$returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=manageauths";
// save configuration changes
-if ($frm = data_submitted(false) and confirm_sesskey()) {
+if ($frm = data_submitted() and confirm_sesskey()) {
$authplugin->validate_form($frm, $err);
console_write(STDERR,"The PHP server variable 'file_uploads' is not turned On" ,'',false);
}
- if (empty($CFG->prefix) && $CFG->dbfamily != 'mysql') { //Enforce prefixes for everybody but mysql
- console_write(STDERR,'$CFG->prefix can\'t be empty for your target DB (' . $CFG->dbtype . ')','',false);
- }
-
- if ($CFG->dbfamily == 'oracle' && strlen($CFG->prefix) > 2) { //Max prefix length for Oracle is 2cc
- console_write(STDERR,'$CFG->prefix maximum allowed length for Oracle DBs is 2cc.','',false);
- }
-
/// Check that config.php has been edited
if ($CFG->wwwroot == "http://example.com/moodle") {
}
$newsite = new Object();
- $newsite->fullname = addslashes($sitefullname);
- $newsite->shortname = addslashes($siteshortname);
- $newsite->summary = addslashes($sitesummary);
+ $newsite->fullname = $sitefullname;
+ $newsite->shortname = $siteshortname;
+ $newsite->summary = $sitesummary;
$newsite->newsitems = $sitenewsitems;
$newsite->numsections = 0;
$newsite->category = 0;
/// If data submitted, then process and store.
- if ($frm = data_submitted(false)) {
+ if ($frm = data_submitted()) {
if (!confirm_sesskey()) {
print_error('confirmsesskeybad', 'error');
}
//======================
// if reset pressed let filter config page handle it
- if ($config = data_submitted(false) and !$forcereset) {
+ if ($config = data_submitted() and !$forcereset) {
// check session key
if (!confirm_sesskey()) {
}
error_reporting($CFG->debug);
- fwrite($f, stripslashes($content));
+ fwrite($f, $content);
fclose($f);
// Remove file if its empty
$filename = $CFG->dataroot.'/'.SITEID.'/maintenance.html';
- if ($form = data_submitted(false)) {
+ if ($form = data_submitted()) {
if (confirm_sesskey()) {
if ($form->action == "disable") {
unlink($filename);
if($key=="arguments"){
$result .= "array(";
for($i=0; $i<count($value); $i++){
- $result .= "\"" . addslashes($value[$i]) . "\"";
+ $result .= "\"" . addslashes($value[$i]) . "\""; // TODO: fix this addslashes
if($i<count($value)-1){
$result .= ", ";
}
// process the form results
-if ($form = data_submitted(false) and confirm_sesskey()) {
+if ($form = data_submitted() and confirm_sesskey()) {
// check permissions and verify form input
if (!has_capability('moodle/user:delete', $sitecontext)) {
array_unshift($profile, $details['returns']);
}
$dataobject->profile = serialize($profile);
- $dataobject->help = addslashes($details['description']);
+ $dataobject->help = $details['description'];
} else {
$dataobject->profile = serialize(array(array('type' => 'void', 'description' => 'No return value')));
$dataobject->help = '';
/// Process incoming role assignment
- if ($frm = data_submitted(false)) {
+ if ($frm = data_submitted()) {
if ($add and !empty($frm->addselect) and confirm_sesskey()) {
$timemodified = time();
}
/// If data submitted, process and store
- if (($form = data_submitted(false)) && confirm_sesskey()) {
+ if (($form = data_submitted()) && confirm_sesskey()) {
if (!empty($form->submit) && $form->submit == get_string('savechanges')) {
if (in_array($form->mode, array("off", "strict", "dangerous"))) {
if (set_config('mnet_dispatcher_mode', $form->mode)) {
$report = array('This theme is not installed!'.'3', 'errorbox');
} else {
$mnet_peer->force_theme = 1;
- $mnet_peer->theme = addslashes($choose);
+ $mnet_peer->theme = $choose;
if ($mnet_peer->commit()) {
$report = array(get_string('themesaved').'1', 'informationbox');
} else {
$search = optional_param('search', '', PARAM_RAW);
$replace = optional_param('replace', '', PARAM_RAW);
-$search = stripslashes($search); // TODO: remove soon
-$replace = stripslashes($replace); // TODO: remove soon
-
###################################################################
admin_externalpage_print_header();
$roles = get_all_roles();
- if ($grant = data_submitted(false)) {
+ if ($grant = data_submitted()) {
foreach ($grant as $grole => $val) {
if ($grole == 'dummy') {
$confirm = optional_param('confirm', 0, PARAM_BOOL);
$cancel = optional_param('cancel', 0, PARAM_BOOL);
- $name = stripslashes($name);
- $description = stripslashes($description);
-
$sitecontext = get_context_instance(CONTEXT_SYSTEM);
require_capability('moodle/role:manage', $sitecontext);
/// form processing, editing a role, adding a role, deleting a role etc.
switch ($action) {
case 'add':
- if ($data = data_submitted(false) and confirm_sesskey()) {
+ if ($data = data_submitted() and confirm_sesskey()) {
$shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters
$legacytype = required_param('legacytype', PARAM_RAW);
break;
case 'edit':
- if ($data = data_submitted(false) and confirm_sesskey()) {
+ if ($data = data_submitted() and confirm_sesskey()) {
$shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters
$legacytype = required_param('legacytype', PARAM_RAW);
$capabilities = fetch_context_capabilities($context);
/// Process incoming role override
- if ($data = data_submitted(false) and $roleid and confirm_sesskey()) {
+ if ($data = data_submitted() and $roleid and confirm_sesskey()) {
$allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT);
$localoverrides = $DB->get_records_select('role_capabilities', "roleid = ? AND contextid = ?", array($roleid, $context->id),
$query = trim(optional_param('query', '', PARAM_NOTAGS)); // Search string
-$query = stripslashes($query); // TODO: remove soon
-
$adminroot =& admin_get_root(); // need all settings here
$adminroot->search = $query; // So we can reference it in search boxes later in this invocation
$statusmsg = '';
admin_externalpage_setup('search'); // now hidden page
// now we'll deal with the case that the admin has submitted the form with changed settings
-if ($data = data_submitted(false) and confirm_sesskey()) {
+if ($data = data_submitted() and confirm_sesskey()) {
if (admin_write_settings($data)) {
$statusmsg = get_string('changessaved');
}
$errormsg = '';
$focus = '';
-if ($data = data_submitted(false) and confirm_sesskey()) {
+if ($data = data_submitted() and confirm_sesskey()) {
if (admin_write_settings($data)) {
$statusmsg = get_string('changessaved');
}
admin_externalpage_setup('upgradesettings'); // now hidden page
// now we'll deal with the case that the admin has submitted the form with new settings
-if ($data = data_submitted(false) and confirm_sesskey()) {
+if ($data = data_submitted() and confirm_sesskey()) {
$count = admin_write_settings($data);
$adminroot =& admin_get_root(true); //reload tree
}
print_heading_with_help($struploadpictures, 'uploadpictures');
$mform = new admin_uploadpicture_form();
-if ($formdata = $mform->get_data(false)) {
+if ($formdata = $mform->get_data()) {
if (!array_key_exists($userfield, $userfields)) {
notify(get_string('uploadpicture_baduserfield','admin'));
} else {
$cir->cleanup(true);
redirect($returnurl);
-} else if ($formdata = $mform->get_data(false)) { // no magic quotes here!!!
+} else if ($formdata = $mform->get_data()) {
// Print the header
admin_externalpage_print_header();
print_heading(get_string('uploadusersresult', 'admin'));
// array of bulk operations
// create the bulk operations form
$action_form = new user_bulk_action_form();
-if ($data = $action_form->get_data(false)) {
+if ($data = $action_form->get_data()) {
// check if an action should be performed and do so
switch ($data->action) {
case 1: redirect($CFG->wwwroot.'/'.$CFG->admin.'/user/user_bulk_confirm.php');
$user_bulk_form = new user_bulk_form(null, get_selection_data($ufiltering));
-if ($data = $user_bulk_form->get_data(false)) {
+if ($data = $user_bulk_form->get_data()) {
if (!empty($data->addall)) {
add_selection_all($ufiltering);
continue;
}
$auth = get_auth_plugin($user->auth);
- $result = $auth->user_confirm(addslashes($user->username), addslashes($user->secret));
+ $result = $auth->user_confirm($user->username, $user->secret);
if ($result != AUTH_CONFIRM_OK && $result != AUTH_CONFIRM_ALREADY) {
notify(get_string('usernotconfirmed', '', fullname($user, true)));
}
if ($msgform->is_cancelled()) {
redirect($return);
-} else if ($formdata = $msgform->get_data(false)) {
+} else if ($formdata = $msgform->get_data()) {
$options = new object();
$options->para = false;
$options->newlines = true;
/// If we are used any dir, save it in the lastused session object
/// Some actions can use it to perform positioning
if ($lastused = optional_param ('dir', NULL, PARAM_PATH)) {
- $SESSION->lastused = stripslashes_safe($lastused);
+ $SESSION->lastused = $lastused;
}
$this->postaction = optional_param ('postaction', NULL, PARAM_ALPHAEXT);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$file = $dirpath . '/install.xml';
/// Some variables
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = required_param('table', PARAM_CLEAN);
$fieldparam = required_param('field', PARAM_CLEAN);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = required_param('table', PARAM_PATH);
$indexparam = required_param('index', PARAM_PATH);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = required_param('table', PARAM_PATH);
$keyparam = required_param('key', PARAM_PATH);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$statementparam = required_param('statement', PARAM_CLEAN);
$sentenceparam = required_param('sentence', PARAM_INT);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$statementparam = required_param('statement', PARAM_CLEAN);
$confirmed = optional_param('confirmed', false, PARAM_BOOL);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = required_param('table', PARAM_CLEAN);
$confirmed = optional_param('confirmed', false, PARAM_BOOL);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_CLEAN);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$confirmed = optional_param('confirmed', false, PARAM_BOOL);
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
- if (!data_submitted('nomatch')) { ///Basic prevention
+ if (!data_submitted()) { ///Basic prevention
print_error('wrongcall', 'error');
}
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = strtolower(required_param('table', PARAM_PATH));
$fieldparam = strtolower(required_param('field', PARAM_PATH));
$name = substr(trim(strtolower(optional_param('name', $fieldparam, PARAM_PATH))),0,30);
$comment = required_param('comment', PARAM_CLEAN);
- $comment = trim(stripslashes_safe($comment));
+ $comment = trim($comment);
$type = required_param('type', PARAM_INT);
$length = strtolower(optional_param('length', NULL, PARAM_ALPHANUM));
$sequence = optional_param('sequence', false, PARAM_BOOL);
$enum = optional_param('enum', false, PARAM_BOOL);
$enumvalues = optional_param('enumvalues', 0, PARAM_CLEAN);
- $enumvalues = trim(stripslashes_safe($enumvalues));
+ $enumvalues = trim($enumvalues);
$default = optional_param('default', NULL, PARAM_PATH);
- $default = trim(stripslashes_safe($default));
+ $default = trim($default);
$editeddir =& $XMLDB->editeddirs[$dirpath];
$structure =& $editeddir->xml_file->getStructure();
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
- if (!data_submitted('nomatch')) { ///Basic prevention
+ if (!data_submitted()) { ///Basic prevention
print_error('wrongcall', 'error');
}
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = strtolower(required_param('table', PARAM_PATH));
$indexparam = strtolower(required_param('index', PARAM_PATH));
$name = trim(strtolower(optional_param('name', $indexparam, PARAM_PATH)));
$comment = required_param('comment', PARAM_CLEAN);
