diff --git a/admin/enrol_config.php b/admin/enrol_config.php
index 6adca6d13c8..f9fe5cedd98 100644
--- a/admin/enrol_config.php
+++ b/admin/enrol_config.php
@@ -17,9 +17,9 @@
/// If data submitted, then process and store.
- if ($frm = data_submitted()) {
+ if ($frm = data_submitted(false)) {
if (!confirm_sesskey()) {
- error(get_string('confirmsesskeybad', 'error'));
+ print_error('confirmsesskeybad', 'error');
}
if ($enrolment->process_config($frm)) {
redirect("enrol.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
diff --git a/admin/filter.php b/admin/filter.php
index 8c51c70f4ec..d9bb97988b0 100644
--- a/admin/filter.php
+++ b/admin/filter.php
@@ -7,7 +7,7 @@
require_once($CFG->libdir.'/tablelib.php');
$filterfull = required_param('filter', PARAM_PATH);
- $forcereset = optional_param('reset', 0, PARAM_BOOL);
+ $forcereset = optional_param('reset', 0, PARAM_BOOL);
$filtername = substr($filterfull, strpos( $filterfull, '/' )+1 ) ;
@@ -17,17 +17,17 @@
// get translated strings for use on page
- $txt = new Object;
- $txt->managefilters = get_string( 'managefilters' );
+ $txt = new object();
+ $txt->managefilters = get_string( 'managefilters' );
$txt->administration = get_string( 'administration' );
- $txt->configuration = get_string( 'configuration' );
+ $txt->configuration = get_string( 'configuration' );
//======================
// Process Actions
//======================
// if reset pressed let filter config page handle it
- if ($config = data_submitted() and !$forcereset) {
+ if ($config = data_submitted(false) and !$forcereset) {
// check session key
if (!confirm_sesskey()) {
@@ -48,7 +48,7 @@
// run through submitted data
// reject if does not start with filter_
foreach ($config as $name => $value) {
- set_config($name, stripslashes($value));
+ set_config($name, $value);
}
}
diff --git a/admin/handlevirus.php b/admin/handlevirus.php
index 7a09c1eb672..59464ea4c1b 100644
--- a/admin/handlevirus.php
+++ b/admin/handlevirus.php
@@ -38,8 +38,8 @@ while(!feof($fd)) {
$action = clam_handle_infected_file($file,$log->userid,true);
clam_replace_infected_file($file);
- $user = get_record("user","id",$log->userid);
- $course = get_record("course","id",$log->course);
+ $user = $DB->get_record("user", array("id"=>$log->userid));
+ $course = $DB->get_record("course", array("id"=>$log->course));
$subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
$a->date = userdate($log->time);
diff --git a/admin/health.php b/admin/health.php
index e9fe728ed77..ac6aa744db2 100644
--- a/admin/health.php
+++ b/admin/health.php
@@ -275,8 +275,8 @@ class problem_000004 extends problem_base {
return 'cron.php is not set up to run automatically';
}
function exists() {
- global $CFG;
- $lastcron = get_field_sql('SELECT max(lastcron) FROM '.$CFG->prefix.'modules');
+ global $DB;
+ $lastcron = $DB->get_field_sql('SELECT max(lastcron) FROM {modules}');
return (time() - $lastcron > 3600 * 24);
}
function severity() {
diff --git a/admin/maintenance.php b/admin/maintenance.php
index 071a873254c..a4bfa1cdbc7 100644
--- a/admin/maintenance.php
+++ b/admin/maintenance.php
@@ -15,14 +15,14 @@
$filename = $CFG->dataroot.'/'.SITEID.'/maintenance.html';
- if ($form = data_submitted()) {
+ if ($form = data_submitted(false)) {
if (confirm_sesskey()) {
if ($form->action == "disable") {
unlink($filename);
redirect('maintenance.php', get_string('sitemaintenanceoff','admin'));
} else {
$file = fopen($filename, 'w');
- fwrite($file, stripslashes($form->text));
+ fwrite($file, $form->text);
fclose($file);
redirect('maintenance.php', get_string('sitemaintenanceon', 'admin'));
}
diff --git a/admin/multilangupgrade.php b/admin/multilangupgrade.php
index 0903b652ab0..5bd05248a0f 100644
--- a/admin/multilangupgrade.php
