Replaced optional_var with optional_param

2025-08-04 16:36:37 +02:00 · 2005-12-07 06:21:58 +00:00 · 2005-12-07 06:21:58 +00:00 · aa8139414e
commit aa8139414e
parent 3a6b53e80d
18 changed files with 85 additions and 90 deletions
--- a/mod/glossary/approve.php
+++ b/mod/glossary/approve.php
@ -3,11 +3,11 @@
    require_once("../../config.php");
    require_once("lib.php");

-    require_variable($id);           // Course Module ID
-    optional_variable($eid);         // Entry ID
+    $id  = required_param('id', PARAM_INT);     // Course Module ID
+    $eid = optional_param('eid', 0,  PARAM_INT);    // Entry ID

-    $mode = optional_param('mode','approval');
-    $hook = optional_param('hook','ALL');
+    $mode = optional_param('mode','approval', PARAM_ALPHA);
+    $hook = optional_param('hook','ALL', PARAM_CLEAN);

    if (! $cm = get_record("course_modules", "id", $id)) {
        error("Course Module ID was incorrect");
--- a/mod/glossary/comment.php
+++ b/mod/glossary/comment.php
@ -4,13 +4,11 @@
    require_once('../../config.php');
    require_once('lib.php');

-    require_variable($id);             // Course Module ID
-    require_variable($eid);            // Entry ID
-    optional_variable($cid,0);         // Comment ID
-
-    optional_variable($confirm,0);     // Confirm the action
-
-    $action = optional_param('action','add');
+    $id   = required_param('id', PARAM_INT);             // Course Module ID
+    $eid  = required_param('eid', PARAM_INT);            // Entry ID
+    $cid  = optional_param('cid', 0, PARAM_INT);         // Comment ID
+    $confirm = optional_param('confirm',0, PARAM_INT);  // Confirm the action
+    $action = optional_param('action','add', PARAM_ALPHA);

    $action = strtolower($action);

--- a/mod/glossary/comments.php
+++ b/mod/glossary/comments.php
@ -4,8 +4,8 @@
    require_once('../../config.php');
    require_once('lib.php');

-    require_variable($id);           // Course Module ID
-    require_variable($eid);         // Entry ID
+    $id  = required_param('id', PARAM_INT);           // Course Module ID
+    $eid = required_param('eid', PARAM_INT);          // Entry ID

    global $USER, $CFG;

--- a/mod/glossary/deleteentry.php
+++ b/mod/glossary/deleteentry.php
@ -3,12 +3,12 @@
    require_once("../../config.php");
    require_once("lib.php");

-    require_variable($id);    // course module ID
-    optional_variable($confirm);  // commit the operation?
-    optional_variable($entry);  // entry id
+    $id      = required_param('id', PARAM_INT);          // course module ID
+    $confirm = optional_param('confirm', 0, PARAM_INT);  // commit the operation?
+    $entry   = optional_param('entry', 0, PARAM_INT);    // entry id

    $prevmode = required_param('prevmode');
-    $hook = optional_param('hook');
+    $hook = optional_param('hook', '', PARAM_CLEAN);

    $strglossary = get_string("modulename", "glossary");
    $strglossaries = get_string("modulenameplural", "glossary");
--- a/mod/glossary/edit.php
+++ b/mod/glossary/edit.php
@ -5,12 +5,12 @@ require_once('lib.php');

 global $CFG, $USER;

-require_variable($id);    // Course Module ID
-optional_variable($e);    // EntryID
-optional_variable($confirm,0);    // proceed. Edit the edtry
+$id = required_param('id', PARAM_INT);                // Course Module ID
+$e  = optional_param('e', 0, PARAM_INT);              // EntryID
+$confirm = optional_param('confirm',0, PARAM_INT);    // proceed. Edit the edtry

-$mode = optional_param('mode'); // categories if by category?
-$hook = optional_param('hook'); // CategoryID
+$mode = optional_param('mode', '', PARAM_ALPHA);      // categories if by category?
+$hook = optional_param('hook', '', PARAM_ALPHANUM);   // CategoryID

 if (! $cm = get_record("course_modules", "id", $id)) {
    error("Course Module ID was incorrect");
--- a/mod/glossary/editcategories.php
+++ b/mod/glossary/editcategories.php
@ -5,17 +5,14 @@
    require_once("../../config.php");
    require_once("lib.php");

