From: sam marshall Date: Wed, 7 Nov 2012 10:54:23 +0000 (+0000) Subject: MDL-34612 Grade condition range validation allows impossible conditions X-Git-Tag: v2.3.5~202^2 X-Git-Url: http://git.moodle.org/gw?p=moodle.git;a=commitdiff_plain;h=f84e58d809bc52effd41b3f917367ffc93a70e0e;ds=inline MDL-34612 Grade condition range validation allows impossible conditions --- diff --git a/course/editsection_form.php b/course/editsection_form.php index 73723af5e3b..e9049098276 100644 --- a/course/editsection_form.php +++ b/course/editsection_form.php @@ -174,10 +174,41 @@ class editsection_form extends moodleform { // Conditions: Don't let them set dates which make no sense if (array_key_exists('availablefrom', $data) && $data['availablefrom'] && $data['availableuntil'] && - $data['availablefrom'] > $data['availableuntil']) { + $data['availablefrom'] >= $data['availableuntil']) { $errors['availablefrom'] = get_string('badavailabledates', 'condition'); } + // Conditions: Verify that the grade conditions are numbers, and make sense. + if (array_key_exists('conditiongradegroup', $data)) { + foreach ($data['conditiongradegroup'] as $i => $gradedata) { + if ($gradedata['conditiongrademin'] !== '' && + !is_numeric(unformat_float($gradedata['conditiongrademin']))) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradesmustbenumeric', 'condition'); + continue; + } + if ($gradedata['conditiongrademax'] !== '' && + !is_numeric(unformat_float($gradedata['conditiongrademax']))) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradesmustbenumeric', 'condition'); + continue; + } + if ($gradedata['conditiongrademin'] !== '' && $gradedata['conditiongrademax'] !== '' && + unformat_float($gradedata['conditiongrademax']) <= unformat_float($gradedata['conditiongrademin'])) { + $errors["conditiongradegroup[{$i}]"] = get_string('badgradelimits', 'condition'); + continue; + } + if ($gradedata['conditiongrademin'] === '' && $gradedata['conditiongrademax'] === '' && + $gradedata['conditiongradeitemid']) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradeitembutnolimits', 'condition'); + continue; + } + if (($gradedata['conditiongrademin'] !== '' || $gradedata['conditiongrademax'] !== '') && + !$gradedata['conditiongradeitemid']) { + $errors["conditiongradegroup[{$i}]"] = get_string('gradelimitsbutnoitem', 'condition'); + continue; + } + } + } + return $errors; } } diff --git a/course/moodleform_mod.php b/course/moodleform_mod.php index 292387b9dbd..a62cb976944 100644 --- a/course/moodleform_mod.php +++ b/course/moodleform_mod.php @@ -332,7 +332,7 @@ abstract class moodleform_mod extends moodleform { continue; } if ($gradedata['conditiongrademin'] !== '' && $gradedata['conditiongrademax'] !== '' && - unformat_float($gradedata['conditiongrademax']) < unformat_float($gradedata['conditiongrademin'])) { + unformat_float($gradedata['conditiongrademax']) <= unformat_float($gradedata['conditiongrademin'])) { $errors["conditiongradegroup[{$i}]"] = get_string('badgradelimits', 'condition'); continue; }