MDL-20169 fixed coding style, parameter type required

diff --git a/backup/backuplib.php b/backup/backuplib.php
index a0f0ae19686f82ea0c19b66c7d80e95697440dff..38a29ffd5d458e06cfa5dc5362c1ec722cacf706 100644 (file)
--- a/backup/backuplib.php
+++ b/backup/backuplib.php
@@ -2764,8 +2764,8 @@
         $preferences->backup_messages = optional_param('backup_messages',1,PARAM_INT);
         $preferences->backup_blogs = optional_param('backup_blogs',1,PARAM_INT);
         $preferences->backup_course = $course->id;
-        $preferences->backup_name = required_param('backup_name',PARAM_FILE);
-        $preferences->backup_unique_code =  required_param('backup_unique_code');
+        $preferences->backup_name = required_param('backup_name', PARAM_FILE);
+        $preferences->backup_unique_code =  required_param('backup_unique_code', PARAM_INT);
 
         $roles = get_all_roles();
         $preferences->backuproleassignments = array();

diff --git a/calendar/event.php b/calendar/event.php
index ae5fbee15dfb975dbc36a45858f35edd14e895e7..b497b0a9ef2518a239f7326086e71ddfbaa5850a 100644 (file)
--- a/calendar/event.php
+++ b/calendar/event.php
@@ -49,9 +49,9 @@
     $eventid = optional_param('id', 0, PARAM_INT);
     $eventtype = optional_param('type', 'select', PARAM_ALPHA);
     $urlcourse = optional_param('course', 0, PARAM_INT);
-    $cal_y = optional_param('cal_y');
-    $cal_m = optional_param('cal_m');
-    $cal_d = optional_param('cal_d');
+    $cal_y = optional_param('cal_y', 0, PARAM_INT);
+    $cal_m = optional_param('cal_m', 0, PARAM_INT);
+    $cal_d = optional_param('cal_d', 0, PARAM_INT);
 
     if(isguest()) {
         // Guests cannot do anything with events

diff --git a/calendar/set.php b/calendar/set.php
index 6d1844f34fca34e58e456e7b4725e4ccda5cba83..106c9402328d63f88604dc213b2fe669cf0d1945 100644 (file)
--- a/calendar/set.php
+++ b/calendar/set.php
@@ -41,15 +41,14 @@
     require_once('../config.php');
     require_once($CFG->dirroot.'/calendar/lib.php');
 
-    $from = required_param('from');
-    $var = required_param('var');
-    $value = optional_param('value');
-    $id = optional_param('id');
-    $cal_d = optional_param('cal_d');
-    $cal_m = optional_param('cal_m');
-    $cal_y = optional_param('cal_y');
-    $action = optional_param('action');
-    $type = optional_param('type');
+    $from = required_param('from', PARAM_ALPHA);
+    $var = required_param('var', PARAM_ALPHA);
+    $id = optional_param('id', 0, PARAM_INT);
+    $cal_d = optional_param('cal_d', 0, PARAM_INT);
+    $cal_m = optional_param('cal_m', 0, PARAM_INT);
+    $cal_y = optional_param('cal_y', 0, PARAM_INT);
+    $action = optional_param('action', '', PARAM_ALPHA);
+    $type = optional_param('type', '', PARAM_ALPHA);
 
     // Initialize the session variables
     calendar_session_vars();

diff --git a/enrol/authorize/enrol.php b/enrol/authorize/enrol.php
index afa1dfa534489a56d3100d64516544a8458de5d6..686263542eb1bae989ec20a03821e2881fb403b0 100755 (executable)
--- a/enrol/authorize/enrol.php
+++ b/enrol/authorize/enrol.php
@@ -579,7 +579,7 @@ class enrolment_plugin_authorize
 
         // REQUIRED fields;
         // an_login
-        $loginval = optional_param('an_login', '');
+        $loginval = optional_param('an_login', '', PARAM_RAW);
         if (empty($loginval) && empty($mconfig->an_login)) {
             return false;
         }
@@ -587,9 +587,9 @@ class enrolment_plugin_authorize
         set_config('an_login', $loginval, 'enrol/authorize');
 
