From: dongsheng Date: Thu, 28 Aug 2008 02:23:09 +0000 (+0000) Subject: MDL-13766, verify data before return to browser. X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3023078fb29d544eb703ef6a36cb94a1c625d7be;p=moodle.git MDL-13766, verify data before return to browser. --- diff --git a/repository/lib.php b/repository/lib.php index f9399b84e3..6e45c7d9a9 100644 --- a/repository/lib.php +++ b/repository/lib.php @@ -199,26 +199,30 @@ abstract class repository { $params = (array)$params; require_once($CFG->dirroot . '/repository/'. $type . '/repository.class.php'); $classname = 'repository_' . $type; - $record = new stdclass; - $repo = $DB->get_record('repository', array('type'=>$type)); - $record->name = $params['name']; - $record->typeid = $repo->id; - $record->timecreated = time(); - $record->timemodified = time(); - $record->contextid = $context->id; - $record->userid = $userid; - $id = $DB->insert_record('repository_instances', $record); - if (call_user_func($classname . '::has_admin_config')) { - $configs = call_user_func($classname . '::get_option_names'); - $options = array(); - foreach ($configs as $config) { - $options[$config] = $params[$config]; + if ($repo = $DB->get_record('repository', array('type'=>$type))) { + $record = new stdclass; + $record->name = $params['name']; + $record->typeid = $repo->id; + $record->timecreated = time(); + $record->timemodified = time(); + $record->contextid = $context->id; + $record->userid = $userid; + $id = $DB->insert_record('repository_instances', $record); + if (call_user_func($classname . '::has_admin_config')) { + $configs = call_user_func($classname . '::get_option_names'); + $options = array(); + foreach ($configs as $config) { + $options[$config] = $params[$config]; + } + } + if (!empty($id)) { + unset($options['name']); + $instance = repository_instance($id); + $instance->set_option($options); + return $id; + } else { + return null; } - } - if (!empty($id)) { - $instance = repository_instance($id); - $instance->set_option($options); - return $id; } else { return null; } @@ -555,7 +559,11 @@ function move_to_filepool($path, $name, $itemid, $filearea = 'user_draft', $file $browser = get_file_browser(); if ($file = $fs->create_file_from_pathname($entry, $path)) { $ret = $browser->get_file_info($context, $file->get_filearea(), $file->get_itemid(), $file->get_filepath(), $file->get_filename()); - return array('url'=>$ret->get_url(),'id'=>$file->get_itemid()); + if(!empty($ret)){ + return array('url'=>$ret->get_url(),'id'=>$file->get_itemid()); + } else { + return null; + } } else { return null; } @@ -1172,7 +1180,11 @@ _client.dlfile = { panel.get('element').innerHTML = ret.e; return; } - repository_client_$suffix.end(ret); + if(ret){ + repository_client_$suffix.end(ret); + }else{ + alert('$strinvalidjson'); + } } } // request file list or login diff --git a/repository/ws.php b/repository/ws.php index 37edbe255e..89fa573ca9 100644 --- a/repository/ws.php +++ b/repository/ws.php @@ -24,8 +24,6 @@ $repo_id = optional_param('repo_id', 1, PARAM_INT); // what will happen if user use a fake ctx_id? // Think about using $SESSION save it $ctx_id = optional_param('ctx_id', SITEID, PARAM_INT); -$filearea = optional_param('filearea', 'user_draft', PARAM_RAW); -$filepath = optional_param('filepath', '/', PARAM_RAW); $userid = $USER->id; if(!$repository = repository_instance($repo_id)) @@ -73,7 +71,7 @@ if ($action == 'list' || $action == 'search') { $path = $repo->get_file($file, $title); $itemid = (int)substr(hexdec(uniqid()), 0, 9)+rand(1,100); try { - $info = move_to_filepool($path, $title, $itemid, $filearea, $filepath); + $info = move_to_filepool($path, $title, $itemid); if($env == 'form'){ echo json_encode($info['id']); } elseif($env == 'editor') {