MDL-15189 magic quotes finally removed

moodle · Jun 9, 2008 · 294ce98 · 294ce98
1 parent c45ea1d
commit 294ce98
Show file tree

Hide file tree

Showing 249 changed files with 498 additions and 632 deletions.
diff --git a/admin/auth_config.php b/admin/auth_config.php
@@ -18,7 +18,7 @@
 $returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=manageauths";
 
 // save configuration changes
-if ($frm = data_submitted(false) and confirm_sesskey()) {
+if ($frm = data_submitted() and confirm_sesskey()) {
 
     $authplugin->validate_form($frm, $err);
 

diff --git a/admin/cliupgrade.php b/admin/cliupgrade.php
@@ -738,14 +738,6 @@
         console_write(STDERR,"The PHP server variable 'file_uploads' is not turned On" ,'',false);
     }
 
-    if (empty($CFG->prefix) && $CFG->dbfamily != 'mysql') {  //Enforce prefixes for everybody but mysql
-        console_write(STDERR,'$CFG->prefix can\'t be empty for your target DB (' . $CFG->dbtype . ')','',false);
-    }
-
-    if ($CFG->dbfamily == 'oracle' && strlen($CFG->prefix) > 2) { //Max prefix length for Oracle is 2cc
-        console_write(STDERR,'$CFG->prefix maximum allowed length for Oracle DBs is 2cc.','',false);
-    }
-
     /// Check that config.php has been edited
 
     if ($CFG->wwwroot == "http://example.com/moodle") {
@@ -1193,9 +1185,9 @@
         }
 
         $newsite = new Object();
-        $newsite->fullname = addslashes($sitefullname);
-        $newsite->shortname = addslashes($siteshortname);
-        $newsite->summary = addslashes($sitesummary);
+        $newsite->fullname = $sitefullname;
+        $newsite->shortname = $siteshortname;
+        $newsite->summary = $sitesummary;
         $newsite->newsitems = $sitenewsitems;
         $newsite->numsections = 0;
         $newsite->category = 0;

diff --git a/admin/enrol_config.php b/admin/enrol_config.php
@@ -17,7 +17,7 @@
 
 /// If data submitted, then process and store.
 
-    if ($frm = data_submitted(false)) {
+    if ($frm = data_submitted()) {
         if (!confirm_sesskey()) {
             print_error('confirmsesskeybad', 'error');
         }

diff --git a/admin/filter.php b/admin/filter.php
@@ -27,7 +27,7 @@
     //======================
 
     // if reset pressed let filter config page handle it
-    if ($config = data_submitted(false) and !$forcereset) {
+    if ($config = data_submitted() and !$forcereset) {
 
         // check session key
         if (!confirm_sesskey()) {

diff --git a/admin/lang.php b/admin/lang.php
@@ -1358,7 +1358,7 @@ function lang_help_save_file($helproot, $file, $content) {
     }
     error_reporting($CFG->debug);
 
-    fwrite($f, stripslashes($content));
+    fwrite($f, $content);
     fclose($f);
 
     // Remove file if its empty

diff --git a/admin/maintenance.php b/admin/maintenance.php
@@ -15,7 +15,7 @@
 
     $filename = $CFG->dataroot.'/'.SITEID.'/maintenance.html';
 
-    if ($form = data_submitted(false)) {
+    if ($form = data_submitted()) {
         if (confirm_sesskey()) {
             if ($form->action == "disable") {
                 unlink($filename);

diff --git a/admin/mnet/MethodTable.php b/admin/mnet/MethodTable.php
@@ -556,7 +556,7 @@ function showCode($methodTable){
                 if($key=="arguments"){
                     $result .= "array(";
                     for($i=0; $i<count($value); $i++){
-                        $result .= "\"" . addslashes($value[$i]) . "\"";
+                        $result .= "\"" . addslashes($value[$i]) . "\""; // TODO: fix this addslashes
                         if($i<count($value)-1){
                             $result .= ", ";
                         }

diff --git a/admin/mnet/access_control.php b/admin/mnet/access_control.php
@@ -80,7 +80,7 @@
 
 
 // process the form results
-if ($form = data_submitted(false) and confirm_sesskey()) {
+if ($form = data_submitted() and confirm_sesskey()) {
 
