From: stronk7 Date: Tue, 29 Aug 2006 23:33:55 +0000 (+0000) Subject: relative+cleaned paths X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=2a05e8257155db7f6db79ef2a2d15c426f8a4b9b;p=moodle.git relative+cleaned paths --- diff --git a/admin/xmldb/actions/delete_field/delete_field.class.php b/admin/xmldb/actions/delete_field/delete_field.class.php index b7b7ba5e3b..409d1073d2 100644 --- a/admin/xmldb/actions/delete_field/delete_field.class.php +++ b/admin/xmldb/actions/delete_field/delete_field.class.php @@ -63,8 +63,8 @@ class delete_field extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); $tableparam = required_param('table', PARAM_CLEAN); $fieldparam = required_param('field', PARAM_CLEAN); @@ -77,11 +77,11 @@ class delete_field extends XMLDBAction { $o.= '

' . $this->str['confirmdeletefield'] . '

' . $fieldparam . '

'; $o.= ' '; $o.= '
'; $o.= '
'; - $o.= '
'; + $o.= ' '; $o.= '
'; $o.= ' 		'; $o.= '
'; - $o.= '
'; + $o.= ' '; $o.= '
'; $o.= '
'; diff --git a/admin/xmldb/actions/edit_field/edit_field.class.php b/admin/xmldb/actions/edit_field/edit_field.class.php index f21f4b690a..a257436c92 100644 --- a/admin/xmldb/actions/edit_field/edit_field.class.php +++ b/admin/xmldb/actions/edit_field/edit_field.class.php @@ -65,8 +65,8 @@ class edit_field extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { @@ -99,7 +99,7 @@ class edit_field extends XMLDBAction { /// Add the main form $o = '
'; - $o.= ' '; + $o.= ' '; $o.= ' '; $o.= ' '; $o.= ' '; @@ -175,18 +175,18 @@ class edit_field extends XMLDBAction { $b = '

'; /// The view original XML button if ($table->getField($fieldparam)) { - $b .= ' [' . $this->str['vieworiginal'] . ']'; + $b .= ' [' . $this->str['vieworiginal'] . ']'; } else { $b .= ' [' . $this->str['vieworiginal'] . ']'; } /// The view edited XML button if ($field->hasChanged()) { - $b .= ' [' . $this->str['viewedited'] . ']'; + $b .= ' [' . $this->str['viewedited'] . ']'; } else { $b .= ' [' . $this->str['viewedited'] . ']'; } /// The back to edit table button - $b .= ' [' . $this->str['back'] . ']'; + $b .= ' [' . $this->str['back'] . ']'; $b .= '

'; $o .= $b; diff --git a/admin/xmldb/actions/edit_table_save/edit_table_save.class.php b/admin/xmldb/actions/edit_table_save/edit_table_save.class.php index 5ce2705ad2..ca7698308b 100644 --- a/admin/xmldb/actions/edit_table_save/edit_table_save.class.php +++ b/admin/xmldb/actions/edit_table_save/edit_table_save.class.php @@ -65,6 +65,10 @@ class edit_table_save extends XMLDBAction { /// Do the job, setting result as needed + if (!data_submitted('nomatch')) { ///Basic prevention + error('Wrong action call'); + } + /// Get parameters $dirpath = required_param('dir', PARAM_PATH); $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); diff --git a/admin/xmldb/actions/move_updown_field/move_updown_field.class.php b/admin/xmldb/actions/move_updown_field/move_updown_field.class.php index 1355109e4e..a66a3fb413 100644 --- a/admin/xmldb/actions/move_updown_field/move_updown_field.class.php +++ b/admin/xmldb/actions/move_updown_field/move_updown_field.class.php @@ -61,8 +61,8 @@ class move_updown_field extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_field/new_field.class.php b/admin/xmldb/actions/new_field/new_field.class.php index 32376799af..d4b8425207 100644 --- a/admin/xmldb/actions/new_field/new_field.class.php +++ b/admin/xmldb/actions/new_field/new_field.class.php @@ -61,8 +61,8 @@ class new_field extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/view_field_xml/view_field_xml.class.php b/admin/xmldb/actions/view_field_xml/view_field_xml.class.php index 34e0f13628..0fbba22f0e 100644 --- a/admin/xmldb/actions/view_field_xml/view_field_xml.class.php +++ b/admin/xmldb/actions/view_field_xml/view_field_xml.class.php @@ -61,12 +61,12 @@ class view_field_xml extends XMLDBAction { /// Do the job, setting result as needed /// Get the file parameter - $field = required_param('field', PARAM_CLEAN); - $table = required_param('table', PARAM_CLEAN); + $field = required_param('field', PARAM_PATH); + $table = required_param('table', PARAM_PATH); $select = required_param('select', PARAM_ALPHA); //original/edited /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the correct dir if ($select == 'original') { diff --git a/admin/xmldb/actions/view_table_sql/view_table_sql.class.php b/admin/xmldb/actions/view_table_sql/view_table_sql.class.php index f6c8896f6d..cb6de34e75 100644 --- a/admin/xmldb/actions/view_table_sql/view_table_sql.class.php +++ b/admin/xmldb/actions/view_table_sql/view_table_sql.class.php @@ -62,8 +62,8 @@ class view_table_sql extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { @@ -78,12 +78,12 @@ class view_table_sql extends XMLDBAction { /// ADD YOUR CODE HERE /// Get parameters - $tableparam = required_param('table', PARAM_CLEAN); + $tableparam = required_param('table', PARAM_PATH); if (!$table =& $structure->getTable($tableparam)) { $this->errormsg = 'Wrong table specified: ' . $tableparm; return false; } - $generatorparam = optional_param('generator', null, PARAM_CLEAN); + $generatorparam = optional_param('generator', null, PARAM_ALPHANUM); if (empty($generatorparam)) { $generatorparam = $CFG->dbtype; } @@ -101,7 +101,7 @@ class view_table_sql extends XMLDBAction { /// The back to edit table button $b = '

'; - $b .= '[' . $this->str['back'] . ']'; + $b .= '[' . $this->str['back'] . ']'; $b .= '

'; $o = $b; @@ -109,7 +109,7 @@ class view_table_sql extends XMLDBAction { $o.= ' ' . $this->str['selectdb']; /// Show the popup of generators - $url = 'index.php?action=view_table_sql&table=' . $tableparam . '&dir=' . urlencode($dirpath) . '&generator='; + $url = 'index.php?action=view_table_sql&table=' . $tableparam . '&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&generator='; $o.= popup_form($url, $generators, 'selectgenerator', $generatorparam, '', '', '' , true); $o.= ' '; $o.= '