From: skodak <skodak>
Date: Fri, 26 May 2006 11:47:22 +0000 (+0000)
Subject: sanitize submitted numerical values; merged from MOODLE_16_STABLE
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=2042e021bed3cdb958d694f906f22a6818428087;p=moodle.git

sanitize submitted numerical values; merged from MOODLE_16_STABLE
---

diff --git a/mod/lesson/lib.php b/mod/lesson/lib.php
index 9b028be215..a6d11420a8 100644
--- a/mod/lesson/lib.php
+++ b/mod/lesson/lib.php
@@ -43,12 +43,20 @@ function lesson_add_instance($lesson) {
     $conditions = new stdClass;
     $conditions->timespent = $lesson->timespent;
     $conditions->completed = $lesson->completed;
-    $conditions->gradebetterthan = $lesson->gradebetterthan;
+    $conditions->gradebetterthan = clean_param($lesson->gradebetterthan, PARAM_INT);
     $lesson->conditions = addslashes(serialize($conditions));
     unset($lesson->timespent);
     unset($lesson->completed);
     unset($lesson->gradebetterthan);
-    
+
+    // sanitize given values a bit
+    $lesson->maxtime = clean_param($lesson->maxtime, PARAM_INT);
+    $lesson->width = clean_param($lesson->width, PARAM_INT);
+    $lesson->height = clean_param($lesson->height, PARAM_INT);
+    $lesson->mediawidth = clean_param($lesson->mediawidth, PARAM_INT);
+    $lesson->mediaheight = clean_param($lesson->mediaheight, PARAM_INT);
+    $lesson->maxhighscores = clean_param($lesson->maxhighscores, PARAM_INT);
+
     if (!empty($lesson->password)) {
         $lesson->password = md5($lesson->password);
     } else {