- $comment = trim(stripslashes_safe($comment));
+ $comment = trim($comment);
$unique = required_param('unique', PARAM_INT);
$fields = required_param('fields', PARAM_CLEAN);
- $fields = str_replace(' ', '', trim(strtolower(stripslashes_safe($fields))));
+ $fields = str_replace(' ', '', trim(strtolower($fields)));
$editeddir =& $XMLDB->editeddirs[$dirpath];
$structure =& $editeddir->xml_file->getStructure();
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
- if (!data_submitted('nomatch')) { ///Basic prevention
+ if (!data_submitted()) { ///Basic prevention
print_error('wrongcall', 'error');
}
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = strtolower(required_param('table', PARAM_PATH));
$keyparam = strtolower(required_param('key', PARAM_PATH));
$name = trim(strtolower(optional_param('name', $keyparam, PARAM_PATH)));
$comment = required_param('comment', PARAM_CLEAN);
- $comment = trim(stripslashes_safe($comment));
+ $comment = trim($comment);
$type = required_param('type', PARAM_INT);
$fields = required_param('fields', PARAM_CLEAN);
- $fields = str_replace(' ', '', trim(strtolower(stripslashes_safe($fields))));
+ $fields = str_replace(' ', '', trim(strtolower($fields)));
if ($type == XMLDB_KEY_FOREIGN ||
$type == XMLDB_KEY_FOREIGN_UNIQUE) {
$reftable = trim(strtolower(required_param('reftable', PARAM_PATH)));
$reffields= required_param('reffields', PARAM_CLEAN);
- $reffields = str_replace(' ', '', trim(strtolower(stripslashes_safe($reffields))));
+ $reffields = str_replace(' ', '', trim(strtolower($reffields)));
}
$editeddir =& $XMLDB->editeddirs[$dirpath];
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$statementparam = strtolower(required_param('statement', PARAM_CLEAN));
$sentenceparam = strtolower(required_param('sentence', PARAM_ALPHANUM));
$fields = required_param('fields', PARAM_CLEAN);
- $fields = trim(stripslashes_safe($fields));
+ $fields = trim($fields);
$values = required_param('values', PARAM_CLEAN);
- $values = trim(stripslashes_safe($values));
+ $values = trim($values);
$editeddir =& $XMLDB->editeddirs[$dirpath];
$structure =& $editeddir->xml_file->getStructure();
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$statementparam = strtolower(required_param('statement', PARAM_CLEAN));
$name = trim(strtolower(required_param('name', PARAM_CLEAN)));
$comment = required_param('comment', PARAM_CLEAN);
- $comment = stripslashes_safe($comment);
+ $comment = $comment;
$editeddir =& $XMLDB->editeddirs[$dirpath];
$structure =& $editeddir->xml_file->getStructure();
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
- if (!data_submitted('nomatch')) { ///Basic prevention
+ if (!data_submitted()) { ///Basic prevention
print_error('wrongcall', 'error');
}
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$tableparam = strtolower(required_param('table', PARAM_PATH));
$name = substr(trim(strtolower(required_param('name', PARAM_PATH))),0,28);
$comment = required_param('comment', PARAM_CLEAN);
- $comment = stripslashes_safe($comment);
+ $comment = $comment;
$editeddir =& $XMLDB->editeddirs[$dirpath];
$structure =& $editeddir->xml_file->getStructure();
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
- if (!data_submitted('nomatch')) { ///Basic prevention
+ if (!data_submitted()) { ///Basic prevention
print_error('wrongcall', 'error');
}
/// Get parameters
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$comment = required_param('comment', PARAM_CLEAN);
- $comment = stripslashes_safe($comment);
+ $comment = $comment;
/// Set comment and recalculate hash
$editeddir =& $XMLDB->editeddirs[$dirpath];
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
$confirmed = optional_param('confirmed', false, PARAM_BOOL);
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the edited dir
if (!empty($XMLDB->editeddirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the original dir and delete some elements
if (!empty($XMLDB->dbdirs)) {
$select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if ($select == 'original') {
$select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if ($select == 'original') {
$select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if ($select == 'original') {
$select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if ($select == 'original') {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
$select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if ($select == 'original') {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
/// Do the job, setting result as needed
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dirs
if (!empty($XMLDB->dbdirs)) {
$select = required_param('select', PARAM_ALPHA); //original/edited
/// Get the dir containing the file
$dirpath = required_param('dir', PARAM_PATH);
- $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
+ $dirpath = $CFG->dirroot . $dirpath;
/// Get the correct dir
if ($select == 'original') {
/// Get the file parameter
$file = required_param('file', PARAM_PATH);
- $file = $CFG->dirroot . stripslashes_safe($file);
+ $file = $CFG->dirroot . $file;
/// File must be under $CFG->wwwroot and
/// under one db directory (simple protection)
if (substr($file, 0, strlen($CFG->dirroot)) == $CFG->dirroot &&
/// list external users
$userlist = $this->get_userlist();
- $quoteduserlist = implode("', '", addslashes_recursive($userlist));
+ $quoteduserlist = implode("', '", $userlist);
$quoteduserlist = "'$quoteduserlist'";
/// delete obsolete internal users
$config->changepasswordurl = '';
}
- $config = stripslashes_recursive($config);
// save settings
set_config('host', $config->host, 'auth/db');
set_config('type', $config->type, 'auth/db');
global $MNET_REMOTE_CLIENT, $CFG, $DB;
$CFG->usesid = true;
- // Addslashes to all usernames, so we can build the query string real
- // simply with 'implode'
- $array = array_map('addslashes', $array);
// We don't want to output anything to the client machine
$start = ob_start();
//Set info_to save
$info_to_save = "infile";
} else {
- //Saving to db, addslashes
+ //Saving to db
$info_to_save = $info_ser;
}
if ($form1 = data_submitted()) {
$currentcourseshortname = $course_header->course_shortname; //"store_ShortName";
- $course_header->course_shortname = stripslashes_safe($form1->shortname); //"update_ShortName";
- $course_header->course_fullname = stripslashes_safe($form1->fullname); //"update_FullName";
+ $course_header->course_shortname = $form1->shortname; //"update_ShortName";
+ $course_header->course_fullname = $form1->fullname; //"update_FullName";
/// Roll dates only if the backup course has a start date
/// (some formats like main page, social..., haven't it and rolling dates
/// from 0 produces crazy dates. MDL-10125
$course->fullname = $course_header->course_fullname;
$course->shortname = $course_header->course_shortname;
$course->idnumber = $course_header->course_idnumber;
- $course->idnumber = ''; //addslashes($course_header->course_idnumber); // we don't want this at all.
+ $course->idnumber = ''; //$course_header->course_idnumber; // we don't want this at all.
$course->summary = backup_todb($course_header->course_summary);
$course->format = $course_header->course_format;
$course->showgrades = $course_header->course_showgrades;
$course->startdate = $course_header->course_startdate;
$course->startdate += $restore->course_startdateoffset;
$course->numsections = $course_header->course_numsections;
- //$course->showrecent = addslashes($course_header->course_showrecent); INFO: This is out in 1.3
+ //$course->showrecent = $course_header->course_showrecent; INFO: This is out in 1.3
$course->maxbytes = $course_header->course_maxbytes;
$course->showreports = $course_header->course_showreports;
if (isset($course_header->course_groupmode)) {
//Unset the id because it's going to be inserted with a new one
unset ($user->id);
// relink the descriptions
- $user->description = stripslashes($user->description);
/// Disable pictures based on global setting or existing empty value (old backups can contain wrong empties)
if (!empty($CFG->disableuserimages) || empty($user->picture)) {
fwrite ($restorelog_file,"<title>".$course_header->course_shortname." Restored </title>");
fwrite ($restorelog_file,"</head><body><br/><h1>The following changes were made during the Restoration of this Course.</h1><br/><br/>");
fwrite ($restorelog_file,"The Course ShortName is now - ".$course_header->course_shortname." The FullName is now - ".$course_header->course_fullname."<br/><br/>");
- $startdate = addslashes($course_header->course_startdate);
+ $startdate = $course_header->course_startdate;
$date = usergetdate($startdate);
fwrite ($restorelog_file,"The Originating Courses Start Date was " .$date['weekday'].", ".$date['mday']." ".$date['month']." ".$date['year']."");
$startdate += $restore->course_startdateoffset;
<td valign="top" align="left">
<input id="block_search_word_to_text_env" type="text" size="60" name="block_search_word_to_text_env" value="<?php
if(isset($CFG->block_search_word_to_text_env)) {
- echo stripslashes($CFG->block_search_word_to_text_env);
+ echo $CFG->block_search_word_to_text_env;
} else {
if ($CFG->ostype == 'WINDOWS'){
p("HOME={$CFG->dirroot}\\lib\\antiword\\win32");
<input id="block_search_<?php p($type) ?>_to_text_env" type="text" size="60" name="block_search_<?php p($type) ?>_to_text_env" value="<?php
$propname = "block_search_{$type}_to_text_env";
if(isset($CFG->$propname)) {
- echo stripslashes($CFG->$propname);
+ echo $CFG->$propname;
} ?>"/><br/><br/>
</td>
</tr>
if ($blogeditform->is_cancelled()){
redirect($returnurl);
-} else if ($fromform = $blogeditform->get_data(false)){
+} else if ($fromform = $blogeditform->get_data()){
//save stuff in db
switch ($action) {
case 'add':
print_error('nopermissions');
}
- if($form = data_submitted(false)) {
+ if($form = data_submitted()) {
$form->name = clean_param(strip_tags($form->name,'<lang><span>'), PARAM_CLEAN);
case 'new':
$title = get_string('newevent', 'calendar');
- $form = data_submitted(false);
+ $form = data_submitted();
if(!empty($form) && !empty($form->name)) {
$form->name = clean_text(strip_tags($form->name, '<lang><span>'));
/// If data submitted, then process and store.
- if ($form = data_submitted(false)) {
+ if ($form = data_submitted()) {
foreach ($form as $preference => $value) {
switch ($preference) {
case 'timeformat':
$resort = optional_param('resort', 0, PARAM_BOOL);
$categorytheme= optional_param('categorytheme', false, PARAM_CLEAN);
- $rename = stripslashes($rename); // TODO: remove soon
-
if ($CFG->forcelogin) {
require_login();
}
if ($creatorediting) {
/// Move a specified course to a new category
- if (!empty($moveto) and $data = data_submitted(false) and confirm_sesskey()) { // Some courses are being moved
+ if (!empty($moveto) and $data = data_submitted() and confirm_sesskey()) { // Some courses are being moved
// user must have category update in both cats to perform this
require_capability('moodle/category:update', $context);
redirect($CFG->wwwroot.'/course/view.php?id='.$course->id);
}
- } else if ($data = $editform->get_data(false)) {
+ } else if ($data = $editform->get_data()) {
$data->password = $data->enrolpassword; // we need some other name for password field MDL-9929
/// process data if submitted
} else {
redirect($CFG->wwwroot.'/course/category.php?categoryedit=on&id='.$category->id);
}
-} else if (($data = $mform->get_data(false))) {
+} else if (($data = $mform->get_data())) {
$newcategory = new stdClass();
$newcategory->name = $data->name;
$newcategory->description = $data->description;
/// If data submitted, then process and store.
