MDL-14679 towards /admin conversion

diff --git a/admin/handlevirus.php b/admin/handlevirus.php
index 59464ea4c1b8a0853e9888312b05c320554ba0f8..b81faa4d0ff71b173963eea8ec6c3bd0dc7a1ff3 100644 (file)
--- a/admin/handlevirus.php
+++ b/admin/handlevirus.php
@@ -29,7 +29,7 @@ while(!feof($fd)) {
     $bits = explode('/',$file);
     $a->filename = $bits[count($bits)-1];
 
-    if (!$log = get_record("log","module","upload","info",$file,"action","upload")) {
+    if (!$log = $DB->get_record("log", array("module"=>"upload", "info"=>$file, "action"=>"upload"))) {
         $a->action = clam_handle_infected_file($file,0,false);
         clam_replace_infected_file($file);
         notify_admins_unknown($file,$a);

diff --git a/admin/modules.php b/admin/modules.php
index bb04cd85218abab27f459051b5b2581ee3a41fa1..a387847cce1879c50ff61d0afe9e189684a53132 100644 (file)
--- a/admin/modules.php
+++ b/admin/modules.php
@@ -33,43 +33,42 @@
 /// If data submitted, then process and store.
 
     if (!empty($hide) and confirm_sesskey()) {
-        if (!$module = get_record("modules", "name", $hide)) {
+        if (!$module = $DB->get_record("modules", array("name"=>$hide))) {
             print_error('moduledoesnotexist', 'error');
         }
-        set_field("modules", "visible", "0", "id", $module->id); // Hide main module
+        $DB->set_field("modules", "visible", "0", array("id"=>$module->id)); // Hide main module
         // Remember the visibility status in visibleold
         // and hide...
-        $sql = "UPDATE {$CFG->prefix}course_modules
-                SET visibleold=visible,
-                    visible=0
-                WHERE  module={$module->id}";
-        execute_sql($sql, false);
+        $sql = "UPDATE {course_modules}
+                   SET visibleold=visible, visible=0
+                 WHERE module=?";
+        $DB->execute($sql, array($module->id));
         // clear the course modinfo cache for courses
         // where we just deleted something
-        $sql = "UPDATE {$CFG->prefix}course
-                SET modinfo=''
-                WHERE id IN (SELECT DISTINCT course
-                             FROM {$CFG->prefix}course_modules
-                             WHERE visibleold=1 AND module={$module->id})";
-        execute_sql($sql, false);
+        $sql = "UPDATE {course}
+                   SET modinfo=''
+                 WHERE id IN (SELECT DISTINCT course
+                                FROM {course_modules}
+                               WHERE visibleold=1 AND module=?)";
+        $DB->execute($sql, array($module->id));
         admin_get_root(true, false);  // settings not required - only pages
     }
 
     if (!empty($show) and confirm_sesskey()) {
-        if (!$module = get_record("modules", "name", $show)) {
+        if (!$module = $DB->get_record("modules", array("name"=>$show))) {
             print_error('moduledoesnotexist', 'error');
         }
-        set_field("modules", "visible", "1", "id", $module->id); // Show main module
-        set_field('course_modules', 'visible', '1', 'visibleold',
-                  '1', 'module', $module->id); // Get the previous saved visible state for the course module.
+        $DB->set_field("modules", "visible", "1", array("id"=>$module->id)); // Show main module
+        $DB->set_field('course_modules', 'visible', '1', 'visibleold',
+                  '1', array('module'=>$module->id)); // Get the previous saved visible state for the course module.
         // clear the course modinfo cache for courses
         // where we just made something visible
-        $sql = "UPDATE {$CFG->prefix}course
-                SET modinfo=''
-                WHERE id IN (SELECT DISTINCT course
-                             FROM {$CFG->prefix}course_modules
-                             WHERE visible=1 AND module={$module->id})";
-        execute_sql($sql, false);
+        $sql = "UPDATE {course}
+                   SET modinfo = ''
+                 WHERE id IN (SELECT DISTINCT course
+                                FROM {course_modules}
+                               WHERE visible=1 AND module=?)";
+        $DB->execute($sql, array($module->id));
         admin_get_root(true, false);  // settings not required - only pages
     }
 
@@ -92,12 +91,12 @@
                 print_error("cannotdeleteforummudule", 'forum');
             }
 
-            if (!$module = get_record("modules", "name", $delete)) {
+            if (!$module = $DB->get_record("modules", array("name"=>$delete))) {
                 print_error('moduledoesnotexist', 'error');
             }
 
