MDL-14679 removed magic quotes from forms validation() method, fixed …

…some minor problems

course/import/activities/index.php

@@ -14,7 +14,7 @@
 
     $strimportactivities = get_string('importactivities');
 
-    if (! ($course = get_record("course", "id", $id)) ) {
+    if (! ($course = $DB->get_record("course", array("id"=>$id)))) {
         print_error("invalidcourseid");
     }
 
@@ -38,7 +38,7 @@
         $creator = true;
     }
 
-    if ($from = get_record('course', 'id', $fromcourse)) {
+    if ($from = $DB->get_record('course', array('id'=>$fromcourse))) {
         if (!has_capability('moodle/course:manageactivities', $fromcontext)) {
             print_error('nopermissiontoimportact');
         }

course/moodleform_mod.php

@@ -121,7 +121,7 @@ function definition_after_data() {
 
     // form verification
     function validation($data, $files) {
-        global $COURSE;
+        global $COURSE, $DB;
         $errors = parent::validation($data, $files);
 
         $mform =& $this->_form;
@@ -138,7 +138,7 @@ function validation($data, $files) {
         $grade_item = grade_item::fetch(array('itemtype'=>'mod', 'itemmodule'=>$data['modulename'],
                      'iteminstance'=>$data['instance'], 'itemnumber'=>0, 'courseid'=>$COURSE->id));
         if ($data['coursemodule']) {
-            $cm = get_record('course_modules', 'id', $data['coursemodule']);
+            $cm = $DB->get_record('course_modules', array('id'=>$data['coursemodule']));
         } else {
             $cm = null;
         }

course/request_form.php

@@ -32,13 +32,15 @@ function definition() {
     }
 
     function validation($data, $files) {
+        global $DB;
+
         $errors = parent::validation($data, $files);
         $foundcourses = null;
         $foundreqcourses = null;
 
         if (!empty($data['shortname'])) {
-            $foundcourses = get_records('course', 'shortname', $data['shortname']);
-            $foundreqcourses = get_records('course_request', 'shortname', $data['shortname']);
+            $foundcourses = $DB->get_records('course', array('shortname'=>$data['shortname']));
+            $foundreqcourses = $DB->get_records('course_request', array('shortname'=>$data['shortname']));
         }
         if (!empty($foundreqcourses)) {
             if (!empty($foundcourses)) {
@@ -59,7 +61,7 @@ function validation($data, $files) {
                         $foundcoursenames[] = $foundcourse->fullname;
                     }
                 }
-                $foundcoursenamestring = addslashes(implode(',', $foundcoursenames));
+                $foundcoursenamestring = implode(',', $foundcoursenames);
 
                 $errors['shortname'] = get_string('shortnametaken', '', $foundcoursenamestring);
                 if (!empty($pending)) {

grade/edit/scale/edit_form.php

@@ -107,7 +107,7 @@ function definition_after_data() {
 
 /// perform extra validation before submission
     function validation($data, $files) {
-        global $CFG, $COURSE;
+        global $CFG, $COURSE, $DB;
 
         $errors = parent::validation($data, $files);
 
@@ -128,7 +128,7 @@ function validation($data, $files) {
         }
 
         if (array_key_exists('scale', $data)) {
-            $count = count_records('scale', 'courseid', $courseid, 'scale', $data['scale']);
+            $count = $DB->count_records('scale', array('courseid'=>$courseid, 'scale'=>$data['scale']));
 
             if (empty($old->id) or $old->courseid != $courseid) {
                 if ($count) {

grade/edit/tree/calculation_form.php

@@ -90,7 +90,7 @@ function validation($data, $files) {
         // check the calculation formula
         if ($data['calculation'] != '') {
             $grade_item = grade_item::fetch(array('id'=>$data['id'], 'courseid'=>$data['courseid']));
-            $calculation = calc_formula::unlocalize(stripslashes($data['calculation']));
+            $calculation = calc_formula::unlocalize($data['calculation']);
             $result = $grade_item->validate_formula($calculation);
             if ($result !== true) {
                 $errors['calculation'] = $result;

group/autogroup_form.php

@@ -109,14 +109,14 @@ function validation($data, $files) {
         }
 
         //try to detect group name duplicates
-        $name = groups_parse_name(stripslashes(trim($data['namingscheme'])), 0);
+        $name = groups_parse_name(trim($data['namingscheme']), 0);
         if (groups_get_group_by_name($COURSE->id, $name)) {
             $errors['namingscheme'] = get_string('groupnameexists', 'group', $name);
         }
 
         // check grouping name duplicates
         if ( isset($data['grouping']) && $data['grouping'] == '-1') {
-            $name = trim(stripslashes($data['groupingname']));
+            $name = trim($data['groupingname']);
             if (empty($name)) {
                 $errors['groupingname'] = get_string('required');
             } else if (groups_get_grouping_by_name($COURSE->id, $name)) {

group/group_form.php

@@ -47,7 +47,7 @@ function validation($data, $files) {
 
         $errors = parent::validation($data, $files);
 
-        $name = trim(stripslashes($data['name']));
+        $name = trim($data['name']);
         if ($data['id'] and $group = $DB->get_record('groups', array('id'=>$data['id']))) {
             if ($group->name != $name) {
                 if (groups_get_group_by_name($COURSE->id,  $name)) {

group/grouping_form.php

@@ -32,7 +32,7 @@ function validation($data, $files) {
 
         $errors = parent::validation($data, $files);
 