         // an_tran_key, an_password
-        $tranval = optional_param('an_tran_key', '');
+        $tranval = optional_param('an_tran_key', '', PARAM_RAW);
         $tranval = !empty($tranval) ? rc4encrypt($tranval) : (isset($mconfig->an_tran_key)?$mconfig->an_tran_key:'');
-        $passwordval = optional_param('an_password', '');
+        $passwordval = optional_param('an_password', '', PARAM_RAW);
         $passwordval = !empty($passwordval) ? rc4encrypt($passwordval) :(isset($mconfig->an_password)?$mconfig->an_password:'');
         $deletecurrent = optional_param('delete_current', '0', PARAM_BOOL);
         if (!empty($deletecurrent) and !empty($tranval)) {

diff --git a/grade/import/grade_import_form.php b/grade/import/grade_import_form.php
index bbc8472c1a56dbb95b535aac5bbfec7c44914c6f..36fc10150cfe56e653aa3c3d9324f6d7af4e7a30 100755 (executable)
--- a/grade/import/grade_import_form.php
+++ b/grade/import/grade_import_form.php
@@ -31,7 +31,7 @@ class grade_import_form extends moodleform {
         }
 
         // course id needs to be passed for auth purposes
-        $mform->addElement('hidden', 'id', optional_param('id'));
+        $mform->addElement('hidden', 'id', optional_param('id', 0, PARAM_INT));
         $mform->setType('id', PARAM_INT);
         $mform->addElement('header', 'general', get_string('importfile', 'grades'));
         // file upload

diff --git a/grade/import/xml/grade_import_form.php b/grade/import/xml/grade_import_form.php
index 41a0f660aaace499cd563ff09faea046f9fb4edf..26a44a7062d3df9adb20f152a7426ef2aeef7caf 100644 (file)
--- a/grade/import/xml/grade_import_form.php
+++ b/grade/import/xml/grade_import_form.php
@@ -26,7 +26,7 @@ class grade_import_form extends moodleform {
         $this->set_upload_manager(new upload_manager('userfile', false, false, null, false, 0, true, true, false));
 
         // course id needs to be passed for auth purposes
-        $mform->addElement('hidden', 'id', optional_param('id'));
+        $mform->addElement('hidden', 'id', optional_param('id', 0, PARAM_INT));
         $mform->setType('id', PARAM_INT);
         $mform->addElement('header', 'general', get_string('importfile', 'grades'));
         $mform->disabledIf('url', 'userfile', 'noteq', '');

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index d385ac0242c09cc6063d35ce3cc08b26a389777a..05144957aaf3990cf156f735fb4930e417098c0f 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -329,7 +329,7 @@ define('MOD_ARCHETYPE_ASSIGNMENT', 2);
  * This function should be used to initialise all required values
  * in a script that are based on parameters.  Usually it will be
  * used like this:
- *    $id = required_param('id');
+ *    $id = required_param('id', PARAM_INT);
  *
  * @param string $parname the name of the page parameter we want, 
  *                        default PARAM_CLEAN
@@ -355,7 +355,7 @@ function required_param($parname, $type=PARAM_CLEAN) {
  * This function should be used to initialise all optional values
  * in a script that are based on parameters.  Usually it will be
  * used like this:
- *    $name = optional_param('name', 'Fred');
+ *    $name = optional_param('name', 'Fred', PARAM_TEXT);
  *
  * @param string $parname the name of the page parameter we want
  * @param mixed  $default the default value to return if nothing is found

diff --git a/lib/simpletest/testmoodlelib.php b/lib/simpletest/testmoodlelib.php
index ab55d43d22f35b1312e8bd99a7841bf795fe2bbf..76a7717cd98db5934c0505bf156ead804a4ae03c 100644 (file)
--- a/lib/simpletest/testmoodlelib.php
+++ b/lib/simpletest/testmoodlelib.php
@@ -232,13 +232,13 @@ class moodlelib_test extends UnitTestCase {
     {
         $_POST['username'] = 'post_user';
         $_GET['username'] = 'get_user';
-        $this->assertEqual(optional_param('username', 'default_user'), 'post_user');
+        $this->assertEqual(optional_param('username', 'default_user', PARAM_CLEAN), 'post_user');
 
