From: toyomoyo Date: Mon, 13 Mar 2006 08:46:13 +0000 (+0000) Subject: _params and other cleaning, blogs might be broken X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=5c625033c0dd7b536265e40d5ae2fe78b181b9b7;p=moodle.git _params and other cleaning, blogs might be broken --- diff --git a/blog/edit.html b/blog/edit.html index 900a9a5f99..251d475e79 100755 --- a/blog/edit.html +++ b/blog/edit.html @@ -52,12 +52,12 @@ - Official Tags + - User Defined Tags + @@ -76,7 +76,7 @@ ?> - + '; } @@ -171,18 +171,12 @@ - groupid) ) { - print ''; - }*/ - ?> postid) && ($post->postid != -1) ) { - ?> +?>   diff --git a/blog/edit.php b/blog/edit.php index 94c4e0c16b..c2dc5037db 100755 --- a/blog/edit.php +++ b/blog/edit.php @@ -16,8 +16,8 @@ if (isguest()) { error(get_string('noguestpost', 'forum'), $referrer); } -$userid = optional_param('userid', 0); -$editid = optional_param('editid', ''); +$userid = optional_param('userid', 0, PARAM_INT); +$editid = optional_param('editid', 0, PARAM_INT); global $USER, $CFG; @@ -228,8 +228,9 @@ function do_save(&$post, &$bloginfo_arg) { // print 'Debug: created a new entry - entryId = '.$entryID.'
'; //debug // echo 'Debug: do_save() in edit.php calling blog_do_*back_pings
'."\n"; //debug - $otags = optional_param('otags'); - $ptags = optional_param('ptags'); + $otags = optional_param('otags','', PARAM_INT); + $ptags = optional_param('ptags','', PARAM_INT); + // Add tags information foreach ($otags as $otag) { $tag->entryid = $entryID; @@ -312,8 +313,8 @@ function do_update(&$post, &$bloginfo) { // echo 'Debug: do_update in edit.php calling do_pings
'."\n"; //debug delete_records('blog_tag_instance', 'entryid', $blogentry->entryId); - $otags = optional_param('otags'); - $ptags = optional_param('ptags'); + $otags = optional_param('otags','', PARAM_INT); + $ptags = optional_param('ptags','', PARAM_INT); // Add tags information foreach ($otags as $otag) { $tag->entryid = $blogentry->entryId; diff --git a/blog/header.php b/blog/header.php index 72b4d655fe..f4c30e6496 100755 --- a/blog/header.php +++ b/blog/header.php @@ -8,18 +8,12 @@ require_once($CFG->dirroot .'/blog/blogpage.php'); require_once($CFG->libdir .'/blocklib.php'); require_once($CFG->dirroot .'/course/lib.php'); -$blockaction = optional_param('blockaction'); +$blockaction = optional_param('blockaction','', PARAM_ALPHA); $instanceid = optional_param('instanceid', 0, PARAM_INT); $blockid = optional_param('blockid', 0, PARAM_INT); $groupid = optional_param('groupid', 0, PARAM_INT); $userid = optional_param('userid', 0, PARAM_INT); -$pageTitle = optional_param('pageTitle'); -$pageHeading = optional_param('pageHeading'/*$site->fullname*/); -$pageFocus = optional_param('pageFocus'); -$pageMeta = optional_param('pageMeta'); -$pageNavigation = optional_param('pageNavigation'); - if (!isset($courseid)) { $courseid = optional_param('courseid', SITEID, PARAM_INT); } @@ -134,7 +128,7 @@ switch ($filtertype) { ''.$course->shortname.' -> '.$participants.' -> '.fullname($user).' -> - '. "$blogstring -> $tagstring: $taginstance->text",'','',true,$PAGE->get_extra_header_string()); + '. "$blogstring -> $tagstring: $taginstance->text",'','',true,$PAGE->get_extra_header_string()); } else { print_header("$course->shortname: $blogstring", "$course->fullname", @@ -177,8 +171,8 @@ if ($PAGE->user_allowed_editing()) { } // Calculate the preferred width for left, right and center (both center positions will use the same) -$preferred_width_left = optional_param('preferred_width_left', blocks_preferred_width($pageblocks[BLOCK_POS_LEFT])); -$preferred_width_right = optional_param('preferred_width_right', blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT])); +$preferred_width_left = optional_param('preferred_width_left', blocks_preferred_width($pageblocks[BLOCK_POS_LEFT]), PARAM_INT); +$preferred_width_right = optional_param('preferred_width_right', blocks_preferred_width($pageblocks[BLOCK_POS_RIGHT]), PARAM_INT); $preferred_width_left = min($preferred_width_left, BLOCK_L_MAX_WIDTH); $preferred_width_left = max($preferred_width_left, BLOCK_L_MIN_WIDTH); $preferred_width_right = min($preferred_width_right, BLOCK_R_MAX_WIDTH); diff --git a/blog/index.php b/blog/index.php index 750c8a83fe..5b0b348043 100755 --- a/blog/index.php +++ b/blog/index.php @@ -15,20 +15,18 @@ require_once('../config.php'); require_once($CFG->dirroot .'/blog/lib.php'); require_once($CFG->libdir .'