- if ($form = data_submitted(false) and confirm_sesskey()) {
+ if ($form = data_submitted() and confirm_sesskey()) {
$timenow = time();
/// If currently moving a file then show the current clipboard
if (ismoving($course->id)) {
- $stractivityclipboard = strip_tags(get_string('activityclipboard', '', addslashes($USER->activitycopyname)));
+ $stractivityclipboard = strip_tags(get_string('activityclipboard', '', $USER->activitycopyname));
$strcancel= get_string('cancel');
echo '<li class="clipboard">';
echo $stractivityclipboard.' (<a href="mod.php?cancelcopy=true&sesskey='.$USER->sesskey.'">'.$strcancel.'</a>)';
/// If currently moving a file then show the current clipboard
if (ismoving($course->id)) {
- $stractivityclipboard = strip_tags(get_string('activityclipboard', '', addslashes($USER->activitycopyname)));
+ $stractivityclipboard = strip_tags(get_string('activityclipboard', '', $USER->activitycopyname));
$strcancel= get_string('cancel');
echo '<li class="clipboard">';
echo $stractivityclipboard.' (<a href="mod.php?cancelcopy=true&sesskey='.$USER->sesskey.'">'.$strcancel.'</a>)';
$page = optional_param('page', 0, PARAM_INT);
$filename = optional_param('filename', 0, PARAM_PATH);
- $fromcoursesearch = stripslashes($fromcoursesearch); // TODO: remove soon
-
$strimportactivities = get_string('importactivities');
if (! ($course = $DB->get_record("course", array("id"=>$id)))) {
//print_error('missingfield', 'error', 'uploaduser.php?sesskey='.$USER->sesskey, $name);
}
else if ($name == "groupname") {
- $newgroup->name = addslashes($value);
+ $newgroup->name = $value;
}
// normal entry
else {
- $newgroup->{$name} = addslashes($value);
+ $newgroup->{$name} = $value;
}
}
///Find the courseid of the course with the given shortname
$previoussearch = optional_param('previoussearch', 0, PARAM_BOOL);
$previoussearch = ($searchtext != '') or ($previoussearch) ? 1:0;
- $searchtext = stripslashes($searchtext); // TODO: remove soon
-
if (! $site = get_site()) {
redirect("$CFG->wwwroot/$CFG->admin/index.php");
}
print_heading(get_string('childcourses'));
- if (!$frm = data_submitted(false)) {
+ if (!$frm = data_submitted()) {
$note = get_string("importmetacoursenote");
print_simple_box($note, "center", "50%");
if ($mform->is_cancelled()) {
redirect('index.php');
- } else if (!$data= $mform->get_data(false)) {
+ } else if (!$data= $mform->get_data()) {
require_once($CFG->libdir . '/questionlib.php');
print_category_edit_header();
print_heading($heading);
$id = optional_param('id', false, PARAM_INT); // Course id
$name = optional_param('name', false, PARAM_RAW); // Course short name
- $name = stripslashes($name); // TODO: remove soon
-
if (!$id and !$name) {
print_error("unspecifycourseid");
}
} else {
redirect("$CFG->wwwroot/course/view.php?id=$course->id#section-".$cw->section);
}
- } else if ($fromform = $mform->get_data(false)) {
+ } else if ($fromform = $mform->get_data()) {
if (empty($fromform->coursemodule)) { //add
$cm = null;
if (! $course = $DB->get_record("course", array("id"=>$fromform->course))) {
if ($fromform->gradecat == -1) {
$grade_category = new grade_category();
$grade_category->courseid = $COURSE->id;
- $grade_category->fullname = stripslashes($fromform->name);
+ $grade_category->fullname = $fromform->name;
$grade_category->insert();
if ($grade_item) {
$parent = $grade_item->get_parent_category();
if (!empty($approve) and confirm_sesskey()) {
if ($course = $DB->get_record("course_request", array("id"=>$approve))) {
- foreach (array_keys((array)$course) as $key) {
- $course->$key = addslashes($course->$key);
- }
// place at beginning of category
fix_course_sortorder();
$mform = new recent_form();
$mform->set_data($param);
- if ($formdata = $mform->get_data(false)) {
+ if ($formdata = $mform->get_data()) {
$param = $formdata;
}
redirect($CFG->wwwroot);
- }elseif ($data = $requestform->get_data(false)) {
+ }elseif ($data = $requestform->get_data()) {
$data->requester = $USER->id;
if ($DB->insert_record('course_request', $data)) {
if ($mform->is_cancelled()) {
redirect($CFG->wwwroot.'/course/view.php?id='.$id);
-} else if ($data = $mform->get_data(false)) { // no magic quotes
+} else if ($data = $mform->get_data()) { // no magic quotes
if (isset($data->selectdefault)) {
$_POST = array();
$blocklist = optional_param('blocklist', 0, PARAM_INT);
$modulelist= optional_param('modulelist', '', PARAM_ALPHAEXT);
- $search = stripslashes($search); // TODO: remove soon
-
$search = trim(strip_tags($search)); // trim & clean raw searched string
if ($search) {
exit;
}
- if (!empty($moveto) and $data = data_submitted(false) and confirm_sesskey()) { // Some courses are being moved
+ if (!empty($moveto) and $data = data_submitted() and confirm_sesskey()) { // Some courses are being moved
if (! $destcategory = $DB->get_record("course_categories", array("id"=>$data->moveto))) {
print_error('cannotfindcategory', '', '', $data->moveto);
$person->confirmed = 1;
$person->timemodified = time();
$person->mnethostid = $CFG->mnet_localhost_id;
- if($id = $DB->insert_record('user', addslashes_object($person))){
+ if($id = $DB->insert_record('user', $person)){
/*
Photo processing is deactivated until we hear from Moodle dev forum about modification to gdlib.
$groupid = $this->check_group_entry($course->id, $form->password);
- if ((stripslashes($form->password) == $course->password) or ($groupid !== false) ) {
+ if (($form->password == $course->password) or ($groupid !== false) ) {
if (isguestuser()) { // only real user guest, do not use this for users with guest role
$USER->enrolkey[$course->id] = true;
if ($groups = groups_get_all_groups($courseid)) {
foreach ($groups as $group) {
- if ( !empty($group->enrolmentkey) and (stripslashes($password) == $group->enrolmentkey) ) {
+ if ( !empty($group->enrolmentkey) and ($password == $group->enrolmentkey) ) {
return $group->id;
}
}
$data = new object();
foreach ($_POST as $key => $value) {
- $value = stripslashes($value);
$req .= "&$key=".urlencode($value);
$data->$key = $value;
}
require('../config.php');
- if ($form = data_submitted('nomatch')) { // form submitted, do not check referer (original page unknown)!
+ if ($form = data_submitted()) { // form submitted, do not check referer (original page unknown)!
/// Only deal with real users
if (!isloggedin()) {
if (($text != '') and confirm_sesskey()) {
$fileptr = fopen($basedir.'/'.$file,"w");
$text = preg_replace('/\x0D/', '', $text); // http://moodle.org/mod/forum/discuss.php?d=38860
- fputs($fileptr, stripslashes($text));
+ fputs($fileptr, $text);
fclose($fileptr);
displaydir($wdir);
$gif = "$latex->temp_dir/$md5.gif";
// put the expression as a file into the temp area
- $expression = stripslashes($expression);
$expression = html_entity_decode($expression);
$output .= "<p>Processing TeX expression:</p><pre>$expression</pre>\n";
$doc = $latex->construct_latex_document($expression);
if ($mform->is_cancelled()) {
redirect($returnurl);
-} else if ($data = $mform->get_data(false)) {
+} else if ($data = $mform->get_data()) {
if (!$admin and empty($data->override)) {
$DB->delete_records('grade_letters', array('contextid' => $context->id));
redirect($returnurl);
/// form processing
-if ($data = data_submitted(false)) {
+if ($data = data_submitted()) {
require_capability('moodle/grade:manageoutcomes', $context);
if (!empty($data->add) && !empty($data->addoutcomes)) {
/// add all selected to course list
if ($mform->is_cancelled()) {
redirect($returnurl);
-} else if ($data = $mform->get_data(false)) {
+} else if ($data = $mform->get_data()) {
$outcome = new grade_outcome(array('id'=>$id));
$data->usermodified = $USER->id;
grade_outcome::set_properties($outcome, $data);
require_once('import_outcomes_form.php');
$upload_form = new import_outcomes_form();
-if ($upload_form_data = $upload_form->get_data(false)) {
+if ($upload_form_data = $upload_form->get_data()) {
require_once('import.php');
exit();
}
if ($mform->is_cancelled()) {
redirect($returnurl);
-} else if ($data = $mform->get_data(false)) {
+} else if ($data = $mform->get_data()) {
$scale = new grade_scale(array('id'=>$id));
$data->userid = $USER->id;
grade_scale::set_properties($scale, $data);
if ($mform->is_cancelled()) {
redirect($returnurl);
-} else if ($data = $mform->get_data(false)) {
+} else if ($data = $mform->get_data()) {
$data = (array)$data;
$general = array('displaytype', 'decimalpoints', 'aggregationposition');
foreach ($data as $key=>$value) {
$errors = array();
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
$calculation = calc_formula::unlocalize($data->calculation);
$grade_item->set_calculation($calculation);
continue;
}
- if (empty($gi->idnumber) and !$gi->add_idnumber(stripslashes($idnumbers[$gi->id]))) {
+ if (empty($gi->idnumber) and !$gi->add_idnumber($idnumbers[$gi->id])) {
$errors[$giid] = get_string('error');
continue;
}
if ($mform->is_cancelled()) {
redirect($returnurl);
-} else if ($data = $mform->get_data(false)) {
+} else if ($data = $mform->get_data()) {
// If no fullname is entered for a course category, put ? in the DB
if (!isset($data->fullname) || $data->fullname == '') {
$data->fullname = '?';
redirect($returnurl);
// form processing
-} else if ($data = $mform->get_data(false)) {
+} else if ($data = $mform->get_data()) {
$old_grade_grade = new grade_grade(array('userid'=>$data->userid, 'itemid'=>$grade_item->id), true); //might not exist yet
// fix no grade for scales
$mform->set_data($item);
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
if (!isset($data->aggregationcoef)) {
$data->aggregationcoef = 0;
$mform->set_data($item);
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
if (!isset($data->aggregationcoef)) {
$data->aggregationcoef = 0;
if ($editform->is_cancelled()) {
redirect($returnurl);
-} elseif ($data = $editform->get_data(false)) {
+} elseif ($data = $editform->get_data()) {
if ($data->id) {
$record = new object();
$mform = new grade_export_form(null, array('publishing' => true));
// process post information
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
$export = new grade_export_ods($course, groups_get_course_group($course), '', false, false, $data->display, $data->decimals);
// print the grades on screen for feedbacks
$mform = new grade_export_form(null, array('includeseparator'=>true, 'publishing' => true));
// process post information
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
$export = new grade_export_txt($course, groups_get_course_group($course), '', false, false, $data->display, $data->decimals);
// print the grades on screen for feedback
$mform = new grade_export_form(null, array('publishing' => true));
// process post information
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
$export = new grade_export_xls($course, groups_get_course_group($course), '', false, false, $data->display, $data->decimals);
// print the grades on screen for feedbacks
$mform = new grade_export_form(null, array('idnumberrequired'=>true, 'publishing'=>true, 'updategradesonly'=>true));
// process post information
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
$export = new grade_export_xml($course, groups_get_course_group($course), '', false, $data->updatedgradesonly, $data->display, $data->decimals);
// print the grades on screen for feedbacks
$mform2 = new grade_import_mapping_form(null, array('gradeitems'=>$gradeitems, 'header'=>$header));
// if import form is submitted
-if ($formdata = $mform->get_data(false)) {
+if ($formdata = $mform->get_data()) {
// Large files are likely to take their time and memory. Let PHP know
// that we'll take longer, and that the process should be recycled soon
$mform2->set_data(array('importcode'=>$importcode, 'id'=>$id));
$mform2->display();
-//} else if (($formdata = data_submitted(false)) && !empty($formdata->map)) {
+//} else if (($formdata = data_submitted()) && !empty($formdata->map)) {
// else if grade import mapping form is submitted
-} else if ($formdata = $mform2->get_data(false)) {
+} else if ($formdata = $mform2->get_data()) {
$importcode = clean_param($formdata->importcode, PARAM_FILE);
$filename = $CFG->dataroot.'/temp/gradeimport/cvs/'.$USER->id.'/'.$importcode;
if ($editform->is_cancelled()) {
redirect($returnurl);
-} elseif ($data = $editform->get_data(false)) {
+} elseif ($data = $editform->get_data()) {
if ($data->id) {
$record = new object();
$mform = new grade_import_form();
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
// Large files are likely to take their time and memory. Let PHP know
// that we'll take longer, and that the process should be recycled soon
// to free up memory.
if (empty($trimmed)) {
$feedback = NULL;
} else {
- $feedback = stripslashes($newvalue);
+ $feedback = $newvalue;
}
$finalvalue = $feedback;
}
/// processing posted grades & feedback here
-if ($data = data_submitted(false) and confirm_sesskey() and has_capability('moodle/grade:edit', $context)) {
+if ($data = data_submitted() and confirm_sesskey() and has_capability('moodle/grade:edit', $context)) {
$warnings = $report->process_data($data);
} else {
$warnings = array();
if (empty($trimmed)) {
$feedback = NULL;
} else {
- $feedback = stripslashes($postedvalue);
+ $feedback = $postedvalue;
}
}
}
// If data submitted, then process and store.
-if ($data = $mform->get_data(false)) {
+if ($data = $mform->get_data()) {
foreach ($data as $preference => $value) {
if (substr($preference, 0, 6) !== 'grade_') {
continue;
$returnurl = $CFG->wwwroot.'/group/groupings.php?id='.$courseid;
-if ($frm = data_submitted(false) and confirm_sesskey()) {
+if ($frm = data_submitted() and confirm_sesskey()) {
if (isset($frm->cancel)) {
redirect($returnurl);
if ($editform->is_cancelled()) {
redirect($returnurl);
-} elseif ($data = $editform->get_data(false)) {
+} elseif ($data = $editform->get_data()) {
/// Allocate members from the selected role to groups
switch ($data->allocateby) {
$grouping = new object();
$grouping->courseid = $COURSE->id;
$grouping->name = $groupingname;
- if (!$grouping->id = groups_create_grouping(addslashes_recursive($grouping))) {
+ if (!$grouping->id = groups_create_grouping($grouping)) {
$error = 'Can not create grouping'; //should not happen
$failed = true;
}
$newgroup = new object();
$newgroup->courseid = $data->courseid;
$newgroup->name = $group['name'];
- if (!$groupid = groups_create_group(addslashes_recursive($newgroup))) {
+ if (!$groupid = groups_create_group($newgroup)) {
$error = 'Can not create group!'; // should not happen
$failed = true;
break;
$searchtext = optional_param('searchtext', '', PARAM_RAW); // search string
$showall = optional_param('showall', 0, PARAM_BOOL);
-$searchtext = stripslashes($searchtext); // TODO: remove soon
-
if ($showall) {
$searchtext = '';
}
/// If currently moving a file then show the current clipboard
if (ismoving($SITE->id)) {
- $stractivityclipboard = strip_tags(get_string('activityclipboard', '', addslashes($USER->activitycopyname)));
+ $stractivityclipboard = strip_tags(get_string('activityclipboard', '', $USER->activitycopyname));
echo '<p><font size="2">';
echo "$stractivityclipboard (<a href=\"course/mod.php?cancelcopy=true&sesskey=$USER->sesskey\">". get_string('cancel') .'</a>)';
echo '</font></p>';
return;
}
echo '<script>';
- echo 'document.getElementById("text'.$thisbarid.'").innerHTML = "'.addslashes($donetext).'";'."\n";
+ echo 'document.getElementById("text'.$thisbarid.'").innerHTML = "'.addslashes_js($donetext).'";'."\n";
echo 'document.getElementById("slider'.$thisbarid.'").style.width = \''.$width.'px\';'."\n";
echo '</script>';
}
return true;
} else {
- $cleaned = stripslashes(clean_param(addslashes($data), $this->paramtype));
+ $cleaned = clean_param($data, $this->paramtype);
if ("$data" == "$cleaned") { // implicit conversion to string is needed to do exact comparison
return true;
} else {
}
function validate($data) {
- $cleaned = stripslashes(clean_param(addslashes($data), PARAM_MULTILANG));
+ $cleaned = clean_param($data, PARAM_MULTILANG);
if ($cleaned === '') {
return get_string('required');
}
// To this data, add anything the page itself needs to display
$hiddendata = array_merge($hiddendata, $page->url_get_parameters());
- if ($data = data_submitted(false)) {
+ if ($data = data_submitted()) {
$remove = array_keys($hiddendata);
foreach($remove as $item) {
unset($data->$item);
define('LASTACCESS_UPDATE_SECS', 60); /// Number of seconds to wait before
/// updating lastaccess information in DB.