+++ b/admin/multilangupgrade.php
@@ -49,7 +49,7 @@ foreach ($tables as $table) {
}
$fulltable = $DB->get_prefix().$table;
if ($columns = $DB->get_columns($table)) {
- if (!array_key_exists('id', $columns) and !array_key_exists('ID', $columns)) {
+ if (!array_key_exists('id', $columns)) {
continue; // moodle tables have id
}
foreach ($columns as $column => $data) {
diff --git a/admin/oacleanup.php b/admin/oacleanup.php
index 04d0cd3fd6b..ae3e6923cec 100644
--- a/admin/oacleanup.php
+++ b/admin/oacleanup.php
@@ -16,7 +16,7 @@ if (!isset($CFG)) {
function online_assignment_cleanup($output=false) {
- global $CFG;
+ global $CFG, $DB;
if ($output) {
print_heading('Online Assignment Cleanup');
@@ -27,7 +27,7 @@ function online_assignment_cleanup($output=false) {
/// We don't want to run this code if we are doing an upgrade from an assignment
/// version earlier than 2005041400
/// because the assignment type field will not exist
- $amv = get_field('modules', 'version', 'name', 'assignment');
+ $amv = $DB->get_field('modules', 'version', array('name'=>'assignment'));
if ((int)$amv < 2005041400) {
if ($output) {
echo '';
@@ -37,12 +37,12 @@ function online_assignment_cleanup($output=false) {
/// get the module id for assignments from db
- $arecord = get_record('modules', 'name', 'assignment');
+ $arecord = $DB->get_record('modules', array('name', 'assignment'));
$aid = $arecord->id;
/// get a list of all courses on this site
- $courses = get_records('course');
+ $courses = $DB->get_records('course');
/// cycle through each course
foreach ($courses as $course) {
@@ -51,8 +51,12 @@ function online_assignment_cleanup($output=false) {
if ($output) print_heading($fullname);
/// retrieve a list of sections beyond what is currently being shown
- $sql = 'SELECT * FROM '.$CFG->prefix.'course_sections WHERE course='.$course->id.' AND section>'.$course->numsections.' ORDER BY section ASC';
- if (!($xsections = get_records_sql($sql))) {
+ $sql = "SELECT *
+ FROM {course_sections}
+ WHERE course=? AND section>?
+ ORDER BY section ASC";
+ $params = array($course->id, $course->numsections);
+ if (!($xsections = $DB->get_records_sql($sql, $params))) {
if ($output) echo 'No extra sections
';
continue;
}
@@ -70,16 +74,13 @@ function online_assignment_cleanup($output=false) {
foreach ($instances as $instance) {
/// is this an instance of an online assignment
$sql = "SELECT a.id
- FROM {$CFG->prefix}course_modules cm,
- {$CFG->prefix}assignment a
- WHERE cm.id = '$instance' AND
- cm.module = '$aid' AND
- cm.instance = a.id AND
- a.assignmenttype = 'online'";
-
+ FROM {course_modules} cm, {assignment} a
+ WHERE cm.id = ? AND cm.module = ? AND
+ cm.instance = a.id AND a.assignmenttype = 'online'";
+ $params = array($instance, $aid);
/// if record exists then we need to move instance to it's correct section
- if (record_exists_sql($sql)) {
+ if ($DB->record_exists_sql($sql, $params)) {
/// check the new section id
/// the journal update erroneously stored it in course_sections->section
@@ -87,14 +88,14 @@ function online_assignment_cleanup($output=false) {
/// double check the new section
if ($newsection > $course->numsections) {
/// get the record for section 0 for this course
- if (!($zerosection = get_record('course_sections', 'course', $course->id, 'section', '0'))) {
+ if (!($zerosection = $DB->get_record('course_sections', array('course'=>$course->id, 'section'=>'0')))) {
continue;
}
$newsection = $zerosection->id;
}
/// grab the section record
- if (!($section = get_record('course_sections', 'id', $newsection))) {
+ if (!($section = $DB->get_record('course_sections', array('id'=>$newsection)))) {
if ($output) echo 'Serious error: Cannot retrieve section: '.$newsection.' for course: '. format_string($course->fullname) .'
