]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0eda0a4)
Cleaned up approval script (more security ;-))
authormoodler <moodler>
Fri, 24 Mar 2006 14:48:54 +0000 (14:48 +0000)
committermoodler <moodler>
Fri, 24 Mar 2006 14:48:54 +0000 (14:48 +0000)
mod/data/approve.php patch | blob | history
mod/data/lib.php patch | blob | history

diff --git a/mod/data/approve.php b/mod/data/approve.php
index ff8bd69f127b7883e82022e4e38ea1a0c32e0688..5e9bcc86de517ce7d3a9938e7ea178ac423e52f0 100755 (executable)
--- a/mod/data/approve.php
+++ b/mod/data/approve.php
@@ -1,30 +1,39 @@
-<?php\r
-\r
-    require_once('../../config.php');\r
-    require_once('lib.php');\r
-    require_once($CFG->libdir.'/blocklib.php');\r
-\r
-    require_once('pagelib.php');\r
-    require_login();\r
-\r
-    if (!isteacher()) {\r
-        error(get_string('errormustbeteacher', 'data'));\r
-    }\r
-\r
-    if (confirm_sesskey()\r
-        && ($recordid = required_param('recordid',PARAM_INT))\r
-        && ($d = required_param('d',PARAM_INT))) {\r
-        data_approve_record($recordid);\r
-    }\r
-\r
-    $page=optional_param('page','0',PARAM_INT);\r
-    $rid = optional_param('rid','0', PARAM_INT);\r
-    $search =optional_param('search','',PARAM_ALPHA);\r
-    $sort= optional_param('sort','',PARAM_ALPHA);\r
-    $order=optional_param('order','',PARAM_ALPHA);\r
-\r
-    print_heading(get_string('recordapproved','data'));\r
-    redirect('view.php?d='.$d.'&amp;approved=1&amp;page='.$page.'&amp;rid='.$rid.'&amp;search='.$search.'&amp;sort='.$sort.'&amp;order='.$order.'&amp;');\r
-\r
-\r
-?>\r
+<?php // $Id$ 
+
+    require_once('../../config.php');
+    require_once('lib.php');
+
+    require_login();
+
+    $recordid = required_param('recordid',PARAM_INT);
+
+    $page     = optional_param('page','0',PARAM_INT);
+    $rid      = optional_param('rid','0', PARAM_INT);
+    $search   = optional_param('search','',PARAM_ALPHA);
+    $sort     = optional_param('sort','',PARAM_ALPHA);
+    $order    = optional_param('order','',PARAM_ALPHA);
+
+    if (! $record = get_record('data_records', 'id', $recordid)) {
+        error('Record ID is incorrect');
+    }
+    if (! $data = get_record('data', 'id', $record->dataid)) {
+        error('Data ID is incorrect');
+    }
+    if (! $course = get_record('course', 'id', $data->course)) {
+        error('Course is misconfigured');
+    }
+
+    if (!isteacher($course->id)) {
+        error(get_string('errormustbeteacher', 'data'));
+    }
+
+    if (confirm_sesskey()) {  /*  Approve it! */
+        $newrecord->id = $record->id;
+        $newrecord->approved = 1;
+        update_record('data_records', $newrecord);
+    }
+
+    redirect('view.php?d='.$d.'&amp;approved=1&amp;page='.$page.'&amp;rid='.$rid.'&amp;search='.$search.'&amp;sort='.$sort.'&amp;order='.$order.'&amp;', get_string('recordapproved','data'));
+
+
+?>
diff --git a/mod/data/lib.php b/mod/data/lib.php
index f3be3f7ebd79238b6b85ce6ff4cf1907e6e577e2..c1405a223ff68cfaf7a79eb136dda565a294b5f4 100755 (executable)
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@@ -963,12 +963,6 @@ function data_print_approve_button($recordid, $d, $page='0', $rid='0', $search='
     return $str;
 }
 
-//silly function that approves a record
-function data_approve_record($recordid) {
-    $record = get_record('data_records','id',$recordid);
-    $record->approved = 1;
-    update_record('data_records',$record);
-}
 
 //silly function that prints the a form to do ratings
 function data_print_ratings($data, $record) {
Unnamed repository; edit this file to name it for gitweb.