-/**
- * Escape all dangerous characters in a data record
- *
- * $dataobject is an object containing needed data
- * Run over each field exectuting addslashes() function
- * to escape SQL unfriendly characters (e.g. quotes)
- * Handy when writing back data read from the database
- *
- * @param $dataobject Object containing the database record
- * @return object Same object with neccessary characters escaped
- */
-function addslashes_object( $dataobject ) {
- $a = get_object_vars( $dataobject);
- foreach ($a as $key=>$value) {
- $a[$key] = addslashes( $value );
- }
- return (object)$a;
-}
-
/// USER DATABASE ////////////////////////////////////////////////
/**
function print_simple_box($message, $align='', $width='', $color='', $padding=5, $class='generalbox', $id='', $return=false) {
$output = '';
$output .= print_simple_box_start($align, $width, $color, $padding, $class, $id, true);
- $output .= stripslashes_safe($message);
+ $output .= $message;
$output .= print_simple_box_end(true);
if ($return) {
die;
}
+
+/// removed functions
+function addslashes_object( $dataobject ) {
+ error('addslashes() not available anymore');
+}
+
+function addslashes_recursive($var) {
+ error('addslashes_recursive() not available anymore');
+}
+
+
+
?>
/// Force ANSI nulls so the NULL check was done by IS NULL and NOT IS NULL
/// instead of equal(=) and distinct(<>) simbols
$this->db->Execute('SET ANSI_NULLS ON');
- /// Enable sybase quotes, so addslashes and stripslashes will use "'"
- ini_set('magic_quotes_sybase', '1');
- /// NOTE: Not 100% useful because GPC has been addslashed with the setting off
- /// so IT'S MANDATORY TO CHANGE THIS UNDER php.ini or .htaccess for this DB
- /// or to turn off magic_quotes to allow Moodle to do it properly
return true;
}
/// DB using DOTS. Manually introduced floats (if using other characters) must be
/// converted back to DOTs (like gradebook does)
$this->db->Execute("ALTER SESSION SET NLS_NUMERIC_CHARACTERS='.,'");
- /// Enable sybase quotes, so addslashes and stripslashes will use "'"
- ini_set('magic_quotes_sybase', '1');
- /// NOTE: Not 100% useful because GPC has been addslashed with the setting off
- /// so IT'S MANDATORY TO ENABLE THIS UNDER php.ini or .htaccess for this DB
- /// or to turn off magic_quotes to allow Moodle to do it properly
return true;
}
function insert_record($table, $dataobject, $returnid=true, $primarykey='id') {
global $DB;
- $dataobject = stripslashes_recursive($dataobject);
return $DB->insert_record($table, $dataobject, $returnid);
}
function update_record($table, $dataobject) {
global $DB;
- $dataobject = stripslashes_recursive($dataobject);
return $DB->update_record($table, $dataobject, true);
}
$conditions = array();
if ($field) {
- $conditions[$field] = stripslashes_recursive($value);
+ $conditions[$field] = $value;
}
return $DB->get_records($table, $conditions, $sort, $fields, $limitfrom, $limitnum);
$conditions = array();
if ($field1) {
- $conditions[$field1] = stripslashes_recursive($value1);
+ $conditions[$field1] = $value1;
}
if ($field2) {
- $conditions[$field2] = stripslashes_recursive($value2);
+ $conditions[$field2] = $value2;
}
if ($field3) {
- $conditions[$field3] = stripslashes_recursive($value3);
+ $conditions[$field3] = $value3;
}
return $DB->get_record($table, $conditions, $fields);
$conditions = array();
if ($field1) {
- $conditions[$field1] = stripslashes_recursive($value1);
+ $conditions[$field1] = $value1;
}
if ($field2) {
- $conditions[$field2] = stripslashes_recursive($value2);
+ $conditions[$field2] = $value2;
}
if ($field3) {
- $conditions[$field3] = stripslashes_recursive($value3);
+ $conditions[$field3] = $value3;
}
- return $DB->set_field($table, $newfield, stripslashes_recursive($newvalue), $conditions);
+ return $DB->set_field($table, $newfield, $newvalue, $conditions);
}
function count_records($table, $field1='', $value1='', $field2='', $value2='', $field3='', $value3='') {
$conditions = array();
if ($field1) {
- $conditions[$field1] = stripslashes_recursive($value1);
+ $conditions[$field1] = $value1;
}
if ($field2) {
- $conditions[$field2] = stripslashes_recursive($value2);
+ $conditions[$field2] = $value2;
}
if ($field3) {
- $conditions[$field3] = stripslashes_recursive($value3);
+ $conditions[$field3] = $value3;
}
return $DB->count_records($table, $conditions);
$conditions = array();
if ($field1) {
- $conditions[$field1] = stripslashes_recursive($value1);
+ $conditions[$field1] = $value1;
}
if ($field2) {
- $conditions[$field2] = stripslashes_recursive($value2);
+ $conditions[$field2] = $value2;
}
if ($field3) {
- $conditions[$field3] = stripslashes_recursive($value3);
+ $conditions[$field3] = $value3;
}
return $DB->record_exists($table, $conditions);
$conditions = array();
if ($field1) {
- $conditions[$field1] = stripslashes_recursive($value1);
+ $conditions[$field1] = $value1;
}
if ($field2) {
- $conditions[$field2] = stripslashes_recursive($value2);
+ $conditions[$field2] = $value2;
}
if ($field3) {
- $conditions[$field3] = stripslashes_recursive($value3);
+ $conditions[$field3] = $value3;
}
return $DB->delete_records($table, $conditions);
$conditions = array();
if ($field1) {
- $conditions[$field1] = stripslashes_recursive($value1);
+ $conditions[$field1] = $value1;
}
if ($field2) {
- $conditions[$field2] = stripslashes_recursive($value2);
+ $conditions[$field2] = $value2;
}
if ($field3) {
- $conditions[$field3] = stripslashes_recursive($value3);
+ $conditions[$field3] = $value3;
}
return $DB->get_field($table, $return, $conditions);
html_header($course, $wdir);
if (($text != '') and confirm_sesskey()) {
$fileptr = fopen($basedir.$file,"w");
- fputs($fileptr, stripslashes($text));
+ fputs($fileptr, $text);
fclose($fileptr);
displaydir($wdir);
var editor = this;
var selectedtxt = "";
<?php
- $strreplaced = addslashes(get_string('itemsreplaced','editor'));
- $strnotfound = addslashes(get_string('searchnotfound','editor'));
+ $strreplaced = addslashes_js(get_string('itemsreplaced','editor'));
+ $strnotfound = addslashes_js(get_string('searchnotfound','editor'));
?>
var strReplaced = '<?php echo $strreplaced ?>';
var strNotfound = '<?php echo $strnotfound ?>';
if (HTMLArea.is_gecko) {
if (confirm("<?php
$strmoz = get_string('cutpastemozilla','editor');
- $strmoz = preg_replace("/[\n|\r]+/", "", $strmoz);
- $strmoz = str_replace('<br />', '\\n', $strmoz);
-
- echo addslashes($strmoz);
+ echo addslashes_js($strmoz);
?>"))
window.open("http://moodle.org/mozillahelp");
@header('Content-Type: text/html; charset=utf-8');
- $imagetag = clean_text('<img src="'.htmlSpecialChars(stripslashes_safe($imageurl)).'" alt="" />');
+ $imagetag = clean_text('<img src="'.htmlSpecialChars($imageurl).'" alt="" />');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
html_header($course, $wdir);\r
if (($text != '') and confirm_sesskey()) {\r
$fileptr = fopen($basedir.$file,"w");\r
- fputs($fileptr, stripslashes($text));\r
+ fputs($fileptr, $text);\r
fclose($fileptr);\r
displaydir($wdir);\r
\r
@header('Content-Type: text/html; charset=utf-8');\r
\r
\r
- $imagetag = clean_text('<img src="'.htmlSpecialChars(stripslashes_safe($imageurl)).'" alt="" />');\r
+ $imagetag = clean_text('<img src="'.htmlSpecialChars($imageurl).'" alt="" />');\r
\r
?>\r
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"\r
* $Id$\r
*\r
* @author Moxiecode\r
- * @copyright Copyright © 2004-2007, Moxiecode Systems AB, All rights reserved.\r
+ * @copyright Copyright � 2004-2007, Moxiecode Systems AB, All rights reserved.\r
*/\r
\r
class SpellChecker {\r
* @param {String} $str Message to send back to user.\r
*/\r
function throwError($str) {\r
- die('{"result":null,"id":null,"error":{"errstr":"' . addslashes($str) . '","errfile":"","errline":null,"errcontext":"","level":"FATAL"}}');\r
+ die('{"result":null,"id":null,"error":{"errstr":"' . addslashes_js($str) . '","errfile":"","errline":null,"errcontext":"","level":"FATAL"}}');\r
}\r
}\r
\r
* form definition (new entry form); this function is used to load in data where values
* already exist and data is being edited (edit entry form).
*
+ * note: $slashed param removed
+ *
* @param mixed $default_values object or array of default values
* @param bool $slased true if magic quotes applied to data values
*/
- function set_data($default_values, $slashed=false) {
+ function set_data($default_values) {
if (is_object($default_values)) {
$default_values = (array)$default_values;
}
- $filter = $slashed ? 'stripslashes' : NULL;
- $this->_form->setDefaults($default_values, $filter);
+ $this->_form->setDefaults($default_values);
}
/**
/**
* Return submitted data if properly submitted or returns NULL if validation fails or
* if there is no submitted data.
+ *
+ * note: $slashed param removed
*
- * @param bool $slashed true means return data with addslashes applied
* @return object submitted data; NULL if not valid or not submitted
*/
- function get_data($slashed=true) {
+ function get_data() {
$mform =& $this->_form;
if ($this->is_submitted() and $this->is_validated()) {
- $data = $mform->exportValues(null, $slashed);
+ $data = $mform->exportValues();
unset($data['sesskey']); // we do not need to return sesskey
unset($data['_qf__'.$this->_formname]); // we do not need the submission marker too
if (empty($data)) {
/**
* Return submitted data without validation or NULL if there is no submitted data.