';
continue;
}
@@ -110,12 +111,12 @@ function online_assignment_cleanup($output=false) {
/// implode the sequence
$section->sequence = implode(',', $sequence);
- set_field('course_sections', 'sequence', $section->sequence, 'id', $section->id);
+ $DB->set_field('course_sections', 'sequence', $section->sequence, array('id'=>$section->id));
/// now we need to remove the instance from the old sequence
/// grab the old section record
- if (!($section = get_record('course_sections', 'id', $xsection->id))) {
+ if (!($section = $DB->get_record('course_sections', array('id'=>$xsection->id)))) {
if ($output) echo 'Serious error: Cannot retrieve old section: '.$xsection->id.' for course: '.$course->fullname.'
';
continue;
}
@@ -132,7 +133,7 @@ function online_assignment_cleanup($output=false) {
/// implode the sequence
$section->sequence = implode(',', $sequence);
- set_field('course_sections', 'sequence', $section->sequence, 'id', $section->id);
+ $DB->set_field('course_sections', 'sequence', $section->sequence, array('id'=>$section->id));
if ($output) echo 'Online Assignment (instance '.$instance.') moved from section '.$section->id.': to section '.$newsection.'
';
@@ -143,7 +144,7 @@ function online_assignment_cleanup($output=false) {
/// if the summary and sequence are empty then remove this section
if (empty($xsection->summary) and empty($xsection->sequence)) {
- delete_records('course_sections', 'id', $xsection->id);
+ $DB->delete_records('course_sections', array('id'=>$xsection->id));
if ($output) echo 'Deleting empty section '.$xsection->section.'
';
}
}
diff --git a/admin/process_email.php b/admin/process_email.php
index 33c8783d793..1b311776565 100755
--- a/admin/process_email.php
+++ b/admin/process_email.php
@@ -9,6 +9,7 @@ $address = $tmp[0];
// BOUNCE EMAILS TO NOREPLY
if ($_ENV['RECIPIENT'] == $CFG->noreplyaddress) {
+ $user = new pbject();
$user->email = $_ENV['SENDER'];
if (!validate_email($user->email)) {
@@ -53,7 +54,7 @@ if ($modid == '0') { // special
$modname = 'moodle';
}
else {
- $modname = get_field("modules","name","id",$modid);
+ $modname = $DB->get_field("modules", "name", array("id"=>$modid));
include_once('mod/'.$modname.'/lib.php');
}
$function = $modname.'_process_email';
diff --git a/admin/replace.php b/admin/replace.php
index cdff6ae39a4..f9dc986a02d 100644
--- a/admin/replace.php
+++ b/admin/replace.php
@@ -10,6 +10,9 @@ admin_externalpage_setup('replace');
$search = optional_param('search', '', PARAM_RAW);
$replace = optional_param('replace', '', PARAM_RAW);
+$search = stripslashes($search); // TODO: remove soon
+$replace = stripslashes($replace); // TODO: remove soon
+
###################################################################
admin_externalpage_print_header();
@@ -34,7 +37,7 @@ if (!data_submitted() or !$search or !$replace or !confirm_sesskey()) { /// Pr
print_simple_box_start('center');
-if (!db_replace(stripslashes($search), stripslashes($replace))) {
+if (!db_replace($search, $replace)) {
print_error('erroroccur', debug);
}
diff --git a/admin/search.php b/admin/search.php
index 4fcde9546a3..a8ee38ba2fb 100644
--- a/admin/search.php
+++ b/admin/search.php
@@ -5,7 +5,9 @@
require_once('../config.php');
