Permalink
Browse files

Merge branch 'MDL-27675_21_wip' of git://github.com/grabs/moodle into…

… MOODLE_21_STABLE
  • Loading branch information...
2 parents b228842 + d6fe3f0 commit 9c96488ed967a5923fd082ab9b30cab9409f99ff Sam Hemelryk committed May 27, 2012
@@ -434,7 +434,8 @@
//get the value
$frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
if(isset($savereturn)) {
- $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = feedback_clean_input_value($feedbackitem, $value);
}else {
if(isset($feedbackcompletedtmp->id)) {
$value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, true);
@@ -54,7 +54,7 @@
//if the use hit enter into a textfield so the form should not submit
if(isset($formdata->sesskey) AND !isset($formdata->savevalues) AND !isset($formdata->gonextpage) AND !isset($formdata->gopreviouspage)) {
- $gopage = $formdata->lastpage;
+ $gopage = (int)$formdata->lastpage;
}
if(isset($formdata->savevalues)) {
$savevalues = true;
@@ -383,7 +383,8 @@
//get the value
$frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
if(isset($savereturn)) {
- $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = feedback_clean_input_value($feedbackitem, $value);
}else {
if(isset($feedbackcompletedtmp->id)) {
$value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, sesskey());
@@ -280,4 +280,8 @@ function get_hasvalue() {
function can_switch_require() {
return false;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_RAW);
+ }
}
@@ -104,6 +104,14 @@ function get_data() {
*/
abstract function print_item_show_value($item, $value = '');
+ /**
+ * cleans the userinput while submitting the form
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+ abstract function clean_input_value($value);
+
}
//a dummy class to realize pagebreaks
@@ -129,6 +137,7 @@ function print_item_preview($item) {}
function print_item_complete($item, $value = '', $highlightrequire = false) {}
function print_item_show_value($item, $value = '') {}
function can_switch_require(){}
+ function clean_input_value($value){}
}
@@ -323,4 +323,8 @@ function get_hasvalue() {
function can_switch_require() {
return false;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
@@ -233,4 +233,8 @@ function excelprint_item(&$worksheet, $rowOffset, $xlsFormats, $item, $groupid,
function print_analysed($item, $itemnr = '', $groupid = false, $courseid = false) {}
function get_printval($item, $value) {}
function get_analysed($item, $groupid = false, $courseid = false) {}
+
+ function clean_input_value($value) {
+ return '';
+ }
}
@@ -710,8 +710,11 @@ function hidenoselect($item) {
return false;
}
-
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
@@ -589,4 +589,7 @@ function can_switch_require() {
return true;
}
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
@@ -420,4 +420,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_FLOAT);
+ }
}
@@ -280,4 +280,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_CLEANHTML);
+ }
}
@@ -274,4 +274,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_CLEANHTML);
+ }
}
View
@@ -1927,6 +1927,17 @@ function feedback_get_page_to_continue($feedbackid, $courseid = false, $guestid
//functions to handle the values
////////////////////////////////////////////////
+/**
+ * cleans the userinput while submitting the form.
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+function feedback_clean_input_value($item, $value) {
+ $itemobj = feedback_get_item_class($item->typ);
+ return $itemobj->clean_input_value($value);
+}
+
/**
* this saves the values of an completed.
* if the param $tmp is set true so the values are saved temporary in table feedback_valuetmp.

0 comments on commit 9c96488

Please sign in to comment.