         unset($_POST['username']);
-        $this->assertEqual(optional_param('username', 'default_user'), 'get_user');
+        $this->assertEqual(optional_param('username', 'default_user', PARAM_CLEAN), 'get_user');
 
         unset($_GET['username']);
-        $this->assertEqual(optional_param('username', 'default_user'), 'default_user');
+        $this->assertEqual(optional_param('username', 'default_user', PARAM_CLEAN), 'default_user');
     }
 
     /**

diff --git a/message/index.php b/message/index.php
index 84fa9d5ec87f058510f6e4e17e8506b3e836de3a..056cf64c22ed4bb7e32d0997c13d172d7eb3bce5 100644 (file)
--- a/message/index.php
+++ b/message/index.php
@@ -15,7 +15,7 @@
     }
 
 /// Optional variables that may be passed in
-    $tab            = optional_param('tab', 'contacts'); // current tab - default to contacts
+    $tab            = optional_param('tab', 'contacts', PARAM_ALPHA); // current tab - default to contacts
     $addcontact     = optional_param('addcontact',     0, PARAM_INT); // adding a contact
     $removecontact  = optional_param('removecontact',  0, PARAM_INT); // removing a contact
     $blockcontact   = optional_param('blockcontact',   0, PARAM_INT); // blocking a contact

diff --git a/mod/data/edit.php b/mod/data/edit.php
index fe87daf2f333cb5cd51c09b03bff5bb524719dcb..21b4fa6d060774e653f6eee9db4190fd60c03157 100755 (executable)
--- a/mod/data/edit.php
+++ b/mod/data/edit.php
@@ -30,7 +30,7 @@
     $d     = optional_param('d', 0, PARAM_INT);    // database id
     $rid   = optional_param('rid', 0, PARAM_INT);    //record id
     $import   = optional_param('import', 0, PARAM_INT);    // show import form
-    $cancel   = optional_param('cancel', '');    // cancel an add
+    $cancel   = optional_param('cancel', '', PARAM_RAW);    // cancel an add
     $mode ='addtemplate';    //define the mode for this page, only 1 mode available
 
     if ($id) {

diff --git a/mod/data/field.php b/mod/data/field.php
index 0878ff474edcb5d85ce9ea218a88b4c48b16f617..824399cd3df428ac8097bec5c7e3f8b2a2b6e247 100755 (executable)
--- a/mod/data/field.php
+++ b/mod/data/field.php
@@ -33,7 +33,7 @@
     $mode           = optional_param('mode','',PARAM_ALPHA);
     $defaultsort    = optional_param('defaultsort', 0, PARAM_INT);
     $defaultsortdir = optional_param('defaultsortdir', 0, PARAM_INT);
-    $cancel         = optional_param('cancel', '');
+    $cancel         = optional_param('cancel', 0, PARAM_BOOL);
 
     if ($cancel) {
         $mode = 'list';

diff --git a/mod/forum/view.php b/mod/forum/view.php
index fb6b79557e61cd140a089637b14e42803c07fa9c..5be3c7810dbef2fd831129bad4cc3708554a3049 100644 (file)
--- a/mod/forum/view.php
+++ b/mod/forum/view.php
@@ -11,7 +11,7 @@
     $showall     = optional_param('showall', '', PARAM_INT); // show all discussions on one page
     $changegroup = optional_param('group', -1, PARAM_INT);   // choose the current group
     $page        = optional_param('page', 0, PARAM_INT);     // which page to show
-    $search      = optional_param('search', '');             // search string
+    $search      = optional_param('search', '', PARAM_CLEAN);// search string
 
     $params = array();
     if ($id) {

diff --git a/mod/glossary/formats.php b/mod/glossary/formats.php
index 18ab1747fd6c65b58aca2a1bd7c8052eaa5e3bbc..fdda0f4c09201cf73e0108c67652ec4c6fecfd3d 100644 (file)
--- a/mod/glossary/formats.php
+++ b/mod/glossary/formats.php
@@ -6,7 +6,7 @@
     require_once("lib.php");
 
