Skip to content

Commit

Permalink
security updates: parameter cleaning
Browse files Browse the repository at this point in the history
  • Loading branch information
michaelpenne committed Jan 26, 2005
1 parent 98ad748 commit eb65aeb
Showing 1 changed file with 55 additions and 54 deletions.
109 changes: 55 additions & 54 deletions mod/lesson/lesson.php
View file
Expand Up @@ -24,7 +24,7 @@
require_once("styles.php"); require_once("styles.php");




require_variable($id); // Course Module ID $id = required_param('id', PARAM_INT); // Course Module ID


// get some esential stuff... // get some esential stuff...
if (! $cm = get_record("course_modules", "id", $id)) { if (! $cm = get_record("course_modules", "id", $id)) {
Expand Down Expand Up @@ -70,7 +70,7 @@
} }


// first get the preceeding page // first get the preceeding page
$pageid = $_GET['pageid']; $pageid = required_param('pageid', PARAM_INT);


// set of jump array // set of jump array
$jump[0] = get_string("thispage", "lesson"); $jump[0] = get_string("thispage", "lesson");
Expand All @@ -97,16 +97,16 @@
// give teacher a blank proforma // give teacher a blank proforma
print_heading_with_help(get_string("addabranchtable", "lesson"), "overview", "lesson"); print_heading_with_help(get_string("addabranchtable", "lesson"), "overview", "lesson");
?> ?>
<form name="form" method="post" action="lesson.php"> <form name="form" method="post" action="lesson.php" />
<input type="hidden" name="id" value="<?PHP echo $cm->id ?>"> <input type="hidden" name="id" value="<?PHP echo $cm->id ?>" />
<input type="hidden" name="action" value="insertpage"> <input type="hidden" name="action" value="insertpage">
<input type="hidden" name="pageid" value="<?PHP echo $_GET['pageid'] ?>"> <input type="hidden" name="pageid" value="<?PHP echo $pageid ?>" />
<input type="hidden" name="qtype" value="<?PHP echo LESSON_BRANCHTABLE ?>"> <input type="hidden" name="qtype" value="<?PHP echo LESSON_BRANCHTABLE ?>" />
<center><table cellpadding=5 border=1> <center><table cellpadding=5 border=1>
<tr><td align="center"> <tr><td align="center">
<tr valign="top"> <tr valign="top">
<td><b><?php print_string("pagetitle", "lesson"); ?>:</b><br /> <td><b><?php print_string("pagetitle", "lesson"); ?>:</b><br />
<!-- //CDC hidden-label added.--><label for="title" class="hidden-label">Title</label><input type="text" id="title" name="title" size="80" maxsize="255" value=""></td></tr> <!-- //CDC hidden-label added.--><label for="title" class="hidden-label">Title</label><input type="text" id="title" name="title" size="80" maxsize="255" value="" /></td></tr>
<?PHP <?PHP
echo "<tr><td><b>"; echo "<tr><td><b>";
echo get_string("pagecontents", "lesson").":</b><br />\n"; echo get_string("pagecontents", "lesson").":</b><br />\n";
Expand All @@ -115,9 +115,9 @@
echo "</td></tr>\n"; echo "</td></tr>\n";
/// CDC-FLAG /// 6/16/04 /// CDC-FLAG /// 6/16/04
echo "<tr><td>\n"; echo "<tr><td>\n";
echo "<center><input name=\"layout\" type=\"checkbox\" value=\"1\" CHECKED>"; echo "<center><input name=\"layout\" type=\"checkbox\" value=\"1\" CHECKED />";
echo get_string("arrangebuttonshorizontally", "lesson")."\n"; echo get_string("arrangebuttonshorizontally", "lesson")."\n";
echo "<br><input name=\"display\" type=\"checkbox\" value=\"1\" CHECKED>"; echo "<br><input name=\"display\" type=\"checkbox\" value=\"1\" CHECKED />";
echo get_string("displayinleftmenu", "lesson"); echo get_string("displayinleftmenu", "lesson");
echo "</center>\n"; echo "</center>\n";
echo "</td></tr>\n"; echo "</td></tr>\n";
Expand All @@ -141,8 +141,8 @@
// close table and form // close table and form
?> ?>
</table><br /> </table><br />
<input type="submit" value="<?php print_string("addabranchtable", "lesson") ?>"> <input type="submit" value="<?php print_string("addabranchtable", "lesson") ?>" />
<input type="submit" name="cancel" value="<?php print_string("cancel") ?>"> <input type="submit" name="cancel" value="<?php print_string("cancel") ?>" />
</center> </center>
</form> </form>
<?PHP <?PHP
Expand All @@ -157,7 +157,7 @@
} }