require_once($CFG->libdir.'/adminlib.php');
-$query = trim(stripslashes(optional_param('query', '', PARAM_NOTAGS))); // Search string
+$query = trim(optional_param('query', '', PARAM_NOTAGS)); // Search string
+
+$query = stripslashes($query); // TODO: remove soon
$adminroot =& admin_get_root(); // need all settings here
$adminroot->search = $query; // So we can reference it in search boxes later in this invocation
@@ -16,7 +18,7 @@ $focus = '';
admin_externalpage_setup('search'); // now hidden page
// now we'll deal with the case that the admin has submitted the form with changed settings
-if ($data = data_submitted() and confirm_sesskey()) {
+if ($data = data_submitted(false) and confirm_sesskey()) {
if (admin_write_settings($data)) {
$statusmsg = get_string('changessaved');
}
diff --git a/admin/settings.php b/admin/settings.php
index f4ead11bec3..d0f771f77b8 100644
--- a/admin/settings.php
+++ b/admin/settings.php
@@ -16,12 +16,12 @@ $adminroot =& admin_get_root(); // need all settings
$page =& $adminroot->locate($section);
if (empty($page) or !is_a($page, 'admin_settingpage')) {
- error(get_string('sectionerror', 'admin'), "$CFG->wwwroot/$CFG->admin/");
+ print_error('sectionerror', 'admin', "$CFG->wwwroot/$CFG->admin/");
die;
}
if (!($page->check_access())) {
- error(get_string('accessdenied', 'admin'));
+ print_error('accessdenied', 'admin');
die;
}
@@ -31,7 +31,7 @@ $statusmsg = '';
$errormsg = '';
$focus = '';
-if ($data = data_submitted() and confirm_sesskey()) {
+if ($data = data_submitted(false) and confirm_sesskey()) {
if (admin_write_settings($data)) {
$statusmsg = get_string('changessaved');
}
diff --git a/admin/upgradesettings.php b/admin/upgradesettings.php
index 65fbf3c4cb1..6d4d5e10fa4 100644
--- a/admin/upgradesettings.php
+++ b/admin/upgradesettings.php
@@ -15,7 +15,7 @@ $adminroot =& admin_get_root(); // need all settings
admin_externalpage_setup('upgradesettings'); // now hidden page
// now we'll deal with the case that the admin has submitted the form with new settings
-if ($data = data_submitted() and confirm_sesskey()) {
+if ($data = data_submitted(false) and confirm_sesskey()) {
$count = admin_write_settings($data);
$adminroot =& admin_get_root(true); //reload tree
}
diff --git a/admin/uploaduser.php b/admin/uploaduser.php
index 6a4c411ade7..4511b81e8e7 100755
--- a/admin/uploaduser.php
+++ b/admin/uploaduser.php
@@ -76,7 +76,7 @@ $STD_FIELDS = array('id', 'firstname', 'lastname', 'username', 'email',
$PRF_FIELDS = array();
-if ($prof_fields = get_records('user_info_field')) {
+if ($prof_fields = $DB->get_records('user_info_field')) {
foreach ($prof_fields as $prof_field) {
$PRF_FIELDS[] = 'profile_field_'.$prof_field->shortname;
}
@@ -264,7 +264,7 @@ if ($formdata = $mform->is_cancelled()) {
continue;
}
- if ($existinguser = get_record('user', 'username', addslashes($user->username), 'mnethostid', $user->mnethostid)) {
+ if ($existinguser = $DB->get_record('user', array('username'=>$user->username, 'mnethostid'=>$user->mnethostid))) {
$upt->track('id', $existinguser->id, 'normal', false);
}
@@ -342,14 +342,14 @@ if ($formdata = $mform->is_cancelled()) {
continue;
}
- if ($olduser = get_record('user', 'username', addslashes($oldusername), 'mnethostid', addslashes($user->mnethostid))) {