+ * note: $slashed param removed
*
- * @param bool $slashed true means return data with addslashes applied
* @return object submitted data; NULL if not submitted
*/
- function get_submitted_data($slashed=true) {
+ function get_submitted_data() {
$mform =& $this->_form;
if ($this->is_submitted()) {
- $data = $mform->exportValues(null, $slashed);
+ $data = $mform->exportValues();
unset($data['sesskey']); // we do not need to return sesskey
unset($data['_qf__'.$this->_formname]); // we do not need the submission marker too
if (empty($data)) {
$submission[$key] = clean_param($s, $this->_types[$key]);
}
}
- $this->_submitValues = $this->_recursiveFilter('stripslashes', $submission);
+ $this->_submitValues = $submission;
$this->_flagSubmitted = true;
}
if (empty($files)) {
$this->_submitFiles = array();
} else {
- if (1 == get_magic_quotes_gpc()) {
- foreach (array_keys($files) as $elname) {
- // dangerous characters in filenames are cleaned later in upload_manager
- $files[$elname]['name'] = stripslashes($files[$elname]['name']);
- }
- }
$this->_submitFiles = $files;
$this->_flagSubmitted = true;
}
* Initializes a default form value. Used to specify the default for a new entry where
* no data is loaded in using moodleform::set_data()
*
+ * note: $slashed param removed
+ *
* @param string $elementname element name
* @param mixed $values values for that element name
- * @param bool $slashed the default value is slashed
* @access public
* @return void
*/
- function setDefault($elementName, $defaultValue, $slashed=false){
- $filter = $slashed ? 'stripslashes' : NULL;
- $this->setDefaults(array($elementName=>$defaultValue), $filter);
+ function setDefault($elementName, $defaultValue){
+ $this->setDefaults(array($elementName=>$defaultValue));
} // end func setDefault
/**
* Add an array of buttons to the form
}
}
- function exportValues($elementList= null, $addslashes=true){
+ function exportValues($elementList = null){
$unfiltered = array();
if (null === $elementList) {
// iterate over all elements, calling their exportValue() methods
}
}
- if ($addslashes){
- return $this->_recursiveFilter('addslashes', $unfiltered);
- } else {
- return $unfiltered;
- }
+ return $unfiltered;
}
/**
* Adds a validation rule for the given field
*/
public function get_record_data() {
$data = new object();
- // we need to do this to prevent infinite loops in addslashes_recursive - grade_item -> category ->grade_item
+
foreach ($this as $var=>$value) {
if (in_array($var, $this->required_fields) or array_key_exists($var, $this->optional_fields)) {
if (is_object($value) or is_array($value)) {
/**
* PARAM_CLEANHTML - cleans submitted HTML code and removes slashes
- * note: do not forget to addslashes() before storing into database!
*/
define('PARAM_CLEANHTML',0x1000);
if (is_numeric($param)) {
return $param;
}
- $param = stripslashes($param); // Needed for kses to work fine
- $param = clean_text($param); // Sweep for scripts, etc
- return addslashes($param); // Restore original request parameter slashes
+ return clean_text($param); // Sweep for scripts, etc
case PARAM_CLEANHTML: // prepare html fragment for display, do not store it into db!!
- $param = stripslashes($param); // Remove any slashes
$param = clean_text($param); // Sweep for scripts, etc
return trim($param);
global $QTYPES;
// initialise response to the value in the answer field
- $state->responses = array('' => addslashes($state->answer));
+ $state->responses = array('' => $state->answer);
unset($state->answer);
- $state->manualcomment = isset($state->manualcomment) ? addslashes($state->manualcomment) : '';
+ $state->manualcomment = isset($state->manualcomment) ? $state->manualcomment : '';
// Set the changed field to false; any code which changes the
// question session must set this to true and must increment
function _recaptcha_qsencode ($data) {
$req = "";
foreach ( $data as $key => $value )
- $req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
+ $req .= $key . '=' . urlencode( $value ) . '&';
// Cut the last '&'
$req=substr($req,0,strlen($req)-1);
// Need to think about this some more.
function sanitize($userstring){
- return htmlspecialchars(addslashes($userstring));
+ return htmlspecialchars($userstring);
}
function getValue(){
return $this->value;
. "cannot work with magic_quotes_gpc. Please disable "
. "magic_quotes_gpc.");
}
-/// A hack to get around magic_quotes_gpc being turned off
-/// It is strongly recommended to enable "magic_quotes_gpc"!
- if (!ini_get_bool('magic_quotes_gpc') && !defined('MOODLE_SANE_INPUT') ) {
- function addslashes_deep($value) {
+/// A hack to get around magic_quotes_gpc being turned on
+/// It is strongly recommended to disable "magic_quotes_gpc"!
+ if (ini_get_bool('magic_quotes_gpc')) {
+ function stripslashes_deep($value) {
$value = is_array($value) ?
- array_map('addslashes_deep', $value) :
- addslashes($value);
+ array_map('stripslashes_deep', $value) :
+ stripslashes($value);
return $value;
}
- $_POST = array_map('addslashes_deep', $_POST);
- $_GET = array_map('addslashes_deep', $_GET);
- $_COOKIE = array_map('addslashes_deep', $_COOKIE);
- $_REQUEST = array_map('addslashes_deep', $_REQUEST);
+ $_POST = array_map('stripslashes_deep', $_POST);
+ $_GET = array_map('stripslashes_deep', $_GET);
+ $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+ $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
if (!empty($_SERVER['REQUEST_URI'])) {
- $_SERVER['REQUEST_URI'] = addslashes($_SERVER['REQUEST_URI']);
+ $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
}
if (!empty($_SERVER['QUERY_STRING'])) {
- $_SERVER['QUERY_STRING'] = addslashes($_SERVER['QUERY_STRING']);
+ $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
}
if (!empty($_SERVER['HTTP_REFERER'])) {
- $_SERVER['HTTP_REFERER'] = addslashes($_SERVER['HTTP_REFERER']);
+ $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
}
if (!empty($_SERVER['PATH_INFO'])) {
- $_SERVER['PATH_INFO'] = addslashes($_SERVER['PATH_INFO']);
+ $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
}
if (!empty($_SERVER['PHP_SELF'])) {
- $_SERVER['PHP_SELF'] = addslashes($_SERVER['PHP_SELF']);
+ $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
}
if (!empty($_SERVER['PATH_TRANSLATED'])) {
- $_SERVER['PATH_TRANSLATED'] = addslashes($_SERVER['PATH_TRANSLATED']);
+ $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
}
}
*
* Checks that submitted POST data exists and returns it as object.
*
- * @param bool slashes TEMPORARY - false if strip magic quotes
* @return mixed false or object
*/
-function data_submitted($slashes=true) {
+function data_submitted() {
if (empty($_POST)) {
return false;
} else {
- if ($slashes===false) {
- $post = stripslashes_recursive($_POST); // temporary hack before magic quotes removal
- return (object)$post;
- } else {
- return (object)$_POST;
- }
+ return (object)$_POST;
}
}
return $new_var;
}
-/**
- * Recursive implementation of addslashes()
- *
- * This function will allow you to add the slashes from a variable.
- * If the variable is an array or object, slashes will be added
- * to the items (or properties) it contains, even if they are arrays
- * or objects themselves.
- *
- * @param mixed the variable to add slashes from
- * @return mixed
- */
-function addslashes_recursive($var) {
- if (is_object($var)) {
- $new_var = new object();
- $properties = get_object_vars($var);
- foreach($properties as $property => $value) {
- $new_var->$property = addslashes_recursive($value);
- }
-
- } else if (is_array($var)) {
- $new_var = array();
- foreach($var as $property => $value) {
- $new_var[$property] = addslashes_recursive($value);
- }
-
- } else if (is_string($var)) {
- $new_var = addslashes($var);
-
- } else { // nulls, integers, etc.
- $new_var = $var;
- }
-
- return $new_var;
-}
-
/**
* Given some normal text this function will break up any
* long words to a given size by inserting the given character
$pathinfo = explode($file, $string);
if (!empty($pathinfo[1])) {
- return addslashes($pathinfo[1]);
+ return $pathinfo[1];
} else {
return false;
}
* function that modifies the data! We do not know the origin of trusttext
* in database, if it gets there in tweaked form we must not convert it
* to supported form!!!
- *
- * Please be carefull not to use stripslashes on data from database
- * or twice stripslashes when processing data recieved from user.
- *
* @param string $text text that may contain TRUSTTEXT marker
* @return text without any TRUSTTEXT marker
*/
*/
function print_heading_with_help($text, $helppage, $module='moodle', $icon='', $return=false) {
$output = '<div class="heading-with-help">';
- $output .= '<h2 class="main help">'.$icon.stripslashes_safe($text).'</h2>';
+ $output .= '<h2 class="main help">'.$icon.$text.'</h2>';
$output .= helpbutton($helppage, $text, $module, true, false, '', true);
$output .= '</div>';
function print_heading_block($heading, $class='', $return=false) {
//Accessibility: 'headingblock' is now H1, see theme/standard/styles_*.css: ??
- $output = '<h2 class="headingblock header '.$class.'">'.stripslashes($heading).'</h2>';
+ $output = '<h2 class="headingblock header '.$class.'">'.$heading.'</h2>';
if ($return) {
return $output;
function print_box($message, $classes='generalbox', $ids='', $return=false) {
$output = print_box_start($classes, $ids, true);
- $output .= stripslashes_safe($message);
$output .= print_box_end(true);
if ($return) {
function print_container($message, $clearfix=false, $classes='', $idbase='', $return=false) {
$output = print_container_start($clearfix, $classes, $idbase, true);
- $output .= stripslashes_safe($message);
$output .= print_container_end(true);
if ($return) {
if ($mform->is_cancelled()) {
redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&course='.$course->id);
- } else if ($data = $mform->get_data(false)) {
+ } else if ($data = $mform->get_data()) {
if (!$userauth->user_update_password($USER, $data->newpassword1)) {
print_error('errorpasswordupdate', 'auth');
print_header($strforgotten, $strforgotten, $navigation);
print_error('secretalreadyused');
- } else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
+ } else if (!empty($user) and $user->secret == $p_secret) {
// make sure that url relates to a valid user
// check this isn't guest user
if ($user) {
$frm->username = $user->username;
} else {
- $frm = data_submitted(false);
+ $frm = data_submitted();
}
} else {
- $frm = data_submitted(false);
+ $frm = data_submitted();
}
/// Check if the user has actually submitted login data to us
if ($mform_signup->is_cancelled()) {
redirect($CFG->httpswwwroot.'/login/index.php');
- } else if ($user = $mform_signup->get_data(false)) {
+ } else if ($user = $mform_signup->get_data()) {
$user->confirmed = 0;
$user->lang = current_language();
$user->firstaccess = time();
function message_print_search() {
global $USER;
- if ($frm = data_submitted(false)) {
+ if ($frm = data_submitted()) {
message_print_search_results($frm);
function message_print_settings() {
global $USER;
- if ($frm = data_submitted(false)) {
+ if ($frm = data_submitted()) {
$pref = array();
$pref['message_showmessagewindow'] = (isset($frm->showmessagewindow)) ? '1' : '0';
}
if ($emailforced || (time() - $userto->lastaccess) > ((int)$preference->message_emailtimenosee * 60)) { // Long enough
- $message = stripslashes_safe($message);
$tagline = get_string('emailtagline', 'message', $SITE->shortname);
$messagesubject = preg_replace('/\s+/', ' ', strip_tags($message)); // make sure it's all on one line
if ($message!='' and confirm_sesskey()) { /// Current user has just sent a message
/// Save it to the database...
- $messageid = message_post_message($USER, $user, addslashes($message), $format, 'direct');
+ $messageid = message_post_message($USER, $user, $message, $format, 'direct');
/// Format the message as HTML
$options = NULL;
global $CFG, $USER;
require_once($CFG->libdir.'/gradelib.php');
- if (!$feedback = data_submitted(false)) { // No incoming data?
