MDL-18059 database rates - secured ; merged from 19_STABLE

fladi · May 6, 2009 · c11f2e4 · c11f2e4
1 parent c045e45
commit c11f2e4
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/lang/en_utf8/data.php b/lang/en_utf8/data.php
@@ -147,6 +147,7 @@
 $string['invalidfieldtype'] = 'Field Type is incorrect';
 $string['invalidid'] = 'Incorrect data ID';
 $string['invalidpreset'] = '$a is not a preset.';
+$string['invalidrate'] = 'Invalid database rate ($a)';
 $string['invalidratedata'] = 'Incorrect submitted ratings data';
 $string['invalidrecord'] = 'Incorrect record';
 $string['invalidurl'] = 'The URL you just entered is not valid';

diff --git a/mod/data/rate.php b/mod/data/rate.php
@@ -33,6 +33,9 @@
         print_error('invalidaccess', 'data');
     }
 
+/// Calculate scale values
+    $scale_values = make_grades_menu($data->scale);
+
     $count = 0;
 
     foreach ((array)$frmdata as $recordid => $rating) {
@@ -52,6 +55,11 @@
             continue;
         }
 
+    /// Check rate is valid for that database scale values
+        if (!array_key_exists($rating, $scale_values) && $rating != -999) {
+            print_error('invalidrate', 'data', '', $rating);
+        }
+
         // input validation ok
 
         $count++;