             // OK, first delete all the relevant instances from all course sections
-            if ($coursemods = get_records("course_modules", "module", $module->id)) {
+            if ($coursemods = $DB->get_records("course_modules", array("module"=>$module->id))) {
                 foreach ($coursemods as $coursemod) {
                     if (! delete_mod_from_section($coursemod->id, $coursemod->section)) {
                         notify("Could not delete the $strmodulename with id = $coursemod->id from section $coursemod->section");
@@ -106,41 +105,41 @@
             }
 
             // delete calendar events
-            if (!delete_records("event", "modulename", $delete)) {
+            if (!$DB->delete_records("event", array("modulename"=>$delete))) {
                 notify("Error occurred while deleting all $strmodulename records in calendar event table");
             }
 
             // clear course.modinfo for courses
             // that used this module...
-            $sql = "UPDATE {$CFG->prefix}course
-                    SET modinfo=''
-                    WHERE id IN (SELECT DISTINCT course
-                                 FROM {$CFG->prefix}course_modules
-                                 WHERE module={$module->id})";
-            execute_sql($sql, false);
+            $sql = "UPDATE {course}
+                       SET modinfo=''
+                     WHERE id IN (SELECT DISTINCT course
+                                    FROM {course_modules}
+                                   WHERE module=?)";
+            $DB->execute_sql($sql, array($module->id));
 
             // Now delete all the course module records
-            if (!delete_records("course_modules", "module", $module->id)) {
+            if (!$DB->delete_records("course_modules", array("module"=>$module->id))) {
                 notify("Error occurred while deleting all $strmodulename records in course_modules table");
             }
 
             // Then delete all the logs
-            if (!delete_records("log", "module", $module->name)) {
+            if (!$DB->delete_records("log", array("module"=>$module->name))) {
                 notify("Error occurred while deleting all $strmodulename records in log table");
             }
 
             // And log_display information
-            if (!delete_records("log_display", "module", $module->name)) {
+            if (!$DB->delete_records("log_display", array("module"=>$module->name))) {
                 notify("Error occurred while deleting all $strmodulename records in log_display table");
             }
 
             // And the module entry itself
-            if (!delete_records("modules", "name", $module->name)) {
+            if (!$DB->delete_records("modules", array("name"=>$module->name))) {
                 notify("Error occurred while deleting the $strmodulename record from modules table");
             }
 
             // And the module configuration records
-            if (!execute_sql("DELETE FROM {$CFG->prefix}config WHERE name LIKE '{$module->name}_%'")) {
+            if (!$DB->execute("DELETE FROM {config} WHERE name LIKE ?", array("{$module->name}_%"))) {
                 notify("Error occurred while deleting the $strmodulename records from the config table");
             }
 
@@ -179,7 +178,7 @@
 
 /// Get and sort the existing modules
 
-    if (!$modules = get_records("modules")) {
+    if (!$modules = $DB->get_records("modules")) {
         print_error('moduledoesnotexist', 'error');
     }
 
@@ -218,7 +217,7 @@
             $settings = "";
         }
 
-        $count = count_records_select("$module->name",'course<>0');
+        $count = $DB->count_records_select($module->name, "course<>0");
         if ($count>0) {
             $countlink = "<a href=\"{$CFG->wwwroot}/course/search.php?modulelist=$module->name" .
                 "&amp;sesskey={$USER->sesskey}\" title=\"$strshowmodulecourse\">$count</a>";

diff --git a/admin/roles/assign.php b/admin/roles/assign.php
index 7f4b19ad2a0b6ea974c273ce9d6d90f91fd9b966..523b8a36e40e44ea35cf774ef7079e7b3f946e17 100755 (executable)
--- a/admin/roles/assign.php
+++ b/admin/roles/assign.php
@@ -304,7 +304,7 @@
              * get_users_by_capability() because                                    *
              * 1) get_users_by_capability() does not deal with searching by name    *
              * 2) exceptions array can be potentially large for large courses       *
-             * 3) get_recordset_sql() is more efficient                             *
+             * 3) $DB->get_recordset_sql() is more efficient                        *
              *                                                                      *
              ************************************************************************/
 

diff --git a/admin/roles/override.php b/admin/roles/override.php
index 237fa9d3a9040d385daffe03fa2c37a6b45434ae..a2e3641b17578503cc642bd7d164e943f6ed29a7 100755 (executable)
--- a/admin/roles/override.php
+++ b/admin/roles/override.php
@@ -8,7 +8,7 @@
     $courseid  = optional_param('courseid', 0, PARAM_INT); // needed for user tabs
     $cancel    = optional_param('cancel', 0, PARAM_BOOL);
 