+ if (!$feedback = data_submitted()) { // No incoming data?
return false;
}
require_once($CFG->libdir.'/gradelib.php');
- if (!$formdata = data_submitted(false)) {
+ if (!$formdata = data_submitted()) {
return;
}
die;
}
- if ($data = $mform->get_data(false) and $action == 'savenotes') {
+ if ($data = $mform->get_data() and $action == 'savenotes') {
$submission = $this->get_submission($USER->id, true); // get or create submission
$updated = new object();
$updated->id = $submission->id;
$returnurl = "submissions.php?id={$this->cm->id}&userid=$userid&mode=$mode&offset=$offset";
- if (data_submitted('nomatch') and $this->can_manage_responsefiles()) {
+ if (data_submitted() and $this->can_manage_responsefiles()) {
$dir = $this->file_area_name($userid).'/responses';
check_dir_exists($CFG->dataroot.'/'.$dir, true, true);
/// Clean up the message
- $chat_message = clean_text(stripslashes($chat_message), FORMAT_MOODLE); // Strip bad tags
+ $chat_message = clean_text($chat_message, FORMAT_MOODLE); // Strip bad tags
/// Add the message to the database
switch ($forcepublish) {
case CHOICE_PUBLISH_NAMES:
echo '<div id="tablecontainer">';
- echo '<form id="attemptsform" method="post" action="'.$_SERVER['PHP_SELF'].'" onsubmit="var menu = document.getElementById(\'menuaction\'); return (menu.options[menu.selectedIndex].value == \'delete\' ? \''.addslashes(get_string('deleteattemptcheck','quiz')).'\' : true);">';
+ echo '<form id="attemptsform" method="post" action="'.$_SERVER['PHP_SELF'].'" onsubmit="var menu = document.getElementById(\'menuaction\'); return (menu.options[menu.selectedIndex].value == \'delete\' ? \''.addslashes_js(get_string('deleteattemptcheck','quiz')).'\' : true);">';
echo '<div>';
echo '<input type="hidden" name="id" value="'.$cm->id.'" />';
echo '<input type="hidden" name="mode" value="overview" />';
switch ($mode) {
case 'add':
- if (!$formadata = $mform->get_data(false)) {
+ if (!$formadata = $mform->get_data()) {
break; // something is wrong here, try again
}
/// Process incoming data for adding/updating records
- if ($datarecord = data_submitted(false) and confirm_sesskey()) {
+ if ($datarecord = data_submitted() and confirm_sesskey()) {
$ignorenames = array('MAX_FILE_SIZE','sesskey','d','rid','saveandview','cancel'); // strings to be ignored in input data
switch ($mode) {
case 'add': ///add a new field
- if (confirm_sesskey() and $fieldinput = data_submitted(false)){
+ if (confirm_sesskey() and $fieldinput = data_submitted()){
//$fieldinput->name = data_clean_field_name($fieldinput->name);
case 'update': ///update a field
- if (confirm_sesskey() and $fieldinput = data_submitted(false)){
+ if (confirm_sesskey() and $fieldinput = data_submitted()){
//$fieldinput->name = data_clean_field_name($fieldinput->name);
return '';
}
- return choose_from_menu($options, 'f_'.$this->field->id, stripslashes($content), ' ', '', 0, true);
+ return choose_from_menu($options, 'f_'.$this->field->id, $content, ' ', '', 0, true);
}
function parse_search_field() {
/// html editor is by default disabled
$editor = isset($SESSION->data_use_editor) ? $SESSION->data_use_editor : (can_use_html_editor() ? 1 : 0);
- if (($mytemplate = data_submitted($CFG->wwwroot.'/mod/data/templates.php')) && confirm_sesskey()) {
+ if (($mytemplate = data_submitted()) && confirm_sesskey()) {
$newtemplate->id = $data->id;
$newtemplate->{$mode} = $mytemplate->template;
$id = required_param('id', PARAM_INT); //the POST dominated the GET
- $formdata = data_submitted('nomatch');
+ $formdata = data_submitted();
if ($id) {
if (! $cm = get_coursemodule_from_id('feedback', $id)) {
foreach($items as $item) {
$worksheet->setFormat('<l><f><ru2>');
- $worksheet->write_string($rowOffset, $colOffset, stripslashes_safe($item->name));
+ $worksheet->write_string($rowOffset, $colOffset, $item->name);
$colOffset++;
}
$highlightrequired = false;
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
if($feedback->page_after_submit) {
// print_simple_box_start('center', '75%');
print_box_start('generalbox boxaligncenter boxwidthwide');
- echo format_text(stripslashes_safe($feedback->page_after_submit));
+ echo format_text($feedback->page_after_submit);
// print_simple_box_end();
print_box_end();
} else {
$highlightrequired = false;
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
if($feedback->page_after_submit) {
// print_simple_box_start('center', '75%');
print_box_start('generalbox boxaligncenter boxwidthwide');
- echo format_text(stripslashes_safe($feedback->page_after_submit));
+ echo format_text($feedback->page_after_submit);
// print_simple_box_end();
print_box_end();
} else {
$canceldelete = optional_param('canceldelete', false, PARAM_INT);
$shoulddelete = optional_param('shoulddelete', false, PARAM_INT);
$deletetempl = optional_param('deletetempl', false, PARAM_INT);
- // $formdata = data_submitted('nomatch');
+ // $formdata = data_submitted();
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
$id = required_param('id', PARAM_INT);
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
$usehtmleditor = can_use_html_editor();
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
$choosefile = optional_param('choosefile', false, PARAM_PATH);
$action = optional_param('action', false, PARAM_ALPHA);
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
$requiredmark = ($item->required == 1)?'<span class="feedback_required_mark">*</span>':'';
?>
<td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>">
- <?php echo format_text(stripslashes_safe($item->name) . $requiredmark, true, false, false);?>
+ <?php echo format_text($item->name . $requiredmark, true, false, false);?>
<img alt="<?php echo $this->type;?>" src="<?php echo $CFG->wwwroot.htmlspecialchars('/mod/feedback/item/captcha/print_captcha.php?id='.$cmid);?>" />
</td>
<td valign="top" align="<?php echo $align;?>">
}
function create_value($data) {
- $data = addslashes(clean_text($data));
+ $data = clean_text($data);
return $data;
}
//used by create_item and update_item functions,
//when provided $data submitted from feedback_show_edit
function get_presentation($data) {
- return stripslashes($data->presentation);
+ return $data->presentation;
}
function get_hasvalue() {
$item_form->selecttype->setValue($info->subtype);
- $itemvalues = str_replace(FEEDBACK_MULTICHOICE_LINE_SEP, "\n", stripslashes_safe($info->presentation));
+ $itemvalues = str_replace(FEEDBACK_MULTICHOICE_LINE_SEP, "\n", $info->presentation);
$itemvalues = str_replace("\n\n", "\n", $itemvalues);
$item_form->values->setValue($itemvalues);
return $item_form;
// $presentation = '';
// @list($presentation) = explode(FEEDBACK_RADIO_ADJUST_SEP, $item->presentation); //remove the adjustment-info
- $answers = explode (FEEDBACK_MULTICHOICE_LINE_SEP, stripslashes_safe($info->presentation));
+ $answers = explode (FEEDBACK_MULTICHOICE_LINE_SEP, $info->presentation);
if(!is_array($answers)) return null;
//die Werte holen
// @list($presentation) = explode(FEEDBACK_RADIO_ADJUST_SEP, $item->presentation); //remove the adjustment-info
- $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, stripslashes_safe($info->presentation));
+ $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, $info->presentation);
if($info->subtype == 'c') {
$vallist = array_values(explode (FEEDBACK_MULTICHOICE_LINE_SEP, $value->value));
$analysedItem = $this->get_analysed($item, $groupid, $courseid);
if($analysedItem) {
// $itemnr++;
- $itemname = stripslashes($analysedItem[1]);
+ $itemname = $analysedItem[1];
echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . $itemname .'</th></tr>';
$analysedVals = $analysedItem[2];
$pixnr = 0;
$worksheet->setFormat("<l><f><ro2><vo><c:green>");
//frage schreiben
- $worksheet->write_string($rowOffset, 0, stripslashes($analysed_item[1]));
+ $worksheet->write_string($rowOffset, 0, $analysed_item[1]);
if(is_array($data)) {
for($i = 0; $i < sizeof($data); $i++) {
$aData = $data[$i];
$info = $this->get_info($item);
$align = get_string('thisdirection') == 'ltr' ? 'left' : 'right';
- $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, stripslashes_safe($info->presentation));
+ $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, $info->presentation);
//test if required and no value is set so we have to mark this item
}
$requiredmark = ($item->required == 1)?'<span class="feedback_required_mark">*</span>':'';
- echo '<td '.$highlight.' valign="top" align="'.$align.'">'.format_text(stripslashes_safe($item->name).$requiredmark, true, false, false).'</td>';
+ echo '<td '.$highlight.' valign="top" align="'.$align.'">'.format_text($item->name.$requiredmark, true, false, false).'</td>';
echo '<td valign="top" align="'.$align.'">';
}else {
if($highlightrequire AND $item->required AND intval($value) <= 0) {
}
$requiredmark = ($item->required == 1)?'<span class="feedback_required_mark">*</span>':'';
?>
- <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text(stripslashes_safe($item->name) . $requiredmark, true, false, false);?></td>
+ <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text($item->name . $requiredmark, true, false, false);?></td>
<td valign="top" align="<?php echo $align;?>">
<?php
}
//die moeglichen Antworten extrahieren
$info = $this->get_info($item);
$lines = null;
- $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, stripslashes_safe($info->presentation));
+ $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, $info->presentation);
if(!is_array($lines)) return null;
//die Werte holen
$info = $this->get_info($item);
- $presentation = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, stripslashes_safe($info->presentation));
+ $presentation = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, $info->presentation);
$index = 1;
foreach($presentation as $pres){
if($value->value == $index){
if($analysedItem) {
//echo '<table>';
// $itemnr++;
- echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . stripslashes($analysedItem[1]) .'</th></tr>';
+ echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . $analysedItem[1] .'</th></tr>';
$analysedVals = $analysedItem[2];
$pixnr = 0;
$avg = 0.0;
$worksheet->setFormat("<l><f><ro2><vo><c:green>");
//frage schreiben
- $worksheet->write_string($rowOffset, 0, stripslashes($analysed_item[1]));
+ $worksheet->write_string($rowOffset, 0, $analysed_item[1]);
if(is_array($data)) {
$avg = 0.0;
for($i = 0; $i < sizeof($data); $i++) {
$align = get_string('thisdirection') == 'ltr' ? 'left' : 'right';
$info = $this->get_info($item);
- $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, stripslashes_safe($info->presentation));
+ $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, $info->presentation);
$requiredmark = ($item->required == 1)?'<span class="feedback_required_mark">*</span>':'';
if($highlightrequire AND $item->required AND intval($value) <= 0) {
$highlight = 'bgcolor="#FFAAAA" class="missingrequire"';
$highlight = '';
}
?>
- <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text(stripslashes_safe($item->name) . $requiredmark, true, false, false);?></td>
+ <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text($item->name . $requiredmark, true, false, false);?></td>
<td valign="top" align="<?php echo $align;?>">
<?php
$index = 1;
if(isset($values->data) AND is_array($values->data)) {
//echo '<table>';2
// $itemnr++;
- echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . stripslashes($item->name) .'</th></tr>';
+ echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . $item->name .'</th></tr>';
foreach($values->data as $value) {
echo '<tr><td colspan="2" valign="top" align="left">- ' . $value . '</td></tr>';
}
$analysed_item = $this->get_analysed($item, $groupid, $courseid);
$worksheet->setFormat("<l><f><ro2><vo><c:green>");
- $worksheet->write_string($rowOffset, 0, stripslashes($item->name));
+ $worksheet->write_string($rowOffset, 0, $item->name);
$data = $analysed_item->data;
if(is_array($data)) {
// $worksheet->setFormat("<l><ro2><vo>");
?>
<td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>">
<?php
- echo format_text(stripslashes_safe($item->name) . $requiredmark, true, false, false);
+ echo format_text($item->name . $requiredmark, true, false, false);
switch(true) {
case ($range_from === 0 AND $range_to > 0):
echo ' ('.get_string('maximal', 'feedback').': '.$range_to.')';
if($values) {
//echo '<table>';2
// $itemnr++;
- echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . stripslashes_safe($item->name) .'</th></tr>';
+ echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . $item->name .'</th></tr>';
foreach($values as $value) {
echo '<tr><td valign="top" align="left">- </td><td align="left" valign="top">' . str_replace("\n", '<br />', $value->value) . '</td></tr>';
}
$analysed_item = $this->get_analysed($item, $groupid, $courseid);
$worksheet->setFormat("<l><f><ro2><vo><c:green>");
- $worksheet->write_string($rowOffset, 0, stripslashes_safe($item->name));
+ $worksheet->write_string($rowOffset, 0, $item->name);
$data = $analysed_item->data;
if(is_array($data)) {
$worksheet->setFormat("<l><ro2><vo>");
}
$requiredmark = ($item->required == 1)?'<span class="feedback_required_mark">*</span>':'';
?>
- <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text(stripslashes_safe($item->name) . $requiredmark, true, false, false);?></td>
+ <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text($item->name . $requiredmark, true, false, false);?></td>
<td valign="top" align="<?php echo $align;?>">
<?php
if($readonly){
}
function create_value($data) {
- $data = addslashes(clean_text($data));
+ $data = clean_text($data);
