moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-10010 improved data validation in glossary rate.php

Browse source
This commit is contained in:
skodak 2007-06-02 15:56:52 +00:00
parent d08e1a0b82
commit b83ed1acb9
1 changed files with 64 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

78
mod/glossary/rate.php
View file

@ -13,19 +13,63 @@
error("Course ID was incorrect"); error("Course ID was incorrect");
} }
require_login($course->id); require_login($course);
if (isguest()) { if (isguestuser()) {
error("Guests are not allowed to rate entries.", $_SERVER["HTTP_REFERER"]); error("Guests are not allowed to rate entries.");
} }
$returnurl = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : null;
$glossary = false;
if ($data = data_submitted("$CFG->wwwroot/mod/glossary/view.php")) { // form submitted if ($data = data_submitted("$CFG->wwwroot/mod/glossary/view.php")) { // form submitted
print_object($data); foreach ((array)$data as $entryid => $rating) {
foreach ((array)$data as $entry => $rating) { if (!is_numeric($entryid)) {
if ($entry == "id") {
continue; continue;
} }
if ($oldrating = get_record("glossary_ratings", "userid", $USER->id, "entryid", $entry)) { if (!$entry = get_record('glossary_entries', 'id', $entryid)) {
continue;
}
if (!$glossary) {
if (!$glossary = get_record('glossary', 'id', $entry->glossaryid)) {
error('Incorrect glossary id');
}
if (!$cm = get_coursemodule_from_instance('glossary', $glossary->id)) {
error("Course Module ID was incorrect");
}
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
require_login($course, false, $cm);
if (!$glossary->assessed) {
error('Rating of items not allowed!');
}
if ($glossary->assessed == 2 and !has_capability('mod/glossary:rate', $context)) {
error('You can not rate items!');
}
if (empty($returnurl)) {
$returnurl = $CFG->wwwroot.'/mod/glossary/view.php?id='.$cm->id;
}
}
if ($entry->glossaryid != $glossary->id) {
error('This is not valid entry!!');
}
if ($glossary->assesstimestart and $glossary->assesstimefinish) {
if ($entry->timecreated < $glossary->assesstimestart or $entry->timecreated > $glossary->assesstimefinish) {
// we can not grade this, ignore it - this should not happen anyway unless teachr changes setting
continue;
}
}
if ($entry->userid == $USER->id) {
//can not rate own entry
continue;
}
if ($oldrating = get_record("glossary_ratings", "userid", $USER->id, "entryid", $entry->id)) {
//Check if we must delete the rate //Check if we must delete the rate
if ($rating == -999) { if ($rating == -999) {
delete_records('glossary_ratings','userid',$oldrating->userid, 'entryid',$oldrating->entryid); delete_records('glossary_ratings','userid',$oldrating->userid, 'entryid',$oldrating->entryid);
@ -37,18 +81,24 @@
} }
} }
} else if ($rating >= 0) { } else if ($rating >= 0) {
unset($newrating); $newrating = new object();
$newrating->userid = $USER->id; $newrating->userid = $USER->id;
$newrating->time = time(); $newrating->time = time();
$newrating->entryid = $entry; $newrating->entryid = $entry->id;
$newrating->rating = $rating; $newrating->rating = $rating;
if (! insert_record("glossary_ratings", $newrating)) { if (! insert_record("glossary_ratings", $newrating)) {
error("Could not insert a new rating ($entry = $rating)"); error("Could not insert a new rating ($entry->id = $rating)");
} }
} }
} }
redirect($_SERVER["HTTP_REFERER"], get_string("ratingssaved", "glossary"));
if (!$glossary) {
// something wrong happended - no rating changed/added
error('Incorrect ratings submitted');
}
redirect($returnurl, get_string("ratingssaved", "glossary"));
} else { } else {
error("This page was not accessed correctly"); error("This page was not accessed correctly");