// first get the preceeding page // first get the preceeding page
$pageid = $_GET['pageid']; $pageid = required_param('pageid', PARAM_INT);


$timenow = time(); $timenow = time();


Expand Down Expand Up @@ -221,7 +221,7 @@


// first get the preceeding page // first get the preceeding page
// if $pageid = 0, then we are inserting a new page at the beginning of the lesson // if $pageid = 0, then we are inserting a new page at the beginning of the lesson
$pageid = $_GET['pageid']; $pageid = required_param('pageid', PARAM_INT);


$timenow = time(); $timenow = time();


Expand Down Expand Up @@ -286,7 +286,7 @@
} }


// first get the preceeding page // first get the preceeding page
$pageid = $_GET['pageid']; $pageid = required_param('pageid', PARAM_INT);


$timenow = time(); $timenow = time();


Expand Down Expand Up @@ -337,7 +337,7 @@
} }


// first get the preceeding page // first get the preceeding page
$pageid = $_GET['pageid']; $pageid = required_param('pageid', PARAM_INT);


// set of jump array // set of jump array
$jump[0] = get_string("thispage", "lesson"); $jump[0] = get_string("thispage", "lesson");
Expand Down Expand Up @@ -378,15 +378,15 @@
<form name="form" method="post" action="lesson.php"> <form name="form" method="post" action="lesson.php">
<input type="hidden" name="id" value="<?PHP echo $cm->id ?>"> <input type="hidden" name="id" value="<?PHP echo $cm->id ?>">
<input type="hidden" name="action" value="insertpage"> <input type="hidden" name="action" value="insertpage">
<input type="hidden" name="pageid" value="<?PHP echo $_GET['pageid'] ?>"> <input type="hidden" name="pageid" value="<?PHP echo $pageid ?>">
<center><table cellpadding=5 border=1> <center><table cellpadding=5 border=1>
<?php <?php
echo "<tr><td align=\"center\"><b>"; echo "<tr><td align=\"center\"><b>";
echo get_string("questiontype", "lesson").":</b> \n"; echo get_string("questiontype", "lesson").":</b> \n";
echo helpbutton("questiontype", get_string("questiontype", "lesson"), "lesson")."<br>"; echo helpbutton("questiontype", get_string("questiontype", "lesson"), "lesson")."<br>";
if (isset($_GET['qtype'])) { if (isset($_GET['qtype'])) {
lesson_qtype_menu($LESSON_QUESTION_TYPE, $_GET['qtype'], lesson_qtype_menu($LESSON_QUESTION_TYPE, $_GET['qtype'],
"lesson.php?id=$cm->id&action=addpage&pageid=".$_GET['pageid'].$linkadd); "lesson.php?id=$cm->id&action=addpage&pageid=".$pageid.$linkadd);
// NoticeFix rearraged // NoticeFix rearraged
if ( $_GET['qtype'] == LESSON_SHORTANSWER || $_GET['qtype'] == LESSON_MULTICHOICE || !isset($_GET['qtype']) ) { // only display this option for Multichoice and shortanswer if ( $_GET['qtype'] == LESSON_SHORTANSWER || $_GET['qtype'] == LESSON_MULTICHOICE || !isset($_GET['qtype']) ) { // only display this option for Multichoice and shortanswer
if ($_GET['qtype'] == LESSON_SHORTANSWER) { if ($_GET['qtype'] == LESSON_SHORTANSWER) {
Expand All @@ -399,7 +399,7 @@
} }
} else { } else {
