Permalink
Browse files

Merge branch 'MDL-27675_21' of git://github.com/grabs/moodle into MOO…

…DLE_21_STABLE
  • Loading branch information...
2 parents d25f6b8 + a6f4aa1 commit a4c4e43a5f7476ea3c823caa7671d1739c8a8bae Sam Hemelryk committed Jun 20, 2012
@@ -241,7 +241,7 @@
$tracking->completed = $new_completed_id;
$DB->insert_record('feedback_tracking', $tracking);
unset($SESSION->feedback->is_started);
-
+
// Update completion state
$completion = new completion_info($course);
if ($completion->is_enabled($cm) && $feedback->completionsubmit) {
@@ -434,7 +434,8 @@
//get the value
$frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
if(isset($savereturn)) {
- $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = feedback_clean_input_value($feedbackitem, $value);
}else {
if(isset($feedbackcompletedtmp->id)) {
$value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, true);
@@ -54,7 +54,7 @@
//if the use hit enter into a textfield so the form should not submit
if(isset($formdata->sesskey) AND !isset($formdata->savevalues) AND !isset($formdata->gonextpage) AND !isset($formdata->gopreviouspage)) {
- $gopage = $formdata->lastpage;
+ $gopage = (int)$formdata->lastpage;
}
if(isset($formdata->savevalues)) {
$savevalues = true;
@@ -383,7 +383,8 @@
//get the value
$frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
if(isset($savereturn)) {
- $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+ $value = feedback_clean_input_value($feedbackitem, $value);
}else {
if(isset($feedbackcompletedtmp->id)) {
$value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, sesskey());
@@ -280,4 +280,8 @@ function get_hasvalue() {
function can_switch_require() {
return false;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_RAW);
+ }
}
@@ -104,6 +104,14 @@ function get_data() {
*/
abstract function print_item_show_value($item, $value = '');
+ /**
+ * cleans the userinput while submitting the form
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+ abstract function clean_input_value($value);
+
}
//a dummy class to realize pagebreaks
@@ -129,6 +137,7 @@ function print_item_preview($item) {}
function print_item_complete($item, $value = '', $highlightrequire = false) {}
function print_item_show_value($item, $value = '') {}
function can_switch_require(){}
+ function clean_input_value($value){}
}
@@ -323,4 +323,8 @@ function get_hasvalue() {
function can_switch_require() {
return false;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
@@ -233,4 +233,8 @@ function excelprint_item(&$worksheet, $rowOffset, $xlsFormats, $item, $groupid,
function print_analysed($item, $itemnr = '', $groupid = false, $courseid = false) {}
function get_printval($item, $value) {}
function get_analysed($item, $groupid = false, $courseid = false) {}
+
+ function clean_input_value($value) {
+ return '';
+ }
}
@@ -710,8 +710,11 @@ function hidenoselect($item) {
return false;
}
-
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
@@ -589,4 +589,7 @@ function can_switch_require() {
return true;
}
+ function clean_input_value($value) {
+ return clean_param($value, PARAM_INT);
+ }
}
@@ -282,16 +282,16 @@ function print_item_complete($item, $value = '', $highlightrequire = false) {
}
echo '</span>';
echo '</div>';
-
+
//print the presentation
echo '<div class="feedback_item_presentation_'.$align.$highlight.'">';
echo '<span class="feedback_item_textfield">';
- echo '<input type="text" name="'.$item->typ.'_'.$item->id.'" size="10" maxlength="10" value="'.($value ? $value : '').'" />';
+ echo '<input type="text" name="'.$item->typ.'_'.$item->id.'" size="10" maxlength="10" value="'.$value.'" />';
echo '</span>';
echo '</div>';
}
- /**
+ /**
* print the item at the complete-page of feedback
*
* @global object
@@ -416,8 +416,15 @@ function get_presentation($data) {
function get_hasvalue() {
return 1;
}
-
+
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ if (!is_numeric($value)) {
+ return null;
+ }
+ return clean_param($value, PARAM_FLOAT);
+ }
}
@@ -215,7 +215,7 @@ function print_item_complete($item, $value = '', $highlightrequire = false) {
//print the presentation
echo '<div class="feedback_item_presentation_'.$align.$highlight.'">';
echo '<span class="feedback_item_textarea">';
- echo '<textarea name="'.$item->typ.'_'.$item->id.'" cols="'.$presentation[0].'" rows="'.$presentation[1].'">'.($value ? htmlspecialchars($value) : '').'</textarea>';
+ echo '<textarea name="'.$item->typ.'_'.$item->id.'" cols="'.$presentation[0].'" rows="'.$presentation[1].'">'.$value.'</textarea>';
echo '</span>';
echo '</div>';
}
@@ -255,7 +255,7 @@ function check_value($value, $item) {
}
function create_value($data) {
- $data = clean_text($data);
+ $data = s($data);
return $data;
}
@@ -280,4 +280,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return s($value);
+ }
}
@@ -211,7 +211,7 @@ function print_item_complete($item, $value = '', $highlightrequire = false) {
//print the presentation
echo '<div class="feedback_item_presentation_'.$align.$highlight.'">';
echo '<span class="feedback_item_textfield">';
- echo '<input type="text" name="'.$item->typ.'_'.$item->id.'" size="'.$presentation[0].'" maxlength="'.$presentation[1].'" value="'.($value ? htmlspecialchars($value) : '').'" />';
+ echo '<input type="text" name="'.$item->typ.'_'.$item->id.'" size="'.$presentation[0].'" maxlength="'.$presentation[1].'" value="'.$value.'" />';
echo '</span>';
echo '</div>';
}
@@ -249,7 +249,7 @@ function check_value($value, $item) {
}
function create_value($data) {
- $data = clean_text($data);
+ $data = s($data);
return $data;
}
@@ -274,4 +274,8 @@ function get_hasvalue() {
function can_switch_require() {
return true;
}
+
+ function clean_input_value($value) {
+ return s($value);
+ }
}
View
@@ -1928,6 +1928,17 @@ function feedback_get_page_to_continue($feedbackid, $courseid = false, $guestid
////////////////////////////////////////////////
/**
+ * cleans the userinput while submitting the form.
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+function feedback_clean_input_value($item, $value) {
+ $itemobj = feedback_get_item_class($item->typ);
+ return $itemobj->clean_input_value($value);
+}
+
+/**
* this saves the values of an completed.
* if the param $tmp is set true so the values are saved temporary in table feedback_valuetmp.
* if there is already a completed and the userid is set so the values are updated.

0 comments on commit a4c4e43

Please sign in to comment.