require("lib.php");
require("locallib.php");
- $id = optional_param('id', 0, PARAM_INT); // Course Module ID
- $wid = optional_param('wid', 0, PARAM_INT); // Workshop ID
- $aid = optional_param('aid',0,PARAM_INT);
- $userid = optional_param('userid',0,PARAM_INT);
- $cid = optional_param('cid',0,PARAM_INT ); // comment id
- $sid = optional_param('sid',0,PARAM_INT); // submission id
- $action = required_param( 'action',PARAM_ALPHA );
- $elementno = optional_param( 'elementno',-1,PARAM_INT );
- $stockcommentid = optional_param( 'stockcommentid',0,PARAM_INT );
+ $action = required_param('action', PARAM_ALPHA);
+ $id = optional_param('id', 0, PARAM_INT); // Course Module ID
+ $wid = optional_param('wid', 0, PARAM_INT); // Workshop ID
+ $aid = optional_param('aid', 0, PARAM_INT);
+ $userid = optional_param('userid', 0, PARAM_INT);
+ $cid = optional_param('cid', 0, PARAM_INT ); // comment id
+ $sid = optional_param('sid', 0, PARAM_INT); // submission id
+ $elementno = optional_param('elementno', -1, PARAM_INT);
+ $stockcommentid = optional_param('stockcommentid', 0, PARAM_INT);
// get some useful stuff...
if ($id) {
print_heading_with_help(get_string("addacomment", "workshop"), "addingacomment", "workshop");
// get assessment record
- if (!$assessmentid = $_REQUEST['aid']) { // comes from link or hidden form variable
+ if (!$assessmentid = $aid) { // comes from link or hidden form variable
error("Assessment id not given");
}
$assessment = get_record("workshop_assessments", "id", $assessmentid);
<form name="commentform" action="assessments.php" method="post">
<input type="hidden" name="action" value="insertcomment" />
<input type="hidden" name="id" value="<?php echo $cm->id ?>" />
- <input type="hidden" name="aid" value="<?php echo $_REQUEST['aid'] ?>" />
+ <input type="hidden" name="aid" value="<?php echo $aid ?>" />
<center>
<table cellpadding="5" border="1">
<?php
unset($element);
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->{"feedback_$key"};
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
unset($element);
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->{"feedback_$key"};
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
unset($element);
$element->description = $description;
$element->workshopid = $workshop->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
if (isset($form->scale[$key])) {
$element->scale = $form->scale[$key];
switch ($WORKSHOP_SCALES[$form->scale[$key]]['type']) {
foreach ($form->maxscore as $key => $themaxscore) {
unset($element);
$element->workshopid = $workshop->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->maxscore = $themaxscore;
if (isset($form->description[$key])) {
$element->description = $form->description[$key];
foreach ($form->description as $key => $description) {
unset($element);
$element->workshopid = $workshop->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->description = $description;
$element->weight = $form->weight[$key];
for ($j=0;$j<5;$j++) {
unset($element);
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->{"feedback_$key"};
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
unset($element);
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->{"feedback_$key"};
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
unset($element);
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->{"feedback_$key"};
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
require("lib.php");
require("locallib.php");
- $id = required_param('id',PARAM_INT); // Course Module ID
- $action = optional_param('action','',PARAM_ALPHA);
- $sid = optional_param('sid',0,PARAM_INT); //submission id
- $order = optional_param('order','name',PARAM_ALPHA);
- $title = optional_param('title','',PARAM_CLEAN);
- $nentries = optional_param('nentries','',PARAM_ALPHANUM);
- $anonymous = optional_param('anonymous','',PARAM_CLEAN);
- $description = optional_param('description','',PARAM_CLEAN);
+ $id = required_param('id', PARAM_INT); // Course Module ID
+ $action = optional_param('action', '', PARAM_ALPHA);
+ $sid = optional_param('sid', 0, PARAM_INT); //submission id
+ $order = optional_param('order', 'name', PARAM_ALPHA);
+ $title = optional_param('title', '', PARAM_CLEAN);
+ $nentries = optional_param('nentries', '', PARAM_ALPHANUM);
+ $anonymous = optional_param('anonymous', '', PARAM_CLEAN);
+ $description = optional_param('description', '', PARAM_CLEAN);
$timenow = time();
require("lib.php");
require("locallib.php");
- $id = required_param('id',PARAM_INT); // CM ID
+ $id = required_param('id', PARAM_INT); // CM ID
if (! $cm = get_record("course_modules", "id", $id)) {
// get the current set of submissions
$submissions = workshop_get_user_submissions($workshop, $USER);
// add new submission record
- $newsubmission->workshopid = $workshop->id;
- $newsubmission->userid = $USER->id;
- $newsubmission->title = $title;
- $newsubmission->description = trim($form->description);
- $newsubmission->timecreated = $timenow;
+ $newsubmission->workshopid = $workshop->id;
+ $newsubmission->userid = $USER->id;
+ $newsubmission->title = clean_param($title, PARAM_CLEAN);
+ $newsubmission->description = trim(clean_param($form->description, PARAM_CLEAN));
+ $newsubmission->timecreated = $timenow;
if ($timenow > $workshop->submissionend) {
$newsubmission->late = 1;
}
projects / moodle.git / commitdiff