parameter cleaup - round 8; short php tag in group-edit.html

course/category.php

@@ -9,14 +9,14 @@
     $id       = required_param('id', PARAM_INT);          // Category id
     $page     = optional_param('page', 0, PARAM_INT);     // which page to show
     $perpage  = optional_param('perpage', 20, PARAM_INT); // how many per page
-    $edit = optional_param('edit','',PARAM_ALPHA);
+    $edit     = optional_param('edit', -1, PARAM_BOOL);
     $hide     = optional_param('hide', 0, PARAM_INT);
     $show     = optional_param('show', 0, PARAM_INT);
     $moveup   = optional_param('moveup', 0, PARAM_INT);
     $movedown = optional_param('movedown', 0, PARAM_INT);
     $moveto   = optional_param('moveto', 0, PARAM_INT);
-    $rename = optional_param('rename','');
+    $rename   = optional_param('rename', '', PARAM_NOTAGS);
-    $resort = optional_param('resort','');
+    $resort   = optional_param('resort', 0, PARAM_BOOL);
 
     if (!$site = get_site()) {
         error("Site isn't defined!");
@@ -31,12 +31,8 @@
     }
 
     if (iscreator()) {
-        if (!empty($edit) and confirm_sesskey()) {
+        if ($edit !== -1) {
-            if ($edit == "on") {
+            $USER->categoryediting = $edit;
-                $USER->categoryediting = true;
-            } else if ($edit == "off") {
-                $USER->categoryediting = false;
-            }
         }
         $navbaritem = update_category_button($category->id);
 
@@ -64,7 +60,7 @@
 
         /// Resort the category if requested
 
-        if (!empty($resort) and confirm_sesskey()) {
+        if ($resort and confirm_sesskey()) {
             if ($courses = get_courses($category->id, "fullname ASC", 'c.id,c.fullname,c.sortorder')) {
                 // move it off the range
                 $count = get_record_sql('SELECT MAX(sortorder) AS max, 1

course/delete.php

@@ -4,7 +4,7 @@
     require_once("../config.php");
 
     $id     = required_param('id', PARAM_INT);              // course id
-    $delete = optional_param('delete');   // delete confirmation
+    $delete = optional_param('delete', '', PARAM_ALPHANUM); // delete confirmation hash
 
     require_login();
 

course/group-edit.html

@@ -18,7 +18,7 @@
 </tr>
 
 <tr valign="top">
-    <td align="right"><?print_string('enrolmentkey') ?>:</td>
+    <td align="right"><?php print_string('enrolmentkey') ?>:</td>
     <td><input type="text" name="password" size="25" value="<?php echo $group->password ?>" alt="<?print_string('enrolmentkey') ?>" /></td>
 </tr>
 

course/group.php

@@ -8,9 +8,8 @@
     require_once('../config.php');
     require_once('lib.php');
 
-    $id    = required_param('id');          // Course id
+    $id    = required_param('id', PARAM_INT);          // Course id
-    $group = optional_param('group', 0);    // Optionally look at other groups
+    $group = optional_param('group', 0, PARAM_INT);    // Optionally look at other groups
-    $edit  = optional_param('edit', false); // Editing can be turned on
 
     if (! $course = get_record('course', 'id', $id) ) {
         error("That's an invalid course id");
@@ -38,7 +37,6 @@
     if ($form = data_submitted() and confirm_sesskey()) { 
 
         if (empty($form->name)) {
-            $edit = true;
             $err['name'] = get_string("missingname");
 
         } else {
@@ -75,23 +73,11 @@
     }
 
 
-/// Are we editing?  If so, handle it.
-
-    if ($usehtmleditor = can_use_richtext_editor()) {
-        $defaultformat = FORMAT_HTML;
-    } else {
-        $defaultformat = FORMAT_MOODLE;
-    }
-
     $usehtmleditor = false;
 
     $sesskey = !empty($USER->id) ? $USER->sesskey : '';
 
     include('group-edit.html');
 
-    if ($usehtmleditor) {
-        use_html_editor("description");
-    }
-
     echo "</body></html>";
 ?>

course/groups.php

@@ -28,8 +28,8 @@
     require_once('../config.php');
     require_once('lib.php');
 
-    $courseid      = required_param('id');           // Course id
+    $courseid      = required_param('id', PARAM_INT);           // Course id
-    $selectedgroup = optional_param('group', NULL);  // Current group id
+    $selectedgroup = optional_param('group', NULL, PARAM_INT);  // Current group id
 
     if (! $course = get_record('course', 'id', $courseid) ) {
         error("That's an invalid course id");

course/import/activities/index.php

@@ -4,13 +4,14 @@
     require_once('../../lib.php');
     require_once($CFG->dirroot.'/backup/restorelib.php');
     
-    $strimportothercourses = get_string('importfromothercourses');
     $id               = required_param('id', PARAM_INT);   // course id to import TO
     $fromcourse       = optional_param('fromcourse', 0, PARAM_INT);
-    $fromcoursesearch = optional_param('fromcoursesearch','',PARAM_CLEAN);
+    $fromcoursesearch = optional_param('fromcoursesearch', '', PARAM_RAW);
     $page             = optional_param('page', 0, PARAM_INT);
     $filename         = optional_param('filename', 0, PARAM_PATH);
 
+    $strimportothercourses = get_string('importfromothercourses');
+
     if (! ($course = get_record("course", "id", $id)) ) {
         error("That's an invalid course id");
     }

course/import/groups/index.php

@@ -5,7 +5,7 @@
 	require_once('../../../config.php');
     require_once('../../lib.php');
 	
-	$mycourseid = required_param('id');    // Course id
+	$mycourseid = required_param('id', PARAM_INT);    // Course id
     
 	if (! $course = get_record('course', 'id', $mycourseid) ) {
         error("That's an invalid course id");