Skip to content
Browse files

[MDL-23130]

Fixing sql code style and sql injection problems
  • Loading branch information...
1 parent 9acb824 commit 621f3ef519a298d02f974a4b5899d97252411b89 Jordi Piguillem committed Jul 30, 2010
View
4 mod/wiki/comments.php
@@ -55,11 +55,11 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
require_course_login($course->id, true, $cm);
-add_to_log($course->id, 'wiki', 'comments', 'comments.php?id='.$cm->id, $wiki->id);
+add_to_log($course->id, 'wiki', 'comments', 'comments.php?id=' . $cm->id, $wiki->id);
/// Print the page header
$wikipage = new page_wiki_comments($wiki, $subwiki, $cm);
View
2 mod/wiki/create.php
@@ -62,7 +62,7 @@
print_error('invalidcoursemoduleid', 'wiki');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
require_course_login($course->id, true, $cm);
View
73 mod/wiki/db/upgrade.php
@@ -109,20 +109,20 @@ function xmldb_wiki_upgrade($oldversion) {
upgrade_set_timeout();
// Setting up wiki configuration
- $sql = 'UPDATE {wiki} ' .
- 'SET intro = summary, ' .
- 'firstpagetitle = pagename, ' .
- 'defaultformat = ?';
+ $sql = "UPDATE {wiki}
+ SET intro = summary,
+ firstpagetitle = pagename,
+ defaultformat = ?";
$DB->execute($sql, array('html'));
- $sql = 'UPDATE {wiki} ' .
- 'SET wikimode = ? ' .
- 'WHERE wtype = ?';
+ $sql = "UPDATE {wiki}
+ SET wikimode = ?
+ WHERE wtype = ?";
$DB->execute($sql, array('collaborative', 'group'));
- $sql = 'UPDATE {wiki} ' .
- 'SET wikimode = ? ' .
- 'WHERE wtype != ?';
+ $sql = "UPDATE {wiki}
+ SET wikimode = ?
+ WHERE wtype != ?";
$DB->execute($sql, array('individual', 'group'));
// Removing edit & create capability to students in old teacher wikis
@@ -149,9 +149,9 @@ function xmldb_wiki_upgrade($oldversion) {
/**
* Migrating wiki entries to new subwikis
*/
- $sql = 'INSERT into {wiki_subwikis} (wikiid, groupid, userid) ' .
- 'SELECT e.wikiid, e.groupid, e.userid ' .
- 'FROM {wiki_entries_old} e ';
+ $sql = "INSERT into {wiki_subwikis} (wikiid, groupid, userid)
+ SELECT e.wikiid, e.groupid, e.userid
+ FROM {wiki_entries_old} e";
echo $OUTPUT->notification('Migrating old entries to new subwikis', 'notifysuccess');
$DB->execute($sql, array());
@@ -170,18 +170,18 @@ function xmldb_wiki_upgrade($oldversion) {
* the order by and it would be much faster.
*/
- $sql = 'INSERT into {wiki_pages} (subwikiid, title, cachedcontent, timecreated, timemodified, userid, pageviews) ' .
- 'SELECT s.id, p.pagename, ?, p.created, p.lastmodified, p.userid, p.hits ' .
- 'FROM {wiki_pages_old} p '.
- 'LEFT OUTER JOIN {wiki_entries_old} e ON e.id = p.wiki ' .
- 'LEFT OUTER JOIN {wiki_subwikis} s ' .
- 'ON s.wikiid = e.wikiid AND s.groupid = e.groupid AND s.userid = e.userid ' .
- 'WHERE p.version = (' .
- ' SELECT max(po.version) ' .
- ' FROM {wiki_pages_old} po ' .
- ' WHERE p.pagename = po.pagename and ' .
- ' p.wiki = po.wiki ' .
