// they are somehow not returned with get_data()
// if ($formdata = $mform2->get_data()) {
if (($formdata = data_submitted()) && !empty($formdata->map)) {
-
+
// if mapping informatioin is supplied
foreach ($formdata->maps as $i=>$header) {
- $map[$header] = $formdata->mapping[$i];
- }
+ // either "new" or existing ids, clean using alphanum
+ $map[clean_param($header, PARAM_RAW)] = clean_param($formdata->mapping[clean_param($i, PARAM_INT)], PARAM_ALPHANUM);
+ }
- $map[$formdata->mapfrom] = $formdata->mapto;
+ $map[clean_param($formdata->mapfrom, PARAM_RAW)] = clean_param($formdata->mapto, PARAM_RAW);
// temporary file name supplied by form
- $filename = $CFG->dataroot.'/temp/'.$formdata->filename;
+ $filename = $CFG->dataroot.'/temp/'.clean_param($formdata->filename, PARAM_FILE);
// Large files are likely to take their time and memory. Let PHP know
// that we'll take longer, and that the process should be recycled soon
$importcode = time();
// --- get header (field names) ---
- $header = split($csv_delimiter, fgets($fp,1024));
+ $header = split($csv_delimiter, clean_param(fgets($fp,1024), PARAM_RAW));
foreach ($header as $i => $h) {
$h = trim($h); $header[$i] = $h; // remove whitespace
// each line is a student record
foreach ($line as $key => $value) {
//decode encoded commas
+ $value = clean_param($value, PARAM_RAW);
$value = preg_replace($csv_encode,$csv_delimiter2,trim($value));
-
+
switch ($map[$header[$key]]) {
case 'userid': //
if (!$user = get_record('user','id', $value)) {
$fp = fopen($filename, "r");
// --- get header (field names) ---
- $header = split($csv_delimiter, fgets($fp,1024));
+ $header = split($csv_delimiter, clean_param(fgets($fp,1024), PARAM_RAW));
// print some preview
$numlines = 0; // 0 preview lines displayed
echo '<table>';
echo '<tr>';
foreach ($header as $h) {
+ $h = clean_param($h, PARAM_RAW);
echo '<th>'.$h.'</th>';
}
echo '</tr>';
$lines = split($csv_delimiter, fgets($fp,1024));
echo '<tr>';
foreach ($lines as $line) {
- echo '<td>'.$line.'</td>';;
+ echo '<td>'.clean_param($line, PARAM_RAW).'</td>';;
}
$numlines ++;
echo '</tr>';
// course id needs to be passed for auth purposes
$mform->addElement('hidden', 'id', optional_param('id'));
+ $mform->setType('id', PARAM_INT);
$mform->addElement('header', 'general', get_string('importfile', 'grades'));
// file upload
$mform->addElement('file', 'userfile', get_string('file'));
+ $mform->setType('userfile', PARAM_FILE);
$mform->addRule('userfile', null, 'required');
$textlib = new textlib();
$encodings = $textlib->get_encodings();
$options = array('10'=>10, '20'=>20, '100'=>100, '1000'=>1000, '100000'=>100000);
$mform->addElement('select', 'previewrows', 'Preview rows', $options); // TODO: localize
+ $mform->setType('previewrows', PARAM_INT);
$this->add_action_buttons(false, get_string('uploadgrades', 'grades'));
}
include_once($CFG->libdir.'/gradelib.php');
if ($id) {
- if ($grade_items = grade_grades::fetch_all(array('courseid'=>$id))) {
+ if ($grade_items = grade_item::fetch_all(array('courseid'=>$id))) {
foreach ($grade_items as $grade_item) {
$gradeitems[$grade_item->idnumber] = $grade_item->itemname;
}
// course id needs to be passed for auth purposes
$mform->addElement('hidden', 'map', 1);
+ $mform->setType('map', PARAM_INT);
$mform->addElement('hidden', 'id', optional_param('id'));
+ $mform->setType('id', PARAM_INT);
//echo '<input name="filename" value='.$newfilename.' type="hidden" />';
$mform->addElement('hidden', 'filename', $newfilename);
-
+ $mform->setType('filename', PARAM_FILE);
$this->add_action_buttons(false, get_string('uploadgrades', 'grades'));
}
projects / moodle.git / commitdiff