/blocklib.php'); -$id = optional_param('id'); -$limit = optional_param('limit'); -$formstart = optional_param('formstart', 'none'); -$m = optional_param('m', ''); //month -$y = optional_param('y', ''); //year -$d = optional_param('d', ''); //day -$limit = optional_param('limit', 'none'); -$formstart = optional_param('formstart', 'none'); +$id = optional_param('id', 0, PARAM_INT); +$limit = optional_param('limit', 0, PARAM_INT); +$formstart = optional_param('formstart', 'none', PARAM_ALPHA); +$m = optional_param('m', 0, PARAM_INT); //month +$y = optional_param('y', 0, PARAM_INT); //year +$d = optional_param('d', 0, PARAM_INT); //day $userid = optional_param('userid',0,PARAM_INT); $groupid = optional_param('groupid',0,PARAM_INT); $courseid = optional_param('courseid',0,PARAM_INT); -$tag = optional_param('tag'); -$tagid = optional_param('tagid'); +$tag = urldecode(optional_param('tag', '', PARAM_NOTAGS)); +$tagid = optional_param('tagid', 0, PARAM_INT); $filtertype = optional_param('filtertype', '', PARAM_ALPHA); $filterselect = optional_param('filterselect', 0, PARAM_INT); diff --git a/blog/lib.php b/blog/lib.php index 06ba4be105..06bbb30877 100755 --- a/blog/lib.php +++ b/blog/lib.php @@ -596,7 +596,7 @@ function blog_get_course_selection_popup($courseid='') { */ function blog_print_html_formatted_entries(&$blogFilter, $filtertype, $filterselect) { global $CFG, $USER; - $blogpage = optional_param('blogpage', 0); + $blogpage = optional_param('blogpage', 0, PARAM_INT); $bloglimit = get_user_preferences('blogpagesize',8); // expose as user pref when MyMoodle comes around // First let's see if the batchpublish form has submitted data diff --git a/blog/preferences.php b/blog/preferences.php index e7613137b7..d9823f9bd6 100755 --- a/blog/preferences.php +++ b/blog/preferences.php @@ -30,7 +30,7 @@ if ($post = data_submitted()) { print_header(); - set_user_preference('blogpagesize', optional_param('pagesize')); + set_user_preference('blogpagesize', optional_param('pagesize', 10, PARAM_INT)); redirect($referrer, get_string('changessaved'), 1); exit; diff --git a/blog/set_session_vars.php b/blog/set_session_vars.php index 8af24efecd..ea104fdf70 100644 --- a/blog/set_session_vars.php +++ b/blog/set_session_vars.php @@ -4,15 +4,15 @@ require_once('../config.php'); require_once('lib.php'); - $referrer = required_param('referrer'); - $var = required_param('var'); - $value = optional_param('value'); - $userid = optional_param('userid'); - $courseid = optional_param('courseid'); - $d = optional_param('d'); - $m = optional_param('m'); - $y = optional_param('y'); - $id = optional_param('id'); + $referrer = required_param('referrer', PARAM_NOTAGS); + $var = required_param('var',PARAM_ALPHA); + $value = optional_param('value','', PARAM_NOTAGS); + $userid = optional_param('userid',0 , PARAM_INT); + $courseid = optional_param('courseid',0, PARAM_INT); + $d = optional_param('d', 0, PARAM_INT); + $m = optional_param('m', 0, PARAM_INT); + $y = optional_param('y', 0, PARAM_INT); + $id = optional_param('id', 0, PARAM_INT); switch($var) { case 'setcourse': diff --git a/blog/tags.php b/blog/tags.php index 8be4d8f459..c8cd7b57cc 100755 --- a/blog/tags.php +++ b/blog/tags.php @@ -12,7 +12,7 @@ switch ($mode) { die('you can not add official tags'); } - if (($otag = optional_param('otag')) && (!get_record('tags','text',$otag))) { + if (($otag = optional_param('otag', '', PARAM_ALPHA)) && (!get_record('tags','text',$otag))) { $tag->userid = $USER->id; $tag->text = $otag; $tag->type = 'official'; @@ -34,7 +34,7 @@ switch ($mode) { error ('you can not add tags'); } - if (($ptag = optional_param('ptag')) && (!get_record('tags','text',$ptag))) { + if (($ptag = optional_param('ptag', '', PARAM_ALPHA)) && (!get_record('tags','text',$ptag))) { $tag->userid = $USER->id; $tag->text = $ptag; $tag->type = 'personal'; @@ -56,45 +56,46 @@ switch ($mode) { error('you can not delete tags'); } - $tags = optional_param('tags'); - print_object($tags); - foreach ($tags as $tag) { - - $blogtag = get_record('tags','id',$tag); - - if (!isadmin() and $USER->id != $blogtag->userid) { - notify('no right to delete'); - continue; - } - - /// Only admin can delete tags that are referenced - if (!isadmin() && get_records('blog_tag_instance','tagid', $tag)) { - notify('tag is used by other users, can not delete!'); - continue; - } - - delete_records('tags','id',$tag); - delete_records('blog_tag_instance', 'tagid', $tag); - - /// remove parent window option via javascript - echo ''; + delete_records('tags','id',$tag); + delete_records('blog_tag_instance', 'tagid', $tag); + + /// remove parent window option via javascript + echo ''; + } } //write back to window.opener break;