- ' )';
+ $sql = "INSERT into {wiki_pages} (subwikiid, title, cachedcontent, timecreated, timemodified, userid, pageviews)
+ SELECT s.id, p.pagename, ?, p.created, p.lastmodified, p.userid, p.hits
+ FROM {wiki_pages_old} p
+ LEFT OUTER JOIN {wiki_entries_old} e ON e.id = p.wiki
+ LEFT OUTER JOIN {wiki_subwikis} s
+ ON s.wikiid = e.wikiid AND s.groupid = e.groupid AND s.userid = e.userid
+ WHERE p.version = (
+ SELECT max(po.version)
+ FROM {wiki_pages_old} po
+ WHERE p.pagename = po.pagename and
+ p.wiki = po.wiki
+ )";
echo $OUTPUT->notification('Migrating old pages to new pages', 'notifysuccess');
$DB->execute($sql, array('**reparse needed**'));
@@ -219,18 +219,17 @@ function xmldb_wiki_upgrade($oldversion) {
if ($oldversion < 2010040108) {
$fs = get_file_storage();
$sql = "SELECT DISTINCT po.pagename, w.id AS wikiid, po.userid,
- po.meta AS filemeta, eo.id AS entryid, eo.groupid, s.id AS subwiki,
- w.course AS courseid, cm.id AS cmid
- FROM {wiki_pages_old} po
- LEFT OUTER JOIN {wiki_entries_old} eo
- ON eo.id=po.wiki
- LEFT OUTER JOIN {wiki} w
- ON w.id = eo.wikiid
- LEFT OUTER JOIN {wiki_subwikis} s
- ON s.groupid = eo.groupid AND s.wikiid = eo.wikiid AND eo.userid = s.userid
- JOIN {modules} m ON m.name = 'wiki'
- JOIN {course_modules} cm ON (cm.module = m.id AND cm.instance = w.id)
- ";
+ po.meta AS filemeta, eo.id AS entryid, eo.groupid, s.id AS subwiki,
+ w.course AS courseid, cm.id AS cmid
+ FROM {wiki_pages_old} po
+ LEFT OUTER JOIN {wiki_entries_old} eo
+ ON eo.id=po.wiki
+ LEFT OUTER JOIN {wiki} w
+ ON w.id = eo.wikiid
+ LEFT OUTER JOIN {wiki_subwikis} s
+ ON s.groupid = eo.groupid AND s.wikiid = eo.wikiid AND eo.userid = s.userid
+ JOIN {modules} m ON m.name = 'wiki'
+ JOIN {course_modules} cm ON (cm.module = m.id AND cm.instance = w.id)";
$rs = $DB->get_recordset_sql($sql);
foreach ($rs as $r) {
View
24 mod/wiki/db/upgradelib.php
@@ -204,18 +204,18 @@ function wiki_upgrade_migrate_versions() {
global $DB, $CFG;
upgrade_set_timeout();
require_once($CFG->dirroot . '/mod/wiki/db/migration/lib.php');
- $sql = 'SELECT po.id as oldpage_id, po.pagename as oldpage_pagename, po.version, po.flags, po.content, po.author, po.userid as oldpage_userid, po.created, po.lastmodified, po.refs, po.meta, po.hits, po.wiki, ' .
- 'p.id as newpage_id, p.subwikiid, p.title, p.cachedcontent, p.timecreated, p.timemodified as newpage_timemodified, p.timerendered, p.userid as newpage_userid, p.pageviews, p.readonly, ' .
- 'e.id as entry_id, e.wikiid, e.course as entrycourse, e.groupid, e.userid as entry_userid, e.pagename as entry_pagename, e.timemodified as entry_timemodified, ' .
- 'w.id as wiki_id, w.course as wiki_course, w.name, w.summary as summary, w.pagename as wiki_pagename, w.wtype, w.ewikiprinttitle, w.htmlmode, w.ewikiacceptbinary, w.disablecamelcase, w.setpageflags, w.strippages, w.removepages, w.revertchanges, w.initialcontent, w.timemodified as wiki_timemodified ' .
- 'FROM {wiki_pages_old} po LEFT OUTER JOIN {wiki_entries_old} e ' .
- 'ON e.id = po.wiki ' .
- 'LEFT OUTER JOIN {wiki} w ' .
- 'ON w.id = e.wikiid ' .
- 'LEFT OUTER JOIN {wiki_subwikis} s ' .
- 'ON e.groupid = s.groupid AND e.wikiid = s.wikiid AND e.userid = s.userid ' .
- 'LEFT OUTER JOIN {wiki_pages} p ' .
