From ebb63815f889436bb235b62e6498c183521b8005 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Mon, 22 May 2006 16:54:11 +0000
Subject: [PATCH] fixed register globals issues for $sort SC #256; merged from
 MOODLE_16_STABLE

---
 mod/data/report.php     | 17 ++++++++++-------
 mod/forum/report.php    | 18 +++++++++++-------
 mod/glossary/report.php | 21 ++++++++++++---------
 3 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/mod/data/report.php b/mod/data/report.php
index 64c1ee5761..12d01de1e6 100755
--- a/mod/data/report.php
+++ b/mod/data/report.php
@@ -5,7 +5,8 @@
     require_once("../../config.php");
     require_once("lib.php");
 
-    $id = required_param('id',PARAM_INT);
+    $id   = required_param('id',PARAM_INT);
+    $sort = optional_param('sort', '', PARAM_RAW);
 
     if (!$record = get_record('data_records','id',$id)) {
         error("rating ID was incorrect");
@@ -14,9 +15,11 @@
     if (!$data = get_record('data','id',$record->dataid)) {
         error("rating ID was incorrect");
     }
-    
-    if (!isset($sort)) {
-        $sort = "r.id";
+
+    switch ($sort) {
+        case 'firstname': $sqlsort = "u.firstname ASC"; break;
+        case 'rating':    $sqlsort = "r.rating ASC"; break;
+        default:          $sqlsort = "r.id ASC";
     }
 
     $scalemenu = make_grades_menu($data->scale);
@@ -27,15 +30,15 @@
 
     print_header($strratings);
 
-    if (!$ratings = data_get_ratings($record->id, $sort)) {
+    if (!$ratings = data_get_ratings($record->id, $sqlsort)) {
         error("No ratings for this record!");
 
     } else {
         echo "<table border=\"0\" cellpadding=\"3\" cellspacing=\"3\" class=\"generalbox\" width=\"100%\">";
         echo "<tr>";
         echo "<th>&nbsp;</th>";
-        echo "<th><a href=\"report.php?id=$id&amp;sort=u.firstname\">$strname</a>";
-        echo "<th width=\"100%\"><a href=\"report.php?id=$id&amp;sort=r.rating\">$strrating</a>";
+        echo "<th><a href=\"report.php?id=$id&amp;sort=firstname\">$strname</a>";
+        echo "<th width=\"100%\"><a href=\"report.php?id=$id&amp;sort=rating\">$strrating</a>";
         foreach ($ratings as $rating) {
             if (isteacher($data->course)) {
                 echo '<tr class="forumpostheadertopic">';
diff --git a/mod/forum/report.php b/mod/forum/report.php
index e01a7c805b..e0b3245872 100644
--- a/mod/forum/report.php
+++ b/mod/forum/report.php
@@ -5,7 +5,8 @@
     require_once("../../config.php");
     require_once("lib.php");
 
-    $id = required_param('id',PARAM_INT);
+    $id   = required_param('id',PARAM_INT);
+    $sort = optional_param('sort', '', PARAM_RAW);
 
     if (! $post = get_record("forum_posts", "id", $id)) {
         error("Post ID was incorrect");
@@ -27,8 +28,11 @@
         error("You can only look at results for posts you own");
     }
 
-    if (!isset($sort)) {
-        $sort = "r.time";
+    switch ($sort) {
+        case 'time':      $sqlsort = "r.time ASC"; break;
+        case 'firstname': $sqlsort = "u.firstname ASC"; break;
+        case 'rating':    $sqlsort = "r.rating ASC"; break;
+        default:          $sqlsort = "r.time ASC";
     }
 
     $scalemenu = make_grades_menu($forum->scale);
@@ -40,16 +44,16 @@
 
     print_header("$strratings: ".format_string($post->subject));
 
-    if (!$ratings = forum_get_ratings($post->id, $sort)) {
+    if (!$ratings = forum_get_ratings($post->id, $sqlsort)) {
         error("No ratings for this post: \"".format_string($post->subject)."\"");
 
     } else {
         echo "<table border=\"0\" cellpadding=\"3\" cellspacing=\"3\" class=\"generalbox\" width=\"100%\">";
         echo "<tr>";
         echo "<th>&nbsp;</th>";
-        echo "<th><a href=\"report.php?id=$post->id&amp;sort=u.firstname\">$strname</a>";
-        echo "<th width=\"100%\"><a href=\"report.php?id=$post->id&amp;sort=r.rating\">$strrating</a>";
-        echo "<th><a href=\"report.php?id=$post->id&amp;sort=r.time\">$strtime</a>";
+        echo "<th><a href=\"report.php?id=$post->id&amp;sort=firstname\">$strname</a>";
+        echo "<th width=\"100%\"><a href=\"report.php?id=$post->id&amp;sort=rating\">$strrating</a>";
+        echo "<th><a href=\"report.php?id=$post->id&amp;sort=time\">$strtime</a>";
         foreach ($ratings as $rating) {
             if (isteacher($discussion->course, $rating->id)) {
                 echo '<tr class="forumpostheadertopic">';
diff --git a/mod/glossary/report.php b/mod/glossary/report.php
index 459278e71d..6b058a648d 100644
--- a/mod/glossary/report.php
+++ b/mod/glossary/report.php
@@ -4,9 +4,9 @@
     require_once("../../config.php");
     require_once("lib.php");
 
-    $id = required_param('id', PARAM_INT);
-    global $USER;
-    
+    $id   = required_param('id', PARAM_INT);
+    $sort = optional_param('sort', '', PARAM_RAW);
+
     if (! $entry = get_record("glossary_entries", "id", $id)) {
         error("Entry ID was incorrect");
     }
@@ -23,8 +23,11 @@
         error("You can only look at results for your own entries");
     }
 
-    if (!isset($sort)) {
-        $sort = "r.time";
+    switch ($sort) {
+        case 'time':      $sqlsort = "r.time ASC"; break;
+        case 'firstname': $sqlsort = "u.firstname ASC"; break;
+        case 'rating':    $sqlsort = "r.rating ASC"; break;
+        default:          $sqlsort = "r.time ASC";
     }
 
     $scalemenu = make_grades_menu($glossary->scale);
@@ -36,16 +39,16 @@
 
     print_header("$strratings: $entry->concept");
 
-    if (!$ratings = glossary_get_ratings($entry->id, $sort)) {
+    if (!$ratings = glossary_get_ratings($entry->id, $sqlsort)) {
         error("No ratings for this entry: \"$entry->concept\"");
 
     } else {
         echo "<table border=\"0\" cellpadding=\"3\" cellspacing=\"3\" class=\"generalbox\" width=\"100%\">";
         echo "<tr>";
         echo "<th class=\"header\">&nbsp;</th>";
-        echo "<th class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=u.firstname\">$strname</a></th>";
-        echo "<th width=\"100%\" class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=r.rating\">$strrating</a></th>";
-        echo "<th class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=r.time\">$strtime</a></th>";
+        echo "<th class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=firstname\">$strname</a></th>";
+        echo "<th width=\"100%\" class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=rating\">$strrating</a></th>";
+        echo "<th class=\"header\"><a href=\"report.php?id=$entry->id&amp;sort=time\">$strtime</a></th>";
         foreach ($ratings as $rating) {
             if (isteacher($glossary->course, $rating->id)) {
                 echo '<tr class="teacher">';
-- 
2.39.5