$form->students = get_string("defaultcoursestudents");
}
}
+ } else {
+ $form = stripslashes_safe($form);
}
+ // !! no db access using data from $form beyond this point !!
+
$form->categories = get_records_select_menu("course_categories", "", "name", "id,name");
$courseformats = get_list_of_plugins("course/format");
</tr>
</table>
<input type="hidden" name="id" value="<?php echo $form->id ?>" />
-<input type="hidden" name="sesskey" value="<?php echo $form->sesskey ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="submit" value="<?php print_string("savechanges") ?>" />
</form>
</center>
if (empty($form)) {
$form = $section;
+ } else {
+ $form = stripslashes_safe($form);
}
- $form->sesskey = !empty($USER->id) ? $USER->sesskey : '';
+ // !! no db access using data from $form beyond this point !!
$usehtmleditor = can_use_html_editor();
<input type="hidden" name="group" value="<?php p($group->id) ?>" />
<input type="hidden" name="id" value="<?php p($course->id) ?>" />
-<input type="hidden" name="sesskey" value="<?php p($sesskey) ?>" />
+<input type="hidden" name="sesskey" value="<?php sesskey() ?>" />
</form>
$usehtmleditor = false;
- $sesskey = !empty($USER->id) ? $USER->sesskey : '';
-
include('group-edit.html');
echo "</body></html>";
?>
</select>
<br />
- <input type="text" name="searchtext" size="30" value="<?php p($searchtext) ?>"
+ <input type="text" name="searchtext" size="30" value="<?php p($searchtext, true) ?>"
onFocus ="document.studentform.add.disabled=true;
document.studentform.remove.disabled=true;
document.studentform.removeselect.selectedIndex=-1;
if ($format == 'plain') {
$output = '<form name="coursesearch" action="'.$CFG->wwwroot.'/course/search.php" method="get">';
$output .= '<center><p align="center" class="coursesearchbox">';
- $output .= '<input type="text" size="30" name="search" alt="'.s($strsearchcourses).'" value="'.s($value).'" />';
+ $output .= '<input type="text" size="30" name="search" alt="'.s($strsearchcourses).'" value="'.s($value, true).'" />';
$output .= '<input type="submit" value="'.s($strsearchcourses).'" />';
$output .= '</p></center></form>';
} else if ($format == 'short') {
$output = '<form name="coursesearch" action="'.$CFG->wwwroot.'/course/search.php" method="get">';
$output .= '<center><p align="center" class="coursesearchbox">';
- $output .= '<input type="text" size="12" name="search" alt="'.s($strsearchcourses).'" value="'.s($value).'" />';
+ $output .= '<input type="text" size="12" name="search" alt="'.s($strsearchcourses).'" value="'.s($value, true).'" />';
$output .= '<input type="submit" value="'.s($strsearchcourses).'" />';
$output .= '</p></center></form>';
} else if ($format == 'navbar') {
$output = '<form name="coursesearch" action="'.$CFG->wwwroot.'/course/search.php" method="get">';
$output .= '<table border="0" cellpadding="0" cellspacing="0"><tr><td nowrap="nowrap">';
- $output .= '<input type="text" size="20" name="search" alt="'.s($strsearchcourses).'" value="'.s($value).'" />';
+ $output .= '<input type="text" size="20" name="search" alt="'.s($strsearchcourses).'" value="'.s($value, true).'" />';
$output .= '<input type="submit" value="'.s($strsearchcourses).'" />';
$output .= '</td></tr></table>';
$output .= '</form>';
}
print_footer();
exit;
+ } else {
+ $form = stripslashes_safe($form);
}
+
+ // !! no db access using data from $form beyond this point !!
}
// print_simple_box(get_string('courserequestintro'),'center');
print_header("$site->fullname : $strsearchresults", $site->fullname,
- "<a href=\"index.php\">$strcourses</a> -> <a href=\"search.php\">$strsearch</a> -> '".s($search)."'", "", "", "", $searchform);
+ "<a href=\"index.php\">$strcourses</a> -> <a href=\"search.php\">$strsearch</a> -> '".s($search, true)."'", "", "", "", $searchform);
$lastcategory = -1;
?>
</select>
<br />
- <input type="text" name="searchtext" size="30" value="<?php p($searchtext) ?>"
+ <input type="text" name="searchtext" size="30" value="<?php p($searchtext, true) ?>"
onFocus ="document.studentform.add.disabled=true;
document.studentform.remove.disabled=true;
document.studentform.removeselect.selectedIndex=-1;
} else {
if ($search != '') {
- echo "<p align=\"center\">($strsearchresults : ".s($search).")</p>";
+ echo "<p align=\"center\">($strsearchresults : ".s($search, true).")</p>";
}
if (!$users = get_users(true, $search, true, $teacherlist)) {
return "<form target=\"$CFG->framename\" method=\"get\" action=\"$CFG->wwwroot/course/search.php\">".
"<input type=\"hidden\" name=\"edit\" value=\"$edit\" />".
"<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />".
- "<input type=\"hidden\" name=\"search\" value=\"$search\" />".
+ "<input type=\"hidden\" name=\"search\" value=\"".s($search, true)."\" />".
"<input type=\"hidden\" name=\"page\" value=\"$page\" />".
"<input type=\"hidden\" name=\"perpage\" value=\"$perpage\" />".
- "<input type=\"submit\" value=\"$string\" /></form>";
+ "<input type=\"submit\" value=\"".s($string)."\" /></form>";
}
}
projects / moodle.git / commitdiff