MDL-14679 towards /user conversion

admin/uploaduser.php

@@ -483,7 +483,7 @@
                     continue;
                 }
                 // save custom profile fields data from csv file
-                profile_save_data(addslashes_recursive($existinguser));
+                profile_save_data($existinguser);
             }
 
             if ($bulk == 2 or $bulk == 3) {

auth/email/auth.php

@@ -70,16 +70,16 @@ function can_signup() {
      * Sign up a new user ready for confirmation.
      * Password is passed in plaintext.
      *
-     * @param object $user new user object (with system magic quotes)
+     * @param object $user new user object
      * @param boolean $notify print notice with link and terminate
      */
     function user_signup($user, $notify=true) {
-        global $CFG;
+        global $CFG, $DB;
         require_once($CFG->dirroot.'/user/profile/lib.php');
 
         $user->password = hash_internal_user_password($user->password);
 
-        if (! ($user->id = insert_record('user', $user)) ) {
+        if (! ($user->id = $DB->insert_record('user', $user)) ) {
             print_error('auth_emailnoinsert','auth');
         }
 

auth/ldap/auth.php

@@ -375,7 +375,7 @@ function can_signup() {
      * Sign up a new user ready for confirmation.
      * Password is passed in plaintext.
      *
-     * @param object $user new user object (with system magic quotes)
+     * @param object $user new user object
      * @param boolean $notify print notice with link and terminate
      */
     function user_signup($user, $notify=true) {
@@ -393,7 +393,7 @@ function user_signup($user, $notify=true) {
             print_error('auth_ldap_create_error', 'auth');
         }
 
-        if (! ($user->id = insert_record('user', $user)) ) {
+        if (! ($user->id = $DB->insert_record('user', $user)) ) {
             print_error('auth_emailnoinsert', 'auth');
         }
 

lib/adminlib.php

@@ -4173,14 +4173,14 @@ function admin_apply_default_settings($node=NULL, $unconditional=true) {
 
 /**
  * Store changed settings, this function updates the errors variable in $ADMIN
- * @param object $formdata from form (without magic quotes)
+ * @param object $formdata from form
  * @return int number of changed settings
  */
 function admin_write_settings($formdata) {
     global $CFG, $SITE, $COURSE, $DB;
 
     $olddbsessions = !empty($CFG->dbsessions);
-    $formdata = (array)stripslashes_recursive($formdata);
+    $formdata = (array)$formdata;
 
     $data = array();
     foreach ($formdata as $fullname=>$value) {

lib/authlib.php

@@ -194,7 +194,7 @@ function can_signup() {
      * Sign up a new user ready for confirmation.
      * Password is passed in plaintext.
      *
-     * @param object $user new user object (with system magic quotes)
+     * @param object $user new user object
      * @param boolean $notify print notice with link and terminate
      */
     function user_signup($user, $notify=true) {

login/signup.php

@@ -31,7 +31,7 @@ function signup_captcha_enabled() {
     if ($mform_signup->is_cancelled()) {
         redirect($CFG->httpswwwroot.'/login/index.php');
 
-    } else if ($user = $mform_signup->get_data()) {
+    } else if ($user = $mform_signup->get_data(false)) {
         $user->confirmed   = 0;
         $user->lang        = current_language();
         $user->firstaccess = time();

user/edit.php

@@ -11,7 +11,7 @@
     $userid = optional_param('id', $USER->id, PARAM_INT);    // user id
     $course = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)
 
-    if (!$course = get_record('course', 'id', $course)) {
+    if (!$course = $DB->get_record('course', array('id'=>$course))) {
         print_error('Course ID was incorrect');
     }
 
@@ -30,7 +30,7 @@
     }
 
     // The user profile we are editing
-    if (!$user = get_record('user', 'id', $userid)) {
+    if (!$user = $DB->get_record('user', array('id'=>$userid))) {
         print_error('User ID was incorrect');
     }
 
@@ -89,22 +89,22 @@
     $userform = new user_edit_form();
     $userform->set_data($user);
 
-    if ($usernew = $userform->get_data()) {
+    if ($usernew = $userform->get_data(false)) {
 
         add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');
 
         $authplugin = get_auth_plugin($user->auth);
 
         $usernew->timemodified = time();
 
-        if (!update_record('user', $usernew)) {
+        if (!$DB->update_record('user', $usernew)) {
             print_error('Error updating user record');
         }
 