return $data;
}
if($values) {
//echo '<table>';2
// $itemnr++;
- echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . stripslashes_safe($item->name) .'</th></tr>';
+ echo '<tr><th colspan="2" align="left">'. $itemnr . ' ' . $item->name .'</th></tr>';
foreach($values as $value) {
echo '<tr><td colspan="2" valign="top" align="left">- ' . str_replace("\n", '<br />', $value->value) . '</td></tr>';
}
$analysed_item = $this->get_analysed($item, $groupid, $courseid);
$worksheet->setFormat("<l><f><ro2><vo><c:green>");
- $worksheet->write_string($rowOffset, 0, stripslashes_safe($item->name));
+ $worksheet->write_string($rowOffset, 0, $item->name);
$data = $analysed_item->data;
if(is_array($data)) {
$worksheet->setFormat("<l><ro2><vo>");
}
$requiredmark = ($item->required == 1)?'<span class="feedback_required_mark">*</span>':'';
?>
- <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text(stripslashes_safe($item->name) . $requiredmark, true, false, false);?></td>
+ <td <?php echo $highlight;?> valign="top" align="<?php echo $align;?>"><?php echo format_text($item->name . $requiredmark, true, false, false);?></td>
<td valign="top" align="<?php echo $align;?>">
<?php
if($readonly){
}
function create_value($data) {
- $data = addslashes(clean_text($data));
+ $data = clean_text($data);
return $data;
}
$coursefilter = optional_param('coursefilter', '', PARAM_INT);
$courseid = optional_param('courseid', false, PARAM_INT);
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
$id = required_param('id', PARAM_INT);
- $formdata = data_submitted('nomatch');
+ $formdata = data_submitted();
if ($id) {
if (! $cm = get_coursemodule_from_id('feedback', $id)) {
require_login($course->id, true, $cm);
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
$id = required_param('id', PARAM_INT);
$userid = optional_param('userid', false, PARAM_INT);
- if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) {
+ if(($formdata = data_submitted()) AND !confirm_sesskey()) {
error('no sesskey defined');
}
$forum->type = "$type";
switch ($forum->type) {
case "news":
- $forum->name = addslashes(get_string("namenews", "forum"));
- $forum->intro = addslashes(get_string("intronews", "forum"));
+ $forum->name = get_string("namenews", "forum");
+ $forum->intro = get_string("intronews", "forum");
$forum->forcesubscribe = FORUM_FORCESUBSCRIBE;
$forum->assessed = 0;
if ($courseid == SITEID) {
}
break;
case "social":
- $forum->name = addslashes(get_string("namesocial", "forum"));
- $forum->intro = addslashes(get_string("introsocial", "forum"));
+ $forum->name = get_string("namesocial", "forum");
+ $forum->intro = get_string("introsocial", "forum");
$forum->assessed = 0;
$forum->forcesubscribe = 0;
break;
//Do some output
if (!defined('RESTORE_SILENTLY')) {
- echo "<li>".get_string("modulename","forum")." \"".format_string(stripslashes($forum->name),true)."\"</li>";
+ echo "<li>".get_string("modulename","forum")." \"".format_string($forum->name,true)."\"</li>";
}
backup_flush(300);
print_heading("$strsearchresults: $totalcount");
- print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode(stripslashes($search))."&id=$course->id&perpage=$perpage&");
+ print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode($search)."&id=$course->id&perpage=$perpage&");
//added to implement highlighting of search terms found only in HTML markup
//fiedorow - 9/2/2005
$fulllink, $strippedsearch, -99, false);
}
- print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode(stripslashes($search))."&id=$course->id&perpage=$perpage&");
+ print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode($search)."&id=$course->id&perpage=$perpage&");
print_footer($course);
$strsubscribers = get_string("subscribers", "forum");
$strforums = get_string("forums", "forum");
- if ($frm = data_submitted(false)) {
+ if ($frm = data_submitted()) {
/// A form was submitted so process the input
redirect("comments.php?id=$cm->id&eid=$entry->id");
}
- if ($data = $mform->get_data(false)) {
+ if ($data = $mform->get_data()) {
trusttext_after_edit($data->entrycomment, $context);
$newcomment = new object();
trusttext_prepare_edit($comment->entrycomment, $comment->format, can_use_html_editor(), $context);
$mform->set_data(array('cid'=>$cid, 'action'=>'edit', 'entrycomment'=>$comment->entrycomment, 'format'=>$comment->format));
- if ($data = $mform->get_data(false)) {
+ if ($data = $mform->get_data()) {
trusttext_after_edit($data->entrycomment, $context);
$updatedcomment = new object();
redirect("view.php?id=$cm->id");
}
-} elseif ($fromform = $mform->get_data(false)) {
+} elseif ($fromform = $mform->get_data()) {
trusttext_after_edit($fromform->definition, $context);
if ( !isset($fromform->usedynalink) ) {
// Inserting the entries
$xmlentry = $xmlentries[$i];
unset($newentry);
- $newentry->concept = trim(addslashes($xmlentry['#']['CONCEPT'][0]['#']));
- $newentry->definition = trusttext_strip(addslashes($xmlentry['#']['DEFINITION'][0]['#']));
+ $newentry->concept = trim($xmlentry['#']['CONCEPT'][0]['#']);
+ $newentry->definition = trusttext_strip($xmlentry['#']['DEFINITION'][0]['#']);
if ( isset($xmlentry['#']['CASESENSITIVE'][0]['#']) ) {
- $newentry->casesensitive = addslashes($xmlentry['#']['CASESENSITIVE'][0]['#']);
+ $newentry->casesensitive = $xmlentry['#']['CASESENSITIVE'][0]['#'];
} else {
- $newentry->casesensitive = $CFG->glossary_casesensitive;
+ $newentry->casesensitive = $CFG->glossary_casesensitive;
}
$permissiongranted = 1;
$returnurl = $CFG->wwwroot.'/mod/glossary/view.php?id='.$cm->id;
}
- if ($data = data_submitted(false)) { // form submitted
+ if ($data = data_submitted()) { // form submitted
foreach ((array)$data as $entryid => $rating) {
if (!is_numeric($entryid)) {
continue;
}
// remove slashes added by lib/setup.php
- $attempt->details = stripslashes($attempt->details);
+ $attempt->details = $attempt->details;
// add details of this attempt
hotpot_add_attempt_details($attempt);
hotpot_get_titles_and_next_ex($hotpot, $xml_quiz->filepath);
}
if ($textfield=='name') {
- $hotpot->$textfield = addslashes($hotpot->exercisetitle);
+ $hotpot->$textfield = $hotpot->exercisetitle;
} else if ($textfield=='summary') {
- $hotpot->$textfield = addslashes($hotpot->exercisesubtitle);
+ $hotpot->$textfield = $hotpot->exercisesubtitle;
}
}
switch ($hotpot->$textsource) {
$table->finish = '<center>'."\n";
$table->finish .= '<input type="submit" value="'.get_string("deleteselected").'" /> '."\n";
if ($abandoned) {
- $table->finish .= '<input type="button" value="'.get_string('deleteabandoned', 'hotpot').'" onClick="if(deletecheck('."'".addslashes(get_string('deleteabandonedcheck', 'hotpot', $abandoned))."', 'abandoned', true".')) document.getElementById(\'deleteform\').submit();" />'."\n";
+ $table->finish .= '<input type="button" value="'.get_string('deleteabandoned', 'hotpot').'" onClick="if(deletecheck('."'".addslashes_js(get_string('deleteabandonedcheck', 'hotpot', $abandoned))."', 'abandoned', true".')) document.getElementById(\'deleteform\').submit();" />'."\n";
}
- $table->finish .= '<input type="button" value="'.get_string("deleteall").'" onClick="if(deletecheck('."'".addslashes($strdeletecheck)."', 'all', true".'))document.getElementById(\'deleteform\').submit();" />'."\n";
+ $table->finish .= '<input type="button" value="'.get_string("deleteall").'" onClick="if(deletecheck('."'".addslashes_js($strdeletecheck)."', 'all', true".'))document.getElementById(\'deleteform\').submit();" />'."\n";
$table->finish .= '</center>'."\n";
$table->finish .= '</form>'."\n";
}
$tables[] = &$table;
}
function deleteform_javascript() {
- $strselectattempt = addslashes(get_string('selectattempt','hotpot'));
+ $strselectattempt = addslashes_js(get_string('selectattempt','hotpot'));
return <<<END_OF_JAVASCRIPT
<script type="text/javascript">
<!--
$more_restore = '';
// print a message after each hotpot is backed up
if (!defined('RESTORE_SILENTLY')) {
- $more_restore .= 'print "<li>".get_string("modulename", "hotpot")." "".format_string(stripslashes($record->name),true).""</li>";';
+ $more_restore .= 'print "<li>".get_string("modulename", "hotpot")." "".format_string($record->name,true).""</li>";';
}
$more_restore .= 'backup_flush(300);';
if (function_exists('restore_userdata_selected')) {
$more_restore .= 'hotpot_restore_details($restore, $status, $xml, $record);';
if ($hotpot_v20) {
// HotPot v2.0.x (regenerate questions and responses from details)
- $more_restore .= '$record->details=stripslashes($record->details);';
$more_restore .= 'hotpot_add_attempt_details($record);'; // see "hotpot/lib.php"
} else {
// HotPot v2.1+
$userresponse->score = 0;
$userresponse->answer = $useranswer;
$userresponse->response = "";
- $userresponse = addslashes(serialize($userresponse));
+ $userresponse = serialize($userresponse);
- $studentanswer = s(stripslashes_safe($useranswer));
+ $studentanswer = s($useranswer);
break;
case LESSON_SHORTANSWER :
if (!$useranswer = $_POST['answer']) {
$noanswer = true;
break;
}
- $useranswer = s(stripslashes(clean_param($useranswer, PARAM_RAW)));
- $userresponse = addslashes($useranswer);
+ $useranswer = s(clean_param($useranswer, PARAM_RAW));
if (!$answers = $DB->get_records("lesson_answers", array("pageid" => $pageid), "id")) {
print_error("Continue: No answers found");
}
if (isset($_POST['response']) && is_array($_POST['response'])) { // only arrays should be submitted
$response = array();
foreach ($_POST['response'] as $key => $value) {
- $response[$key] = stripslashes($value);
+ $response[$key] = $value;
}
} else {
$noanswer = true;
}
$newpage->title = clean_param($form->title, PARAM_CLEANHTML);
$newpage->contents = trim($form->contents);
- $newpage->title = addslashes($newpage->title);
+ $newpage->title = $newpage->title;
$newpageid = $DB->insert_record("lesson_pages", $newpage);
if (!$newpageid) {
print_error("Insert page: new page not inserted");
}
$newpage->title = clean_param($form->title, PARAM_CLEANHTML);
$newpage->contents = trim($form->contents);
- $newpage->title = addslashes($newpage->title);
+ $newpage->title = $newpage->title;
$newpageid = $DB->insert_record("lesson_pages", $newpage);
if (!$newpageid) {
print_error("Insert page: new first page not inserted");
}
$newpage->title = clean_param($form->title, PARAM_CLEANHTML);
$newpage->contents = trim($form->contents);
- $newpage->title = addslashes($newpage->title);
+ $newpage->title = $newpage->title;
$newpageid = $DB->insert_record("lesson_pages", $newpage);
if (!$newpageid) {
print_error("Insert page: first page not inserted");
}
$page->title = clean_param($form->title, PARAM_CLEANHTML);
$page->contents = trim($form->contents);
- $page->title = addslashes($page->title);
+ $page->title = $page->title;
if (!$DB->update_record("lesson_pages", $page)) {
print_error("Update page: page not updated");
}
break;
case 'update':
- if (confirm_sesskey() and $form = data_submitted($CFG->wwwroot.'/mod/lesson/essay.php')) {
+ if (confirm_sesskey() and $form = data_submitted()) {
if (optional_param('cancel', 0)) {
redirect("$CFG->wwwroot/mod/lesson/essay.php?id=$cm->id");
}
$essayinfo->graded = 1;
$essayinfo->score = clean_param($form->score, PARAM_INT);
- $essayinfo->response = stripslashes_safe(clean_param($form->response, PARAM_RAW));
+ $essayinfo->response = clean_param($form->response, PARAM_RAW);
$essayinfo->sent = 0;
if (!$lesson->custom && $essayinfo->score == 1) {
$attempt->correct = 1;
$attempt->correct = 0;
}
- $attempt->useranswer = addslashes(serialize($essayinfo));
+ $attempt->useranswer = serialize($essayinfo);
if (!$DB->update_record('lesson_attempts', $attempt)) {
print_error('Could not update essay score');
// Set rest of the message values
$a->question = format_text($pages[$attempt->pageid]->contents, FORMAT_MOODLE, $options);
- $a->response = s(stripslashes_safe($essayinfo->answer));
+ $a->response = s($essayinfo->answer);
$a->teacher = $course->teacher;
$a->comment = s($essayinfo->response);
if(email_to_user($users[$attempt->userid], $USER, $subject, $plaintxt, $message)) {
$essayinfo->sent = 1;
- $attempt->useranswer = addslashes(serialize($essayinfo));
+ $attempt->useranswer = serialize($essayinfo);
$DB->update_record('lesson_attempts', $attempt);
// Log it
add_to_log($course->id, 'lesson', 'update email essay grade', "essay.php?id=$cm->id", format_string($pages[$attempt->pageid]->title,true).': '.fullname($users[$attempt->userid]), $cm->id);
$essayinfo = unserialize($attempt->useranswer);
$table->head = array(get_string('studentresponse', 'lesson', fullname($user, true)));
- $table->data[] = array(s(stripslashes_safe($essayinfo->answer)));
+ $table->data[] = array(s($essayinfo->answer));
print_table($table);
case MATCH :
$count++;
- echo "<hr><p><b>$count</b>. ".stripslashes($question->questiontext)."</p>";
+ echo "<hr><p><b>$count</b>. ".$question->questiontext."</p>";
$newpage = new stdClass;
$newpage->lessonid = $lesson->id;
$newpage->qtype = $this->qtypeconvert[$question->qtype];
switch ($mode) {
case 'add':
// Ensure that we came from view.php
- if (!confirm_sesskey() or !data_submitted("$CFG->wwwroot/mod/lesson/view.php")) {
+ if (!confirm_sesskey() or !data_submitted()) {
print_error('Incorrect Form Data');
}
break;
/// Process any form data before fetching attempts, grades and times
if (has_capability('mod/lesson:edit', $context) and
- $form = data_submitted($CFG->wwwroot.'/mod/lesson/report.php') and
+ $form = data_submitted() and
confirm_sesskey()) {
/// Cycle through array of userids with nested arrays of tries
if (!empty($form->attempts)) {
// dont think this should ever be reached....
