From 34ffb5cae2b6fd902521b301c3f9f88f948aa22b Mon Sep 17 00:00:00 2001 From: skodak Date: Wed, 19 Apr 2006 20:10:04 +0000 Subject: [PATCH] some extra cleaning of comments and feedback before storage. normaly the text is cleaned before display, this is just a preventive measure because I did not want to study this code all day ;-) --- mod/exercise/assessments.php | 20 ++++++++++---------- mod/exercise/upload.php | 1 + 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/mod/exercise/assessments.php b/mod/exercise/assessments.php index 6a3fce06db..84425cfe4e 100644 --- a/mod/exercise/assessments.php +++ b/mod/exercise/assessments.php @@ -703,7 +703,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = clean_param($key, PARAM_INT); - $element->feedback = $thefeedback; + $element->feedback = clean_param($thefeedback, PARAM_CLEAN); if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); } @@ -718,7 +718,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = clean_param($key, PARAM_INT); - $element->feedback = $form->feedback[$key]; + $element->feedback = clean_param($form->feedback[$key]); $element->grade = $thegrade; if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); @@ -747,7 +747,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = $i; - $element->feedback = $form->feedback[$i]; + $element->feedback = clean_param($form->feedback[$i], PARAM_CLEAN); $element->grade = $form->grade[$i]; if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); @@ -815,7 +815,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = clean_param($key, PARAM_INT); - $element->feedback = $form->feedback[$key]; + $element->feedback = clean_param($form->feedback[$key], PARAM_CLEAN); $element->grade = $thegrade; if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); @@ -846,7 +846,7 @@ // any comment? if (!empty($form->generalcomment)) { - set_field("exercise_assessments", "generalcomment", $form->generalcomment, "id", $assessment->id); + set_field("exercise_assessments", "generalcomment", clean_param($form->generalcomment, PARAM_CLEAN), "id", $assessment->id); } // is user allowed to resubmit? @@ -922,7 +922,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = clean_param($key, PARAM_INT); - $element->feedback = $thefeedback; + $element->feedback = clean_param($thefeedback, PARAM_CLEAN); if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); } @@ -937,7 +937,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = clean_param($key, PARAM_INT); - $element->feedback = $form->feedback[$key]; + $element->feedback = clean_param($form->feedback[$key], PARAM_CLEAN); $element->grade = $thegrade; if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); @@ -966,7 +966,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = $i; - $element->feedback = $form->feedback[$i]; + $element->feedback = clean_param($form->feedback[$i], PARAM_CLEAN); $element->grade = $form->grade[$i]; if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); @@ -1018,7 +1018,7 @@ $element->exerciseid = $exercise->id; $element->assessmentid = $assessment->id; $element->elementno = clean_param($key, PARAM_INT); - $element->feedback = $form->feedback[$key]; + $element->feedback = clean_param($form->feedback[$key], PARAM_CLEAN); $element->grade = $thegrade; if (!$element->id = insert_record("exercise_grades", $element)) { error("Could not insert exercise element!"); @@ -1049,7 +1049,7 @@ // any comment? if (!empty($form->generalcomment)) { - set_field("exercise_assessments", "generalcomment", $form->generalcomment, "id", $assessment->id); + set_field("exercise_assessments", "generalcomment", clean_param($form->generalcomment, PARAM_CLEAN), "id", $assessment->id); } // now calculate the (grading) grade of the student's assessment... diff --git a/mod/exercise/upload.php b/mod/exercise/upload.php index 9c6c160b24..e894dbdd83 100644 --- a/mod/exercise/upload.php +++ b/mod/exercise/upload.php @@ -3,6 +3,7 @@ require_once("../../config.php"); require_once("lib.php"); require_once("locallib.php"); + $id = required_param('id', PARAM_INT); // course module ID $title = optional_param('title', '', PARAM_CLEAN); -- 2.39.5