Permalink
Browse files

Merge branch 'w33_MDL-26796_m22_arrayparams' of git://github.com/skod…

…ak/moodle
  • Loading branch information...
2 parents 6408c7d + ebdeccc commit 0a4ca115b247f4cd802c83e7cdc171c528aef6c3 @stronk7 stronk7 committed Aug 24, 2011
View
@@ -43,7 +43,7 @@
}
$mode = optional_param('mode', 0, PARAM_INT); // action
-$pack = optional_param('pack', array(), PARAM_SAFEDIR); // pack to install
+$pack = optional_param_array('pack', array(), PARAM_SAFEDIR); // pack to install
$uninstalllang = optional_param('uninstalllang', '', PARAM_LANG); // installed pack to uninstall
$confirm = optional_param('confirm', 0, PARAM_BOOL); // uninstallation confirmation
@@ -18,7 +18,7 @@
// Get URL parameters.
$capability = optional_param('capability', '', PARAM_CAPABILITY);
-$roleids = optional_param('roles', array('0'), PARAM_INTEGER);
+$roleids = optional_param_array('roles', array('0'), PARAM_INTEGER);
// Clean the passed in list of role ids. If 'All' selected as an option, or
// if none were selected, do all roles.
@@ -59,8 +59,8 @@
}
if ($translatorsubmitted) {
- $strings = optional_param('cust', array(), PARAM_RAW);
- $updates = optional_param('updates', array(), PARAM_INT);
+ $strings = optional_param_array('cust', array(), PARAM_RAW);
+ $updates = optional_param_array('updates', array(), PARAM_INT);
$checkin = optional_param('savecheckin', false, PARAM_RAW);
if ($checkin === false) {
@@ -14,7 +14,7 @@
$showpasses = optional_param('showpasses', false, PARAM_BOOL);
$codecoverage = optional_param('codecoverage', false, PARAM_BOOL);
-$selected = optional_param('selected', array(), PARAM_INT);
+$selected = optional_param_array('selected', array(), PARAM_INT);
// Print the header and check access.
admin_externalpage_setup('reportdbtest');
View
@@ -19,7 +19,7 @@
if ($groupid) {
$groupids = array($groupid);
} else {
- $groupids = optional_param('groups', array(), PARAM_INT);
+ $groupids = optional_param_array('groups', array(), PARAM_INT);
}
$singlegroup = (count($groupids) == 1);
View
@@ -588,18 +588,27 @@ function file_get_drafarea_files($draftitemid, $filepath = '/') {
* @return integer the itemid, or 0 if there is not one yet.
*/
function file_get_submitted_draft_itemid($elname) {
- $param = optional_param($elname, 0, PARAM_INT);
- if ($param) {
- require_sesskey();
+ // this is a nasty hack, ideally all new elements should use arrays here or there should be a new parameter
+ if (!isset($_REQUEST[$elname])) {
+ return 0;
}
- if (is_array($param)) {
+ if (is_array($_REQUEST[$elname])) {
+ $param = optional_param_array($elname, 0, PARAM_INT);
if (!empty($param['itemid'])) {
$param = $param['itemid'];
} else {
debugging('Missing itemid, maybe caused by unset maxfiles option', DEBUG_DEVELOPER);
return false;
}
+
+ } else {
+ $param = optional_param($elname, 0, PARAM_INT);
}
+
+ if ($param) {
+ require_sesskey();
+ }
+
return $param;
}
View
@@ -1384,9 +1384,14 @@ function updateSubmission($submission, $files) {
} else {
foreach ($submission as $key=>$s) {
if (array_key_exists($key, $this->_types)) {
- $submission[$key] = clean_param($s, $this->_types[$key]);
+ $type = $this->_types[$key];
} else {
- $submission[$key] = clean_param($s, PARAM_RAW);
+ $type = PARAM_RAW;
+ }
+ if (is_array($s)) {
+ $submission[$key] = clean_param_array($s, $type, true);
+ } else {
+ $submission[$key] = clean_param($s, $type);
}
}
$this->_submitValues = $submission;
View
@@ -448,17 +448,15 @@
* used like this:
* $id = required_param('id', PARAM_INT);
*
- * Please note the $type parameter is now required,
- * for now PARAM_CLEAN is used for backwards compatibility only.
