From 32648682498ec0c292746d4e6db7ec9ab0a1dabf Mon Sep 17 00:00:00 2001 From: skodak Date: Sun, 1 Jun 2008 17:53:25 +0000 Subject: [PATCH] MDL-14679 removed magic quotes from forms validation() method, fixed some minor problems --- course/import/activities/index.php | 4 ++-- course/moodleform_mod.php | 4 ++-- course/request_form.php | 8 +++++--- grade/edit/scale/edit_form.php | 4 ++-- grade/edit/tree/calculation_form.php | 2 +- group/autogroup_form.php | 4 ++-- group/group_form.php | 2 +- group/grouping_form.php | 2 +- lib/formslib.php | 2 +- login/change_password_form.php | 2 +- login/forgot_password_form.php | 4 ++-- login/signup_form.php | 6 +++--- mod/feedback/mod_form.php | 5 +++-- mod/glossary/edit_form.php | 9 +++++---- mod/hotpot/mod_form.php | 8 ++++---- mod/quiz/mod_form.php | 6 +----- 16 files changed, 36 insertions(+), 36 deletions(-) diff --git a/course/import/activities/index.php b/course/import/activities/index.php index 6cdb5f1c17..6ad1aea6f0 100644 --- a/course/import/activities/index.php +++ b/course/import/activities/index.php @@ -14,7 +14,7 @@ $strimportactivities = get_string('importactivities'); - if (! ($course = get_record("course", "id", $id)) ) { + if (! ($course = $DB->get_record("course", array("id"=>$id)))) { print_error("invalidcourseid"); } @@ -38,7 +38,7 @@ $creator = true; } - if ($from = get_record('course', 'id', $fromcourse)) { + if ($from = $DB->get_record('course', array('id'=>$fromcourse))) { if (!has_capability('moodle/course:manageactivities', $fromcontext)) { print_error('nopermissiontoimportact'); } diff --git a/course/moodleform_mod.php b/course/moodleform_mod.php index 1947afc2b0..974f0e146f 100644 --- a/course/moodleform_mod.php +++ b/course/moodleform_mod.php @@ -121,7 +121,7 @@ class moodleform_mod extends moodleform { // form verification function validation($data, $files) { - global $COURSE; + global $COURSE, $DB; $errors = parent::validation($data, $files); $mform =& $this->_form; @@ -138,7 +138,7 @@ class moodleform_mod extends moodleform { $grade_item = grade_item::fetch(array('itemtype'=>'mod', 'itemmodule'=>$data['modulename'], 'iteminstance'=>$data['instance'], 'itemnumber'=>0, 'courseid'=>$COURSE->id)); if ($data['coursemodule']) { - $cm = get_record('course_modules', 'id', $data['coursemodule']); + $cm = $DB->get_record('course_modules', array('id'=>$data['coursemodule'])); } else { $cm = null; } diff --git a/course/request_form.php b/course/request_form.php index 6598e5d66e..3654969ff3 100644 --- a/course/request_form.php +++ b/course/request_form.php @@ -32,13 +32,15 @@ class course_request_form extends moodleform { } function validation($data, $files) { + global $DB; + $errors = parent::validation($data, $files); $foundcourses = null; $foundreqcourses = null; if (!empty($data['shortname'])) { - $foundcourses = get_records('course', 'shortname', $data['shortname']); - $foundreqcourses = get_records('course_request', 'shortname', $data['shortname']); + $foundcourses = $DB->get_records('course', array('shortname'=>$data['shortname'])); + $foundreqcourses = $DB->get_records('course_request', array('shortname'=>$data['shortname'])); } if (!empty($foundreqcourses)) { if (!empty($foundcourses)) { @@ -59,7 +61,7 @@ class course_request_form extends moodleform { $foundcoursenames[] = $foundcourse->fullname; } } - $foundcoursenamestring = addslashes(implode(',', $foundcoursenames)); + $foundcoursenamestring = implode(',', $foundcoursenames); $errors['shortname'] = get_string('shortnametaken', '', $foundcoursenamestring); if (!empty($pending)) { diff --git a/grade/edit/scale/edit_form.php b/grade/edit/scale/edit_form.php index 3194b7a057..79902ed178 100644 --- a/grade/edit/scale/edit_form.php +++ b/grade/edit/scale/edit_form.php @@ -107,7 +107,7 @@ class edit_scale_form extends moodleform { /// perform extra validation before submission function validation($data, $files) { - global $CFG, $COURSE; + global $CFG, $COURSE, $DB; $errors = parent::validation($data, $files); @@ -128,7 +128,7 @@ class edit_scale_form extends moodleform { } if (array_key_exists('scale', $data)) { - $count = count_records('scale', 'courseid', $courseid, 'scale', $data['scale']); + $count = $DB->count_records('scale', array('courseid'=>$courseid, 'scale'=>$data['scale'])); if (empty($old->id) or $old->courseid != $courseid) { if ($count) { diff --git a/grade/edit/tree/calculation_form.php b/grade/edit/tree/calculation_form.php index 331e5a8dff..f8d9f71c4c 100644 --- a/grade/edit/tree/calculation_form.php +++ b/grade/edit/tree/calculation_form.php @@ -90,7 +90,7 @@ class edit_calculation_form extends moodleform { // check the calculation formula if ($data['calculation'] != '') { $grade_item = grade_item::fetch(array('id'=>$data['id'], 'courseid'=>$data['courseid'])); - $calculation = calc_formula::unlocalize(stripslashes($data['calculation'])); + $calculation = calc_formula::unlocalize($data['calculation']); $result = $grade_item->validate_formula($calculation); if ($result !== true) { $errors['calculation'] = $result; diff --git a/group/autogroup_form.php b/group/autogroup_form.php index a97a176fa1..373901a2af 100644 --- a/group/autogroup_form.php +++ b/group/autogroup_form.php @@ -109,14 +109,14 @@ class autogroup_form extends moodleform { } //try to detect group name duplicates - $name = groups_parse_name(stripslashes(trim($data['namingscheme'])), 0); + $name = groups_parse_name(trim($data['namingscheme']), 0); if (groups_get_group_by_name($COURSE->id, $name)) { $errors['namingscheme'] = get_string('groupnameexists', 'group', $name); } // check grouping name duplicates if ( isset($data['grouping']) && $data['grouping'] == '-1') { - $name = trim(stripslashes($data['groupingname'])); + $name = trim($data['groupingname']); if (empty($name)) { $errors['groupingname'] = get_string('required'); } else if (groups_get_grouping_by_name($COURSE->id, $name)) { diff --git a/group/group_form.php b/group/group_form.php index 48a82abbab..9a960503e7 100644 --- a/group/group_form.php +++ b/group/group_form.php @@ -47,7 +47,7 @@ class group_form extends moodleform { $errors = parent::validation($data, $files); - $name = trim(stripslashes($data['name'])); + $name = trim($data['name']); if ($data['id'] and $group = $DB->get_record('groups', array('id'=>$data['id']))) { if ($group->name != $name) { if (groups_get_group_by_name($COURSE->id, $name)) { diff --git a/group/grouping_form.php b/group/grouping_form.php index 012a99a2b8..9f4fe66a52 100644 --- a/group/grouping_form.php +++ b/group/grouping_form.php @@ -32,7 +32,7 @@ class grouping_form extends moodleform { $errors = parent::validation($data, $files); - $name = trim(stripslashes($data['name'])); + $name = trim($data['name']); if ($data['id'] and $grouping = $DB->get_record('groupings', array('id'=>$data['id']))) { if ($grouping->name != $name) { if (groups_get_grouping_by_name($COURSE->id, $name)) { diff --git a/lib/formslib.php b/lib/formslib.php index b62b77dc91..2703c105e0 100644 --- a/lib/formslib.php +++ b/lib/formslib.php @@ -330,7 +330,7 @@ class moodleform { $file_val = false; } - $data = $mform->exportValues(null, true); + $data = $mform->exportValues(null, false); $moodle_val = $this->validation($data, $files); if ((is_array($moodle_val) && count($moodle_val)!==0)) { // non-empty array means errors diff --git a/login/change_password_form.php b/login/change_password_form.php index 7e11f19756..7b34e56b5e 100644 --- a/login/change_password_form.php +++ b/login/change_password_form.php @@ -47,7 +47,7 @@ class login_change_password_form extends moodleform { update_login_count(); // ignore submitted username - if (!$user = authenticate_user_login($USER->username, stripslashes($data['password']))) { // TODO: remove soon + if (!$user = authenticate_user_login($USER->username, $data['password'])) { $errors['password'] = get_string('invalidlogin'); return $errors; } diff --git a/login/forgot_password_form.php b/login/forgot_password_form.php index 684eabc34f..34bfe94f4c 100644 --- a/login/forgot_password_form.php +++ b/login/forgot_password_form.php @@ -20,7 +20,7 @@ class login_forgot_password_form extends moodleform { } function validation($data, $files) { - global $CFG; + global $CFG, $DB; $errors = parent::validation($data, $files); @@ -32,7 +32,7 @@ class login_forgot_password_form extends moodleform { if (!validate_email($data['email'])) { $errors['email'] = get_string('invalidemail'); - } else if (count_records('user', 'email', $data['email']) > 1) { + } else if ($DB->count_records('user', array('email'=>$data['email'])) > 1) { $errors['email'] = get_string('forgottenduplicate'); } else { diff --git