From bed7993115d265f75ce3167764fd22cc0954f9e8 Mon Sep 17 00:00:00 2001 From: skodak Date: Thu, 31 Jul 2008 23:03:50 +0000 Subject: [PATCH] MDL-15897 deprecated PARAM_CLEANFILE - we now support unicode everywhere --- admin/roles/manage.php | 4 +++- admin/uploadpicture.php | 2 +- lib/moodlelib.php | 38 ++++++-------------------------- lib/simpletest/testmoodlelib.php | 1 - question/export_form.php | 2 +- 5 files changed, 12 insertions(+), 35 deletions(-) diff --git a/admin/roles/manage.php b/admin/roles/manage.php index 54299961df..11c0e2a09c 100755 --- a/admin/roles/manage.php +++ b/admin/roles/manage.php @@ -55,7 +55,9 @@ case 'add': if ($data = data_submitted() and confirm_sesskey()) { - $shortname = moodle_strtolower(clean_filename($shortname)); // only lowercase safe ASCII characters + $shortname = textlib_get_instance()->specialtoascii($shortname); + + $shortname = moodle_strtolower(clean_param($shortname, PARAM_ALPHANUMEXT)); // only lowercase safe ASCII characters $legacytype = required_param('legacytype', PARAM_RAW); $legacyroles = get_legacy_roles(); diff --git a/admin/uploadpicture.php b/admin/uploadpicture.php index 65566ce8fc..19dc8973d8 100644 --- a/admin/uploadpicture.php +++ b/admin/uploadpicture.php @@ -200,7 +200,7 @@ function process_file ($file, $userfield, $overwrite) { $path_parts = pathinfo(cleardoubleslashes($file)); $basename = $path_parts['basename']; $extension = $path_parts['extension']; - if ($basename != clean_param($basename, PARAM_CLEANFILE)) { + if ($basename != clean_param($basename, PARAM_FILE)) { // The original picture file name has invalid characters notify(get_string('uploadpicture_invalidfilename', 'admin', clean_param($basename, PARAM_CLEANHTML))); diff --git a/lib/moodlelib.php b/lib/moodlelib.php index ea3a299cea..4443bd7353 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -168,6 +168,12 @@ define('PARAM_TEXT', 0x0009); */ define('PARAM_FILE', 0x0010); +/** + * PARAM_CLEANFILE - alias of PARAM_FILE; originally was removing regional chars too + * NOTE: obsoleted do not use anymore + */ +define('PARAM_CLEANFILE',0x0010); + /** * PARAM_TAG - one tag (interests, blogs, etc.) - mostly international characters and space, <> not supported */ @@ -199,14 +205,6 @@ define('PARAM_URL', 0x0080); */ define('PARAM_LOCALURL', 0x0180); -/** - * PARAM_CLEANFILE - safe file name, all dangerous and regional chars are removed, - * use when you want to store a new file submitted by students - * - * NOTE: obsoleted do not use anymore - */ -define('PARAM_CLEANFILE',0x0200); - /** * PARAM_BOOL - converts input into 0 or 1, use for switches in forms and urls. */ @@ -376,7 +374,6 @@ function optional_param($parname, $default=NULL, $type=PARAM_CLEAN) { * @uses PARAM_TEXT * @uses PARAM_SAFEDIR * @uses PARAM_SAFEPATH - * @uses PARAM_CLEANFILE * @uses PARAM_FILE * @uses PARAM_PATH * @uses PARAM_HOST @@ -461,10 +458,6 @@ function clean_param($param, $type) { case PARAM_SAFEPATH: // Remove everything not a-zA-Z0-9/_- return eregi_replace('[^a-zA-Z0-9/_-]', '', $param); - case PARAM_CLEANFILE: // allow only safe characters - //TODO: remove? - return clean_filename($param); - case PARAM_FILE: // Strip all suspicious characters from filename $param = ereg_replace('[[:cntrl:]]|[&<>"`\|\':\\/]', '', $param); $param = ereg_replace('\.\.+', '', $param); @@ -4966,29 +4959,12 @@ function display_size($size) { /** * Cleans a given filename by removing suspicious or troublesome characters - * Only these are allowed: alphanumeric _ - . - * Unicode characters can be enabled by setting $CFG->unicodecleanfilename = true in config.php - * - * WARNING: unicode characters may not be compatible with zip compression in backup/restore, - * because native zip binaries do weird character conversions. Use PHP zipping instead. * * @param string $string file name * @return string cleaned file name */ function clean_filename($string) { - global $CFG; - - if (empty($CFG->unicodecleanfilename)) { - $textlib = textlib_get_instance(); - $string = $textlib->specialtoascii($string); - $string = preg_replace('/[^\.a-zA-Z\d\_-]/','_', $string ); // only allowed chars - } else { - //clean only ascii range - $string = preg_replace("/[\\000-\\x2c\\x2f\\x3a-\\x40\\x5b-\\x5e\\x60\\x7b-\\177]/s", '_', $string); - } - $string = preg_replace("/_+/", '_', $string); - $string = preg_replace("/\.\.+/", '.', $string); - return $string; + return clean_param($string, PARAM_FILE); } diff --git a/lib/simpletest/testmoodlelib.php b/lib/simpletest/testmoodlelib.php index 0189051c13..05273e6e23 100644 --- a/lib/simpletest/testmoodlelib.php +++ b/lib/simpletest/testmoodlelib.php @@ -155,7 +155,6 @@ class moodlelib_test extends UnitTestCase { * @uses PARAM_ALPHAEXT * @uses PARAM_BOOL * @uses PARAM_SAFEDIR - * @uses PARAM_CLEANFILE * @uses PARAM_FILE * @uses PARAM_PATH * @uses PARAM_HOST diff --git a/question/export_form.php b/question/export_form.php index dac89f48a5..598cedb26f 100644 --- a/question/export_form.php +++ b/question/export_form.php @@ -45,7 +45,7 @@ class question_export_form extends moodleform { $mform->addElement('text', 'exportfilename', get_string('exportname', 'quiz'), array('size'=>40)); $mform->setDefault('exportfilename', $defaultfilename); - $mform->setType('exportfilename', PARAM_CLEANFILE); + $mform->setType('exportfilename', PARAM_FILE); // set a template for the format select elements $renderer =& $mform->defaultRenderer(); -- 2.39.5