+ if ($olduser = $DB->get_record('user', array('username'=>$oldusername, 'mnethostid'=>$user->mnethostid))) {
$upt->track('id', $olduser->id, 'normal', false);
if (has_capability('moodle/site:doanything', $systemcontext, $olduser->id)) {
$upt->track('status', $strusernotrenamedadmin, 'error');
$renameerrors++;
continue;
}
- if (set_field('user', 'username', addslashes($user->username), 'id', $olduser->id)) {
+ if ($DB->set_field('user', 'username', $user->username, array('id'=>$olduser->id))) {
$upt->track('username', '', 'normal', false); // clear previous
$upt->track('username', $oldusername.'-->'.$user->username, 'info');
$upt->track('status', $struserrenamed);
@@ -444,7 +444,7 @@ if ($formdata = $mform->is_cancelled()) {
}
if ($existinguser->$column !== $user->$column) {
if ($column == 'email') {
- if (record_exists('user', 'email', addslashes($user->email))) {
+ if ($DB->record_exists('user', array('email'=>$user->email))) {
if ($noemailduplicates) {
$upt->track('email', $stremailduplicate, 'error');
$upt->track('status', $strusernotupdated, 'error');
@@ -474,7 +474,7 @@ if ($formdata = $mform->is_cancelled()) {
$upt->track('auth', $struserauthunsupported, 'warning');
}
- if (update_record('user', addslashes_recursive($existinguser))) {
+ if ($DB->update_record('user', $existinguser)) {
$upt->track('status', $struserupdated);
$usersupdated++;
} else {
@@ -516,7 +516,7 @@ if ($formdata = $mform->is_cancelled()) {
}
}
- if (record_exists('user', 'email', addslashes($user->email))) {
+ if ($DB->record_exists('user', array('email'=>$user->email))) {
if ($noemailduplicates) {
$upt->track('email', $stremailduplicate, 'error');
$upt->track('status', $strusernotaddederror, 'error');
@@ -527,7 +527,7 @@ if ($formdata = $mform->is_cancelled()) {
}
}
- if ($user->id = insert_record('user', addslashes_recursive($user))) {
+ if ($user->id = $DB->insert_record('user', $user)) {
$info = ': ' . $user->username .' (ID = ' . $user->id . ')';
$upt->track('status', $struseradded);
$upt->track('id', $user->id, 'normal', false);
@@ -566,7 +566,7 @@ if ($formdata = $mform->is_cancelled()) {
$shortname = $user->{'course'.$i};
if (!array_key_exists($shortname, $ccache)) {
- if (!$course = get_record('course', 'shortname', addslashes($shortname), '', '', '', '', 'id, shortname, defaultrole')) {
+ if (!$course = $DB->get_record('course', array('shortname'=>$shortname), 'id, shortname, defaultrole')) {
$upt->track('enrolments', get_string('unknowncourse', 'error', $shortname), 'error');
continue;
}
@@ -883,13 +883,15 @@ function validate_user_upload_columns(&$columns) {
* @return incremented username which does not exist yet
*/
function increment_username($username, $mnethostid) {
+ global $DB;
+
if (!preg_match_all('/(.*?)([0-9]+)$/', $username, $matches)) {
$username = $username.'2';
} else {
$username = $matches[1][0].($matches[2][0]+1);
}
- if (record_exists('user', 'username', addslashes($username), 'mnethostid', addslashes($mnethostid))) {
+ if ($DB->record_exists('user', array('username'=>$username, 'mnethostid'=>$mnethostid))) {
return increment_username($username, $mnethostid);
} else {
return $username;