From: stronk7 <stronk7>
Date: Tue, 29 Aug 2006 22:17:25 +0000 (+0000)
Subject: relative+cleaned paths
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=115a73653a60cdd21ff64e00bf05b5002805c21b;p=moodle.git

relative+cleaned paths
---

diff --git a/admin/xmldb/actions/new_statement/new_statement.class.php b/admin/xmldb/actions/new_statement/new_statement.class.php
index 8dfc3137db..526d58d0ef 100644
--- a/admin/xmldb/actions/new_statement/new_statement.class.php
+++ b/admin/xmldb/actions/new_statement/new_statement.class.php
@@ -64,8 +64,8 @@ class new_statement extends XMLDBAction {
 
     /// Do the job, setting result as needed
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dirs
         if (!empty($XMLDB->dbdirs)) {
@@ -103,13 +103,13 @@ class new_statement extends XMLDBAction {
             }
         /// Now build the form
             $o = '<form id="form" action="index.php" method="post">';
-            $o.= '    <input type="hidden" name ="dir" value="' . $dirpath . '" />';
+            $o.= '    <input type="hidden" name ="dir" value="' . str_replace($CFG->dirroot, '', $dirpath) . '" />';
             $o.= '    <input type="hidden" name ="action" value="new_statement" />';
             $o.= '    <input type="hidden" name ="postaction" value="edit_statement" />';
             $o.= '    <table id="formelements" align="center" cellpadding="5">';
             $o.= '      <tr><td><label for="type" accesskey="t">' . $this->str['statementtype'] .' </label>' . choose_from_menu($typeoptions, 'type', '', 'choose', '', 0, true) . '<label for="table" accesskey="a">' . $this->str['statementtable'] . ' </label>' .choose_from_menu($selecttables, 'table', '', 'choose', '', 0, true) . '</td></tr>';
             $o.= '      <tr><td colspan="2" align="center"><input type="submit" value="' .$this->str['create'] . '" /></td></tr>';
-            $o.= '      <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a></td></tr>';
+            $o.= '      <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a></td></tr>';
             $o.= '    </table>';
             $o.= '</form>';
 
diff --git a/admin/xmldb/actions/new_table/new_table.class.php b/admin/xmldb/actions/new_table/new_table.class.php
index 98cabf8708..da7b342287 100644
--- a/admin/xmldb/actions/new_table/new_table.class.php
+++ b/admin/xmldb/actions/new_table/new_table.class.php
@@ -61,8 +61,8 @@ class new_table extends XMLDBAction {
 
     /// Do the job, setting result as needed
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dirs
         if (!empty($XMLDB->dbdirs)) {
diff --git a/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php b/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php
index 549a920c6e..162cb70f1f 100644
--- a/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php
+++ b/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php
@@ -64,8 +64,8 @@ class new_table_from_mysql extends XMLDBAction {
 
     /// Do the job, setting result as needed
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dirs
         if (!empty($XMLDB->dbdirs)) {
@@ -107,13 +107,13 @@ class new_table_from_mysql extends XMLDBAction {
             }
         /// Now build the form
             $o = '<form id="form" action="index.php" method="post">';
-            $o.= '    <input type="hidden" name ="dir" value="' . $dirpath . '" />';
+            $o.= '    <input type="hidden" name ="dir" value="' . str_replace($CFG->dirroot, '', $dirpath) . '" />';
             $o.= '    <input type="hidden" name ="action" value="new_table_from_mysql" />';
             $o.= '    <input type="hidden" name ="postaction" value="edit_table" />';
             $o.= '    <table id="formelements" align="center" cellpadding="5">';
             $o.= '      <tr><td><label for="table" accesskey="t">' . $this->str['createtable'] .' </label>' . choose_from_menu($selecttables, 'table', '', 'choose', '', 0, true) . '<label for="after" accesskey="a">' . $this->str['aftertable'] . ' </label>' .choose_from_menu($aftertables, 'after', '', 'choose', '', 0, true) . '</td></tr>';
             $o.= '      <tr><td colspan="2" align="center"><input type="submit" value="' .$this->str['create'] . '" /></td></tr>';
-            $o.= '      <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a></td></tr>';
+            $o.= '      <tr><td colspan="2" align="center"><a href="index.php?action=edit_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a></td></tr>';
             $o.= '    </table>';
             $o.= '</form>';
 
diff --git a/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php b/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php
index 81ad972b1c..36fbb8e753 100644
--- a/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php
+++ b/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php
@@ -62,8 +62,8 @@ class view_structure_sql extends XMLDBAction {
 
