Permalink
Browse files

enrol/mnet: fixes around fetch_remote_courses() and available_courses

 - ensure addslashes() affects data that goes to the database, not HTML
 - ensure we return defaultrolename from avaiable_courses
 - clear some leftover debug statements
  • Loading branch information...
1 parent 0855c4c commit e395caaa847ce64c42ec7c7e6625d259cba493b1 martinlanghoff committed Jan 19, 2007
Showing with 24 additions and 21 deletions.
  1. +24 −21 enrol/mnet/enrol.php
View
@@ -89,10 +89,10 @@ function available_courses() {
$query =
"SELECT
- co.id as remoteid,
- ca.id as cat_id,
- ca.name as cat_name,
- ca.description as cat_description,
+ co.id AS remoteid,
+ ca.id AS cat_id,
+ ca.name AS cat_name,
+ ca.description AS cat_description,
co.sortorder,
co.fullname,
co.shortname,
@@ -101,8 +101,8 @@ function available_courses() {
co.startdate,
co.cost,
co.currency,
- co.defaultrole as defaultroleid,
- r.name
+ co.defaultrole AS defaultroleid,
+ r.name AS defaultrolename
FROM
{$CFG->prefix}course_categories ca
JOIN
@@ -142,8 +142,6 @@ function available_courses() {
";
unset($cats);
- error_log($query);
-
$rs = get_records_sql($query);
if (!empty($rs)) {
@@ -189,8 +187,6 @@ function available_courses() {
sortorder ASC
";
- error_log($query);
-
return get_records_sql($query);
} elseif (!empty($CFG->enrol_mnet_allowed_courses)) {
@@ -446,31 +442,38 @@ function fetch_remote_courses($mnethostid) {
$course = &$courses[$n];
// add/update cached data in mnet_enrol_courses
+ // sanitise data
$course = (object)$course;
$course->remoteid = (int)$course->remoteid;
$course->hostid = $mnethostid;
- $course->categoryid = (int)$course->categoryid;
- $course->categoryname = addslashes($course->categoryname);
- $course->description = addslashes($course->description);
+ $course->cat_id = (int)$course->cat_id;
$course->sortorder = (int)$course->sortorder ;
- $course->fullname = addslashes($course->fullname);
- $course->shortname = addslashes($course->shortname);
- $course->idnumber = addslashes($course->idnumber);
- $course->summary = addslashes($course->summary);
$course->startdate = (int)$course->startdate;
$course->cost = (int)$course->cost;
- $course->currency = addslashes($course->currency);
$course->defaultroleid = (int)$course->defaultroleid;
- $course->defaultrolename = addslashes($course->defaultrolename);
+
+ // sanitise strings for DB NOTE - these are not sane
+ // for printing, so we'll use a different object
+ $dbcourse = clone($course);
+ $dbcourse->cat_name = addslashes($dbcourse->cat_name);
+ $dbcourse->cat_description = addslashes($dbcourse->cat_description);
+ $dbcourse->fullname = addslashes($dbcourse->fullname);
+ $dbcourse->shortname = addslashes($dbcourse->shortname);
+ $dbcourse->idnumber = addslashes($dbcourse->idnumber);
+ $dbcourse->summary = addslashes($dbcourse->summary);
+ $dbcourse->currency = addslashes($dbcourse->currency);
+ $dbcourse->defaultrolename = addslashes($dbcourse->defaultrolename);
// insert or update
if (empty($cachedcourses[$course->remoteid])) {
- $course->id = insert_record('mnet_enrol_course', $course);
+ $course->id = insert_record('mnet_enrol_course', $dbcourse);
} else {
$course->id = $cachedcourses[$course->remoteid]->id;
$cachedcourses[$course->remoteid]->seen=true;
- update_record('mnet_enrol_course', $course);
+ update_record('mnet_enrol_course', $dbcourse);
}
+ // free tmp obj
+ unset($dbcourse);
}
// prune stale data from cache

0 comments on commit e395caa

Please sign in to comment.