     $id   = required_param('id', PARAM_INT);
-    $mode = optional_param('mode');
+    $mode = optional_param('mode', '', PARAM_ACTION);
 
     admin_externalpage_setup('managemodules'); // this is hacky, tehre should be a special hidden page for it
 

diff --git a/mod/hotpot/view.php b/mod/hotpot/view.php
index 4e3875fb5ac018dadbdfe98302e1f249c493dc6e..593761530e931a473a425e0d6faf0d3dc1e96063 100644 (file)
--- a/mod/hotpot/view.php
+++ b/mod/hotpot/view.php
@@ -49,7 +49,7 @@
     $button = '<div style="font-size:0.75em;">'.$button.'</div>';
     $loggedinas = '<span class="logininfo">'.user_login_string($course, $USER).'</span>';
     $time = time();
-    $hppassword = optional_param('hppassword', '');
+    $hppassword = optional_param('hppassword', '', PARAM_RAW);
     if (HOTPOT_FIRST_ATTEMPT && !has_capability('mod/hotpot:grade', $context)) {
         // check this quiz is available to this student
         // error message, if quiz is unavailable

diff --git a/mod/lesson/action/continue.php b/mod/lesson/action/continue.php
index ba84035d50c8c297863ef7ae2c12d6561dcd0c02..044404aa5ed00c9a07ec7e0967a63b95fbc3c9b6 100644 (file)
--- a/mod/lesson/action/continue.php
+++ b/mod/lesson/action/continue.php
@@ -445,7 +445,7 @@
             $newpageid = 0;
 
             if (isset($_POST['answer'])) {
-                $useranswer = (float) optional_param('answer');  // just doing default PARAM_CLEAN, not doing PARAM_INT because it could be a float
+                $useranswer = (float) optional_param('answer', 0, PARAM_RAW);  // just doing default PARAM_RAW, not doing PARAM_INT because it could be a float
             } else {
                 $noanswer = true;
                 break;

diff --git a/mod/wiki/ewiki/ewiki.php b/mod/wiki/ewiki/ewiki.php
index 6e4a5a967e85a55d86def365ea2849ca3b77f023..8618ebf41ae74d4b6af2de0533756b9ddf19be27 100644 (file)
--- a/mod/wiki/ewiki/ewiki.php
+++ b/mod/wiki/ewiki/ewiki.php
@@ -735,7 +735,7 @@ function ewiki_page_view($id, &$data, $action, $all=1) {
    global $ewiki_plugins, $ewiki_config;
    $o = "";
 
-   $thanks = optional_param('thankyou', '');
+   $thanks = optional_param('thankyou', '', PARAM_CLEAN);
 
    #-- render requested wiki page  <-- goal !!!
    $render_args = array(
@@ -762,7 +762,7 @@ function ewiki_page_view($id, &$data, $action, $all=1) {
       foreach ($pf_a as $n => $pf) { $pf($o, $id, $data, $action); }
    }
 
-   if (!empty($thankyou) && $ewiki_config["edit_thank_you"]) {
+   if (!empty($thanks) && $ewiki_config["edit_thank_you"]) {
       $o = ewiki_t("THANKSFORCONTRIBUTION") . $o;
    }
 
@@ -1104,7 +1104,7 @@ function ewiki_page_search($id, &$data, $action) {
 
    global $CFG;
 
-   $q = optional_param('q', '');
+   $q = optional_param('q', '', PARAM_CLEAN);
    $o = ewiki_make_title($id, $id, 2, $action);
 
    if ($q == '') {
@@ -1367,10 +1367,10 @@ function ewiki_page_edit($id, $data, $action) {
 
    global $ewiki_links, $ewiki_author, $ewiki_plugins, $ewiki_ring, $ewiki_errmsg;
 
-   $content = optional_param('content', '');
-   $version = optional_param('version', '');
-   $preview = optional_param('preview', false);
-   $save    = optional_param('save', false);
+   $content = optional_param('content', '', PARAM_CLEAN);
+   $version = optional_param('version', '', PARAM_CLEAN);
+   $preview = optional_param('preview', false, PARAM_BOOL);
+   $save    = optional_param('save', false, PARAM_BOOL);
    
