MDL-57580 mod_assign: Fix the incorrect type of some input parameters

author David Mudrák <david@moodle.com>

Thu, 5 Jan 2017 12:20:59 +0000 (13:20 +0100)

committer David Monllao <david.monllao@gmail.com>

Thu, 5 Jan 2017 16:39:36 +0000 (17:39 +0100)
author David Mudrák <david@moodle.com>
Thu, 5 Jan 2017 12:20:59 +0000 (13:20 +0100)
committer David Monllao <david.monllao@gmail.com>
Thu, 5 Jan 2017 16:39:36 +0000 (17:39 +0100)
diff --git a/mod/assign/externallib.php b/mod/assign/externallib.php

index cd52c57..41f74c3 100644 (file)
--- a/mod/assign/externallib.php
+++ b/mod/assign/externallib.php
@@ -895,7 +895,7 @@ class mod_assign_external extends external_api {
                              'locked'           => new external_value(PARAM_INT, 'locked', VALUE_OPTIONAL),
                              'mailed'           => new external_value(PARAM_INT, 'mailed', VALUE_OPTIONAL),
                              'extensionduedate' => new external_value(PARAM_INT, 'extension due date', VALUE_OPTIONAL),
-                            'workflowstate'    => new external_value(PARAM_TEXT, 'marking workflow state', VALUE_OPTIONAL),
+                            'workflowstate'    => new external_value(PARAM_ALPHA, 'marking workflow state', VALUE_OPTIONAL),
                              'allocatedmarker'  => new external_value(PARAM_INT, 'allocated marker', VALUE_OPTIONAL)
                          )
                      )
@@ -1147,7 +1147,7 @@ class mod_assign_external extends external_api {
                              'locked'           => new external_value(PARAM_INT, 'locked'),
                              'mailed'           => new external_value(PARAM_INT, 'mailed'),
                              'extensionduedate' => new external_value(PARAM_INT, 'extension due date'),
-                            'workflowstate'    => new external_value(PARAM_TEXT, 'marking workflow state', VALUE_OPTIONAL),
+                            'workflowstate'    => new external_value(PARAM_ALPHA, 'marking workflow state', VALUE_OPTIONAL),
                              'allocatedmarker'  => new external_value(PARAM_INT, 'allocated marker')
                          )
                      )
diff --git a/mod/assign/locallib.php b/mod/assign/locallib.php

index 1658b28..2bdebc2 100644 (file)
--- a/mod/assign/locallib.php
+++ b/mod/assign/locallib.php
@@ -2752,7 +2752,7 @@ class assign {
          $o = '';
  
          $pluginsubtype = required_param('pluginsubtype', PARAM_ALPHA);
-        $plugintype = required_param('plugin', PARAM_TEXT);
+        $plugintype = required_param('plugin', PARAM_PLUGIN);
          $pluginaction = required_param('pluginaction', PARAM_ALPHA);
  
          $plugin = $this->get_plugin_by_type($pluginsubtype, $plugintype);
@@ -2826,7 +2826,7 @@ class assign {
  
          $submissionid = optional_param('sid', 0, PARAM_INT);
          $gradeid = optional_param('gid', 0, PARAM_INT);
-        $plugintype = required_param('plugin', PARAM_TEXT);
+        $plugintype = required_param('plugin', PARAM_PLUGIN);
          $item = null;
          if ($pluginsubtype == 'assignsubmission') {
              $plugin = $this->get_submission_plugin_by_type($plugintype);
@@ -6170,7 +6170,7 @@ class assign {
              $record->userid = $userid;
              if ($modified >= 0) {
                  $record->grade = unformat_float(optional_param('quickgrade_' . $record->userid, -1, PARAM_TEXT));
-                $record->workflowstate = optional_param('quickgrade_' . $record->userid.'_workflowstate', false, PARAM_TEXT);
+                $record->workflowstate = optional_param('quickgrade_' . $record->userid.'_workflowstate', false, PARAM_ALPHA);
                  $record->allocatedmarker = optional_param('quickgrade_' . $record->userid.'_allocatedmarker', false, PARAM_INT);
              } else {
                  // This user was not in the grading table.
@@ -7337,7 +7337,7 @@ class assign {
          $mform->setType('userid', PARAM_INT);
  
          $mform->addElement('hidden', 'action', 'savesubmission');
-        $mform->setType('action', PARAM_TEXT);
+        $mform->setType('action', PARAM_ALPHA);
      }
  
      /**
diff --git a/mod/assign/view.php b/mod/assign/view.php

index 571df31..830fec3 100644 (file)
--- a/mod/assign/view.php
+++ b/mod/assign/view.php
@@ -37,7 +37,7 @@ require_capability('mod/assign:view', $context);
  
  $assign = new assign($context, $cm, $course);
  $urlparams = array('id' => $id,
-                  'action' => optional_param('action', '', PARAM_TEXT),
+                  'action' => optional_param('action', '', PARAM_ALPHA),
                    'rownum' => optional_param('rownum', 0, PARAM_INT),
                    'useridlistid' => optional_param('useridlistid', $assign->get_useridlist_key_id(), PARAM_ALPHANUM));
  
@@ -52,4 +52,4 @@ $assign->update_effective_access($USER->id);
  
  // Get the assign class to
  // render the page.
-echo $assign->view(optional_param('action', '', PARAM_TEXT));
+echo $assign->view(optional_param('action', '', PARAM_ALPHA));
author	David Mudrák <david@moodle.com>
	Thu, 5 Jan 2017 12:20:59 +0000 (13:20 +0100)
committer	David Monllao <david.monllao@gmail.com>
	Thu, 5 Jan 2017 16:39:36 +0000 (17:39 +0100)
mod/assign/externallib.php		patch \| blob \| blame \| history
mod/assign/locallib.php		patch \| blob \| blame \| history
mod/assign/view.php		patch \| blob \| blame \| history