Now restore checks that we are coming from the form page to delete any

previously stored $SESSION->restore data. Also, the "restore to existing" feature is working again. It was broken because of the pseudo-register-globals hack. Now course_id is retrieved with the standar param() methods. Bug 5145 was the original cause for investingating this. (http://moodle.org/bugs/bug.php?op=show&bugid=5145)
2025-01-19 06:18:28 +01:00 · 2006-04-10 19:02:39 +00:00 · 2006-04-10 19:02:39 +00:00 · c3cb69e5f4
commit c3cb69e5f4
parent efef8f690d
1 changed files with 9 additions and 7 deletions
--- a/backup/restore_check.html
+++ b/backup/restore_check.html
@ -14,9 +14,12 @@
        }
    }

-    //If restore session info exists, but we are posting parameters
-    //manually, this has prioriry
-    if (isset($restore) and isset($_POST['restore_restoreto'])) {
+    //Detect if we are coming from the restore form
+    $fromform = optional_param ('fromform', 0, PARAM_INT);
+
+    //If restore session info exists, but we are coming from the form
+    //it has prioriry
+    if (isset($restore) and !empty($fromform)) {
        unset($restore);
    }

@ -69,10 +72,8 @@
        //restore_messages
        $restore_messages = required_param('restore_messages');

-        //Check we've selected a course
-        if (!isset($course_id)) {
-            $course_id = 0;
-        }
+        //Check we've selected a course to restore to
+        $course_id = optional_param('course_id', 0, PARAM_INT);
 
        //We are here, having all we need !!
        //Create the restore object and put it in the session
@ -108,6 +109,7 @@
    } else {
        //We have the object, so check if we have a new course_id
        //passed as parammeter
+        $course_id = optional_param('course_id', 0, PARAM_INT);
        if ($course_id) {
            $restore->course_id=$course_id;
        }