    $hidden_postdata = array();
 

diff --git a/mod/wiki/ewiki/plugins/init.php b/mod/wiki/ewiki/plugins/init.php
index 3d47b52d144b3c91b7a36674f841d8d225904d35..323320c271f7b356411ae1deeac2c8f8e68f3da5 100644 (file)
--- a/mod/wiki/ewiki/plugins/init.php
+++ b/mod/wiki/ewiki/plugins/init.php
@@ -27,7 +27,7 @@ function ewiki_initialization_wizard($id, &$data, &$action) {
    global $ewiki_plugins;
 
    $abort = optional_param('abort', false);
-   $init  = optional_param('init', '');
+   $init  = optional_param('init', '', PARAM_BOOL);
 
    #-- proceed only if frontpage missing or explicetely requested
    if ((strtolower($id)=="wikisetupwizard") || ($id==EWIKI_PAGE_INDEX) && ($action=="edit") && empty($data["version"]) && !($abort)) {

diff --git a/mod/wiki/ewiki/plugins/moodle/downloads.php b/mod/wiki/ewiki/plugins/moodle/downloads.php
index 16a2440f7ef1ca767e38568a3c6b260b70db28a7..03a566adddb900d3af9832ab2b5642a3b0cebdc6 100644 (file)
--- a/mod/wiki/ewiki/plugins/moodle/downloads.php
+++ b/mod/wiki/ewiki/plugins/moodle/downloads.php
@@ -116,7 +116,7 @@ function ewiki_page_fileupload($id, $data, $action, $def_sec="") {
       }
       if (count($ewiki_upload_sections) > 1) {
          if (empty($def_sec)) {
-            $def_sec = optional_param('section', '');
+            $def_sec = optional_param('section', '', PARAM_CLEAN);
          }
          $o .= '<b>'.ewiki_t("UPL_INSECT").'</b><br /><select name="section">';
          foreach ($ewiki_upload_sections as $id => $title) {
@@ -198,13 +198,13 @@ function ewiki_page_filedownload($id, $data, $action, $def_sec="") {
 
 
    #-- params (section, orderby)
-   $orderby = optional_param('orderby', 'created');
+   $orderby = optional_param('orderby', 'created', PARAM_ALPHA);
 
    if ($def_sec) {
       $section = $def_sec;
    }
    else {
-      $section = optional_param('section', '');
+      $section = optional_param('section', '', PARAM_CLEAN);
       if (count($ewiki_upload_sections) > 1) {
          $oa = array();
          $ewiki_upload_sections["*"] = "*";

diff --git a/mod/wiki/ewiki/plugins/moodle/moodle_wikidump.php b/mod/wiki/ewiki/plugins/moodle/moodle_wikidump.php
index 8f60d31a7554a2c4cce52d3f976f55dbd1d4b3be..86fe117a750a8a10d8c25aaf0eece0716fe6b594 100644 (file)
--- a/mod/wiki/ewiki/plugins/moodle/moodle_wikidump.php
+++ b/mod/wiki/ewiki/plugins/moodle/moodle_wikidump.php
@@ -44,7 +44,7 @@ function moodle_ewiki_page_wiki_dump($id=0, $data=0, $action=0) {
   global $userid, $groupid, $cm, $wikipage, $wiki, $course, $CFG, $OUTPUT;
   #-- return legacy page
   $cont = true;
-  $wikiexport = optional_param('wikiexport', '');
+  $wikiexport = optional_param('wikiexport', '', PARAM_BOOL);
   $binaries = optional_param("exportbinaries", null);
   $exportformatval = optional_param("exportformats", null);
   $withvirtualpages = optional_param("withvirtualpages", null);

diff --git a/mod/wiki/ewiki/plugins/notify.php b/mod/wiki/ewiki/plugins/notify.php
index 7e245b7b9da93e04d2d9f5f2cee89b2181d4e891..f8897a9f3ec25d1bf770036cb06a85d79f4fe6b9 100644 (file)
--- a/mod/wiki/ewiki/plugins/notify.php
+++ b/mod/wiki/ewiki/plugins/notify.php
@@ -73,7 +73,7 @@ function ewiki_notify_edit_hook($id, $data, &$hidden_postdata) {
 
    global $ewiki_t, $ewiki_plugins;
 