         // pass a true $userold here
         if (! $authplugin->user_update($user, $userform->get_data(false))) {
             // auth update failed, rollback for moodle
-            update_record('user', addslashes_object($user));
+            $DB->update_record('user', $user);
             print_error('Failed to update user data on external auth: '.$user->auth.
                     '. See the server logs for more details.');
         }
@@ -133,7 +133,7 @@
 
         if ($USER->id == $user->id) {
             // Override old $USER session variable if needed
-            $usernew = (array)get_record('user', 'id', $user->id); // reload from db
+            $usernew = $DB->get_record('user', array('id'=>$user->id)); // reload from db
             foreach ($usernew as $variable => $value) {
                 $USER->$variable = $value;
             }

user/edit_form.php

@@ -39,7 +39,7 @@ function definition () {
     }
 
     function definition_after_data() {
-        global $CFG;
+        global $CFG, $DB;
 
         $mform =& $this->_form;
         $userid = $mform->getElementValue('id');
@@ -54,7 +54,7 @@ function definition_after_data() {
             }
         }
 
-        if ($user = get_record('user', 'id', $userid)) {
+        if ($user = $DB->get_record('user', array('id'=>$userid))) {
 
             // print picture
             if (!empty($CFG->gdversion)) {
@@ -92,17 +92,17 @@ function definition_after_data() {
     }
 
     function validation($usernew, $files) {
-        global $CFG;
+        global $CFG, $DB;
 
         $errors = parent::validation($usernew, $files);
 
         $usernew = (object)$usernew;
-        $user    = get_record('user', 'id', $usernew->id);
+        $user    = $DB->get_record('user', array('id'=>$usernew->id));
 
         // validate email
         if (!validate_email($usernew->email)) {
             $errors['email'] = get_string('invalidemail');
-        } else if (($usernew->email !== $user->email) and record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {
+        } else if (($usernew->email !== $user->email) and $DB->record_exists('user', array('email'=>$usernew->email, 'mnethostid'=>$CFG->mnet_localhost_id))) {
             $errors['email'] = get_string('emailexists');
         }
 

user/editadvanced.php

@@ -12,7 +12,7 @@
     $id     = optional_param('id', $USER->id, PARAM_INT);    // user id; -1 if creating new user
     $course = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)
 
-    if (!$course = get_record('course', 'id', $course)) {
+    if (!$course = $DB->get_record('course', array('id'=>$course))) {
         print_error('Course ID was incorrect');
     }
     require_login($course->id);
@@ -34,7 +34,7 @@
     } else {
         // editing existing user
         require_capability('moodle/user:update', $systemcontext);
-        if (!$user = get_record('user', 'id', $id)) {
+        if (!$user = $DB->get_record('user', array('id'=>$id))) {
             print_error('User ID was incorrect');
         }
     }
@@ -68,7 +68,7 @@
     $userform = new user_editadvanced_form();
     $userform->set_data($user);
 
-    if ($usernew = $userform->get_data()) {
+    if ($usernew = $userform->get_data(false)) {
         add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');
 
         if (empty($usernew->auth)) {
@@ -88,17 +88,17 @@
             $usernew->mnethostid = $CFG->mnet_localhost_id; // always local user
             $usernew->confirmed  = 1;
             $usernew->password = hash_internal_user_password($usernew->newpassword);
-            if (!$usernew->id = insert_record('user', $usernew)) {
+            if (!$usernew->id = $DB->insert_record('user', $usernew)) {
                 print_error('Error creating user record');
             }
         } else {
-            if (!update_record('user', $usernew)) {
+            if (!$DB->update_record('user', $usernew)) {
                 print_error('Error updating user record');
             }
             // pass a true $userold here
             if (! $authplugin->user_update($user, $userform->get_data(false))) {
                 // auth update failed, rollback for moodle
-                update_record('user', addslashes_object($user));
+                $DB->update_record('user', $user);
                 print_error('Failed to update user data on external auth: '.$user->auth.
                         '. See the server logs for more details.');
             }
@@ -141,7 +141,7 @@
 
         if ($user->id == $USER->id) {
             // Override old $USER session variable
-            $usernew = (array)get_record('user', 'id', $usernew->id); // reload from db
+            $usernew = $DB->get_record('user', array('id'=>$usernew->id)); // reload from db
             foreach ($usernew as $variable => $value) {
                 $USER->$variable = $value;
             }

user/editadvanced_form.php

@@ -53,11 +53,11 @@ function definition() {
     }
 
     function definition_after_data() {
-        global $USER, $CFG;
+        global $USER, $CFG, $DB;
 
