From: stronk7 Date: Wed, 30 Aug 2006 00:10:08 +0000 (+0000) Subject: relative+cleaned paths X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=758537ef2a920a0dbff7410c46791d253b53fd45;p=moodle.git relative+cleaned paths --- diff --git a/admin/xmldb/actions/delete_sentence/delete_sentence.class.php b/admin/xmldb/actions/delete_sentence/delete_sentence.class.php index 1b3035cea7..5b73f5defe 100644 --- a/admin/xmldb/actions/delete_sentence/delete_sentence.class.php +++ b/admin/xmldb/actions/delete_sentence/delete_sentence.class.php @@ -63,10 +63,10 @@ class delete_sentence extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); $statementparam = required_param('statement', PARAM_CLEAN); - $sentenceparam = required_param('sentence', PARAM_CLEAN); + $sentenceparam = required_param('sentence', PARAM_INT); $confirmed = optional_param('confirmed', false, PARAM_BOOL); @@ -77,11 +77,11 @@ class delete_sentence extends XMLDBAction { $o.= '

' . $this->str['confirmdeletesentence'] . '

'; $o.= ' '; $o.= '
'; $o.= '
'; - $o.= '
'; + $o.= ' '; $o.= '
'; $o.= ' 		'; $o.= '
'; - $o.= '
'; + $o.= ' '; $o.= '
'; $o.= '
'; diff --git a/admin/xmldb/actions/edit_sentence/edit_sentence.class.php b/admin/xmldb/actions/edit_sentence/edit_sentence.class.php index b3e04c9987..5e7ca302c8 100644 --- a/admin/xmldb/actions/edit_sentence/edit_sentence.class.php +++ b/admin/xmldb/actions/edit_sentence/edit_sentence.class.php @@ -63,8 +63,8 @@ class edit_sentence extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { @@ -115,7 +115,7 @@ class edit_sentence extends XMLDBAction { /// Add the main form $o = '
'; - $o.= ' '; + $o.= ' '; $o.= ' '; $o.= ' '; $o.= ' '; @@ -134,7 +134,7 @@ class edit_sentence extends XMLDBAction { /// Calculate the buttons $b = '

'; /// The back to edit statement button - $b .= ' [' . $this->str['back'] . ']'; + $b .= ' [' . $this->str['back'] . ']'; $b .= '

'; $o .= $b; diff --git a/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php b/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php index 83d9f25439..c9990ed9c1 100644 --- a/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php +++ b/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php @@ -66,11 +66,11 @@ class edit_sentence_save extends XMLDBAction { /// Do the job, setting result as needed /// Get parameters - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); $statementparam = strtolower(required_param('statement', PARAM_CLEAN)); - $sentenceparam = strtolower(required_param('sentence', PARAM_CLEAN)); + $sentenceparam = strtolower(required_param('sentence', PARAM_ALPHANUM)); $fields = required_param('fields', PARAM_CLEAN); $fields = trim(stripslashes_safe($fields)); @@ -125,7 +125,7 @@ class edit_sentence_save extends XMLDBAction { "" . $this->str['administration'] . " -> XMLDB"); notice ('

' .implode(', ', $errors) . '

' . s($sentence), - 'index.php?action=edit_sentence&sentence=' .$sentenceparam . '&statement=' . urlencode($statementparam) . '&dir=' . urlencode($dirpath)); + 'index.php?action=edit_sentence&sentence=' .$sentenceparam . '&statement=' . urlencode($statementparam) . '&dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath))); die; /// re-die :-P } diff --git a/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php b/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php index db4be9ee90..56016a1aa7 100644 --- a/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php +++ b/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php @@ -63,8 +63,8 @@ class edit_statement_save extends XMLDBAction { /// Do the job, setting result as needed /// Get parameters - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); $statementparam = strtolower(required_param('statement', PARAM_CLEAN)); $name = trim(strtolower(required_param('name', PARAM_CLEAN))); diff --git a/admin/xmldb/actions/new_sentence/new_sentence.class.php b/admin/xmldb/actions/new_sentence/new_sentence.class.php index 739cf43778..305b34c667 100644 --- a/admin/xmldb/actions/new_sentence/new_sentence.class.php +++ b/admin/xmldb/actions/new_sentence/new_sentence.class.php @@ -63,8 +63,8 @@ class new_sentence extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php b/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php index 65568802fb..c04cdd4369 100644 --- a/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php +++ b/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php @@ -62,8 +62,8 @@ class unload_xml_file extends XMLDBAction { /// Do the job, setting result as needed /// Get the dir containing the file - $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = stripslashes_safe($dirpath); + $dirpath = required_param('dir', PARAM_PATH); + $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); /// Get the original dir and delete some elements if (!empty($XMLDB->dbdirs)) {