lesson_qtype_menu($LESSON_QUESTION_TYPE, LESSON_MULTICHOICE, lesson_qtype_menu($LESSON_QUESTION_TYPE, LESSON_MULTICHOICE,
"lesson.php?id=$cm->id&action=addpage&pageid=".$_GET['pageid'].$linkadd); "lesson.php?id=$cm->id&action=addpage&pageid=".$pageid.$linkadd);
echo "<br><br><b>".get_string("multianswer", "lesson").":</b> \n"; echo "<br><br><b>".get_string("multianswer", "lesson").":</b> \n";
echo " <label for=\"qoption\" class=\"hidden-label\">Question Option</label><input type=\"checkbox\" id=\"qoption\" name=\"qoption\" value=\"1\"/>"; //CDC hidden label added. echo " <label for=\"qoption\" class=\"hidden-label\">Question Option</label><input type=\"checkbox\" id=\"qoption\" name=\"qoption\" value=\"1\"/>"; //CDC hidden label added.
helpbutton("questionoption", get_string("questionoption", "lesson"), "lesson"); helpbutton("questionoption", get_string("questionoption", "lesson"), "lesson");
Expand Down Expand Up @@ -439,7 +439,7 @@
/// CDC-FLAG /// /// CDC-FLAG ///
if($lesson->custom) { if($lesson->custom) {
if ($i) { if ($i) {
echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"-1\" size=\"5\">"; echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"0\" size=\"5\">";
} else { } else {
echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"1\" size=\"5\">"; echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"1\" size=\"5\">";
} }
Expand Down Expand Up @@ -489,7 +489,7 @@
lesson_choose_from_menu($jump, "jumpto[$i]", 0, ""); lesson_choose_from_menu($jump, "jumpto[$i]", 0, "");
helpbutton("jumpto", get_string("jump", "lesson"), "lesson"); helpbutton("jumpto", get_string("jump", "lesson"), "lesson");
if($lesson->custom) { if($lesson->custom) {
echo get_string("wronganswerscore", "lesson").": <input type=\"text\" name=\"score[$i]\" value=\"-1\" size=\"5\">"; echo get_string("wronganswerscore", "lesson").": <input type=\"text\" name=\"score[$i]\" value=\"0\" size=\"5\">";
} }
echo "</td></tr>\n"; echo "</td></tr>\n";
} }
Expand Down Expand Up @@ -519,7 +519,7 @@
/// CDC-FLAG /// /// CDC-FLAG ///
if($lesson->custom) { if($lesson->custom) {
if ($i) { if ($i) {
echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"-1\" size=\"5\">"; echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"0\" size=\"5\">";
} else { } else {
echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"1\" size=\"5\">"; echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"1\" size=\"5\">";
} }
Expand Down Expand Up @@ -550,7 +550,7 @@
/// CDC-FLAG /// /// CDC-FLAG ///
if($lesson->custom) { if($lesson->custom) {
if ($i) { if ($i) {
echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"-1\" size=\"5\">"; echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"0\" size=\"5\">";
} else { } else {
echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"1\" size=\"5\">"; echo get_string("score", "lesson")." $iplus1: <input type=\"text\" name=\"score[$i]\" value=\"1\" size=\"5\">";
} }
Expand All @@ -577,10 +577,7 @@
error("Only teachers can look at this page"); error("Only teachers can look at this page");
} }


