Fix to make it work without globals hack

diff --git a/question/question.php b/question/question.php
index c4be99a42843208bee87140a061608d3fd664953..5fbe26ced06d2d949e328c9d360fe284e2cf1ec0 100644 (file)
--- a/question/question.php
+++ b/question/question.php
@@ -83,7 +83,8 @@
     }
 
     if(!empty($id) && isset($_REQUEST['hide']) && confirm_sesskey()) {
-        if(!set_field('question', 'hidden', $_REQUEST['hide'], 'id', $id)) {
+        $hide = required_param('hide', PARAM_INT);
+        if(!set_field('question', 'hidden', $hide, 'id', $id)) {
             error("Faild to hide the question.");
         }
         redirect($SESSION->returnurl);
@@ -114,6 +115,7 @@
     print_header_simple("$streditingquestion", "", $strediting);
 
     if (isset($_REQUEST['delete'])) {
+        $delete = required_param('delete', PARAM_INT);
         if (isset($confirm) and confirm_sesskey()) {
             if ($confirm == md5($delete)) {
                 if (record_exists('quiz_question_instances', 'question', $question->id) or