     // check permissions and verify form input
     if (!has_capability('moodle/user:delete', $sitecontext)) {

diff --git a/admin/mnet/adminlib.php b/admin/mnet/adminlib.php
@@ -87,7 +87,7 @@ function mnet_get_functions($type, $parentname) {
                 array_unshift($profile, $details['returns']);
             }
             $dataobject->profile       = serialize($profile);
-            $dataobject->help          = addslashes($details['description']);
+            $dataobject->help          = $details['description'];
         } else {
             $dataobject->profile       = serialize(array(array('type' => 'void', 'description' => 'No return value')));
             $dataobject->help          = '';

diff --git a/admin/mnet/enr_course_enrol.php b/admin/mnet/enr_course_enrol.php
@@ -50,7 +50,7 @@
 
 /// Process incoming role assignment
 
-    if ($frm = data_submitted(false)) {
+    if ($frm = data_submitted()) {
         if ($add and !empty($frm->addselect) and confirm_sesskey()) {
             $timemodified = time();
 

diff --git a/admin/mnet/index.php b/admin/mnet/index.php
@@ -37,7 +37,7 @@
     }
 
 /// If data submitted, process and store
-    if (($form = data_submitted(false)) && confirm_sesskey()) {
+    if (($form = data_submitted()) && confirm_sesskey()) {
         if (!empty($form->submit) && $form->submit == get_string('savechanges')) {
             if (in_array($form->mode, array("off", "strict", "dangerous"))) {
                 if (set_config('mnet_dispatcher_mode', $form->mode)) {

diff --git a/admin/mnet/mnet_themes.php b/admin/mnet/mnet_themes.php
@@ -65,7 +65,7 @@
                 $report = array('This theme is not installed!'.'3', 'errorbox');
             } else {
                 $mnet_peer->force_theme = 1;
-                $mnet_peer->theme = addslashes($choose);
+                $mnet_peer->theme = $choose;
                 if ($mnet_peer->commit()) {
                     $report = array(get_string('themesaved').'1', 'informationbox');
                 } else {

diff --git a/admin/replace.php b/admin/replace.php
@@ -10,9 +10,6 @@
 $search  = optional_param('search', '', PARAM_RAW);
 $replace = optional_param('replace', '', PARAM_RAW);
 
-$search  = stripslashes($search); // TODO: remove soon
-$replace = stripslashes($replace); // TODO: remove soon
-
 ###################################################################
 admin_externalpage_print_header();
 

diff --git a/admin/roles/allowoverride.php b/admin/roles/allowoverride.php
@@ -20,7 +20,7 @@
 
     $roles = get_all_roles();
 
-    if ($grant = data_submitted(false)) {
+    if ($grant = data_submitted()) {
 
         foreach ($grant as $grole => $val) {
             if ($grole == 'dummy') {

diff --git a/admin/roles/manage.php b/admin/roles/manage.php
@@ -14,9 +14,6 @@
     $confirm     = optional_param('confirm', 0, PARAM_BOOL);
     $cancel      = optional_param('cancel', 0, PARAM_BOOL);
 
-    $name        = stripslashes($name);
-    $description = stripslashes($description);
-
     $sitecontext = get_context_instance(CONTEXT_SYSTEM);
 
     require_capability('moodle/role:manage', $sitecontext);
@@ -56,7 +53,7 @@
 /// form processing, editing a role, adding a role, deleting a role etc.
     switch ($action) {
         case 'add':
-            if ($data = data_submitted(false) and confirm_sesskey()) {
+            if ($data = data_submitted() and confirm_sesskey()) {
 
                 $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters
                 $legacytype = required_param('legacytype', PARAM_RAW);
@@ -133,7 +130,7 @@
             break;
 
         case 'edit':
-            if ($data = data_submitted(false) and confirm_sesskey()) {
+            if ($data = data_submitted() and confirm_sesskey()) {
 
                 $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters
                 $legacytype = required_param('legacytype', PARAM_RAW);

diff --git a/admin/roles/override.php b/admin/roles/override.php
@@ -75,7 +75,7 @@
     $capabilities = fetch_context_capabilities($context);
 
 /// Process incoming role override
-    if ($data = data_submitted(false) and $roleid and confirm_sesskey()) {
+    if ($data = data_submitted() and $roleid and confirm_sesskey()) {
         $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT);
 
         $localoverrides = $DB->get_records_select('role_capabilities', "roleid = ? AND contextid = ?", array($roleid, $context->id), 

diff --git a/admin/search.php b/admin/search.php
@@ -7,8 +7,6 @@
 
 $query = trim(optional_param('query', '', PARAM_NOTAGS));  // Search string
 
-$query = stripslashes($query); // TODO: remove soon
-
 $adminroot =& admin_get_root(); // need all settings here
 $adminroot->search = $query; // So we can reference it in search boxes later in this invocation
 $statusmsg = '';
@@ -18,7 +16,7 @@
 admin_externalpage_setup('search'); // now hidden page
 
