page parameter cleanup

diff --git a/mod/choice/report.php b/mod/choice/report.php
index 22dd6bed117811d87cb7c8c5952e28a7608d56c6..4923e4c57dfa1645a26b664e84c14afec7e67a8d 100644 (file)
--- a/mod/choice/report.php
+++ b/mod/choice/report.php
@@ -3,11 +3,10 @@
     require_once("../../config.php");
     require_once("lib.php");
 
-    $id = required_param('id');   //moduleid
-
+    $id       = required_param('id', PARAM_INT);   //moduleid
     $format   = optional_param('format', CHOICE_PUBLISH_NAMES, PARAM_INT);
     $download = optional_param('download', '', PARAM_ALPHA);
-    $action = optional_param('action', '');
+    $action   = optional_param('action', '', PARAM_ALPHA);
 
     if (! $cm = get_record("course_modules", "id", $id)) {
         error("Course Module ID was incorrect");

diff --git a/mod/choice/view.php b/mod/choice/view.php
index 9c52c8ec205882a14446a9aac7515dfefaea0ff0..b9f06cf79152392328cc0014a3f0fa7fbdd255e7 100644 (file)
--- a/mod/choice/view.php
+++ b/mod/choice/view.php
@@ -3,8 +3,9 @@
     require_once("../../config.php");
     require_once("lib.php");
 
-    $id = required_param('id', PARAM_INT);    // Course Module ID
-    $action = optional_param('action', '');
+    $id         = required_param('id', PARAM_INT);                 // Course Module ID
+    $action     = optional_param('action', '', PARAM_ALPHA);
+    $attemptids = optional_param('attemptid', array(), PARAM_INT); // array of attempt ids for delete action
     
     if (! $cm = get_record("course_modules", "id", $id)) {
         error("Course Module ID was incorrect");
@@ -32,7 +33,6 @@
 
         if (isteacher($course->id, $USER->id)) {
             if ($action == 'delete') { //some responses need to be deleted     
-                $attemptids = isset($_POST['attemptid']) ? $_POST['attemptid'] : array(); //get array of repsonses to delete.
                 choice_delete_responses($attemptids); //delete responses.
                 redirect("view.php?id=$cm->id");
             }