- 'ON po.pagename = p.title AND p.subwikiid = s.id';
+ $sql = "SELECT po.id as oldpage_id, po.pagename as oldpage_pagename, po.version, po.flags, po.content, po.author, po.userid as oldpage_userid, po.created, po.lastmodified, po.refs, po.meta, po.hits, po.wiki,
+ p.id as newpage_id, p.subwikiid, p.title, p.cachedcontent, p.timecreated, p.timemodified as newpage_timemodified, p.timerendered, p.userid as newpage_userid, p.pageviews, p.readonly,
+ e.id as entry_id, e.wikiid, e.course as entrycourse, e.groupid, e.userid as entry_userid, e.pagename as entry_pagename, e.timemodified as entry_timemodified,
+ w.id as wiki_id, w.course as wiki_course, w.name, w.summary as summary, w.pagename as wiki_pagename, w.wtype, w.ewikiprinttitle, w.htmlmode, w.ewikiacceptbinary, w.disablecamelcase, w.setpageflags, w.strippages, w.removepages, w.revertchanges, w.initialcontent, w.timemodified as wiki_timemodified
+ FROM {wiki_pages_old} po LEFT OUTER JOIN {wiki_entries_old} e
+ ON e.id = po.wiki
+ LEFT OUTER JOIN {wiki} w
+ ON w.id = e.wikiid
+ LEFT OUTER JOIN {wiki_subwikis} s
+ ON e.groupid = s.groupid AND e.wikiid = s.wikiid AND e.userid = s.userid
+ LEFT OUTER JOIN {wiki_pages} p
+ ON po.pagename = p.title AND p.subwikiid = s.id";
$pagesinfo = $DB->get_recordset_sql($sql, array());
while ($pagesinfo->valid()) {
View
2 mod/wiki/diff.php
@@ -60,7 +60,7 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if ($compare >= $comparewith) {
print_error("A page version can only be compared with an older version.");
View
2 mod/wiki/edit.php
@@ -62,7 +62,7 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if (!empty($section) && !$sectioncontent = wiki_get_section_page($page, $section)) {
print_error('invalidsection', 'wiki');
View
2 mod/wiki/editcomments.php
@@ -48,7 +48,7 @@
if (!$cm = get_coursemodule_from_instance("wiki", $subwiki->wikiid)) {
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if (!$wiki = wiki_get_wiki($subwiki->wikiid)) {
print_error('incorrectwikiid', 'wiki');
}
View
4 mod/wiki/history.php
@@ -56,10 +56,10 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
require_course_login($course->id, true, $cm);
-add_to_log($course->id, 'wiki', 'history', 'history.php?id='.$cm->id, $wiki->id);
+add_to_log($course->id, 'wiki', 'history', 'history.php?id=' . $cm->id, $wiki->id);
/// Print the page header
$wikipage = new page_wiki_history($wiki, $subwiki, $cm);
View
14 mod/wiki/index.php
@@ -35,7 +35,7 @@
require_once('lib.php');
$id = required_param('id', PARAM_INT); // course
-$PAGE->set_url('/mod/wiki/index.php', array('id'=>$id));
+$PAGE->set_url('/mod/wiki/index.php', array('id' => $id));
if (!$course = $DB->get_record('course', array('id' => $id))) {
print_error('invalidcourseid');
@@ -71,22 +71,22 @@
/// Print the list of instances (your module will probably extend this)
$timenow = time();
-$strsectionname = get_string('sectionname', 'format_'.$course->format);
+$strsectionname = get_string('sectionname', 'format_' . $course->format);
$strname = get_string("name");
$table = new html_table();
if ($usesections) {
- $table->head = array ($strsectionname, $strname);
+ $table->head = array($strsectionname, $strname);
} else {
- $table->head = array ($strname);
+ $table->head = array($strname);
}
foreach ($wikis as $wiki) {
$linkcss = null;
if (!$wiki->visible) {
- $linkcss = array('class'=>'dimmed');
- }
- $link = html_writer::link(new moodle_url('/mod/wiki/view.php', array('id'=>$wiki->coursemodule)), $wiki->name, $linkcss);
+ $linkcss = array('class' => 'dimmed');
+ }
+ $link = html_writer::link(new moodle_url('/mod/wiki/view.php', array('id' => $wiki->coursemodule)), $wiki->name, $linkcss);
if ($usesections) {
$table->data[] = array(get_section_name($course, $sections[$wiki->section]), $link);
View
2 mod/wiki/instancecomments.php
@@ -53,7 +53,7 @@
if (!$cm = get_coursemodule_from_instance("wiki", $subwiki->wikiid)) {
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if (!$wiki = wiki_get_wiki($subwiki->wikiid)) {
print_error('incorrectwikiid', 'wiki');
}
View
50 mod/wiki/lib.php
@@ -34,9 +34,6 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
-
-
-
/**
* Given an object containing all the necessary data,
* (defined by the form in mod.html) this function
@@ -227,12 +224,13 @@ function wiki_supports($feature) {
function wiki_print_recent_activity($course, $viewfullnames, $timestart) {
global $CFG, $DB, $OUTPUT;
- if (!$pages = $DB->get_records_sql("SELECT p.*, w.id as wikiid, sw.groupid
- FROM {wiki_pages} p
- JOIN {wiki_subwikis} sw ON sw.id = p.subwikiid
- JOIN {wiki} w ON w.id = sw.wikiid
- WHERE p.timemodified > ? AND w.course = ?