 // now we'll deal with the case that the admin has submitted the form with changed settings
-if ($data = data_submitted(false) and confirm_sesskey()) {
+if ($data = data_submitted() and confirm_sesskey()) {
     if (admin_write_settings($data)) {
         $statusmsg = get_string('changessaved');
     }

diff --git a/admin/settings.php b/admin/settings.php
@@ -31,7 +31,7 @@
 $errormsg  = '';
 $focus = '';
 
-if ($data = data_submitted(false) and confirm_sesskey()) {
+if ($data = data_submitted() and confirm_sesskey()) {
     if (admin_write_settings($data)) {
         $statusmsg = get_string('changessaved');
     }

diff --git a/admin/upgradesettings.php b/admin/upgradesettings.php
@@ -15,7 +15,7 @@
 admin_externalpage_setup('upgradesettings'); // now hidden page
 
 // now we'll deal with the case that the admin has submitted the form with new settings
-if ($data = data_submitted(false) and confirm_sesskey()) {
+if ($data = data_submitted() and confirm_sesskey()) {
     $count = admin_write_settings($data);
     $adminroot =& admin_get_root(true); //reload tree
 }

diff --git a/admin/uploadpicture.php b/admin/uploadpicture.php
@@ -62,7 +62,7 @@
 print_heading_with_help($struploadpictures, 'uploadpictures');
 
 $mform = new admin_uploadpicture_form();
-if ($formdata = $mform->get_data(false)) {
+if ($formdata = $mform->get_data()) {
     if (!array_key_exists($userfield, $userfields)) {
         notify(get_string('uploadpicture_baduserfield','admin'));
     } else {

diff --git a/admin/uploaduser.php b/admin/uploaduser.php
@@ -125,7 +125,7 @@
     $cir->cleanup(true);
     redirect($returnurl);
 
-} else if ($formdata = $mform->get_data(false)) { // no magic quotes here!!!
+} else if ($formdata = $mform->get_data()) {
     // Print the header
     admin_externalpage_print_header();
     print_heading(get_string('uploadusersresult', 'admin'));

diff --git a/admin/user/user_bulk.php b/admin/user/user_bulk.php
@@ -16,7 +16,7 @@
 // array of bulk operations
 // create the bulk operations form
 $action_form = new user_bulk_action_form();
-if ($data = $action_form->get_data(false)) {
+if ($data = $action_form->get_data()) {
     // check if an action should be performed and do so
     switch ($data->action) {
         case 1: redirect($CFG->wwwroot.'/'.$CFG->admin.'/user/user_bulk_confirm.php');
@@ -29,7 +29,7 @@
 
 $user_bulk_form = new user_bulk_form(null, get_selection_data($ufiltering));
 
-if ($data = $user_bulk_form->get_data(false)) {
+if ($data = $user_bulk_form->get_data()) {
     if (!empty($data->addall)) {
         add_selection_all($ufiltering);
 

diff --git a/admin/user/user_bulk_confirm.php b/admin/user/user_bulk_confirm.php
@@ -29,7 +29,7 @@
                 continue;
             }
             $auth = get_auth_plugin($user->auth);
-            $result = $auth->user_confirm(addslashes($user->username), addslashes($user->secret));
+            $result = $auth->user_confirm($user->username, $user->secret);
             if ($result != AUTH_CONFIRM_OK && $result != AUTH_CONFIRM_ALREADY) {
                 notify(get_string('usernotconfirmed', '', fullname($user, true)));
             }

diff --git a/admin/user/user_bulk_message.php b/admin/user/user_bulk_message.php
@@ -43,7 +43,7 @@
 if ($msgform->is_cancelled()) {
     redirect($return);
 
-} else if ($formdata = $msgform->get_data(false)) {
+} else if ($formdata = $msgform->get_data()) {
     $options = new object();
     $options->para     = false;
     $options->newlines = true;

diff --git a/admin/xmldb/actions/XMLDBAction.class.php b/admin/xmldb/actions/XMLDBAction.class.php
@@ -140,7 +140,7 @@ function invoke() {
     /// If we are used any dir, save it in the lastused session object
     /// Some actions can use it to perform positioning
         if ($lastused = optional_param ('dir', NULL, PARAM_PATH)) {
-            $SESSION->lastused = stripslashes_safe($lastused);
+            $SESSION->lastused = $lastused;
         }
 