+ * Please note the $type parameter is now required and the value can not be array.
*
* @param string $parname the name of the page parameter we want
* @param string $type expected type of parameter
* @return mixed
*/
function required_param($parname, $type) {
- if (!isset($type)) {
- debugging('required_param() requires $type to be specified.');
- $type = PARAM_CLEAN; // for now let's use this deprecated type
+ if (func_num_args() != 2 or empty($parname) or empty($type)) {
+ throw new coding_exception('required_param() requires $parname and $type to be specified (parameter: '.$parname.')');
}
if (isset($_POST[$parname])) { // POST has precedence
$param = $_POST[$parname];
@@ -468,9 +466,59 @@ function required_param($parname, $type) {
print_error('missingparam', '', '', $parname);
}
+ if (is_array($param)) {
+ debugging('Invalid array parameter detected in required_param(): '.$parname);
+ // TODO: switch to fatal error in Moodle 2.3
+ //print_error('missingparam', '', '', $parname);
+ return required_param_array($parname, $type);
+ }
+
return clean_param($param, $type);
}
+/**
+ * Returns a particular array value for the named variable, taken from
+ * POST or GET. If the parameter doesn't exist then an error is
+ * thrown because we require this variable.
+ *
+ * This function should be used to initialise all required values
+ * in a script that are based on parameters. Usually it will be
+ * used like this:
+ * $ids = required_param_array('ids', PARAM_INT);
+ *
+ * Note: arrays of arrays are not supported, only alphanumeric keys with _ and - are supported
+ *
+ * @param string $parname the name of the page parameter we want
+ * @param string $type expected type of parameter
+ * @return array
+ */
+function required_param_array($parname, $type) {
+ if (func_num_args() != 2 or empty($parname) or empty($type)) {
+ throw new coding_exception('required_param_array() requires $parname and $type to be specified (parameter: '.$parname.')');
+ }
+ if (isset($_POST[$parname])) { // POST has precedence
+ $param = $_POST[$parname];
+ } else if (isset($_GET[$parname])) {
+ $param = $_GET[$parname];
+ } else {
+ print_error('missingparam', '', '', $parname);
+ }
+ if (!is_array($param)) {
+ print_error('missingparam', '', '', $parname);
+ }
+
+ $result = array();
+ foreach($param as $key=>$value) {
+ if (!preg_match('/^[a-z0-9_-]+$/i', $key)) {
+ debugging('Invalid key name in required_param_array() detected: '.$key.', parameter: '.$parname);
+ continue;
+ }
+ $result[$key] = clean_param($value, $type);
+ }
+
+ return $result;
+}
+
/**
* Returns a particular value for the named variable, taken from
* POST or GET, otherwise returning a given default.
@@ -480,18 +528,16 @@ function required_param($parname, $type) {
* used like this:
* $name = optional_param('name', 'Fred', PARAM_TEXT);
*
- * Please note $default and $type parameters are now required,
- * for now PARAM_CLEAN is used for backwards compatibility only.
+ * Please note the $type parameter is now required and the value can not be array.
*
* @param string $parname the name of the page parameter we want
* @param mixed $default the default value to return if nothing is found
* @param string $type expected type of parameter
* @return mixed
*/
function optional_param($parname, $default, $type) {
- if (!isset($type)) {
- debugging('optional_param() requires $default and $type to be specified.');
- $type = PARAM_CLEAN; // for now let's use this deprecated type
+ if (func_num_args() != 3 or empty($parname) or empty($type)) {
+ throw new coding_exception('optional_param() requires $parname, $default and $type to be specified (parameter: '.$parname.')');
}
if (!isset($default)) {
$default = null;
@@ -505,9 +551,61 @@ function optional_param($parname, $default, $type) {
return $default;
}
+ if (is_array($param)) {
+ debugging('Invalid array parameter detected in required_param(): '.$parname);
+ // TODO: switch to $default in Moodle 2.3
+ //return $default;
+ return optional_param_array($parname, $default, $type);
+ }
+
return clean_param($param, $type);
}
+/**
+ * Returns a particular array value for the named variable, taken from
+ * POST or GET, otherwise returning a given default.