- ORDER BY p.timemodified ASC", array($timestart, $course->id))) {
+ $sql = "SELECT p.*, w.id as wikiid, sw.groupid
+ FROM {wiki_pages} p
+ JOIN {wiki_subwikis} sw ON sw.id = p.subwikiid
+ JOIN {wiki} w ON w.id = sw.wikiid
+ WHERE p.timemodified > ? AND w.course = ?
+ ORDER BY p.timemodified ASC";
+ if (!$pages = $DB->get_records_sql($sql, array($timestart, $course->id))) {
return false;
}
$modinfo =& get_fast_modinfo($course);
@@ -418,17 +416,17 @@ function wiki_pluginfile($course, $cm, $context, $filearea, $args, $forcedownloa
}
}
-function wiki_search_form($cm, $search='') {
+function wiki_search_form($cm, $search = '') {
global $CFG, $OUTPUT;
- $output = '<div class="wikisearch">';
- $output .= '<form method="post" action="'.$CFG->wwwroot.'/mod/wiki/search.php" style="display:inline">';
+ $output = '<div class="wikisearch">';
+ $output .= '<form method="post" action="' . $CFG->wwwroot . '/mod/wiki/search.php" style="display:inline">';
$output .= '<fieldset class="invisiblefieldset">';
- $output .= '<input name="searchstring" type="text" size="18" value="'.s($search, true).'" alt="search" />';
- $output .= '<input name="courseid" type="hidden" value="'.$cm->course.'" />';
- $output .= '<input name="cmid" type="hidden" value="'.$cm->id.'" />';
+ $output .= '<input name="searchstring" type="text" size="18" value="' . s($search, true) . '" alt="search" />';
+ $output .= '<input name="courseid" type="hidden" value="' . $cm->course . '" />';
+ $output .= '<input name="cmid" type="hidden" value="' . $cm->id . '" />';
$output .= '<input name="searchwikicontent" type="hidden" value="1" />';
- $output .= ' <input value="'.get_string('searchwikis', 'wiki').'" type="submit" />';
+ $output .= ' <input value="' . get_string('searchwikis', 'wiki') . '" type="submit" />';
$output .= '</fieldset>';
$output .= '</form>';
$output .= '</div>';
@@ -438,22 +436,22 @@ function wiki_search_form($cm, $search='') {
function wiki_extend_navigation(navigation_node $navref, $course, $module, $cm) {
global $CFG, $PAGE, $USER;
- require_once ($CFG->dirroot . '/mod/wiki/locallib.php');
+ require_once($CFG->dirroot . '/mod/wiki/locallib.php');
$url = $PAGE->url;
$userid = 0;
if ($module->wikimode == 'individual') {
$userid = $USER->id;
}
- if(!$wiki = wiki_get_wiki($cm->instance)) {
+ if (!$wiki = wiki_get_wiki($cm->instance)) {
return false;
}
- if (!$gid = groups_get_activity_group($cm)){
+ if (!$gid = groups_get_activity_group($cm)) {
$gid = 0;
}
- if (!$subwiki = wiki_get_subwiki_by_group($cm->instance, $gid, $userid)){
+ if (!$subwiki = wiki_get_subwiki_by_group($cm->instance, $gid, $userid)) {
return null;
} else {
$swid = $subwiki->id;
@@ -466,24 +464,24 @@ function wiki_extend_navigation(navigation_node $navref, $course, $module, $cm)
$page = wiki_get_page_by_title($swid, $wiki->firstpagetitle);
$pageid = $page->id;
}
- $link = new moodle_url('/mod/wiki/create.php', array('action'=>'new', 'swid'=>$swid));
+ $link = new moodle_url('/mod/wiki/create.php', array('action' => 'new', 'swid' => $swid));
$node = $navref->add(get_string('newpage', 'wiki'), $link, navigation_node::TYPE_SETTING);
if (is_numeric($pageid)) {
- $link = new moodle_url('/mod/wiki/view.php', array('pageid'=>$pageid));
+ $link = new moodle_url('/mod/wiki/view.php', array('pageid' => $pageid));
$node = $navref->add(get_string('view', 'wiki'), $link, navigation_node::TYPE_SETTING);
- $link = new moodle_url('/mod/wiki/edit.php', array('pageid'=>$pageid));
+ $link = new moodle_url('/mod/wiki/edit.php', array('pageid' => $pageid));
$node = $navref->add(get_string('edit', 'wiki'), $link, navigation_node::TYPE_SETTING);
