From 333e499c4b8001caabc9ac95947c965652b45357 Mon Sep 17 00:00:00 2001 From: sam marshall Date: Wed, 7 Nov 2012 10:54:23 +0000 Subject: [PATCH] MDL-34612 Grade condition range validation allows impossible conditions --- course/editsection_form.php | 33 ++++++++++++++++++++++++++++++++- course/moodleform_mod.php | 2 +- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/course/editsection_form.php b/course/editsection_form.php index 73da8d3d2a721..de9d7a6f67af4 100644 --- a/course/editsection_form.php +++ b/course/editsection_form.php @@ -207,10 +207,41 @@ public function validation($data, $files) { // Conditions: Don't let them set dates which make no sense if (array_key_exists('availablefrom', $data) && $data['availablefrom'] && $data['availableuntil'] && - $data['availablefrom'] > $data['availableuntil']) { + $data['availablefrom'] >= $data['availableuntil']) { $errors['availablefrom'] = get_string('badavailabledates', 'condition'); } + // Conditions: Verify that the grade conditions are numbers, and make sense. + if (array_key_exists('conditiongradegroup', $data)) { + foreach ($data['conditiongradegroup'] as $i => $gradedata) { + if ($gradedata['conditiongrademin'] !== '' && + !is_numeric(unformat_float($gradedata['conditiongrademin']))) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradesmustbenumeric', 'condition'); + continue; + } + if ($gradedata['conditiongrademax'] !== '' && + !is_numeric(unformat_float($gradedata['conditiongrademax']))) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradesmustbenumeric', 'condition'); + continue; + } + if ($gradedata['conditiongrademin'] !== '' && $gradedata['conditiongrademax'] !== '' && + unformat_float($gradedata['conditiongrademax']) <= unformat_float($gradedata['conditiongrademin'])) { + $errors["conditiongradegroup[{$i}]"] = get_string('badgradelimits', 'condition'); + continue; + } + if ($gradedata['conditiongrademin'] === '' && $gradedata['conditiongrademax'] === '' && + $gradedata['conditiongradeitemid']) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradeitembutnolimits', 'condition'); + continue; + } + if (($gradedata['conditiongrademin'] !== '' || $gradedata['conditiongrademax'] !== '') && + !$gradedata['conditiongradeitemid']) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradelimitsbutnoitem', 'condition'); + continue; + } + } + } + // Conditions: Verify that the user profile field has not been declared more than once if (array_key_exists('conditionfieldgroup', $data)) { // Array to store the existing fields diff --git a/course/moodleform_mod.php b/course/moodleform_mod.php index f71c89b9c3858..b4feb9d3f56ba 100644 --- a/course/moodleform_mod.php +++ b/course/moodleform_mod.php @@ -341,7 +341,7 @@ function validation($data, $files) { continue; } if ($gradedata['conditiongrademin'] !== '' && $gradedata['conditiongrademax'] !== '' && - unformat_float($gradedata['conditiongrademax']) < unformat_float($gradedata['conditiongrademin'])) { + unformat_float($gradedata['conditiongrademax']) <= unformat_float($gradedata['conditiongrademin'])) { $errors["conditiongradegroup[{$i}]"] = get_string('badgradelimits', 'condition'); continue; }