a/login/signup_form.php b/login/signup_form.php index 557a13f1b8..54c881ece4 100644 --- a/login/signup_form.php +++ b/login/signup_form.php @@ -90,12 +90,12 @@ class login_signup_form extends moodleform { } function validation($data, $files) { - global $CFG; + global $CFG, $DB; $errors = parent::validation($data, $files); $authplugin = get_auth_plugin($CFG->registerauth); - if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) { + if ($DB->record_exists('user', array('username'=>$data['username'], 'mnethostid'=>$CFG->mnet_localhost_id))) { $errors['username'] = get_string('usernameexists'); } else { if (empty($CFG->extendedusernamechars)) { @@ -116,7 +116,7 @@ class login_signup_form extends moodleform { if (! validate_email($data['email'])) { $errors['email'] = get_string('invalidemail'); - } else if (record_exists('user', 'email', $data['email'])) { + } else if ($DB->record_exists('user', array('email'=>$data['email']))) { $errors['email'] = get_string('emailexists').' '.get_string('newpassword').'?'; } if (empty($data['email2'])) { diff --git a/mod/feedback/mod_form.php b/mod/feedback/mod_form.php index 48d8200fa2..18b1bbce2b 100644 --- a/mod/feedback/mod_form.php +++ b/mod/feedback/mod_form.php @@ -111,8 +111,9 @@ class mod_feedback_mod_form extends moodleform_mod { } - function validation($data){ - + function validation($data, $files){ + $errors = parent::validation($data, $files); + return $errors; } } diff --git a/mod/glossary/edit_form.php b/mod/glossary/edit_form.php index 426b30eed1..1bb971c8c5 100644 --- a/mod/glossary/edit_form.php +++ b/mod/glossary/edit_form.php @@ -95,7 +95,8 @@ class mod_glossary_entry_form extends moodleform { } function validation($data, $files) { - global $CFG, $USER; + global $CFG, $USER, $DB; + $errors = parent::validation($data, $files); $e = $this->_customdata['e']; $glossary = $this->_customdata['glossary']; @@ -105,7 +106,7 @@ class mod_glossary_entry_form extends moodleform { //We are updating an entry, so we compare current session user with //existing entry user to avoid some potential problems if secureforms=off //Perhaps too much security? Anyway thanks to skodak (Bug 1823) - $old = get_record('glossary_entries', 'id', $e); + $old = $DB->get_record('glossary_entries', array('id'=>$e)); $ineditperiod = ((time() - $old->timecreated < $CFG->maxeditingtime) || $glossary->editalways); if ( (!$ineditperiod || $USER->id != $old->userid) and !has_capability('mod/glossary:manageentries', $context)) { if ( $USER->id != $old->userid ) { @@ -115,7 +116,7 @@ class mod_glossary_entry_form extends moodleform { } } if ( !$glossary->allowduplicatedentries ) { - if ($dupentries = get_records('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']))) { + if ($dupentries = $DB->get_records('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept'])))) { foreach ($dupentries as $curentry) { if ( $glossary->id == $curentry->glossaryid ) { if ( $curentry->id != $e ) { @@ -129,7 +130,7 @@ class mod_glossary_entry_form extends moodleform { } else { if ( !$glossary->allowduplicatedentries ) { - if ($dupentries = get_record('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']), 'glossaryid', $glossary->id)) { + if ($dupentries = $DB->get_record('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept']), 'glossaryid'=>$glossary->id))) { $errors['concept'] = get_string('errconceptalreadyexists', 'glossary'); } } diff --git a/mod/hotpot/mod_form.php b/mod/hotpot/mod_form.php index 2802c00ef4..7fbe3d305a 100644 --- a/mod/hotpot/mod_form.php +++ b/mod/hotpot/mod_form.php @@ -260,10 +260,10 @@ class mod_hotpot_mod_form extends moodleform_mod { function data_preprocessing(&$defaults){ } - function validation(&$data) { - // http://docs.moodle.org/en/Development:lib/formslib.php_Validation - global $CFG, $COURSE; - $errors = array(); + function validation($data, $files) { + global $CFG, $USER, $DB; + + $errors = parent::validation($data, $files); // location if (empty($data['location'])) { diff --git a/mod/quiz/mod_form.php b/mod/quiz/mod_form.php index f3c6c71fa4..abbbe8dc1f 100644 --- a/mod/quiz/mod_form.php +++ b/mod/quiz/mod_form.php @@ -352,11 +352,7 @@ class mod_quiz_mod_form extends moodleform_mod { } } - if (count($errors) == 0) { - return true; - } else { - return $errors; - } + return $errors; } } -- 2.39.5