- $link = new moodle_url('/mod/wiki/comments.php', array('pageid'=>$pageid));
+ $link = new moodle_url('/mod/wiki/comments.php', array('pageid' => $pageid));
$node = $navref->add(get_string('comments', 'wiki'), $link, navigation_node::TYPE_SETTING);
- $link = new moodle_url('/mod/wiki/history.php', array('pageid'=>$pageid));
+ $link = new moodle_url('/mod/wiki/history.php', array('pageid' => $pageid));
$node = $navref->add(get_string('history', 'wiki'), $link, navigation_node::TYPE_SETTING);
- $link = new moodle_url('/mod/wiki/map.php', array('pageid'=>$pageid));
+ $link = new moodle_url('/mod/wiki/map.php', array('pageid' => $pageid));
$node = $navref->add(get_string('map', 'wiki'), $link, navigation_node::TYPE_SETTING);
}
}
View
2 mod/wiki/lock.php
@@ -56,7 +56,7 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if (!empty($section) && !$sectioncontent = wiki_get_section_page($page, $section)) {
print_error('invalidsection', 'wiki');
View
2 mod/wiki/map.php
@@ -48,7 +48,7 @@
if (!$cm = get_coursemodule_from_instance("wiki", $subwiki->wikiid)) {
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if (!$wiki = wiki_get_wiki($subwiki->wikiid)) {
print_error('incorrectwikiid', 'wiki');
}
View
2 mod/wiki/overridelocks.php
@@ -56,7 +56,7 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if (!empty($section) && !$sectioncontent = wiki_get_section_page($page, $section)) {
print_error('invalidsection', 'wiki');
View
2 mod/wiki/prettyview.php
@@ -46,7 +46,7 @@
if (!$cm = get_coursemodule_from_instance("wiki", $subwiki->wikiid)) {
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
if (!$wiki = wiki_get_wiki($subwiki->wikiid)) {
print_error('incorrectwikiid', 'wiki');
}
View
2 mod/wiki/restoreversion.php
@@ -56,7 +56,7 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
require_course_login($course->id, true, $cm);
View
8 mod/wiki/search.php
@@ -31,20 +31,20 @@
$searchcontent = optional_param('searchwikicontent', 0, PARAM_INT);
$cmid = optional_param('cmid', 0, PARAM_INT);
-if (!$course = $DB->get_record('course', array('id'=>$courseid))) {
+if (!$course = $DB->get_record('course', array('id' => $courseid))) {
print_error('invalidcourseid');
}
-if (! $cm = get_coursemodule_from_id('wiki', $cmid)) {
+if (!$cm = get_coursemodule_from_id('wiki', $cmid)) {
print_error('invalidcoursemodule');
}
require_course_login($course, true, $cm);
// @TODO: Fix call to wiki_get_subwiki_by_group
-if (!$gid = groups_get_activity_group($cm)){
+if (!$gid = groups_get_activity_group($cm)) {
$gid = 0;
}
-if (!$subwiki = wiki_get_subwiki_by_group($cm->instance, $gid)){
+if (!$subwiki = wiki_get_subwiki_by_group($cm->instance, $gid)) {
return false;
}
if (!$wiki = wiki_get_wiki($subwiki->wikiid)) {
View
4 mod/wiki/view.php
@@ -66,7 +66,7 @@
}
// Checking course instance
- $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+ $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
// Checking wiki instance
if (!$wiki = wiki_get_wiki($cm->instance)) {
@@ -134,7 +134,7 @@
}
// Checking course instance
- $course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+ $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
/*
* Case 2:
View
2 mod/wiki/viewversion.php
@@ -56,7 +56,7 @@
print_error('invalidcoursemodule');
}
-$course = $DB->get_record('course', array('id'=>$cm->course), '*', MUST_EXIST);
+$course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
require_course_login($course->id, true, $cm);
add_to_log($course->id, "wiki", "history", "history.php?id=$cm->id", "$wiki->id");

0 comments on commit 621f3ef

Please sign in to comment.
Something went wrong with that request. Please try again.