid, 'scale'=>$data['scale']));
 
             if (empty($old->id) or $old->courseid != $courseid) {
                 if ($count) {

diff --git a/grade/edit/tree/calculation_form.php b/grade/edit/tree/calculation_form.php
index 331e5a8dffe8030b28e486644b151c44c6b57d85..f8d9f71c4c001dc71f536f1583cbc40a486659c8 100644 (file)
--- a/grade/edit/tree/calculation_form.php
+++ b/grade/edit/tree/calculation_form.php
@@ -90,7 +90,7 @@ class edit_calculation_form extends moodleform {
         // check the calculation formula
         if ($data['calculation'] != '') {
             $grade_item = grade_item::fetch(array('id'=>$data['id'], 'courseid'=>$data['courseid']));
-            $calculation = calc_formula::unlocalize(stripslashes($data['calculation']));
+            $calculation = calc_formula::unlocalize($data['calculation']);
             $result = $grade_item->validate_formula($calculation);
             if ($result !== true) {
                 $errors['calculation'] = $result;

diff --git a/group/autogroup_form.php b/group/autogroup_form.php
index a97a176fa1335fc4acb190c9b282accceedd17dd..373901a2af1c1d2247ceb9f1a889d5c70ee4451a 100644 (file)
--- a/group/autogroup_form.php
+++ b/group/autogroup_form.php
@@ -109,14 +109,14 @@ class autogroup_form extends moodleform {
         }
 
         //try to detect group name duplicates
-        $name = groups_parse_name(stripslashes(trim($data['namingscheme'])), 0);
+        $name = groups_parse_name(trim($data['namingscheme']), 0);
         if (groups_get_group_by_name($COURSE->id, $name)) {
             $errors['namingscheme'] = get_string('groupnameexists', 'group', $name);
         }
 
         // check grouping name duplicates
         if ( isset($data['grouping']) && $data['grouping'] == '-1') {
-            $name = trim(stripslashes($data['groupingname']));
+            $name = trim($data['groupingname']);
             if (empty($name)) {
                 $errors['groupingname'] = get_string('required');
             } else if (groups_get_grouping_by_name($COURSE->id, $name)) {

diff --git a/group/group_form.php b/group/group_form.php
index 48a82abbab8278143f00f86c9cfdcc25c8c360f2..9a960503e7b9dccc91381f216f69265c314517c2 100644 (file)
--- a/group/group_form.php
+++ b/group/group_form.php
@@ -47,7 +47,7 @@ class group_form extends moodleform {
 
         $errors = parent::validation($data, $files);
 
-        $name = trim(stripslashes($data['name']));
+        $name = trim($data['name']);
         if ($data['id'] and $group = $DB->get_record('groups', array('id'=>$data['id']))) {
             if ($group->name != $name) {
                 if (groups_get_group_by_name($COURSE->id,  $name)) {

diff --git a/group/grouping_form.php b/group/grouping_form.php
index 012a99a2b8a38ca26dfe28a9aaf1b5a3957dd678..9f4fe66a52c5509ca552ea45dba2215aa429d1b8 100644 (file)
--- a/group/grouping_form.php
+++ b/group/grouping_form.php
@@ -32,7 +32,7 @@ class grouping_form extends moodleform {
 
         $errors = parent::validation($data, $files);
 
-        $name = trim(stripslashes($data['name']));
+        $name = trim($data['name']);
         if ($data['id'] and $grouping = $DB->get_record('groupings', array('id'=>$data['id']))) {
             if ($grouping->name != $name) {
                 if (groups_get_grouping_by_name($COURSE->id,  $name)) {

diff --git a/lib/formslib.php b/lib/formslib.php
index b62b77dc91076b7761d8f5f51a96690f78b505f1..2703c105e007549859dab3adb75abeb514497965 100644 (file)
--- a/lib/formslib.php
+++ b/lib/formslib.php
@@ -330,7 +330,7 @@ class moodleform {
                 $file_val = false;
             }
 
