From 4feb8730d7b044c5cde1576f3d05c2428643089d Mon Sep 17 00:00:00 2001 From: gustav_delius Date: Wed, 5 Apr 2006 19:43:42 +0000 Subject: [PATCH] Fix to make it work without globals hack --- question/showbank.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/question/showbank.php b/question/showbank.php index 9fd81fa94c..9af6e255db 100644 --- a/question/showbank.php +++ b/question/showbank.php @@ -39,7 +39,8 @@ /// Now, check for commands on this page and modify variables as necessary if (isset($_REQUEST['move']) and confirm_sesskey()) { /// Move selected questions to new category - if (!$tocategory = get_record('question_categories', 'id', $_REQUEST['category'])) { + $tocategoryid = required_param('category', PARAM_INT); + if (!$tocategory = get_record('question_categories', 'id', $tocategoryid])) { error('Invalid category'); } if (!isteacheredit($tocategory->course)) { @@ -57,8 +58,9 @@ if (isset($_REQUEST['deleteselected'])) { // delete selected questions from the category - if (isset($confirm) and confirm_sesskey()) { // teacher has already confirmed the action - if ($confirm == md5($deleteselected)) { + if (isset($_REQUEST['confirm']) and confirm_sesskey()) { // teacher has already confirmed the action + $deleteselected = required_param('deleteselected'); + if ($_REQUEST['confirm'] == md5($deleteselected)) { if ($questionlist = explode(',', $deleteselected)) { // for each question either hide it if it is in use or delete it foreach ($questionlist as $questionid) { @@ -115,7 +117,7 @@ } if (isset($_REQUEST['cat'])) { /// coming from category selection drop-down menu - $SESSION->questioncat = $cat; + $SESSION->questioncat = required_param['cat', PARAM_INT]; $page = 0; $SESSION->questionpage = 0; } -- 2.39.5