if (empty($_GET['pageid'])) { $pageid = required_param('pageid', PARAM_INT);
error("Confirm delete: pageid missing");
}
$pageid = $_GET['pageid'];
if (!$thispage = get_record("lesson_pages", "id", $pageid)) { if (!$thispage = get_record("lesson_pages", "id", $pageid)) {
error("Confirm delete: the page record not found"); error("Confirm delete: the page record not found");
} }
Expand Down Expand Up @@ -699,7 +696,7 @@
if (empty($_POST['pageid'])) { if (empty($_POST['pageid'])) {
error("Continue: pageid missing"); error("Continue: pageid missing");
} }
$pageid = $_POST['pageid']; $pageid = required_param('pageid', PARAM_INT);
if (!$page = get_record("lesson_pages", "id", $pageid)) { if (!$page = get_record("lesson_pages", "id", $pageid)) {
error("Continue: Page record not found"); error("Continue: Page record not found");
} }
Expand All @@ -715,7 +712,7 @@
$noanswer = true; $noanswer = true;
break; break;
} }
$useranswer = stripslashes_safe($useranswer); $useranswer = clean_param($useranswer, PARAM_CLEAN);


if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) { if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) {
error("Continue: No answers found"); error("Continue: No answers found");
Expand All @@ -741,8 +738,8 @@
$noanswer = true; $noanswer = true;
break; break;
} }
$userresponse = $useranswer; $useranswer = clean_param($useranswer, PARAM_CLEAN);
$useranswer = stripslashes_safe($useranswer); $userresponse = addslashes($useranswer);


if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) { if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) {
error("Continue: No answers found"); error("Continue: No answers found");
Expand Down Expand Up @@ -817,7 +814,7 @@
$noanswer = true; $noanswer = true;
break; break;
} }
$answerid = $_POST['answerid']; $answerid = required_param('answerid', PARAM_INT);
if (!$answer = get_record("lesson_answers", "id", $answerid)) { if (!$answer = get_record("lesson_answers", "id", $answerid)) {
error("Continue: answer record not found"); error("Continue: answer record not found");
} }
Expand Down Expand Up @@ -847,7 +844,7 @@
if ($page->qoption) { if ($page->qoption) {
// MULTIANSWER allowed, user's answer is an array // MULTIANSWER allowed, user's answer is an array
if (isset($_POST['answer'])) { if (isset($_POST['answer'])) {
$useranswers = $_POST['answer']; $useranswers = optional_param('answer');
} else { } else {
$noanswer = true; $noanswer = true;
break; break;
Expand Down Expand Up @@ -946,7 +943,7 @@
$noanswer = true; $noanswer = true;
break; break;
} }
$answerid = $_POST['answerid']; $answerid = required_param('answerid', PARAM_INT);
if (!$answer = get_record("lesson_answers", "id", $answerid)) { if (!$answer = get_record("lesson_answers", "id", $answerid)) {
error("Continue: answer record not found"); error("Continue: answer record not found");
} }
Expand Down Expand Up @@ -976,7 +973,7 @@
/// CDC-FLAG /// 6/14/04 -- added responses /// CDC-FLAG /// 6/14/04 -- added responses
case LESSON_MATCHING : case LESSON_MATCHING :
if (isset($_POST['response'])) { if (isset($_POST['response'])) {
$response = $_POST['response']; $response = optional_param('response');
} else { } else {
$noanswer = true; $noanswer = true;
break; break;
Expand Down Expand Up @@ -1055,10 +1052,12 @@
$response = ''; $response = '';
$newpageid = 0; $newpageid = 0;


if (!$useranswer = (float) $_POST['answer']) { if (isset($_POST['answer'])) {
$useranswer = (float) optional_param('answer'); // just doing default PARAM_CLEAN, not doing PARAM_INT because it could be a float
} else {
$noanswer = true; $noanswer = true;
break; break;
} }
$userresponse = $useranswer; $userresponse = $useranswer;
if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) { if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) {
error("Continue: No answers found"); error("Continue: No answers found");
Expand Down Expand Up @@ -1106,7 +1105,7 @@