     /// Do the job, setting result as needed
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dirs
         if (!empty($XMLDB->dbdirs)) {
@@ -78,7 +78,7 @@ class view_structure_sql extends XMLDBAction {
     /// ADD YOUR CODE HERE
 
     /// Get parameters
-        $generatorparam = optional_param('generator', null, PARAM_CLEAN);
+        $generatorparam = optional_param('generator', null, PARAM_ALPHANUM);
         if (empty($generatorparam)) {
             $generatorparam = $CFG->dbtype;
         }
@@ -96,7 +96,7 @@ class view_structure_sql extends XMLDBAction {
 
         /// The back to edit table button
         $b = ' <p align="center" class="buttons">';
-        $b .= '<a href="index.php?action=edit_xml_file&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a>';
+        $b .= '<a href="index.php?action=edit_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a>';
         $b .= '</p>';
         $o = $b;
 
@@ -104,7 +104,7 @@ class view_structure_sql extends XMLDBAction {
         $o.= '      <tr><td align="center">' . $this->str['selectdb'];
 
     /// Show the popup of generators
-        $url = 'index.php?action=view_structure_sql&amp;dir=' . urlencode($dirpath) . '&amp;generator=';
+        $url = 'index.php?action=view_structure_sql&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&amp;generator=';
         $o.= popup_form($url, $generators, 'selectgenerator', $generatorparam, '', '', '' , true);
         $o.= '      </td></tr>';
         $o.= '      <tr><td><textarea cols="80" rows="32">';
diff --git a/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php b/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php
index d35e059b05..bdae8e3eb7 100644
--- a/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php
+++ b/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php
@@ -61,10 +61,10 @@ class view_structure_xml extends XMLDBAction {
     /// Do the job, setting result as needed
 
     /// Get the file parameter
-        $select = required_param('select', PARAM_ALPHAEXT); //original/edited
+        $select = required_param('select', PARAM_ALPHA); //original/edited
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dir
         if ($select == 'original') {
diff --git a/admin/xmldb/actions/view_xml/view_xml.class.php b/admin/xmldb/actions/view_xml/view_xml.class.php
index ea41484d8b..e1bd483e33 100644
--- a/admin/xmldb/actions/view_xml/view_xml.class.php
+++ b/admin/xmldb/actions/view_xml/view_xml.class.php
@@ -64,8 +64,8 @@ class view_xml extends XMLDBAction {
     /// Do the job, setting result as needed
 
     /// Get the file parameter
-        $file = required_param('file', PARAM_CLEAN);
-        $file = stripslashes_safe($file);
+        $file = required_param('file', PARAM_PATH);
+        $file = $CFG->dirroot . stripslashes_safe($file);
     /// File must be under $CFG->wwwroot and 
     ///  under one db directory (simple protection)
         if (substr($file, 0, strlen($CFG->dirroot)) == $CFG->dirroot &&

' . $this->str['statementtype'] .' ' . choose_from_menu($typeoptions, 'type', '', 'choose', '', 0, true) . '' . $this->str['statementtable'] . ' ' .choose_from_menu($selecttables, 'table', '', 'choose', '', 0, true) . '

[' . $this->str['back'] . ']
[' . $this->str['back'] . ']
' . $this->str['createtable'] .' ' . choose_from_menu($selecttables, 'table', '', 'choose', '', 0, true) . '' . $this->str['aftertable'] . ' ' .choose_from_menu($aftertables, 'after', '', 'choose', '', 0, true) . '

[' . $this->str['back'] . ']
[' . $this->str['back'] . ']