/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
-
- $config = (object)$HTTP_POST_VARS;
+ if ($config = data_submitted()) {
validate_form($config, $err);
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
-
- $config = (object)$HTTP_POST_VARS;
+ if ($config = data_submitted()) {
validate_form($config, $err);
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
-
- $form = (object)$HTTP_POST_VARS;
+ if ($form = data_submitted()) {
validate_form($form, $err);
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
+ if ($form = data_submitted()) {
$categories = array();
// Peel out all the data from variable names.
- foreach ($HTTP_POST_VARS as $key => $val) {
+ foreach ($form as $key => $val) {
if ($key == "new" and $val != "") {
$cat->name = $val;
if (!insert_record("course_categories", $cat)) {
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
-
- $form = (object)$HTTP_POST_VARS;
+ if ($form = data_submitted()) {
$form->startdate = make_timestamp($form->startyear, $form->startmonth, $form->startday);
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
+ if ($form = data_submitted()) {
$timenow = time();
- if (! set_field("course_sections", "summary", $summary, "id", $section->id)) {
+ if (! set_field("course_sections", "summary", $form->summary, "id", $section->id)) {
error("Could not update the summary!");
}
error("That's an invalid course id");
}
- if (match_referer() && isset($HTTP_POST_VARS)) { // form submitted
+ if ($form = data_submitted()) {
- if ($password == $course->password) {
+ if ($form->password == $course->password) {
if (isguest()) {
add_to_log($course->id, "course", "guest", "view.php?id=$course->id", "$REMOTE_ADDR, $REMOTE_HOST");
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
+ if ($form = data_submitted()) {
$rank = array();
// Peel out all the data from variable names.
- foreach ($HTTP_POST_VARS as $key => $val) {
+ foreach ($form as $key => $val) {
if ($key <> "id") {
$type = substr($key,0,1);
$num = substr($key,1);
$action = "";
}
-
- if (!match_referer("$baseweb/files/index.php")) { // To stop spoofing
- $action="cancel";
- $wdir="/";
- }
-
if (!$wdir) {
$wdir="/";
}
-
switch ($action) {
case "upload":
return $good_referer == get_referer();
}
+function data_submitted($url="") {
+/// Used on most forms in Moodle to check for data
+/// Returns the data as an object, if it's found.
+///
+/// Checks that submitted POST data exists, and also
+/// checks the referer against the given url (it uses
+/// the current page if none was specified.
+
+ global $HTTP_POST_VARS, $CFG;
+
+ if (empty($HTTP_POST_VARS)) {
+ return false;
+ } else {
+ if (match_referer($url)) {
+ return (object)$HTTP_POST_VARS;
+ } else {
+ if ($CFG->debug > 10) {
+ notice("The form did not come from this page! (referer = ".get_referer().")");
+ }
+ return false;
+ }
+ }
+}
+
function stri_replace($find, $replace, $string ) {
/// This does a search and replace, ignoring case
}
}
- if (match_referer() && isset($HTTP_POST_VARS)) {
-
- $frm = (object) $HTTP_POST_VARS;
+ if ($frm = data_submitted()) {
validate_form($frm, $err);
include("../config.php");
- if (match_referer() && isset($HTTP_POST_VARS)) {
-
- $frm = (object)$HTTP_POST_VARS;
+ if ($frm = data_submitted()) {
validate_form($frm, $err);
}
- if (match_referer() && isset($HTTP_POST_VARS)) { // form submitted
+ if ($frm = data_submitted()) {
- $frm = (object)$HTTP_POST_VARS;
$user = authenticate_user_login($frm->username, $frm->password);
update_login_count();
require("../config.php");
require("../lib/countries.php");
- if (match_referer() && isset($HTTP_POST_VARS)) {
- $user = (object) $HTTP_POST_VARS;
+ if ($user = data_submitted()) {
validate_form($user, $err);
/// If data is being submitted, then process it
- if (match_referer() && isset($HTTP_POST_VARS)) {
+ if ($data = data_submitted()) {
$feedback = array();
+ $data = (array)$data;
// Peel out all the data from variable names.