+ *
+ * This function should be used to initialise all optional values
+ * in a script that are based on parameters. Usually it will be
+ * used like this:
+ * $ids = optional_param('id', array(), PARAM_INT);
+ *
+ * Note: arrays of arrays are not supported, only alphanumeric keys with _ and - are supported
+ *
+ * @param string $parname the name of the page parameter we want
+ * @param mixed $default the default value to return if nothing is found
+ * @param string $type expected type of parameter
+ * @return array
+ */
+function optional_param_array($parname, $default, $type) {
+ if (func_num_args() != 3 or empty($parname) or empty($type)) {
+ throw new coding_exception('optional_param_array() requires $parname, $default and $type to be specified (parameter: '.$parname.')');
+ }
+
+ if (isset($_POST[$parname])) { // POST has precedence
+ $param = $_POST[$parname];
+ } else if (isset($_GET[$parname])) {
+ $param = $_GET[$parname];
+ } else {
+ return $default;
+ }
+ if (!is_array($param)) {
+ debugging('optional_param_array() expects array parameters only: '.$parname);
+ return $default;
+ }
+
+ $result = array();
+ foreach($param as $key=>$value) {
+ if (!preg_match('/^[a-z0-9_-]+$/i', $key)) {
+ debugging('Invalid key name in optional_param_array() detected: '.$key.', parameter: '.$parname);
+ continue;
+ }
+ $result[$key] = clean_param($value, $type);
+ }
+
+ return $result;
+}
+
/**
* Strict validation of parameter values, the values are only converted
* to requested PHP type. Internally it is using clean_param, the values
@@ -516,7 +614,7 @@ function optional_param($parname, $default, $type) {
* Objects and classes are not accepted.
*
* @param mixed $param
- * @param int $type PARAM_ constant
+ * @param string $type PARAM_ constant
* @param bool $allownull are nulls valid value?
* @param string $debuginfo optional debug information
* @return mixed the $param value converted to PHP type or invalid_parameter_exception
@@ -542,6 +640,34 @@ function validate_param($param, $type, $allownull=NULL_NOT_ALLOWED, $debuginfo='
return $cleaned;
}
+/**
+ * Makes sure array contains only the allowed types,
+ * this function does not validate array key names!
+ * <code>
+ * $options = clean_param($options, PARAM_INT);
+ * </code>
+ *
+ * @param array $param the variable array we are cleaning
+ * @param string $type expected format of param after cleaning.
+ * @param bool $recursive clean recursive arrays
+ * @return array
+ */
+function clean_param_array(array $param = null, $type, $recursive = false) {
+ $param = (array)$param; // convert null to empty array
+ foreach ($param as $key => $value) {
+ if (is_array($value)) {
+ if ($recursive) {
+ $param[$key] = clean_param_array($value, $type, true);
+ } else {
+ throw new coding_exception('clean_param_array() can not process multidimensional arrays when $recursive is false.');
+ }
+ } else {
+ $param[$key] = clean_param($value, $type);
+ }
+ }
+ return $param;
+}
+
/**
* Used by {@link optional_param()} and {@link required_param()} to
* clean the variables and/or cast to specific types, based on
@@ -552,19 +678,15 @@ function validate_param($param, $type, $allownull=NULL_NOT_ALLOWED, $debuginfo='
* </code>
*
* @param mixed $param the variable we are cleaning
- * @param int $type expected format of param after cleaning.
+ * @param string $type expected format of param after cleaning.
* @return mixed
*/
function clean_param($param, $type) {
global $CFG;
- if (is_array($param)) { // Let's loop
- $newparam = array();
- foreach ($param as $key => $value) {
- $newparam[$key] = clean_param($value, $type);
- }
- return $newparam;
+ if (is_object($param) or is_array($param)) {
+ throw new coding_exception('clean_param() can not process objects or arrays, please use clean_param_array() instead.');
}
switch ($type) {
Oops, something went wrong.

0 comments on commit 0a4ca11

Please sign in to comment.