Skip to content
Browse files

Added optional_param and required_param just to get it on the plate

  • Loading branch information...
1 parent 6446885 commit e0d346ff91825a75be94b44cb6e5a62c72fc6f12 moodler committed Oct 1, 2004
Showing with 112 additions and 35 deletions.
  1. +1 −1 admin/enrol.php
  2. +2 −2 course/edit.php
  3. +7 −7 course/jumpto.php
  4. +102 −25 lib/moodlelib.php
View
2 admin/enrol.php
@@ -4,7 +4,7 @@
include("../config.php");
- $enrol = (string)parameter('enrol', $CFG->enrol);
+ $enrol = optional_param('enrol', $CFG->enrol);
require_login();
View
4 course/edit.php
@@ -5,8 +5,8 @@
require_once("lib.php");
require_once("$CFG->libdir/blocklib.php");
- $id = (int)parameter('id', 0); // course id
- $category = (int)parameter('category', 0); // possible default category
+ $id = (int)optional_param('id', 0); // course id
+ $category = (int)optional_param('category', 0); // possible default category
require_login();
View
14 course/jumpto.php
@@ -1,18 +1,18 @@
<?php // $Id$
/*
- * Jumps to a given URL. Mostly used for accessibility.
+ * Jumps to a given URL. Mostly used for accessibility.
*
*/
-require('../config.php');
+ require('../config.php');
-$jump = parameter('jump');
+ $jump = optional_param('jump', '');
-if ($jump) {
- redirect(urldecode($jump));
-}
+ if ($jump) {
+ redirect(urldecode($jump));
+ }
-redirect($_SERVER['HTTP_REFERER']);
+ redirect($_SERVER['HTTP_REFERER']);
?>
View
127 lib/moodlelib.php
@@ -82,9 +82,111 @@
*/
define('HOURMINS', 60);
+/**
+ * Parameter constant - if set then the parameter is cleaned of scripts etc
+ */
+define('PARAM_CLEAN', 0x01);
+
+/**
+ * Parameter constant - if set then the parameter is cast to an integer
+ */
+define('PARAM_INT', 0x02);
+
+/**
+ * Parameter constant - alias for PARAM_INT
+ */
+define('PARAM_INTEGER', 0x02);
+
+
/// PARAMETER HANDLING ////////////////////////////////////////////////////
/**
+ * Returns a particular value for the named variable, taken from
+ * POST or GET. If the parameter doesn't exist then an error is
+ * thrown because we require this variable.
+ *
+ * This function should be used to initialise all required values
+ * in a script that are based on parameters. Usually it will be
+ * used like this:
+ * $id = required_param('id');
+ *
+ * @param string $varname the name of the parameter variable we want
+ * @param integer $options a bit field that specifies any cleaning needed
+ * @return mixed
+ */
+function required_param($varname, $options=PARAM_CLEAN) {
+/// This function will replace require_variable over time
+/// It returns a value for a given variable name.
+
+ if (isset($_POST[$varname])) { // POST has precedence
+ $param = $_POST[$varname];
+ } else if (isset($_GET[$varname])) {
+ $param = $_GET[$varname];
+ } else {
+ error('A required parameter ($'.$varname.') was missing');
+ }
+
+ return clean_param($param, $options);
+}
+
+/**
+ * Returns a particular value for the named variable, taken from
+ * POST or GET, otherwise returning a given default.
+ *
+ * This function should be used to initialise all optional values
+ * in a script that are based on parameters. Usually it will be
+ * used like this:
+ * $name = optional_param('name', 'Fred');
+ *
+ * @param string $varname the name of the parameter variable we want
+ * @param mixed $default the default value to return if nothing is found
+ * @param integer $options a bit field that specifies any cleaning needed
+ * @return mixed
+ */
+function optional_param($varname, $default=NULL, $options=PARAM_CLEAN) {
+/// This function will replace both of the above two functions over time.
+/// It returns a value for a given variable name.
+
+ if (isset($_POST[$varname])) { // POST has precedence
+ $param = $_POST[$varname];
+ } else if (isset($_GET[$varname])) {
+ $param = $_GET[$varname];
+ } else {
+ return $default;
+ }
+
+ return clean_param($param, $options);
+}
+
+/**
+ * Used by {@link optional_param()} and {@link required_param()} to
+ * clean the variables and/or cast to specific types, based on
+ * an options field.
+ *
+ * @param mixed $param the variable we are cleaning
+ * @param integer $options a bit field that specifies the cleaning needed
+ * @return mixed
+ */
+function clean_param($param, $options) {
+/// Given a parameter and a bitfield of options, this function
+/// will clean it up and give it the required type, etc.
+
+ if ($param == (int)$param) { // It's just an integer
+ return (int)$param;
+ }
+
+ if ($options & PARAM_CLEAN) {
+ $param = clean_text($param); // Sweep for scripts, etc
+ }
+
+ if ($options & PARAM_INT) {
+ $param = (int)$param; // Convert to integer
+ }
+
+ return $param;
+}
+
+/**
* Ensure that a variable is set or display error
*
* If $var is undefined display an error message using the {@link error()} function.
@@ -117,31 +219,6 @@ function optional_variable(&$var, $default=0) {
}
}
-/**
- * Returns a particular value for the named variable, taken from
- * POST or GET, otherwise returning a given default.
- *
- * This function should be used to initialise all values in a script
- * that are based on parameters. Usually it will be used like this:
- *
- * $id = (int)parameter('id');
- *
- * @param string $varname the name of the parameter variable we want
- * @param mixed $default the default value to return if nothing is found
- * @return mixed
- */
-function parameter($varname, $default=NULL) {
-
- if (isset($_POST[$varname])) { // POST has precedence
- return $_POST[$varname];
- }
-
- if (isset($_GET[$varname])) {
- return $_GET[$varname];
- }
-
- return $default;
-}
/**
* Set a key in global configuration

0 comments on commit e0d346f

Please sign in to comment.
Something went wrong with that request. Please try again.