-    require_variable($id);    // Course Module ID, or
-    optional_variable($usedynalink);  // category ID
-    optional_variable($confirm);  // confirm the action
+    $id = required_param('id', PARAM_INT);                       // Course Module ID, or
+    $usedynalink = optional_param('usedynalink', 0, PARAM_INT);  // category ID
+    $confirm     = optional_param('confirm', 0, PARAM_INT);      // confirm the action
+    $name        = optional_param('name', '', PARAM_ALPHANUM);  // confirm the name

-    optional_variable($name);  // confirm the name
-
-    $name = clean_text($name);
-
-    $action = optional_param('action'); // what to do
-    $hook   = optional_param('hook',0); // category ID
-    $mode   = optional_param('mode');   // cat
+    $action = optional_param('action', '', PARAM_ALPHA ); // what to do
+    $hook   = optional_param('hook', '', PARAM_ALPHANUM); // category ID
+    $mode   = optional_param('mode', '', PARAM_ALPHA);   // cat

    $action = strtolower($action);

--- a/mod/glossary/export.php
+++ b/mod/glossary/export.php
@ -4,10 +4,10 @@
    require_once("lib.php");
    global $CFG, $USER;

-    require_variable($id);           // Course Module ID
+    $id = required_param('id', PARAM_INT);      // Course Module ID

-    optional_variable($l,"");
-    optional_variable($cat,0);
+    $l   = optional_param('l','', PARAM_ALPHANUM);
+    $cat = optional_param('cat',0, PARAM_ALPHANUM);

    if (! $cm = get_record("course_modules", "id", $id)) {
        error("Course Module ID was incorrect");
--- a/mod/glossary/exportentry.php
+++ b/mod/glossary/exportentry.php
@ -2,12 +2,12 @@
    require_once('../../config.php');
    require_once('lib.php');

-    require_variable($id);    // course module ID
-    require_variable($entry);    // Entry ID
-    optional_variable($confirm);     // confirmation
+    $id    = required_param('id', PARAM_INT);           // course module ID
+    $entry = required_param('entry', 0, PARAM_INT);     // Entry ID
+    $confirm = optional_param('confirm', 0, PARAM_INT); // confirmation

-    $hook = optional_param('hook');
-    $mode = optional_param('mode');
+    $hook = optional_param('hook', '', PARAM_ALPHANUM);
+    $mode = optional_param('mode', '', PARAM_ALPHA);
        
    global $USER, $CFG;

--- a/mod/glossary/formats.php
+++ b/mod/glossary/formats.php
@ -5,8 +5,7 @@
    require_once("lib.php");
    global $CFG;

-    require_variable($id);
-
+    $id = required_param('id', PARAM_INT);
    $mode = optional_param('mode');

    require_login();
--- a/mod/glossary/import.php
+++ b/mod/glossary/import.php
@ -5,15 +5,15 @@
    require_once("$CFG->dirroot/course/lib.php");
    global $CFG, $USER;

-    require_variable($id);           // Course Module ID
+    $id = required_param('id', PARAM_INT);    // Course Module ID

-    optional_variable($step,0);
-    optional_variable($dest,"current");   // current | new
-    optional_variable($file);             // file to import
-    optional_variable($catsincl,0);       // Import Categories too?
+    $step     = optional_param('step', 0, PARAM_INT);
+    $current  = optional_param('dest', 'current', PARAM_ALPHA);   // current | new
+    $file     = optional_param('file', '', PARAM_FILE);         // file to import
+    $catsincl = optional_param('catsincl', 0, PARAM_INT);         // Import Categories too?

