diff --git a/course/import/activities/index.php b/course/import/activities/index.php index 6cdb5f1c17721..6ad1aea6f0ea9 100644 --- a/course/import/activities/index.php +++ b/course/import/activities/index.php @@ -14,7 +14,7 @@ $strimportactivities = get_string('importactivities'); - if (! ($course = get_record("course", "id", $id)) ) { + if (! ($course = $DB->get_record("course", array("id"=>$id)))) { print_error("invalidcourseid"); } @@ -38,7 +38,7 @@ $creator = true; } - if ($from = get_record('course', 'id', $fromcourse)) { + if ($from = $DB->get_record('course', array('id'=>$fromcourse))) { if (!has_capability('moodle/course:manageactivities', $fromcontext)) { print_error('nopermissiontoimportact'); } diff --git a/course/moodleform_mod.php b/course/moodleform_mod.php index 1947afc2b0318..974f0e146f5d7 100644 --- a/course/moodleform_mod.php +++ b/course/moodleform_mod.php @@ -121,7 +121,7 @@ function definition_after_data() { // form verification function validation($data, $files) { - global $COURSE; + global $COURSE, $DB; $errors = parent::validation($data, $files); $mform =& $this->_form; @@ -138,7 +138,7 @@ function validation($data, $files) { $grade_item = grade_item::fetch(array('itemtype'=>'mod', 'itemmodule'=>$data['modulename'], 'iteminstance'=>$data['instance'], 'itemnumber'=>0, 'courseid'=>$COURSE->id)); if ($data['coursemodule']) { - $cm = get_record('course_modules', 'id', $data['coursemodule']); + $cm = $DB->get_record('course_modules', array('id'=>$data['coursemodule'])); } else { $cm = null; } diff --git a/course/request_form.php b/course/request_form.php index 6598e5d66e56c..3654969ff36ba 100644 --- a/course/request_form.php +++ b/course/request_form.php @@ -32,13 +32,15 @@ function definition() { } function validation($data, $files) { + global $DB; + $errors = parent::validation($data, $files); $foundcourses = null; $foundreqcourses = null; if (!empty($data['shortname'])) { - $foundcourses = get_records('course', 'shortname', $data['shortname']); - $foundreqcourses = get_records('course_request', 'shortname', $data['shortname']); + $foundcourses = $DB->get_records('course', array('shortname'=>$data['shortname'])); + $foundreqcourses = $DB->get_records('course_request', array('shortname'=>$data['shortname'])); } if (!empty($foundreqcourses)) { if (!empty($foundcourses)) { @@ -59,7 +61,7 @@ function validation($data, $files) { $foundcoursenames[] = $foundcourse->fullname; } } - $foundcoursenamestring = addslashes(implode(',', $foundcoursenames)); + $foundcoursenamestring = implode(',', $foundcoursenames); $errors['shortname'] = get_string('shortnametaken', '', $foundcoursenamestring); if (!empty($pending)) { diff --git a/grade/edit/scale/edit_form.php b/grade/edit/scale/edit_form.php index 3194b7a05771c..79902ed178e2a 100644 --- a/grade/edit/scale/edit_form.php +++ b/grade/edit/scale/edit_form.php @@ -107,7 +107,7 @@ function definition_after_data() { /// perform extra validation before submission function validation($data, $files) { - global $CFG, $COURSE; + global $CFG, $COURSE, $DB; $errors = parent::validation($data, $files); @@ -128,7 +128,7 @@ function validation($data, $files) { } if (array_key_exists('scale', $data)) { - $count = count_records('scale', 'courseid', $courseid, 'scale', $data['scale']); + $count = $DB->count_records('scale', array('courseid'=>$courseid, 'scale'=>$data['scale'])); if (empty($old->id) or $old->courseid != $courseid) { if ($count) { diff --git a/grade/edit/tree/calculation_form.php b/grade/edit/tree/calculation_form.php index 331e5a8dffe80..f8d9f71c4c001 100644 --- a/grade/edit/tree/calculation_form.php +++ b/grade/edit/tree/calculation_form.php @@ -90,7 +90,7 @@ function validation($data, $files) { // check the calculation formula if ($data['calculation'] != '') { $grade_item = grade_item::fetch(array('id'=>$data['id'], 'courseid'=>$data['courseid'])); - $calculation = calc_formula::unlocalize(stripslashes($data['calculation'])); + $calculation = calc_formula::unlocalize($data['calculation']); $result = $grade_item->validate_formula($calculation); if ($result !