Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-27675 - Feedback module abuses data_submitted

  • Loading branch information...
commit 0efa99834070602b3037374a0c0300ef033f98ec 1 parent f12f0b3
@grabs grabs authored
View
3  mod/feedback/complete.php
@@ -422,7 +422,8 @@
//get the value
$frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
if(isset($savereturn)) {
- $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = feedback_clean_input_value($feedbackitem, $value);
}else {
if(isset($feedbackcompletedtmp->id)) {
$value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, true);
View
3  mod/feedback/complete_guest.php
@@ -372,7 +372,8 @@
//get the value
$frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
if(isset($savereturn)) {
- $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = feedback_clean_input_value($feedbackitem, $value);
}else {
if(isset($feedbackcompletedtmp->id)) {
$value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, sesskey());
View
4 mod/feedback/item/captcha/lib.php
@@ -280,4 +280,8 @@ function get_hasvalue() {
function can_switch_require() {
return false;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_RAW);
+ }
}
View
9 mod/feedback/item/feedback_item_class.php
@@ -104,6 +104,14 @@ function get_data() {
*/
abstract function print_item_show_value($item, $value = '');
+ /**
+ * cleans the userinput while submitting the form
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+ abstract function clean_input_value($value);
+
}
//a dummy class to realize pagebreaks
@@ -129,6 +137,7 @@ function print_item_preview($item) {}
function print_item_complete($item, $value = '', $highlightrequire = false) {}
function print_item_show_value($item, $value = '') {}
function can_switch_require(){}
+ function clean_input_value($value){}
}
View
4 mod/feedback/item/info/lib.php
@@ -321,4 +321,8 @@ function get_hasvalue() {
function can_switch_require() {
return false;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
View
4 mod/feedback/item/label/lib.php
@@ -231,4 +231,8 @@ function excelprint_item(&$worksheet, $rowOffset, $xlsFormats, $item, $groupid,
function print_analysed($item, $itemnr = '', $groupid = false, $courseid = false) {}
function get_printval($item, $value) {}
function get_analysed($item, $groupid = false, $courseid = false) {}
+
+ function clean_input_value($value) {
+ return '';
+ }
}
View
5 mod/feedback/item/multichoice/lib.php
@@ -709,8 +709,11 @@ function hidenoselect($item) {
return false;
}
-
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
View
3  mod/feedback/item/multichoicerated/lib.php
@@ -588,4 +588,7 @@ function can_switch_require() {
return true;
}
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
View
4 mod/feedback/item/numeric/lib.php
@@ -420,4 +420,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_FLOAT);
+ }
}
View
4 mod/feedback/item/textarea/lib.php
@@ -280,4 +280,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_CLEANHTML);
+ }
}
View
4 mod/feedback/item/textfield/lib.php
@@ -274,4 +274,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_CLEANHTML);
+ }
}
View
11 mod/feedback/lib.php
@@ -1841,6 +1841,17 @@ function feedback_get_page_to_continue($feedbackid, $courseid = false, $guestid
//functions to handle the values
////////////////////////////////////////////////
+/**
+ * cleans the userinput while submitting the form.
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+function feedback_clean_input_value($item, $value) {
+ $itemobj = feedback_get_item_class($item->typ);
+ return $itemobj->clean_input_value($value);
+}
+
/**
* this saves the values of an completed.
* if the param $tmp is set true so the values are saved temporary in table feedback_valuetmp.
Please sign in to comment.
Something went wrong with that request. Please try again.