-    optional_variable($mode,'letter');
-    optional_variable($hook,"ALL");
+    $mode     = optional_param('mode', 'letter', PARAM_ALPHA );
+    $hook     = optional_param('hook', 'ALL', PARAM_ALPHANUM);

    if (! $cm = get_record("course_modules", "id", $id)) {
        error("Course Module ID was incorrect");
--- a/mod/glossary/index.php
+++ b/mod/glossary/index.php
@ -7,7 +7,7 @@
    require_once("lib.php");
    require_once("$CFG->libdir/rsslib.php");

-    require_variable($id);   // course
+    $id = required_param('id', PARAM_INT);   // course

    if (! $course = get_record("course", "id", $id)) {
        error("Course ID is incorrect");
--- a/mod/glossary/print.php
+++ b/mod/glossary/print.php
@ -5,14 +5,14 @@
    require_once("../../config.php");
    require_once("lib.php");

-    require_variable($id);                         // Course Module ID
-    optional_variable($sortorder,"asc");           // Sorting order
-    optional_variable($offset,0,PARAM_INT);        // number of entries to bypass
-    optional_variable($displayformat,-1);
+    $id            = required_param('id', PARAM_INT);                     // Course Module ID
+    $sortorder     = optional_param('sortorder', 'asc', PARAM_ALPHA);     // Sorting order
+    $offset        = optional_param('offset', 0, PARAM_INT);              // number of entries to bypass
+    $displayformat = optional_param('displayformat',-1, PARAM_INT);

-    $mode    = required_param('mode');             // mode to show the entries
-    $hook    = optional_param('hook','ALL');       // what to show
-    $sortkey = optional_param('sortkey','UPDATE'); // Sorting key
+    $mode    = required_param('mode', PARAM_ALPHA);             // mode to show the entries
+    $hook    = optional_param('hook','ALL', PARAM_ALPHANUM);   // what to show
+    $sortkey = optional_param('sortkey','UPDATE', PARAM_ALPHA); // Sorting key

    if (! $cm = get_record("course_modules", "id", $id)) {
        error("Course Module ID was incorrect");
--- a/mod/glossary/rate.php
+++ b/mod/glossary/rate.php
@ -7,7 +7,7 @@
    require_once("lib.php");


-    require_variable($id);  // The course these ratings are part of
+    $id = required_param('id', PARAM_INT);  // The course these ratings are part of

    if (! $course = get_record("course", "id", $id)) {
        error("Course ID was incorrect");
--- a/mod/glossary/report.php
+++ b/mod/glossary/report.php
@ -4,7 +4,7 @@
    require_once("../../config.php");
    require_once("lib.php");

-    require_variable($id);
+    $id = required_param('id', PARAM_INT);
    global $USER;
    
    if (! $entry = get_record("glossary_entries", "id", $id)) {
--- a/mod/glossary/showentry.php
+++ b/mod/glossary/showentry.php
@ -2,10 +2,10 @@
    require_once("../../config.php");
    require_once("lib.php");

-    optional_variable($concept);
-    optional_variable($courseid,0);
-    optional_variable($eid,0); // glossary entry id
-    optional_variable($displayformat,-1);
+    $concept  = optional_param('concept', '', PARAM_ALPHANUM);
+    $courseid = optional_param('courseid', 0, PARAM_INT);
+    $eid      = optional_param('eid', 0, PARAM_INT); // glossary entry id
+    $displayformat = optional_param('displayformat',-1, PARAM_INT);

    if ($CFG->forcelogin) {
        require_login();
--- a/mod/glossary/view.php
+++ b/mod/glossary/view.php
@ -4,21 +4,20 @@
    require_once("lib.php");
    require_once("$CFG->libdir/rsslib.php");

-    optional_variable($id);           // Course Module ID
-    optional_variable($g);            // Glossary ID
+    $id = optional_param('id', 0, PARAM_INT);           // Course Module ID
+    $g  = optional_param('g', 0, PARAM_INT);            // Glossary ID

-    optional_variable($tab,GLOSSARY_NO_VIEW); // browsing entries by categories?
+    $tab  = optional_param('tab', GLOSSARY_NO_VIEW, PARAM_ALPHA);    // browsing entries by categories?
+    $displayformat = optional_param('displayformat',-1, PARAM_INT);  // override of the glossary display format

