From: moodler Date: Fri, 1 Oct 2004 12:09:52 +0000 (+0000) Subject: Added optional_param and required_param just to get it on the plate X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e0d346ff91825a75be94b44cb6e5a62c72fc6f12;p=moodle.git Added optional_param and required_param just to get it on the plate --- diff --git a/admin/enrol.php b/admin/enrol.php index 480bfa8d7a..8dba7c6d2e 100644 --- a/admin/enrol.php +++ b/admin/enrol.php @@ -4,7 +4,7 @@ include("../config.php"); - $enrol = (string)parameter('enrol', $CFG->enrol); + $enrol = optional_param('enrol', $CFG->enrol); require_login(); diff --git a/course/edit.php b/course/edit.php index 6758a8943c..01eb90cd71 100644 --- a/course/edit.php +++ b/course/edit.php @@ -5,8 +5,8 @@ require_once("lib.php"); require_once("$CFG->libdir/blocklib.php"); - $id = (int)parameter('id', 0); // course id - $category = (int)parameter('category', 0); // possible default category + $id = (int)optional_param('id', 0); // course id + $category = (int)optional_param('category', 0); // possible default category require_login(); diff --git a/course/jumpto.php b/course/jumpto.php index 93a40fb54f..882a3ec8bf 100644 --- a/course/jumpto.php +++ b/course/jumpto.php @@ -1,18 +1,18 @@ diff --git a/lib/moodlelib.php b/lib/moodlelib.php index c55a1fb04f..9a53d04183 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -82,8 +82,110 @@ define('DAYMINS', 1440); */ define('HOURMINS', 60); +/** + * Parameter constant - if set then the parameter is cleaned of scripts etc + */ +define('PARAM_CLEAN', 0x01); + +/** + * Parameter constant - if set then the parameter is cast to an integer + */ +define('PARAM_INT', 0x02); + +/** + * Parameter constant - alias for PARAM_INT + */ +define('PARAM_INTEGER', 0x02); + + /// PARAMETER HANDLING //////////////////////////////////////////////////// +/** + * Returns a particular value for the named variable, taken from + * POST or GET. If the parameter doesn't exist then an error is + * thrown because we require this variable. + * + * This function should be used to initialise all required values + * in a script that are based on parameters. Usually it will be + * used like this: + * $id = required_param('id'); + * + * @param string $varname the name of the parameter variable we want + * @param integer $options a bit field that specifies any cleaning needed + * @return mixed + */ +function required_param($varname, $options=PARAM_CLEAN) { +/// This function will replace require_variable over time +/// It returns a value for a given variable name. + + if (isset($_POST[$varname])) { // POST has precedence + $param = $_POST[$varname]; + } else if (isset($_GET[$varname])) { + $param = $_GET[$varname]; + } else { + error('A required parameter ($'.$varname.') was missing'); + } + + return clean_param($param, $options); +} + +/** + * Returns a particular value for the named variable, taken from + * POST or GET, otherwise returning a given default. + * + * This function should be used to initialise all optional values + * in a script that are based on parameters. Usually it will be + * used like this: + * $name = optional_param('name', 'Fred'); + * + * @param string $varname the name of the parameter variable we want + * @param mixed $default the default value to return if nothing is found + * @param integer $options a bit field that specifies any cleaning needed + * @return mixed + */ +function optional_param($varname, $default=NULL, $options=PARAM_CLEAN) { +/// This function will replace both of the above two functions over time. +/// It returns a value for a given variable name. + + if (isset($_POST[$varname])) { // POST has precedence + $param = $_POST[$varname]; + } else if (isset($_GET[$varname])) { + $param = $_GET[$varname]; + } else { + return $default; + } + + return clean_param($param, $options); +} + +/** + * Used by {@link optional_param()} and {@link required_param()} to + * clean the variables and/or cast to specific types, based on + * an options field. + * + * @param mixed $param the variable we are cleaning + * @param integer $options a bit field that specifies the cleaning needed + * @return mixed + */ +function clean_param($param, $options) { +/// Given a parameter and a bitfield of options, this function +/// will clean it up and give it the required type, etc. + + if ($param == (int)$param) { // It's just an integer + return (int)$param; + } + + if ($options & PARAM_CLEAN) { + $param = clean_text($param); // Sweep for scripts, etc + } + + if ($options & PARAM_INT) { + $param = (int)$param; // Convert to integer + } + + return $param; +} + /** * Ensure that a variable is set or display error * @@ -117,31 +219,6 @@ function optional_variable(&$var, $default=0) { } } -/** - * Returns a particular value for the named variable, taken from - * POST or GET, otherwise returning a given default. - * - * This function should be used to initialise all values in a script - * that are based on parameters. Usually it will be used like this: - * - * $id = (int)parameter('id'); - * - * @param string $varname the name of the parameter variable we want - * @param mixed $default the default value to return if nothing is found - * @return mixed - */ -function parameter($varname, $default=NULL) { - - if (isset($_POST[$varname])) { // POST has precedence - return $_POST[$varname]; - } - - if (isset($_GET[$varname])) { - return $_GET[$varname]; - } - - return $default; -} /** * Set a key in global configuration