-            $data = $mform->exportValues(null, true);
+            $data = $mform->exportValues(null, false);
             $moodle_val = $this->validation($data, $files);
             if ((is_array($moodle_val) && count($moodle_val)!==0)) {
                 // non-empty array means errors

diff --git a/login/change_password_form.php b/login/change_password_form.php
index 7e11f1975633e3371335b279a8f2fa2af8548daa..7b34e56b5e997ac037dd80c3c4977eb49ada2b19 100644 (file)
--- a/login/change_password_form.php
+++ b/login/change_password_form.php
@@ -47,7 +47,7 @@ class login_change_password_form extends moodleform {
         update_login_count();
 
         // ignore submitted username
-        if (!$user = authenticate_user_login($USER->username, stripslashes($data['password']))) { // TODO: remove soon
+        if (!$user = authenticate_user_login($USER->username, $data['password'])) {
             $errors['password'] = get_string('invalidlogin');
             return $errors;
         }

diff --git a/login/forgot_password_form.php b/login/forgot_password_form.php
index 684eabc34f064a45a3e2773c3c8b8e0bf33b6b11..34bfe94f4cc1a5409250bb41300503f10a365ff9 100644 (file)
--- a/login/forgot_password_form.php
+++ b/login/forgot_password_form.php
@@ -20,7 +20,7 @@ class login_forgot_password_form extends moodleform {
     }
 
     function validation($data, $files) {
-        global $CFG;
+        global $CFG, $DB;
 
         $errors = parent::validation($data, $files);
 
@@ -32,7 +32,7 @@ class login_forgot_password_form extends moodleform {
             if (!validate_email($data['email'])) {
                 $errors['email'] = get_string('invalidemail');
 
-            } else if (count_records('user', 'email', $data['email']) > 1) {
+            } else if ($DB->count_records('user', array('email'=>$data['email'])) > 1) {
                 $errors['email'] = get_string('forgottenduplicate');
 
             } else {

diff --git a/login/signup_form.php b/login/signup_form.php
index 557a13f1b8827c3439ac34c09d53159999251ccb..54c881ece408d76b5cdc64da0bf3216f079df95c 100644 (file)
--- a/login/signup_form.php
+++ b/login/signup_form.php
@@ -90,12 +90,12 @@ class login_signup_form extends moodleform {
     }
 
     function validation($data, $files) {
-        global $CFG;
+        global $CFG, $DB;
         $errors = parent::validation($data, $files);
 
         $authplugin = get_auth_plugin($CFG->registerauth);
 
-        if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) {
+        if ($DB->record_exists('user', array('username'=>$data['username'], 'mnethostid'=>$CFG->mnet_localhost_id))) {
             $errors['username'] = get_string('usernameexists');
         } else {
             if (empty($CFG->extendedusernamechars)) {
@@ -116,7 +116,7 @@ class login_signup_form extends moodleform {
         if (! validate_email($data['email'])) {
             $errors['email'] = get_string('invalidemail');
 
-        } else if (record_exists('user', 'email', $data['email'])) {
+        } else if ($DB->record_exists('user', array('email'=>$data['email']))) {
             $errors['email'] = get_string('emailexists').' <a href="forgot_password.php">'.get_string('newpassword').'?</a>';
         }
         if (empty($data['email2'])) {

diff --git a/mod/feedback/mod_form.php b/mod/feedback/mod_form.php
index 48d8200fa20143c1b564901ff432d8f2e8e1a256..18b1bbce2b51862d89d136ffc9c4ac590ced07c0 100644 (file)
--- a/mod/feedback/mod_form.php
+++ b/mod/feedback/mod_form.php
@@ -111,8 +111,9 @@ class mod_feedback_mod_form extends moodleform_mod {
 