-    optional_variable($displayformat,-1);  // override of the glossary display format
-
-    $mode       = optional_param('mode');        // term entry cat date letter search author approval
-    $hook       = optional_param('hook');        // the term, entry, cat, etc... to look for based on mode
-    $fullsearch = optional_param('fullsearch',0);// full search (concept and definition) when searching?
-    $sortkey    = optional_param('sortkey');     // Sorted view: CREATION | UPDATE | FIRSTNAME | LASTNAME...
-    $sortorder  = optional_param('sortorder');   // it defines the order of the sorting (ASC or DESC)
-    $offset     = optional_param('offset',0,PARAM_INT);    // entries to bypass (for paging purpouses)
-    $page       = optional_param('page',0,PARAM_INT);      // Page to show (for paging purpouses)
-    $show       = optional_param('show');        // [ concept | alias ] => mode=term hook=$show
+    $mode       = optional_param('mode', 'approval', PARAM_ALPHA);   // term entry cat date letter search author approval
+    $hook       = optional_param('hook', 'ALL', PARAM_CLEAN);        // the term, entry, cat, etc... to look for based on mode
+    $fullsearch = optional_param('fullsearch', 0,PARAM_INT);         // full search (concept and definition) when searching?
+    $sortkey    = optional_param('sortkey', 'CREATION', PARAM_ALPHA);// Sorted view: CREATION | UPDATE | FIRSTNAME | LASTNAME...
+    $sortorder  = optional_param('sortorder', 'ASC', PARAM_ALPHA);   // it defines the order of the sorting (ASC or DESC)
+    $offset     = optional_param('offset', 0,PARAM_INT);             // entries to bypass (for paging purposes)
+    $page       = optional_param('page', 0,PARAM_INT);               // Page to show (for paging purposes)
+    $show       = optional_param('show', '', PARAM_ALPHA);           // [ concept | alias ] => mode=term hook=$show

    if (!empty($id)) {
        if (! $cm = get_record("course_modules", "id", $id)) {
@ -252,7 +251,7 @@

    echo '<input type="submit" value="'.$strsearch.'" name="searchbutton" /> ';
    if ($mode == 'search') {
-        echo '<input type="text" name="hook" size="20" value="'.$hook.'" alt="'.$strsearch.'" /> ';
+        echo '<input type="text" name="hook" size="20" value="'.s($hook).'" alt="'.$strsearch.'" /> ';
    } else {
        echo '<input type="text" name="hook" size="20" value="" alt="'.$strsearch.'" /> ';
    }
--- a/mod/quiz/questiontypes/datasetdependent/categorydatasetdefinitions.php
+++ b/mod/quiz/questiontypes/datasetdependent/categorydatasetdefinitions.php
@ -6,8 +6,8 @@

    require_once("$CFG->dirroot/config.php");

-    require_variable($category);
-    optional_variable($question);
+    $category = required_param('category', PARAM_ALPHANUM);
+    $question = optional_param('question', '', PARAM_INT);

    if (! $category = get_record("quiz_categories", "id", $category)) {
        error("This wasn't a valid category!");
--- a/mod/wiki/view.php
+++ b/mod/wiki/view.php
@ -8,17 +8,19 @@
    require_once("lib.php");
    #require_once("$CFG->dirroot/course/lib.php"); // For side-blocks

-    optional_variable($ewiki_action,"");     // Action on Wiki-Page
-    optional_variable($id);     // Course Module ID, or
-    optional_variable($wid);    // Wiki ID
-    optional_variable($page, false);     // Wiki Page Name
-    optional_variable($q,"");    // Search Context
-    optional_variable($userid, 0);     // User wiki.
-    optional_variable($groupid, 0);    // Group wiki.
-    optional_variable($canceledit,"");    // Editing has been cancelled
+    $ewiki_action = optional_param('ewiki_action', '', PARAM_ALPHA);     // Action on Wiki-Page
+    $id           = optional_param('id', 0, PARAM_INT);                  // Course Module ID, or
+    $wid          = optional_param('wid', 0, PARAM_INT);                 // Wiki ID
+    $page         = optional_param('page', false, PARAM_ALPHANUM);       // Wiki Page Name
+    $q            = optional_param('q',"", PARAM_ALPHANUM);              // Search Context
+    $userid       = optional_param('userid', 0, PARAM_INT);              // User wiki.
+    $groupid      = optional_param('groupid', 0, PARAM_INT);             // Group wiki.
+    $canceledit   = optional_param('canceledit','', PARAM_INT);          // Editing has been cancelled
+
+    // Only want to add edit log entries if we have made some changes ie submitted a form
+    $editsave = optional_param('thankyou', '', PARAM_INT);
+    

-/// Only want to add edit log entries if we have made some changes ie submitted a form
-    $editsave = optional_param('thankyou');

    if ($id) {
        if (! $cm = get_record("course_modules", "id", $id)) {