case LESSON_BRANCHTABLE: case LESSON_BRANCHTABLE:
$noanswer = false; $noanswer = false;
$newpageid = $_POST['jumpto']; $newpageid = optional_param('jumpto', NULL, PARAM_INT);
/// CDC-FLAG /// 6/15/04 going to insert into lesson_branch /// CDC-FLAG /// 6/15/04 going to insert into lesson_branch
if ($newpageid == LESSON_RANDOMBRANCH) { if ($newpageid == LESSON_RANDOMBRANCH) {
$branchflag = 1; $branchflag = 1;
Expand All @@ -1122,7 +1121,7 @@
unset($branch); unset($branch);
$branch->lessonid = $lesson->id; $branch->lessonid = $lesson->id;
$branch->userid = $USER->id; $branch->userid = $USER->id;
$branch->pageid = $_POST['pageid']; $branch->pageid = $pageid;
$branch->retry = $retries; $branch->retry = $retries;
$branch->flag = $branchflag; $branch->flag = $branchflag;
$branch->timeseen = time(); $branch->timeseen = time();
Expand All @@ -1138,7 +1137,7 @@
if (isteacher($course->id)) { if (isteacher($course->id)) {
$newpageid = LESSON_NEXTPAGE; $newpageid = LESSON_NEXTPAGE;
} else { } else {
$newpageid = lesson_unseen_question_jump($lesson->id, $USER->id, $_POST['pageid']); // this may return 0 //CDC Chris Berri.....this is where it sets the next page id for unseen? $newpageid = lesson_unseen_question_jump($lesson->id, $USER->id, $pageid); // this may return 0 //CDC Chris Berri.....this is where it sets the next page id for unseen?
} }
} }
/// CDC-FLAG 6/15/04 /// /// CDC-FLAG 6/15/04 ///
Expand All @@ -1153,7 +1152,7 @@
/* CDC-FLAG */ } elseif ($newpageid == LESSON_PREVIOUSPAGE) { /* CDC-FLAG */ } elseif ($newpageid == LESSON_PREVIOUSPAGE) {
$newpageid = $page->prevpageid; $newpageid = $page->prevpageid;
} elseif ($newpageid == LESSON_RANDOMPAGE) { } elseif ($newpageid == LESSON_RANDOMPAGE) {
$newpageid = lesson_random_question_jump($lesson->id, $_POST['pageid']); $newpageid = lesson_random_question_jump($lesson->id, $pageid);
} elseif ($newpageid == LESSON_RANDOMBRANCH) { // 6/15/04 } elseif ($newpageid == LESSON_RANDOMBRANCH) { // 6/15/04
$newpageid = lesson_unseen_branch_jump($lesson->id, $USER->id); $newpageid = lesson_unseen_branch_jump($lesson->id, $USER->id);
} }
Expand Down Expand Up @@ -1405,7 +1404,7 @@
} }
} }
echo "</form>\n"; echo "</form>\n";

if ($lesson->displayleft) { if ($lesson->displayleft) {
echo "</div><!-- close slidepos class -->"; //CDC Chris Berri for styles, closes slidepos. echo "</div><!-- close slidepos class -->"; //CDC Chris Berri for styles, closes slidepos.
} elseif ($lesson->slideshow) { } elseif ($lesson->slideshow) {
Expand All @@ -1425,7 +1424,7 @@
if (empty($_GET['pageid'])) { if (empty($_GET['pageid'])) {
error("Delete: pageid missing"); error("Delete: pageid missing");
} }
$pageid = $_GET['pageid']; $pageid = required_param('pageid', PARAM_INT);
if (!$thispage = get_record("lesson_pages", "id", $pageid)) { if (!$thispage = get_record("lesson_pages", "id", $pageid)) {
error("Delete: page record not found"); error("Delete: page record not found");
} }
Expand Down Expand Up @@ -1483,12 +1482,13 @@
} }