         $this->postaction = optional_param ('postaction', NULL, PARAM_ALPHAEXT);

diff --git a/admin/xmldb/actions/create_xml_file/create_xml_file.class.php b/admin/xmldb/actions/create_xml_file/create_xml_file.class.php
@@ -66,7 +66,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
         $file = $dirpath . '/install.xml';
 
     /// Some variables

diff --git a/admin/xmldb/actions/delete_field/delete_field.class.php b/admin/xmldb/actions/delete_field/delete_field.class.php
@@ -64,7 +64,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
         $tableparam = required_param('table', PARAM_CLEAN);
         $fieldparam = required_param('field', PARAM_CLEAN);
 

diff --git a/admin/xmldb/actions/delete_index/delete_index.class.php b/admin/xmldb/actions/delete_index/delete_index.class.php
@@ -64,7 +64,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
         $tableparam = required_param('table', PARAM_PATH);
         $indexparam = required_param('index', PARAM_PATH);
 

diff --git a/admin/xmldb/actions/delete_key/delete_key.class.php b/admin/xmldb/actions/delete_key/delete_key.class.php
@@ -64,7 +64,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
         $tableparam = required_param('table', PARAM_PATH);
         $keyparam = required_param('key', PARAM_PATH);
 

diff --git a/admin/xmldb/actions/delete_sentence/delete_sentence.class.php b/admin/xmldb/actions/delete_sentence/delete_sentence.class.php
@@ -64,7 +64,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
         $statementparam = required_param('statement', PARAM_CLEAN);
         $sentenceparam = required_param('sentence', PARAM_INT);
 

diff --git a/admin/xmldb/actions/delete_statement/delete_statement.class.php b/admin/xmldb/actions/delete_statement/delete_statement.class.php
@@ -64,7 +64,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
         $statementparam = required_param('statement', PARAM_CLEAN);
 
         $confirmed = optional_param('confirmed', false, PARAM_BOOL);

diff --git a/admin/xmldb/actions/delete_table/delete_table.class.php b/admin/xmldb/actions/delete_table/delete_table.class.php
@@ -64,7 +64,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
         $tableparam = required_param('table', PARAM_CLEAN);
 
         $confirmed = optional_param('confirmed', false, PARAM_BOOL);

diff --git a/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php b/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php
@@ -64,7 +64,7 @@ function invoke() {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
 
         $confirmed = optional_param('confirmed', false, PARAM_BOOL);
 

diff --git a/admin/xmldb/actions/edit_field/edit_field.class.php b/admin/xmldb/actions/edit_field/edit_field.class.php
@@ -66,7 +66,7 @@ function invoke() {
     /// Do the job, setting result as needed
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
 
     /// Get the correct dirs
         if (!empty($XMLDB->dbdirs)) {

diff --git a/admin/xmldb/actions/edit_field_save/edit_field_save.class.php b/admin/xmldb/actions/edit_field_save/edit_field_save.class.php
@@ -75,20 +75,20 @@ function invoke() {
 
     /// Do the job, setting result as needed
 
-        if (!data_submitted('nomatch')) { ///Basic prevention
+        if (!data_submitted()) { ///Basic prevention
             print_error('wrongcall', 'error');
         }
 
     /// Get parameters
         $dirpath = required_param('dir', PARAM_PATH);
-        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . $dirpath;
 
         $tableparam = strtolower(required_param('table', PARAM_PATH));
         $fieldparam = strtolower(required_param('field', PARAM_PATH));
         $name = substr(trim(strtolower(optional_param('name', $fieldparam, PARAM_PATH))),0,30);
 
         $comment = required_param('comment', PARAM_CLEAN);
-        $comment = trim(stripslashes_safe($comment));
+        $comment = trim($comment);
 
         $type       = required_param('type', PARAM_INT);
         $length     = strtolower(optional_param('length', NULL, PARAM_ALPHANUM));
@@ -98,9 +98,9 @@ function invoke() {
         $sequence   = optional_param('sequence', false, PARAM_BOOL);
         $enum       = optional_param('enum', false, PARAM_BOOL);
         $enumvalues = optional_param('enumvalues', 0, PARAM_CLEAN);
-        $enumvalues = trim(stripslashes_safe($enumvalues));
+        $enumvalues = trim($enumvalues);
         $default    = optional_param('default', NULL, PARAM_PATH);
-        $default    = trim(stripslashes_safe($default));
+        $default    = trim($default);
 
         $editeddir =& $XMLDB->editeddirs[$dirpath];
         $structure =& $editeddir->xml_file->getStructure();