     }
 
-    function validation($data){
-
+    function validation($data, $files){
+        $errors = parent::validation($data, $files);
+        return $errors;
     }
 
 }

diff --git a/mod/glossary/edit_form.php b/mod/glossary/edit_form.php
index 426b30eed132edbe4e7d85aa09cae1cf046dc662..1bb971c8c596b9c8540d3487c928a4406ecb34fc 100644 (file)
--- a/mod/glossary/edit_form.php
+++ b/mod/glossary/edit_form.php
@@ -95,7 +95,8 @@ class mod_glossary_entry_form extends moodleform {
     }
 
     function validation($data, $files) {
-        global $CFG, $USER;
+        global $CFG, $USER, $DB;
+
         $errors = parent::validation($data, $files);
         $e = $this->_customdata['e'];
         $glossary = $this->_customdata['glossary'];
@@ -105,7 +106,7 @@ class mod_glossary_entry_form extends moodleform {
             //We are updating an entry, so we compare current session user with
             //existing entry user to avoid some potential problems if secureforms=off
             //Perhaps too much security? Anyway thanks to skodak (Bug 1823)
-            $old = get_record('glossary_entries', 'id', $e);
+            $old = $DB->get_record('glossary_entries', array('id'=>$e));
             $ineditperiod = ((time() - $old->timecreated <  $CFG->maxeditingtime) || $glossary->editalways);
             if ( (!$ineditperiod  || $USER->id != $old->userid) and !has_capability('mod/glossary:manageentries', $context)) {
                 if ( $USER->id != $old->userid ) {
@@ -115,7 +116,7 @@ class mod_glossary_entry_form extends moodleform {
                 }
             }
             if ( !$glossary->allowduplicatedentries ) {
-                if ($dupentries = get_records('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']))) {
+                if ($dupentries = $DB->get_records('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept'])))) {
                     foreach ($dupentries as $curentry) {
                         if ( $glossary->id == $curentry->glossaryid ) {
                            if ( $curentry->id != $e ) {
@@ -129,7 +130,7 @@ class mod_glossary_entry_form extends moodleform {
 
         } else {
             if ( !$glossary->allowduplicatedentries ) {
-                if ($dupentries = get_record('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']), 'glossaryid', $glossary->id)) {
+                if ($dupentries = $DB->get_record('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept']), 'glossaryid'=>$glossary->id))) {
                     $errors['concept'] = get_string('errconceptalreadyexists', 'glossary');
                 }
             }

diff --git a/mod/hotpot/mod_form.php b/mod/hotpot/mod_form.php
index 2802c00ef491e3e5a546772f13573b13188e878a..7fbe3d305aa00f81bb7695788a9c2d3a0f28152e 100644 (file)
--- a/mod/hotpot/mod_form.php
+++ b/mod/hotpot/mod_form.php
@@ -260,10 +260,10 @@ class mod_hotpot_mod_form extends moodleform_mod {
     function data_preprocessing(&$defaults){
     }
 
-    function validation(&$data) {
-        // http://docs.moodle.org/en/Development:lib/formslib.php_Validation
-        global $CFG, $COURSE;
-        $errors = array();
+    function validation($data, $files) {
+        global $CFG, $USER, $DB;
+
+        $errors = parent::validation($data, $files);
 
 // location
         if (empty($data['location'])) {

diff --git a/mod/quiz/mod_form.php b/mod/quiz/mod_form.php
index f3c6c71fa46518376d407b8f3896b67eaafccb5d..abbbe8dc1f5876a60586aa309ae2ffc17a59c142 100644 (file)
--- a/mod/quiz/mod_form.php
+++ b/mod/quiz/mod_form.php
@@ -352,11 +352,7 @@ class mod_quiz_mod_form extends moodleform_mod {
             }
         }
 
-        if (count($errors) == 0) {
-            return true;
-        } else {
-            return $errors;
-        }
+        return $errors;
     }
 
 }