// get the page // get the page
if (!$page = get_record("lesson_pages", "id", $_GET['pageid'])) { $pageid = required_param('pageid', PARAM_INT);
if (!$page = get_record("lesson_pages", "id", $pageid)) {
error("Edit page: page record not found"); error("Edit page: page record not found");
} }


if (isset($_GET['qtype'])) { if (isset($_GET['qtype'])) {
$page->qtype = $_GET['qtype']; $page->qtype = required_param('qtype', PARAM_INT);
} }


// set of jump array // set of jump array
Expand Down Expand Up @@ -1531,7 +1531,7 @@
<form name="editpage" method="post" action="lesson.php"> <form name="editpage" method="post" action="lesson.php">
<input type="hidden" name="id" value="<?PHP echo $cm->id ?>"> <input type="hidden" name="id" value="<?PHP echo $cm->id ?>">
<input type="hidden" name="action" value="updatepage"> <input type="hidden" name="action" value="updatepage">
<input type="hidden" name="pageid" value="<?PHP echo $_GET['pageid'] ?>"> <input type="hidden" name="pageid" value="<?PHP echo $pageid ?>">
<input type="hidden" name="redisplay" value="0"> <input type="hidden" name="redisplay" value="0">
<center><table cellpadding=5 border=1> <center><table cellpadding=5 border=1>
<?php <?php
Expand Down Expand Up @@ -1939,9 +1939,9 @@
?> ?>
</table><br /> </table><br />
<input type="button" value="<?php print_string("redisplaypage", "lesson") ?>" <input type="button" value="<?php print_string("redisplaypage", "lesson") ?>"
onClick="document.editpage.redisplay.value=1;document.editpage.submit();"> onClick="document.editpage.redisplay.value=1;document.editpage.submit();" />
<input type="submit" value="<?php print_string("savepage", "lesson") ?>"> <input type="submit" value="<?php print_string("savepage", "lesson") ?>" />
<input type="submit" name="cancel" value="<?php print_string("cancel") ?>"> <input type="submit" name="cancel" value="<?php print_string("cancel") ?>" />
</center> </center>
</form> </form>
<?PHP <?PHP
Expand All @@ -1956,8 +1956,9 @@
} }


$timenow = time(); $timenow = time();
$form = data_submitted();

$form = lesson_clean_data_submitted();

if ($form->pageid) { if ($form->pageid) {
// the new page is not the first page // the new page is not the first page
if (!$page = get_record("lesson_pages", "id", $form->pageid)) { if (!$page = get_record("lesson_pages", "id", $form->pageid)) {
Expand Down Expand Up @@ -2143,7 +2144,7 @@
error("Only teachers can look at this page"); error("Only teachers can look at this page");
} }


$pageid = $_GET['pageid']; $pageid = required_param('pageid', PARAM_INT);
$title = get_field("lesson_pages", "title", "id", $pageid); $title = get_field("lesson_pages", "title", "id", $pageid);
print_heading(get_string("moving", "lesson", $title)); print_heading(get_string("moving", "lesson", $title));


Expand Down Expand Up @@ -2183,11 +2184,11 @@
error("Only teachers can look at this page"); error("Only teachers can look at this page");
} }


$pageid = $_GET['pageid']; // page to move $pageid = required_param('pageid', PARAM_INT); // page to move
if (!$page = get_record("lesson_pages", "id", $pageid)) { if (!$page = get_record("lesson_pages", "id", $pageid)) {
error("Moveit: page not found"); error("Moveit: page not found");
} }
$after = $_GET['after']; // target page $after = required_param('after', PARAM_INT); // target page


print_heading(get_string("moving", "lesson", $page->title)); print_heading(get_string("moving", "lesson", $page->title));


Expand Down Expand Up @@ -2285,7 +2286,7 @@
} }


$timenow = time(); $timenow = time();
$form = data_submitted(); $form = lesson_clean_data_submitted();


$page->id = $form->pageid; $page->id = $form->pageid;
$page->timemodified = $timenow; $page->timemodified = $timenow;
Expand Down

0 comments on commit eb65aeb

Please sign in to comment.