-    if (!$context = get_record('context', 'id', $contextid)) {
+    if (!$context = $DB->get_record('context', array('id'=>$contextid))) {
         print_error('wrongcontextid', 'error');
     }
 

diff --git a/admin/uploadpicture.php b/admin/uploadpicture.php
index 54aace9d457257092f6db5ec9151b7f5fd446b96..be1102ed72b99242e43388cea09a4212aa50db1e 100644 (file)
--- a/admin/uploadpicture.php
+++ b/admin/uploadpicture.php
@@ -62,7 +62,7 @@ admin_externalpage_print_header();
 print_heading_with_help($struploadpictures, 'uploadpictures');
 
 $mform = new admin_uploadpicture_form();
-if ($formdata = $mform->get_data()) {
+if ($formdata = $mform->get_data(false)) {
     if (!array_key_exists($userfield, $userfields)) {
         notify(get_string('uploadpicture_baduserfield','admin'));
     } else {
@@ -115,8 +115,7 @@ if ($formdata = $mform->get_data()) {
                                                 strlen($basename) -
                                                 strlen($extension) - 1);
                             // userfield names are safe, so don't quote them.
-                            if (!($user = get_record('user', $userfields[$userfield],
-                                                     addslashes($uservalue)))) {
+                            if (!($user = $DB->get_record('user', array($userfields[$userfield], $uservalue)))) {
                                 $userserrors++;
                                 $a = new Object();
                                 $a->userfield = clean_param($userfields[$userfield], PARAM_CLEANHTML);
@@ -124,7 +123,7 @@ if ($formdata = $mform->get_data()) {
                                 notify(get_string('uploadpicture_usernotfound', 'admin', $a));
                                 continue;
                             }
-                            $haspicture = get_field('user', 'picture', 'id', $user->id);
+                            $haspicture = $DB->get_field('user', 'picture', array('id'=>$user->id));
                             if ($haspicture && !$overwritepicture) {
                                 notify(get_string('uploadpicture_userskipped', 'admin', $user->username));
                                 continue;

diff --git a/admin/user.php b/admin/user.php
index f02ca42f4880cc47326bdb5a308245aaee12c1ab..c19b1ae428d3d53e1fc348b1815efc981bcb2861 100644 (file)
--- a/admin/user.php
+++ b/admin/user.php
@@ -39,13 +39,13 @@
     admin_externalpage_print_header();
 
     if ($confirmuser and confirm_sesskey()) {
-        if (!$user = get_record('user', 'id', $confirmuser)) {
+        if (!$user = $DB->get_record('user', array('id'=>$confirmuser))) {
             print_error('nousers');
         }
 
         $auth = get_auth_plugin($user->auth);
 
-        $result = $auth->user_confirm(addslashes($user->username), addslashes($user->secret));
+        $result = $auth->user_confirm($user->username, $user->secret);
 
         if ($result == AUTH_CONFIRM_OK or $result == AUTH_CONFIRM_ALREADY) {
             notify(get_string('userconfirmed', '', fullname($user, true)) );
@@ -59,7 +59,7 @@
             print_error('nopermissions', 'error', '', 'delete a user');
         }
 
-        if (!$user = get_record('user', 'id', $delete)) {
+        if (!$user = $DB->get_record('user', array('id'=>$delete))) {
             print_error('nousers', 'error');
         }
 
@@ -86,7 +86,7 @@
             // TODO: this should be under a separate capability
             print_error('nopermissions', 'error', '', 'modify the NMET access control list');
         }
-        if (!$user = get_record('user', 'id', $acl)) {
+        if (!$user = $DB->get_record('user', array('id'=>$acl))) {
             print_error('nousers', 'error');
         }
         if (!is_mnet_remote_user($user)) {
@@ -96,22 +96,22 @@
         if ($accessctrl != 'allow' and $accessctrl != 'deny') {
             print_error('invalidaccessparameter', 'error');
         }
-        $aclrecord = get_record('mnet_sso_access_control', 'username', $user->username, 'mnet_host_id', $user->mnethostid);
+        $aclrecord = $DB->get_record('mnet_sso_access_control', array('username'=>$user->username, 'mnet_host_id'=>$user->mnethostid));
         if (empty($aclrecord)) {
             $aclrecord = new object();
             $aclrecord->mnet_host_id = $user->mnethostid;
             $aclrecord->username = $user->username;
             $aclrecord->accessctrl = $accessctrl;
-            if (!insert_record('mnet_sso_access_control', $aclrecord)) {
+            if (!$DB->insert_record('mnet_sso_access_control', $aclrecord)) {
                 print_error('dbnotinsert', 'debug', '', 'the MNET access control list');
             }
         } else {
             $aclrecord->accessctrl = $accessctrl;
-            if (!update_record('mnet_sso_access_control', $aclrecord)) {
+            if (!$DB->update_record('mnet_sso_access_control', $aclrecord)) {
                 print_error('dbnotupdate', 'debug', '', 'the MNET access control list');
             }
         }
-        $mnethosts = get_records('mnet_host', '', '', 'id', 'id,wwwroot,name');
+        $mnethosts = $DB->get_records('mnet_host', null, 'id', 'id,wwwroot,name');
         notify("MNET access control list updated: username '$user->username' from host '"
                 . $mnethosts[$user->mnethostid]->name
                 . "' access now set to '$accessctrl'.");
@@ -181,7 +181,7 @@
 