$avescore = get_string("nooneansweredthisquestion", "lesson");
}
- $answerdata->answers[] = array(s(stripslashes_safe($essayinfo->answer)), $avescore);
+ $answerdata->answers[] = array(s($essayinfo->answer), $avescore);
break;
case LESSON_BRANCHTABLE :
$data = "<input type=\"button\" name=\"$answer->id\" value=\"".strip_tags(format_text($answer->answer, FORMAT_MOODLE,$formattextdefoptions))."\" disabled=\"disabled\"> ";
case LESSON_ESSAY :
if (isset($USER->modattempts[$lesson->id])) {
$essayinfo = unserialize($attempt->useranswer);
- $value = s(stripslashes_safe($essayinfo->answer));
+ $value = s($essayinfo->answer);
} else {
$value = "";
}
'cmi._version':{'defaultvalue':'3.4', 'mod':'r', 'writeerror':'402'},
'cmi.core._children':{'defaultvalue':core_children, 'mod':'r', 'writeerror':'402'},
'cmi.core.student_id':{'defaultvalue':'<?php echo $userdata->student_id ?>', 'mod':'r', 'writeerror':'403'},
- 'cmi.core.student_name':{'defaultvalue':'<?php echo addslashes($userdata->student_name) ?>', 'mod':'r', 'writeerror':'403'},
+ 'cmi.core.student_name':{'defaultvalue':'<?php echo addslashes_js($userdata->student_name) ?>', 'mod':'r', 'writeerror':'403'},
'cmi.core.lesson_location':{'defaultvalue':'<?php echo isset($userdata->{'cmi.core.lesson_location'})?$userdata->{'cmi.core.lesson_location'}:'' ?>', 'format':CMIString256, 'mod':'rw', 'writeerror':'405'},
'cmi.core.credit':{'defaultvalue':'<?php echo $userdata->credit ?>', 'mod':'r', 'writeerror':'403'},
'cmi.core.lesson_status':{'defaultvalue':'<?php echo isset($userdata->{'cmi.core.lesson_status'})?$userdata->{'cmi.core.lesson_status'}:'' ?>', 'format':CMIStatus, 'mod':'rw', 'writeerror':'405'},
<?php
if (isset($userdata->status)) {
- //if ($userdata->status == ''&& (!(($userdata->{'cmi.exit'} == 'suspend') || ($userdata->{'cmi.exit'} == 'logout'))&& !($userdata->{'adl.nav.request'} == 'suspendAll'))||($userdata->{'cmi.exit'} == 'normal')) { //antes solo llegaba esta línea hasta el &&
+ //if ($userdata->status == ''&& (!(($userdata->{'cmi.exit'} == 'suspend') || ($userdata->{'cmi.exit'} == 'logout'))&& !($userdata->{'adl.nav.request'} == 'suspendAll'))||($userdata->{'cmi.exit'} == 'normal')) { //antes solo llegaba esta l�nea hasta el &&
if (!isset($userdata->{'cmi.exit'}) || (($userdata->{'cmi.exit'} == 'time-out') || ($userdata->{'cmi.exit'} == 'normal'))) {
$userdata->entry = 'ab-initio';
} else {
'cmi.interactions.n.description':{'pattern':CMIIndex, 'format':CMILangString250, 'mod':'rw'},
'cmi.launch_data':{'defaultvalue':<?php echo isset($userdata->datafromlms)?'\''.$userdata->datafromlms.'\'':'null' ?>, 'mod':'r'},
'cmi.learner_id':{'defaultvalue':'<?php echo $userdata->student_id ?>', 'mod':'r'},
- 'cmi.learner_name':{'defaultvalue':'<?php echo addslashes($userdata->student_name) ?>', 'mod':'r'},
+ 'cmi.learner_name':{'defaultvalue':'<?php echo addslashes_js($userdata->student_name) ?>', 'mod':'r'},
'cmi.learner_preference._children':{'defaultvalue':student_preference_children, 'mod':'r'},
'cmi.learner_preference.audio_level':{'defaultvalue':'1', 'format':CMIDecimal, 'range':audio_range, 'mod':'rw'},
'cmi.learner_preference.language':{'defaultvalue':'', 'format':CMILang, 'mod':'rw'},
$parents[$level]='/';
foreach ($scoes as $pos=>$sco) {
$isvisible = false;
- $sco->title = stripslashes($sco->title);
+ $sco->title = $sco->title;
if (isset($optionaldatas[$sco->identifier])) {
if (!isset($optionaldatas[$sco->identifier]->isvisible) ||
(isset($optionaldatas[$sco->identifier]->isvisible) && ($optionaldatas[$sco->identifier]->isvisible == 'true'))) {
if ($block['name'] == 'RESOURCES') {
foreach ($block['children'] as $resource) {
if ($resource['name'] == 'RESOURCE') {
- $resources[addslashes($resource['attrs']['IDENTIFIER'])] = $resource['attrs'];
+ $resources[addslashes_js($resource['attrs']['IDENTIFIER'])] = $resource['attrs'];
}
}
}
}
break;
case 'MANIFEST':
- $manifest = addslashes($block['attrs']['IDENTIFIER']);
+ $manifest = $block['attrs']['IDENTIFIER'];
$organization = '';
$resources = array();
$resources = scorm_get_resources($block['children']);
$sco->identifier = $item;
$sco->title = $item;
$sco->parent = '/';
- $sco->launch = addslashes($resource['HREF']);
- $sco->scormtype = addslashes($resource['ADLCP:SCORMTYPE']);
+ $sco->launch = $resource['HREF'];
+ $sco->scormtype = $resource['ADLCP:SCORMTYPE'];
$scoes->elements[$manifest][$organization][$item] = $sco;
}
}
break;
case 'ORGANIZATIONS':
if (!isset($scoes->defaultorg)) {
- $scoes->defaultorg = addslashes($block['attrs']['DEFAULT']);
+ $scoes->defaultorg = $block['attrs']['DEFAULT'];
}
$scoes = scorm_get_manifest($block['children'],$scoes);
break;
case 'ORGANIZATION':
- $identifier = addslashes($block['attrs']['IDENTIFIER']);
+ $identifier = $block['attrs']['IDENTIFIER'];
$organization = '';
$scoes->elements[$manifest][$organization][$identifier]->identifier = $identifier;
$scoes->elements[$manifest][$organization][$identifier]->parent = '/';
$parent = array_pop($parents);
array_push($parents, $parent);
- $identifier = addslashes($block['attrs']['IDENTIFIER']);
+ $identifier = $block['attrs']['IDENTIFIER'];
$scoes->elements[$manifest][$organization][$identifier]->identifier = $identifier;
$scoes->elements[$manifest][$organization][$identifier]->parent = $parent->identifier;
if (!isset($block['attrs']['ISVISIBLE'])) {
$block['attrs']['ISVISIBLE'] = 'true';
}
- $scoes->elements[$manifest][$organization][$identifier]->isvisible = addslashes($block['attrs']['ISVISIBLE']);
+ $scoes->elements[$manifest][$organization][$identifier]->isvisible = $block['attrs']['ISVISIBLE'];
if (!isset($block['attrs']['PARAMETERS'])) {
$block['attrs']['PARAMETERS'] = '';
}
- $scoes->elements[$manifest][$organization][$identifier]->parameters = addslashes($block['attrs']['PARAMETERS']);
+ $scoes->elements[$manifest][$organization][$identifier]->parameters = $block['attrs']['PARAMETERS'];
if (!isset($block['attrs']['IDENTIFIERREF'])) {
$scoes->elements[$manifest][$organization][$identifier]->launch = '';
$scoes->elements[$manifest][$organization][$identifier]->scormtype = 'asset';
} else {
- $idref = addslashes($block['attrs']['IDENTIFIERREF']);
+ $idref = $block['attrs']['IDENTIFIERREF'];
$base = '';
if (isset($resources[$idref]['XML:BASE'])) {
$base = $resources[$idref]['XML:BASE'];
}
- $scoes->elements[$manifest][$organization][$identifier]->launch = addslashes($base.$resources[$idref]['HREF']);
+ $scoes->elements[$manifest][$organization][$identifier]->launch = $base.$resources[$idref]['HREF'];
if (empty($resources[$idref]['ADLCP:SCORMTYPE'])) {
$resources[$idref]['ADLCP:SCORMTYPE'] = 'asset';
}
- $scoes->elements[$manifest][$organization][$identifier]->scormtype = addslashes($resources[$idref]['ADLCP:SCORMTYPE']);
+ $scoes->elements[$manifest][$organization][$identifier]->scormtype = $resources[$idref]['ADLCP:SCORMTYPE'];
}
$parent = new stdClass();
if (!isset($block['tagData'])) {
$block['tagData'] = '';
}
- $scoes->elements[$manifest][$parent->organization][$parent->identifier]->title = addslashes($block['tagData']);
+ $scoes->elements[$manifest][$parent->organization][$parent->identifier]->title = $block['tagData'];
break;
case 'ADLCP:PREREQUISITES':
if ($block['attrs']['TYPE'] == 'aicc_script') {
if (!isset($block['tagData'])) {
$block['tagData'] = '';
}
- $scoes->elements[$manifest][$parent->organization][$parent->identifier]->prerequisites = addslashes($block['tagData']);
+ $scoes->elements[$manifest][$parent->organization][$parent->identifier]->prerequisites = $block['tagData'];
}
break;
case 'ADLCP:MAXTIMEALLOWED':
if (!isset($block['tagData'])) {
$block['tagData'] = '';
}
- $scoes->elements[$manifest][$parent->organization][$parent->identifier]->maxtimeallowed = addslashes($block['tagData']);
+ $scoes->elements[$manifest][$parent->organization][$parent->identifier]->maxtimeallowed = $block['tagData'];
break;
case 'ADLCP:TIMELIMITACTION':
$parent = array_pop($parents);
if (!isset($block['tagData'])) {
$block['tagData'] = '';
}
- $scoes->elements[$manifest][$parent->organization][$parent->identifier]->timelimitaction = addslashes($block['tagData']);
+ $scoes->elements[$manifest][$parent->organization][$parent->identifier]->timelimitaction = $block['tagData'];
break;
case 'ADLCP:DATAFROMLMS':
$parent = array_pop($parents);
if (!isset($block['tagData'])) {
$block['tagData'] = '';
}
- $scoes->elements[$manifest][$parent->organization][$parent->identifier]->datafromlms = addslashes($block['tagData']);
+ $scoes->elements[$manifest][$parent->organization][$parent->identifier]->datafromlms = $block['tagData'];
break;
case 'ADLCP:MASTERYSCORE':
$parent = array_pop($parents);
if (!isset($block['tagData'])) {
$block['tagData'] = '';
}
- $scoes->elements[$manifest][$parent->organization][$parent->identifier]->masteryscore = addslashes($block['tagData']);
+ $scoes->elements[$manifest][$parent->organization][$parent->identifier]->masteryscore = $block['tagData'];
break;
case 'ADLCP:COMPLETIONTHRESHOLD':
$parent = array_pop($parents);
if (!isset($block['tagData'])) {
$block['tagData'] = '';
}
- $scoes->elements[$manifest][$parent->organization][$parent->identifier]->threshold = addslashes($block['tagData']);
+ $scoes->elements[$manifest][$parent->organization][$parent->identifier]->threshold = $block['tagData'];
break;
case 'ADLNAV:PRESENTATION':
$parent = array_pop($parents);
$newitem->organization = $organization;
$standarddatas = array('parent', 'identifier', 'launch', 'scormtype', 'title');
foreach ($standarddatas as $standarddata) {
- $newitem->$standarddata = addslashes($item->$standarddata);
+ $newitem->$standarddata = $item->$standarddata;
}
$id = 0;
$student = optional_param('student', 0, PARAM_INT); // Student ID
$notes = optional_param('notes', '', PARAM_RAW); //&