-        $name = trim(stripslashes($data['name']));
+        $name = trim($data['name']);
         if ($data['id'] and $grouping = $DB->get_record('groupings', array('id'=>$data['id']))) {
             if ($grouping->name != $name) {
                 if (groups_get_grouping_by_name($COURSE->id,  $name)) {

lib/formslib.php

@@ -330,7 +330,7 @@ function is_validated() {
                 $file_val = false;
             }
 
-            $data = $mform->exportValues(null, true);
+            $data = $mform->exportValues(null, false);
             $moodle_val = $this->validation($data, $files);
             if ((is_array($moodle_val) && count($moodle_val)!==0)) {
                 // non-empty array means errors

login/change_password_form.php

@@ -47,7 +47,7 @@ function validation($data, $files) {
         update_login_count();
 
         // ignore submitted username
-        if (!$user = authenticate_user_login($USER->username, stripslashes($data['password']))) { // TODO: remove soon
+        if (!$user = authenticate_user_login($USER->username, $data['password'])) {
             $errors['password'] = get_string('invalidlogin');
             return $errors;
         }

login/forgot_password_form.php

@@ -20,7 +20,7 @@ function definition() {
     }
 
     function validation($data, $files) {
-        global $CFG;
+        global $CFG, $DB;
 
         $errors = parent::validation($data, $files);
 
@@ -32,7 +32,7 @@ function validation($data, $files) {
             if (!validate_email($data['email'])) {
                 $errors['email'] = get_string('invalidemail');
 
-            } else if (count_records('user', 'email', $data['email']) > 1) {
+            } else if ($DB->count_records('user', array('email'=>$data['email'])) > 1) {
                 $errors['email'] = get_string('forgottenduplicate');
 
             } else {

login/signup_form.php

@@ -90,12 +90,12 @@ function definition_after_data(){
     }
 
     function validation($data, $files) {
-        global $CFG;
+        global $CFG, $DB;
         $errors = parent::validation($data, $files);
 
         $authplugin = get_auth_plugin($CFG->registerauth);
 
-        if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) {
+        if ($DB->record_exists('user', array('username'=>$data['username'], 'mnethostid'=>$CFG->mnet_localhost_id))) {
             $errors['username'] = get_string('usernameexists');
         } else {
             if (empty($CFG->extendedusernamechars)) {
@@ -116,7 +116,7 @@ function validation($data, $files) {
         if (! validate_email($data['email'])) {
             $errors['email'] = get_string('invalidemail');
 
-        } else if (record_exists('user', 'email', $data['email'])) {
+        } else if ($DB->record_exists('user', array('email'=>$data['email']))) {
             $errors['email'] = get_string('emailexists').' <a href="forgot_password.php">'.get_string('newpassword').'?</a>';
         }
         if (empty($data['email2'])) {

mod/feedback/mod_form.php

@@ -111,8 +111,9 @@ function data_preprocessing(&$default_values){
 
     }
 
-    function validation($data){
-
+    function validation($data, $files){
+        $errors = parent::validation($data, $files);
+        return $errors;
     }
 
 }

mod/glossary/edit_form.php

@@ -95,7 +95,8 @@ function definition() {
     }
 
     function validation($data, $files) {
-        global $CFG, $USER;
+        global $CFG, $USER, $DB;
+
         $errors = parent::validation($data, $files);
         $e = $this->_customdata['e'];
         $glossary = $this->_customdata['glossary'];
@@ -105,7 +106,7 @@ function validation($data, $files) {
             //We are updating an entry, so we compare current session user with
             //existing entry user to avoid some potential problems if secureforms=off
             //Perhaps too much security? Anyway thanks to skodak (Bug 1823)
-            $old = get_record('glossary_entries', 'id', $e);
+            $old = $DB->get_record('glossary_entries', array('id'=>$e));
             $ineditperiod = ((time() - $old->timecreated <  $CFG->maxeditingtime) || $glossary->editalways);
             if ( (!$ineditperiod  || $USER->id != $old->userid) and !has_capability('mod/glossary:manageentries', $context)) {
                 if ( $USER->id != $old->userid ) {
@@ -115,7 +116,7 @@ function validation($data, $files) {
                 }
             }
             if ( !$glossary->allowduplicatedentries ) {
-                if ($dupentries = get_records('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']))) {
+                if ($dupentries = $DB->get_records('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept'])))) {
                     foreach ($dupentries as $curentry) {
                         if ( $glossary->id == $curentry->glossaryid ) {
                            if ( $curentry->id != $e ) {
@@ -129,7 +130,7 @@ function validation($data, $files) {
 
         } else {
             if ( !$glossary->allowduplicatedentries ) {
-                if ($dupentries = get_record('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']), 'glossaryid', $glossary->id)) {
+                if ($dupentries = $DB->get_record('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept']), 'glossaryid'=>$glossary->id))) {
                     $errors['concept'] = get_string('errconceptalreadyexists', 'glossary');
                 }
             }

mod/hotpot/mod_form.php

@@ -260,10 +260,10 @@ function definition() {
     function data_preprocessing(&$defaults){
     }
 
-    function validation(&$data) {
-        // http://docs.moodle.org/en/Development:lib/formslib.php_Validation
-        global $CFG, $COURSE;
-        $errors = array();
+    function validation($data, $files) {
+        global $CFG, $USER, $DB;
+
+        $errors = parent::validation($data, $files);
 
 // location
         if (empty($data['location'])) {

mod/quiz/mod_form.php

@@ -352,11 +352,7 @@ function validation($data, $files) {
             }
         }
 
-        if (count($errors) == 0) {
-            return true;
-        } else {
-            return $errors;
-        }
+        return $errors;
     }
 
 }