         $mform =& $this->_form;
         if ($userid = $mform->getElementValue('id')) {
-            $user = get_record('user', 'id', $userid);
+            $user = $DB->get_record('user', array('id'=>$userid));
         } else {
             $user = false;
         }
@@ -108,12 +108,12 @@ function definition_after_data() {
     }
 
     function validation($usernew, $files) {
-        global $CFG;
+        global $CFG, $DB;
 
         $usernew = (object)$usernew;
         $usernew->username = trim($usernew->username);
 
-        $user = get_record('user', 'id', $usernew->id);
+        $user = $DB->get_record('user', array('id'=>$usernew->id));
         $err = array();
 
         if (!empty($usernew->newpassword)) {
@@ -128,7 +128,7 @@ function validation($usernew, $files) {
             $err['username'] = get_string('required');
         } else if (!$user or $user->username !== $usernew->username) {
             //check new username does not exist
-            if (record_exists('user', 'username', $usernew->username, 'mnethostid', $CFG->mnet_localhost_id)) {
+            if ($DB->record_exists('user', array('username'=>$usernew->username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
                 $err['username'] = get_string('usernameexists');
             }
             //check allowed characters
@@ -147,7 +147,7 @@ function validation($usernew, $files) {
         if (!$user or $user->email !== $usernew->email) {
             if (!validate_email($usernew->email)) {
                 $err['email'] = get_string('invalidemail');
-            } else if (record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {
+            } else if ($DB->record_exists('user', array('email'=>$usernew->email, 'mnethostid'=>$CFG->mnet_localhost_id))) {
                 $err['email'] = get_string('emailexists');
             }
         }

user/filters/courserole.php

@@ -120,6 +120,8 @@ function get_sql_filter($data) {
      * @return string active filter label
      */
     function get_label($data) {
+        global $DB;
+
         $value      = $data['value'];
         $roleid     = $data['roleid'];
         $categoryid = $data['categoryid'];
@@ -128,22 +130,22 @@ function get_label($data) {
         $a->label = $this->_label;
 
         if ($roleid) {
-            $rolename = get_field('role', 'name', 'id', $roleid);
+            $rolename = $DB->get_field('role', 'name', array('id'=>$roleid));
             $a->rolename = '"'.format_string($rolename).'"';
         } else {
             $a->rolename = get_string('anyrole', 'filters');
         }
 
         if ($categoryid) {
-            $catname = get_field('course_categories', 'name', 'id', $categoryid);
+            $catname = $DB->get_field('course_categories', 'name', array('id'=>$categoryid));
             $a->categoryname = '"'.format_string($catname).'"';
         } else {
             $a->categoryname = get_string('anycategory', 'filters');
         }
 
         if ($value) {
             $a->coursename = '"'.s($value).'"';
-            if (!record_exists('course', 'shortname', addslashes($value))) {
+            if (!$DB->record_exists('course', array('shortname'=>$value))) {
                 return '<span class="notifyproblem">'.get_string('courserolelabelerror', 'filters', $a).'</span>';
             }
         } else {

user/filters/lib.php

@@ -120,7 +120,7 @@ function get_field($fieldname, $advanced) {
                 return new user_filter_simpleselect('auth', get_string('authentication'), $advanced, 'auth', $choices);
 
             case 'mnethostid':
-                if (!$hosts = get_records('mnet_host', '', '', 'id', 'id, wwwroot, name')) {
+                if (!$hosts = $DB->get_records('mnet_host', null, 'id', 'id, wwwroot, name')) {
                     return null;
                 }
                 $choices = array();

user/filters/profilefield.php

@@ -37,7 +37,8 @@ function get_operators() {
      * @return array of profile fields
      */
     function get_profile_fields() {
-        if (!$fields = get_records_select('user_info_field', '', 'shortname', 'id,shortname')) {
+        global $DB;
+        if (!$fields = $DB->get_records('user_info_field', null, 'shortname', 'id,shortname')) {
             return null;
         }
         $res = array(0 => get_string('anyfield', 'filters'));