- foreach ($HTTP_POST_VARS as $key => $val) {
+ foreach ($data as $key => $val) {
if ($key <> "id") {
$type = substr($key,0,1);
$num = substr($key,1);
$answerchecked[$current->answer] = "CHECKED";
}
- if (match_referer() && isset($HTTP_POST_VARS)) { // form submitted
- $form = (object)$HTTP_POST_VARS;
+ if ($form = data_submitted()) {
$timenow = time();
if ($current) {
$newanswer = $current;
error(get_string("noguestpost", "forum"), $HTTP_REFERER);
}
- if (match_referer() && isset($HTTP_POST_VARS)) { // form submitted
- $post = (object)$HTTP_POST_VARS;
+ if ($post = data_submitted()) {
$post->subject = strip_tags($post->subject); // Strip all tags
$post->message = clean_text($post->message, $post->format); // Clean up any bad tags
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
+ if ($form = data_submitted()) {
$timenow = time();
- $text = clean_text($text, $format);
+ $form->text = clean_text($form->text, $form->format);
if ($entry) {
$newentry->id = $entry->id;
- $newentry->text = $text;
+ $newentry->text = $form->text;
+ $newentry->format = $form->format;
$newentry->modified = $timenow;
- $newentry->format = $format;
if (! update_record("journal_entries", $newentry)) {
error("Could not update your journal");
}
} else {
$newentry->userid = $USER->id;
$newentry->journal = $journal->id;
+ $newentry->text = $form->text;
+ $newentry->format = $form->format;
$newentry->modified = $timenow;
- $newentry->text = $text;
- $newentry->format = $format;
if (! $newentry->id = insert_record("journal_entries", $newentry)) {
error("Could not insert a new journal entry");
}
<A HREF=view.php?id=$cm->id>$journal->name</A> -> Responses", "",
"", true);
- if (match_referer() && isset($HTTP_POST_VARS)) { // Feedback submitted
+ if ($data = data_submitted()) {
$feedback = array();
+ $data = (array)$data;
// Peel out all the data from variable names.
- foreach ($HTTP_POST_VARS as $key => $val) {
+ foreach ($data as $key => $val) {
if ($key <> "id") {
$type = substr($key,0,1);
$num = substr($key,1);
$available = ($quiz->timeopen < $timenow and $timenow < $quiz->timeclose);
/// Check to see if they are submitting answers
- if (match_referer() && isset($HTTP_POST_VARS)) {
+ if ($rawanswers = data_submitted()) {
add_to_log($course->id, "quiz", "submit", "attempt.php?id=$cm->id", "$quiz->id");
- $rawanswers = $HTTP_POST_VARS;
+ $rawanswers = (array)$rawanswers;
+
unset($rawanswers["q"]); // quiz id
if (! count($rawanswers)) {
print_heading(get_string("noanswers", "quiz"));
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
+ if ($form = data_submitted()) {
- $form = $HTTP_POST_VARS;
+ $form = (array)$form;
// Peel out all the data from variable names.
foreach ($form as $key => $val) {
$destination = "";
}
- if (match_referer($destination) && isset($course) && isset($HTTP_POST_VARS)) { // form submitted from mod.html
- $modform = (object)$HTTP_POST_VARS;
+ $modform = data_submitted($destination);
+
+ if ($modform and !empty($modform->course)) { // form submitted from mod.html
if (empty($modform->name) or empty($modform->intro)) {
error(get_string("filloutallfields"), $HTTP_REFERER);
}
}
- if (match_referer() and isset($HTTP_POST_VARS)) { // question submitted
+ if ($form = data_submitted()) {
- $form = (object)$HTTP_POST_VARS;
-
// First, save the basic question itself
$question->name = $form->name;
$question->questiontext = $form->questiontext;
$usehtmleditor = can_use_richtext_editor();
- if (match_referer("$destination") && isset($HTTP_POST_VARS)) { // form submitted
- $form = (object)$HTTP_POST_VARS;
+ if ($form = data_submitted($destination)) {
if (! $course = get_record("course", "id", $form->course)) {
error("This course doesn't exist");
require("../../config.php");
- if (match_referer("$destination") && isset($HTTP_POST_VARS)) { // form submitted
- $form = (object)$HTTP_POST_VARS;
+ if ($form = data_submitted($destination)) {
if (! $course = get_record("course", "id", $form->course)) {
error("This course doesn't exist");
/// If data submitted, then process and store.
- if (match_referer() && isset($HTTP_POST_VARS)) {
-
- $usernew = (object)$HTTP_POST_VARS;
+ if ($usernew = data_submitted()) {
$usernew->firstname = strip_tags($usernew->firstname);
$usernew->lastname = strip_tags($usernew->lastname);
projects / moodle.git / commitdiff