         $countries = get_list_of_countries();
         if (empty($mnethosts)) {
-            $mnethosts = get_records('mnet_host', '', '', 'id', 'id,wwwroot,name');
+            $mnethosts = $DB->get_records('mnet_host', null, 'id', 'id,wwwroot,name');
         }
 
         foreach ($users as $key => $user) {
@@ -239,7 +239,7 @@
             // for remote users, shuffle columns around and display MNET stuff
             if (is_mnet_remote_user($user)) {
                 $accessctrl = 'allow';
-                if ($acl = get_record('mnet_sso_access_control', 'username', $user->username, 'mnet_host_id', $user->mnethostid)) {
+                if ($acl = $DF->get_record('mnet_sso_access_control', array('username'=>$user->username, 'mnet_host_id'=>$user->mnethostid))) {
                     $accessctrl = $acl->accessctrl;
                 }
                 $changeaccessto = ($accessctrl == 'deny' ? 'allow' : 'deny');

diff --git a/auth/email/auth.php b/auth/email/auth.php
index 8109d6c81d0ef4e04929fcf3f9911b66b9f23da6..a67754ee30180804ee010f13ef0b26f525996412 100644 (file)
--- a/auth/email/auth.php
+++ b/auth/email/auth.php
@@ -116,10 +116,11 @@ class auth_plugin_email extends auth_plugin_base {
     /**
      * Confirm the new user as registered.
      *
-     * @param string $username (with system magic quotes)
-     * @param string $confirmsecret (with system magic quotes)
+     * @param string $username
+     * @param string $confirmsecret
      */
     function user_confirm($username, $confirmsecret) {
+        global $DB;
         $user = get_complete_user_data('username', $username);
 
         if (!empty($user)) {
@@ -129,11 +130,11 @@ class auth_plugin_email extends auth_plugin_base {
             } else if ($user->auth != 'email') {
                 return AUTH_CONFIRM_ERROR;
 
-            } else if ($user->secret == stripslashes($confirmsecret)) {   // They have provided the secret key to get in
-                if (!set_field("user", "confirmed", 1, "id", $user->id)) {
+            } else if ($user->secret == $confirmsecret) {   // They have provided the secret key to get in
+                if (!$DB->set_field("user", "confirmed", 1, array("id"=>$user->id))) {
                     return AUTH_CONFIRM_FAIL;
                 }
-                if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
+                if (!$DB->set_field("user", "firstaccess", time(), array("id"=>$user->id))) {
                     return AUTH_CONFIRM_FAIL;
                 }
                 return AUTH_CONFIRM_OK;

diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index 77d01971d075b4d9802cbf9fc30e8ec9accc4c4d..3334e27527dc36cf128178239dfd7868047778e0 100644 (file)
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -433,8 +433,8 @@ class auth_plugin_ldap extends auth_plugin_base {
     /**
      * Confirm the new user as registered.
      *
-     * @param string $username (with system magic quotes)
-     * @param string $confirmsecret (with system magic quotes)
+     * @param string $username
+     * @param string $confirmsecret
      */
     function user_confirm($username, $confirmsecret) {
         $user = get_complete_user_data('username', $username);
@@ -446,7 +446,7 @@ class auth_plugin_ldap extends auth_plugin_base {
             } else if ($user->auth != 'ldap') {
                 return AUTH_CONFIRM_ERROR;
 
-            } else if ($user->secret == stripslashes($confirmsecret)) {   // They have provided the secret key to get in
+            } else if ($user->secret == $confirmsecret) {   // They have provided the secret key to get in
                 if (!$this->user_activate($username)) {
                     return AUTH_CONFIRM_FAIL;
                 }

diff --git a/lib/authlib.php b/lib/authlib.php
index d076646d701915193475b3918f6300c14b526e38..5ea18ed3836876049d6cc763f33e72d5ca488bb8 100644 (file)
--- a/lib/authlib.php
+++ b/lib/authlib.php
@@ -215,8 +215,8 @@ class auth_plugin_base {
     /**
      * Confirm the new user as registered.
      *
-     * @param string $username (with system magic quotes)
-     * @param string $confirmsecret (with system magic quotes)
+     * @param string $username
+     * @param string $confirmsecret
      */
     function user_confirm($username, $confirmsecret) {
         //override when can confirm