moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

More required_param and optional_param goodness.

Browse source
This commit is contained in:
defacer 2005-04-12 00:05:06 +00:00
parent 3b723f3b1d
commit 39f899cd1c
1 changed files with 15 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

31
calendar/event.php
View file

@ -50,10 +50,9 @@
redirect(CALENDAR_URL.'view.php?view=upcoming'); redirect(CALENDAR_URL.'view.php?view=upcoming');
} }
require_variable($_REQUEST['action']); $action = required_param('action', PARAM_ALPHA);
optional_variable($_REQUEST['id']); $eventid = optional_param('id', 0, PARAM_INT);
optional_variable($_REQUEST['type'], 'select'); $eventtype = optional_param('type', 'select', PARAM_ALPHA);
$_REQUEST['id'] = intval($_REQUEST['id']); // Always a good idea, against SQL injections
$urlcourse = optional_param('course', 0, PARAM_INT); $urlcourse = optional_param('course', 0, PARAM_INT);
if(!$site = get_site()) { if(!$site = get_site()) {
@ -88,10 +87,10 @@
} }
} }
switch($_REQUEST['action']) { switch($action) {
case 'delete': case 'delete':
$title = get_string('deleteevent', 'calendar'); $title = get_string('deleteevent', 'calendar');
$event = get_record('event', 'id', $_REQUEST['id']); $event = get_record('event', 'id', $eventid);
if($event === false) { if($event === false) {
error('Invalid event'); error('Invalid event');
} }
@ -102,7 +101,7 @@
case 'edit': case 'edit':
$title = get_string('editevent', 'calendar'); $title = get_string('editevent', 'calendar');
$event = get_record('event', 'id', $_REQUEST['id']); $event = get_record('event', 'id', $eventid);
if($event === false) { if($event === false) {
error('Invalid event'); error('Invalid event');
} }
@ -223,14 +222,14 @@
echo '<table id="calendar">'; echo '<table id="calendar">';
echo '<tr><td class="maincalendar">'; echo '<tr><td class="maincalendar">';
switch($_REQUEST['action']) { switch($action) {
case 'delete': case 'delete':
if(!empty($_REQUEST['confirm']) && $_REQUEST['confirm'] == 1) { if(!empty($_REQUEST['confirm']) && $_REQUEST['confirm'] == 1) {
// Kill it and redirect to day view // Kill it and redirect to day view
if(($event = get_record('event', 'id', $_REQUEST['id'])) !== false) { if(($event = get_record('event', 'id', $eventid)) !== false) {
/// Log the event delete. /// Log the event delete.
delete_records('event', 'id', $_REQUEST['id']); delete_records('event', 'id', $eventid);
// pj - fixed the course id problem, but now we have another one: // pj - fixed the course id problem, but now we have another one:
// what to do with the URL? // what to do with the URL?
@ -324,12 +323,12 @@
calendar_get_allowed_types($allowed); calendar_get_allowed_types($allowed);
if(!$allowed->groups && !$allowed->courses && !$allowed->site) { if(!$allowed->groups && !$allowed->courses && !$allowed->site) {
// Take the shortcut // Take the shortcut
$_REQUEST['type'] = 'user'; $eventtype = 'user';
} }
$header = ''; $header = '';
switch($_REQUEST['type']) { switch($eventtype) {
case 'user': case 'user':
$form->name = ''; $form->name = '';
$form->description = ''; $form->description = '';
@ -351,7 +350,7 @@
$groupid = $_REQUEST['groupid']; $groupid = $_REQUEST['groupid'];
if(!($group = get_record('groups', 'id', $groupid) )) { if(!($group = get_record('groups', 'id', $groupid) )) {
calendar_get_allowed_types($allowed); calendar_get_allowed_types($allowed);
$_REQUEST['type'] = 'select'; $eventtype = 'select';
} }
else { else {
$form->name = ''; $form->name = '';
@ -375,7 +374,7 @@
$courseid = $_REQUEST['courseid']; $courseid = $_REQUEST['courseid'];
if(!record_exists('course', 'id', $courseid)) { if(!record_exists('course', 'id', $courseid)) {
calendar_get_allowed_types($allowed); calendar_get_allowed_types($allowed);
$_REQUEST['type'] = 'select'; $eventtype = 'select';
} }
else { else {
$form->name = ''; $form->name = '';
@ -424,7 +423,7 @@
echo '<div class="header">'.get_string('newevent', 'calendar').$header.'</div>'; echo '<div class="header">'.get_string('newevent', 'calendar').$header.'</div>';
if($_REQUEST['type'] == 'select') { if($eventtype == 'select') {
$defaultcourse = $SESSION->cal_course_referer; $defaultcourse = $SESSION->cal_course_referer;
if(isteacheredit($defaultcourse, $USER->id)) { if(isteacheredit($defaultcourse, $USER->id)) {
$defaultgroup = 0; $defaultgroup = 0;
@ -462,7 +461,7 @@
echo '<td class="sidecalendar">'; echo '<td class="sidecalendar">';
echo '<div class="header">'.get_string('monthlyview', 'calendar').'</div>'; echo '<div class="header">'.get_string('monthlyview', 'calendar').'</div>';
echo '<div class="filters">'; echo '<div class="filters">';
echo calendar_filter_controls('event', 'action='.$_REQUEST['action'].'&amp;type='.$_REQUEST['type'].'&amp;id='.$_REQUEST['id']); echo calendar_filter_controls('event', 'action='.$action.'&amp;type='.$eventtype.'&amp;id='.$eventid);
echo '</div>'; echo '</div>';
echo '<div>'; echo '<div>';