== true) { $errors['calculation'] = $result; diff --git a/group/autogroup_form.php b/group/autogroup_form.php index a97a176fa1335..373901a2af1c1 100644 --- a/group/autogroup_form.php +++ b/group/autogroup_form.php @@ -109,14 +109,14 @@ function validation($data, $files) { } //try to detect group name duplicates - $name = groups_parse_name(stripslashes(trim($data['namingscheme'])), 0); + $name = groups_parse_name(trim($data['namingscheme']), 0); if (groups_get_group_by_name($COURSE->id, $name)) { $errors['namingscheme'] = get_string('groupnameexists', 'group', $name); } // check grouping name duplicates if ( isset($data['grouping']) && $data['grouping'] == '-1') { - $name = trim(stripslashes($data['groupingname'])); + $name = trim($data['groupingname']); if (empty($name)) { $errors['groupingname'] = get_string('required'); } else if (groups_get_grouping_by_name($COURSE->id, $name)) { diff --git a/group/group_form.php b/group/group_form.php index 48a82abbab827..9a960503e7b9d 100644 --- a/group/group_form.php +++ b/group/group_form.php @@ -47,7 +47,7 @@ function validation($data, $files) { $errors = parent::validation($data, $files); - $name = trim(stripslashes($data['name'])); + $name = trim($data['name']); if ($data['id'] and $group = $DB->get_record('groups', array('id'=>$data['id']))) { if ($group->name != $name) { if (groups_get_group_by_name($COURSE->id, $name)) { diff --git a/group/grouping_form.php b/group/grouping_form.php index 012a99a2b8a38..9f4fe66a52c55 100644 --- a/group/grouping_form.php +++ b/group/grouping_form.php @@ -32,7 +32,7 @@ function validation($data, $files) { $errors = parent::validation($data, $files); - $name = trim(stripslashes($data['name'])); + $name = trim($data['name']); if ($data['id'] and $grouping = $DB->get_record('groupings', array('id'=>$data['id']))) { if ($grouping->name != $name) { if (groups_get_grouping_by_name($COURSE->id, $name)) { diff --git a/lib/formslib.php b/lib/formslib.php index b62b77dc91076..2703c105e0075 100644 --- a/lib/formslib.php +++ b/lib/formslib.php @@ -330,7 +330,7 @@ function is_validated() { $file_val = false; } - $data = $mform->exportValues(null, true); + $data = $mform->exportValues(null, false); $moodle_val = $this->validation($data, $files); if ((is_array($moodle_val) && count($moodle_val)!==0)) { // non-empty array means errors diff --git a/login/change_password_form.php b/login/change_password_form.php index 7e11f1975633e..7b34e56b5e997 100644 --- a/login/change_password_form.php +++ b/login/change_password_form.php @@ -47,7 +47,7 @@ function validation($data, $files) { update_login_count(); // ignore submitted username - if (!$user = authenticate_user_login($USER->username, stripslashes($data['password']))) { // TODO: remove soon + if (!$user = authenticate_user_login($USER->username, $data['password'])) { $errors['password'] = get_string('invalidlogin'); return $errors; } diff --git a/login/forgot_password_form.php b/login/forgot_password_form.php index 684eabc34f064..34bfe94f4cc1a 100644 --- a/login/forgot_password_form.php +++ b/login/forgot_password_form.php @@ -20,7 +20,7 @@ function definition() { } function validation($data, $files) { - global $CFG; + global $CFG, $DB; $errors = parent::validation($data, $files); @@ -32,7 +32,7 @@ function validation($data, $files) { if (!validate_email($data['email'])) { $errors['email'] = get_string('invalidemail'); - } else if (count_records('user', 'email', $data['email']) > 1) { + } else if ($DB->count_records('user', array('email'=>$data['email'])) > 1) { $errors['email'] = get_string('forgottenduplicate'); } else { diff --git a/login/signup_form.php b/login/signup_form.php index 557a13f1b8827..54c881ece408d 100644 --- a/login/signup_form.php +++ b/login/signup_form.php @@ -90,12 +90,12 @@ function definition_after_data(){ } function validation($data, $files) { - global $CFG; + global $CFG, $DB; $errors = parent::validation($data, $files); $authplugin = get_auth_plugin($CFG->registerauth); - if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) { + if ($DB->record_exists('user', array('username'=>$data['username'], 'mnethostid'=>$CFG->mnet_localhost_id))) { $errors['username'] = get_string('usernameexists'); } else { if (empty($CFG->extendedusernamechars)) { @@ -116,7 +116,7 @@ function validation($data, $files) { if (! validate_email($data['email'])) { $errors['email'] = get_string('invalidemail'); - } else if (record_exists('user', 'email', $data['email'])) { + } else if ($DB->record_exists('user', array('email'=>$data['email']))) { $errors['email'] = get_string('emailexists').' '.get_string('newpassword').'?'; } if (empty($data['email2'])) { diff --git a/mod/feedback/mod_form.php b/mod/feedback/mod_form.php index 48d8200fa2014..18b1bbce2b518 100644 --- a/mod/feedback/mod_form.php +++ b/mod/feedback/mod_form.php @@ -111,8 +111,9 @@ function data_preprocessing(&$default_values){ } - function validation($data){ - + function validation($data, $files){ + $errors = parent::validation($data, $files); + return $errors; } } diff --git a/mod/glossary/edit_form.php b/mod/glossary/edit_form.php index 426b30eed132e..1bb971c8c596b 100644 --- a/mod/glossary/edit_form.php +++ b/mod/glossary/edit_form.php @@ -95,7 +95,8 @@ function definition() { } function validation($data, $files) { - global $CFG, $USER; + global $CFG, $USER, $DB; + $errors = parent::validation($data, $files); $e = $this->_customdata['e']; $glossary = $this->_customdata['glossary']; @@ -105,7 +106,7 @@ function validation($data, $files) { //We are updating an entry, so we compare current session user with //existing entry user to avoid some potential problems if secureforms=off //Perhaps too much security? Anyway thanks to skodak (Bug 1823) - $old = get_record('glossary_entries', 'id', $e); + $old = $DB->get_record('glossary_entries', array('id'=>$e)); $ineditperiod = ((time() - $old->timecreated < $CFG->maxeditingtime) || $glossary->editalways); if ( (!$ineditperiod || $USER->id != $old->userid) and !has_capability('mod/glossary:manageentries', $context)) { if ( $USER->id != $old->userid ) { @@ -115,7 +116,7 @@ function validation($data, $files) { } } if ( !$glossary->allowduplicatedentries ) { - if ($dupentries = get_records('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']))) { + if ($dupentries = $DB->get_records('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept'])))) { foreach ($dupentries as $curentry) { if ( $glossary->id == $curentry->glossaryid ) { if ( $curentry->id != $e ) { @@ -129,7 +130,7 @@ function validation($data, $files) { } else { if ( !$glossary->allowduplicatedentries ) { - if ($dupentries = get_record('glossary_entries', 'lower(concept)', moodle_strtolower($data['concept']), 'glossaryid', $glossary->id)) { + if ($dupentries = $DB->get_record('glossary_entries', array('lower(concept)'=>moodle_strtolower($data['concept']), 'glossaryid'=>$glossary->id))) { $errors['concept'] = get_string('errconceptalreadyexists', 'glossary'); } } diff --git a/mod/hotpot/mod_form.php b/mod/hotpot/mod_form.php index 2802c00ef491e..7fbe3d305aa00 100644 --- a/mod/hotpot/mod_form.php +++ b/mod/hotpot/mod_form.php @@ -260,10 +260,10 @@ function definition() { function data_preprocessing(&$defaults){ } - function validation(&$data) { - // http://docs.moodle.org/en/Development:lib/formslib.php_Validation - global $CFG, $COURSE; - $errors = array(); + function validation($data, $files) { + global $CFG, $USER, $DB; + + $errors = parent::validation($data, $files); // location if (empty($data['location'])) { diff --git a/mod/quiz/mod_form.php b/mod/quiz/mod_form.php index f3c6c71fa4651..abbbe8dc1f587 100644 --- a/mod/quiz/mod_form.php +++ b/mod/quiz/mod_form.php @@ -352,11 +352,7 @@ function validation($data, $files) { } } - if (count($errors) == 0) { - return true; - } else { - return $errors; - } + return $errors; } }