-   $content = optional_param('content', '');
+   $content = optional_param('content', '', PARAM_CLEAN);
    $ret_err = 0;
    $save = optional_param('save', false);
 

diff --git a/mod/wiki/ewiki/plugins/patchsaving.php b/mod/wiki/ewiki/plugins/patchsaving.php
index 6b1b0f53453d2724f80eda1277226ee49c8c7d1c..21286f458648071051724c5a1822bbbe254ab23c 100644 (file)
--- a/mod/wiki/ewiki/plugins/patchsaving.php
+++ b/mod/wiki/ewiki/plugins/patchsaving.php
@@ -19,8 +19,8 @@ if (function_exists("is_executable") && is_executable(EWIKI_BIN_PATCH) && is_exe
 
 function ewiki_edit_patch($id, &$data) {
 
-   $version = optional_param('version', null);
-   $content = optional_param('content', '');
+   $version = optional_param('version', null, PARAM_CLEAN);
+   $content = optional_param('content', '', PARAM_CLEAN);
 
    $r = false;
 

diff --git a/mod/wiki/view.php b/mod/wiki/view.php
index 7ae3a0e63094dc9f7e708cf7935a9f678f3b5e92..47ff58d2e96a554f573b8aa588c85ddf8e42bd5a 100644 (file)
--- a/mod/wiki/view.php
+++ b/mod/wiki/view.php
@@ -21,7 +21,7 @@
     $cacheme      = optional_param('allowcache', 1, PARAM_INT);          // Set this to 0 to try and disable page caching.
 
     // Only want to add edit log entries if we have made some changes ie submitted a form
-    $editsave = optional_param('thankyou', '');
+    $editsave = optional_param('thankyou', '', PARAM_RAW);
 
     if($page) {
         // Split page command into action and page

diff --git a/question/editlib.php b/question/editlib.php
index a51eae87c9e4a0825cef7e95a4996d1593fe7555..a43d7c66738d0c4ed9706674add1c3f7a022d9ec 100644 (file)
--- a/question/editlib.php
+++ b/question/editlib.php
@@ -1439,11 +1439,12 @@ class question_bank_view {
 
         if (optional_param('deleteselected', false, PARAM_BOOL)) { // delete selected questions from the category
             if (($confirm = optional_param('confirm', '', PARAM_ALPHANUM)) and confirm_sesskey()) { // teacher has already confirmed the action
-                $deleteselected = required_param('deleteselected');
+                $deleteselected = required_param('deleteselected', PARAM_RAW);
                 if ($confirm == md5($deleteselected)) {
                     if ($questionlist = explode(',', $deleteselected)) {
                         // for each question either hide it if it is in use or delete it
                         foreach ($questionlist as $questionid) {
+                               $questionid = (int)$questionid;
                             question_require_capability_on($questionid, 'edit');
                             if ($DB->record_exists('quiz_question_instances', array('question' => $questionid))) {
                                 if (!$DB->set_field('question', 'hidden', 1, array('id' => $questionid))) {

diff --git a/user/view.php b/user/view.php
index 7bd1d04f01a1e55440f277c813ce4b82760517ee..631adbb6698ed4efb874b4524a30866f07003c0e 100644 (file)
--- a/user/view.php
+++ b/user/view.php
@@ -8,8 +8,8 @@
 
     $id      = optional_param('id',     0,      PARAM_INT);   // user id
     $course  = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)
-    $enable  = optional_param('enable', '');                  // enable email
-    $disable = optional_param('disable', '');                 // disable email
+    $enable  = optional_param('enable', 0, PARAM_BOOL);       // enable email
+    $disable = optional_param('disable', 0, PARAM_BOOL);      // disable email
 
     if (empty($id)) {         // See your own profile by default
         require_login();