mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-31 20:53:53 +01:00
Code Issues Projects Releases Wiki Activity

added addslashes to title, content, answer and response fields to help deal with quotes after a clean_param()

Browse Source
This commit is contained in:
michaelpenne 2005-05-03 21:16:30 +00:00
parent 2c27cd193e
commit af9f2c05db
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mod/lesson/action/insertpage.php
View File

@ -42,6 +42,8 @@
/// CDC-FLAG ///
$newpage->title = clean_param($form->title, PARAM_CLEANHTML);
$newpage->contents = clean_param(trim($form->contents), PARAM_CLEANHTML);
$newpage->title = addslashes($newpage->title);
$newpage->contents = addslashes($newpage->contents);
$newpageid = insert_record("lesson_pages", $newpage);
if (!$newpageid) {
error("Insert page: new page not inserted");
@ -85,6 +87,8 @@
/// CDC-FLAG ///
$newpage->title = clean_param($form->title, PARAM_CLEANHTML);
$newpage->contents = clean_param(trim($form->contents), PARAM_CLEANHTML);
$newpage->title = addslashes($newpage->title);
$newpage->contents = addslashes($newpage->contents);
$newpageid = insert_record("lesson_pages", $newpage);
if (!$newpageid) {
error("Insert page: new first page not inserted");
@ -115,6 +119,8 @@
/// CDC-FLAG ///
$newpage->title = clean_param($form->title, PARAM_CLEANHTML);
$newpage->contents = clean_param(trim($form->contents), PARAM_CLEANHTML);
$newpage->title = addslashes($newpage->title);
$newpage->contents = addslashes($newpage->contents);
$newpageid = insert_record("lesson_pages", $newpage);
if (!$newpageid) {
error("Insert page: first page not inserted");
@ -152,8 +158,10 @@
$newanswer->pageid = $newpageid;
$newanswer->timecreated = $timenow;
$newanswer->answer = clean_param(trim($form->answer[$i]), PARAM_CLEANHTML);
$newanswer->answer = addslashes($newanswer->answer);
if (isset($form->response[$i])) {
$newanswer->response = clean_param(trim($form->response[$i]), PARAM_CLEANHTML);
$newanswer->response = addslashes($newanswer->response);
}
if (isset($form->jumpto[$i])) {
$newanswer->jumpto = clean_param($form->jumpto[$i], PARAM_INT);

8
mod/lesson/action/updatepage.php
View File

@ -10,7 +10,7 @@
$timenow = time();
$form = data_submitted();
$page = new stdClass;
$page->id = clean_param($form->pageid, PARAM_INT);
$page->timemodified = $timenow;
@ -34,6 +34,8 @@
/// CDC-FLAG ///
$page->title = clean_param($form->title, PARAM_CLEANHTML);
$page->contents = clean_param(trim($form->contents), PARAM_CLEANHTML);
$page->title = addslashes($page->title);
$page->contents = addslashes($page->title);
if (!update_record("lesson_pages", $page)) {
error("Update page: page not updated");
}
@ -78,8 +80,10 @@
clean_param($form->responseeditor[$i], PARAM_INT) * LESSON_RESPONSE_EDITOR;
$oldanswer->timemodified = $timenow;
$oldanswer->answer = clean_param(trim($form->answer[$i]), PARAM_CLEANHTML);
$oldanswer->answer = addslashes($oldanswer->answer);
if (isset($form->response[$i])) {
$oldanswer->response = clean_param(trim($form->response[$i]), PARAM_CLEANHTML);
$oldanswer->response = addslashes($oldanswer->response);
}
$oldanswer->jumpto = clean_param($form->jumpto[$i], PARAM_INT);
/// CDC-FLAG ///
@ -99,8 +103,10 @@
clean_param($form->responseeditor[$i], PARAM_INT) * LESSON_RESPONSE_EDITOR;
$newanswer->timecreated = $timenow;
$newanswer->answer = clean_param(trim($form->answer[$i]), PARAM_CLEANHTML);
$newanswer->answer = addslashes($newanswer->answer);
if (isset($form->response[$i])) {
$newanswer->response = clean_param(trim($form->response[$i]), PARAM_CLEANHTML);
$newanswer->answer = addslashes($newanswer->answer);
}
$newanswer->jumpto = clean_param($form->jumpto[$i], PARAM_INT);
/// CDC-FLAG ///