From: jamiesensei Date: Fri, 4 May 2007 08:33:28 +0000 (+0000) Subject: tightening up reg expressions used for submitted data a bit X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=9ab3847595f8eb3de55407b75cfcbb7aca3b35cb;p=moodle.git tightening up reg expressions used for submitted data a bit --- diff --git a/mod/quiz/edit.php b/mod/quiz/edit.php index d30b6b3f5f..f612d493fa 100644 --- a/mod/quiz/edit.php +++ b/mod/quiz/edit.php @@ -120,7 +120,7 @@ if (isset($_REQUEST['add']) and confirm_sesskey()) { /// Add selected questions to the current quiz foreach ($_POST as $key => $value) { // Parse input for question ids - if (preg_match('!q([0-9]+)!', $key, $matches)) { + if (preg_match('!^q([0-9]+)$!', $key, $matches)) { $key = $matches[1]; quiz_add_quiz_question($key, $quiz); } @@ -206,11 +206,11 @@ $rawgrades = $_POST; unset($quiz->grades); foreach ($rawgrades as $key => $value) { // Parse input for question -> grades - if (preg_match('!q([0-9]+)!', $key, $matches)) { + if (preg_match('!^q([0-9]+)$!', $key, $matches)) { $key = $matches[1]; $quiz->grades[$key] = $value; quiz_update_question_instance($quiz->grades[$key], $key, $quiz->instance); - } elseif (preg_match('!q([0-9]+)!', $key, $matches)) { // Parse input for ordering info + } elseif (preg_match('!^q([0-9]+)$!', $key, $matches)) { // Parse input for ordering info $key = $matches[1]; $questions[$value] = $oldquestions[$key]; } diff --git a/question/editlib.php b/question/editlib.php index 8374fc2b66..c1ad75f490 100644 --- a/question/editlib.php +++ b/question/editlib.php @@ -434,7 +434,7 @@ function question_showbank($pageurl, $cm, $page, $perpage, $sortorder){ error(get_string('categorynoedit', 'quiz', $tocategory->name), $pageurl->out()); } foreach ($_POST as $key => $value) { // Parse input for question ids - if (preg_match('!q([0-9]+)!', $key, $matches)) { + if (preg_match('!^q([0-9]+)$!', $key, $matches)) { $key = $matches[1]; if (!set_field('question', 'category', $tocategory->id, 'id', $key)) { error('Could not update category field'); @@ -477,7 +477,7 @@ function question_showbank($pageurl, $cm, $page, $perpage, $sortorder){ // an asterix in front of those that are in use $inuse = false; // set to true if at least one of the questions is in use foreach ($rawquestions as $key => $value) { // Parse input for question ids - if (preg_match('!q([0-9]+)!', $key, $matches)) { + if (preg_match('!^q([0-9]+)$!', $key, $matches)) { $key = $matches[1]; $questionlist .= $key.','; if (record_exists('quiz_question_instances', 'question', $key) or record_exists('question_states', 'originalquestion', $key)) {