From 294ce9870f0a55031f1345723efb54db858c0750 Mon Sep 17 00:00:00 2001 From: skodak Date: Mon, 9 Jun 2008 16:53:30 +0000 Subject: [PATCH] MDL-15189 magic quotes finally removed --- admin/auth_config.php | 2 +- admin/cliupgrade.php | 14 +---- admin/enrol_config.php | 2 +- admin/filter.php | 2 +- admin/lang.php | 2 +- admin/maintenance.php | 2 +- admin/mnet/MethodTable.php | 2 +- admin/mnet/access_control.php | 2 +- admin/mnet/adminlib.php | 2 +- admin/mnet/enr_course_enrol.php | 2 +- admin/mnet/index.php | 2 +- admin/mnet/mnet_themes.php | 2 +- admin/replace.php | 3 - admin/roles/allowoverride.php | 2 +- admin/roles/manage.php | 7 +-- admin/roles/override.php | 2 +- admin/search.php | 4 +- admin/settings.php | 2 +- admin/upgradesettings.php | 2 +- admin/uploadpicture.php | 2 +- admin/uploaduser.php | 2 +- admin/user/user_bulk.php | 4 +- admin/user/user_bulk_confirm.php | 2 +- admin/user/user_bulk_message.php | 2 +- admin/xmldb/actions/XMLDBAction.class.php | 2 +- .../create_xml_file/create_xml_file.class.php | 2 +- .../delete_field/delete_field.class.php | 2 +- .../delete_index/delete_index.class.php | 2 +- .../actions/delete_key/delete_key.class.php | 2 +- .../delete_sentence/delete_sentence.class.php | 2 +- .../delete_statement.class.php | 2 +- .../delete_table/delete_table.class.php | 2 +- .../delete_xml_file/delete_xml_file.class.php | 2 +- .../actions/edit_field/edit_field.class.php | 2 +- .../edit_field_save/edit_field_save.class.php | 10 ++-- .../actions/edit_index/edit_index.class.php | 2 +- .../edit_index_save/edit_index_save.class.php | 8 +-- .../xmldb/actions/edit_key/edit_key.class.php | 2 +- .../edit_key_save/edit_key_save.class.php | 10 ++-- .../edit_sentence/edit_sentence.class.php | 2 +- .../edit_sentence_save.class.php | 6 +- .../edit_statement/edit_statement.class.php | 2 +- .../edit_statement_save.class.php | 4 +- .../actions/edit_table/edit_table.class.php | 2 +- .../edit_table_save/edit_table_save.class.php | 6 +- .../edit_xml_file/edit_xml_file.class.php | 2 +- .../edit_xml_file_save.class.php | 6 +- .../load_xml_file/load_xml_file.class.php | 2 +- .../move_updown_field.class.php | 2 +- .../move_updown_index.class.php | 2 +- .../move_updown_key/move_updown_key.class.php | 2 +- .../move_updown_statement.class.php | 2 +- .../move_updown_table.class.php | 2 +- .../actions/new_field/new_field.class.php | 2 +- .../actions/new_index/new_index.class.php | 2 +- admin/xmldb/actions/new_key/new_key.class.php | 2 +- .../new_sentence/new_sentence.class.php | 2 +- .../new_statement/new_statement.class.php | 2 +- .../actions/new_table/new_table.class.php | 2 +- .../new_table_from_mysql.class.php | 2 +- .../revert_changes/revert_changes.class.php | 2 +- .../save_xml_file/save_xml_file.class.php | 2 +- .../xmldb/actions/template/template.class.php | 2 +- .../unload_xml_file/unload_xml_file.class.php | 2 +- .../view_field_xml/view_field_xml.class.php | 2 +- .../view_index_xml/view_index_xml.class.php | 2 +- .../view_key_xml/view_key_xml.class.php | 2 +- .../view_statement_xml.class.php | 2 +- .../view_structure_php.class.php | 2 +- .../view_structure_sql.class.php | 2 +- .../view_structure_xml.class.php | 2 +- .../view_table_php/view_table_php.class.php | 2 +- .../view_table_sql/view_table_sql.class.php | 2 +- .../view_table_xml/view_table_xml.class.php | 2 +- .../xmldb/actions/view_xml/view_xml.class.php | 2 +- auth/db/auth.php | 3 +- auth/mnet/auth.php | 3 - backup/lib.php | 2 +- backup/restore_check.html | 4 +- backup/restorelib.php | 7 +-- blocks/search/config_global.html | 4 +- blog/edit.php | 2 +- calendar/event.php | 4 +- calendar/preferences.php | 2 +- course/category.php | 4 +- course/edit.php | 2 +- course/editcategory.php | 2 +- course/editsection.php | 2 +- course/format/topics/format.php | 2 +- course/format/weeks/format.php | 2 +- course/import/activities/index.php | 2 - course/import/groups/index.php | 4 +- course/importstudents.php | 4 +- course/index.php | 2 +- course/info.php | 2 - course/modedit.php | 4 +- course/pending.php | 3 - course/recent.php | 2 +- course/request.php | 2 +- course/reset.php | 2 +- course/search.php | 4 +- enrol/imsenterprise/enrol.php | 2 +- enrol/manual/enrol.php | 4 +- enrol/paypal/ipn.php | 1 - error/index.php | 2 +- files/index.php | 2 +- filter/tex/texdebug.php | 1 - grade/edit/letter/edit.php | 2 +- grade/edit/outcome/course.php | 2 +- grade/edit/outcome/edit.php | 2 +- grade/edit/outcome/index.php | 2 +- grade/edit/scale/edit.php | 2 +- grade/edit/settings/index.php | 2 +- grade/edit/tree/calculation.php | 4 +- grade/edit/tree/category.php | 2 +- grade/edit/tree/grade.php | 2 +- grade/edit/tree/item.php | 2 +- grade/edit/tree/outcomeitem.php | 2 +- grade/export/key.php | 2 +- grade/export/ods/index.php | 2 +- grade/export/txt/index.php | 2 +- grade/export/xls/index.php | 2 +- grade/export/xml/index.php | 2 +- grade/import/csv/index.php | 6 +- grade/import/key.php | 2 +- grade/import/xml/index.php | 2 +- grade/report/grader/ajax_callbacks.php | 2 +- grade/report/grader/index.php | 2 +- grade/report/grader/lib.php | 2 +- grade/report/grader/preferences.php | 2 +- group/assign.php | 2 +- group/autogroup.php | 6 +- group/members.php | 2 - index.php | 2 +- lib/adminlib.php | 6 +- lib/blocklib.php | 2 +- lib/datalib.php | 19 ------- lib/deprecatedlib.php | 14 ++++- lib/dml/mssql_adodb_moodle_database.php | 5 -- lib/dml/oci8po_adodb_moodle_database.php | 5 -- lib/dmllib.php | 42 +++++++------- lib/editor/htmlarea/coursefiles.php | 2 +- lib/editor/htmlarea/htmlarea.php | 9 +-- lib/editor/htmlarea/popups/preview.php | 2 +- lib/editor/tinymce/coursefiles.php | 2 +- .../tiny_mce/plugins/moodleimage/preview.php | 2 +- .../spellchecker/classes/SpellChecker.php | 4 +- lib/formslib.php | 44 ++++++-------- lib/grade/grade_object.php | 2 +- lib/moodlelib.php | 6 +- lib/questionlib.php | 4 +- lib/recaptchalib.php | 2 +- lib/searchlib.php | 2 +- lib/setup.php | 32 +++++------ lib/weblib.php | 57 ++----------------- login/change_password.php | 2 +- login/forgot_password.php | 2 +- login/index.php | 4 +- login/signup.php | 2 +- message/lib.php | 5 +- message/send.php | 2 +- mod/assignment/lib.php | 4 +- .../type/upload/assignment.class.php | 4 +- mod/chat/gui_header_js/insert.php | 2 +- mod/choice/lib.php | 2 +- mod/data/comment.php | 2 +- mod/data/edit.php | 2 +- mod/data/field.php | 4 +- mod/data/field/menu/field.class.php | 2 +- mod/data/templates.php | 2 +- mod/feedback/analysis_to_excel.php | 4 +- mod/feedback/complete.php | 4 +- mod/feedback/complete_guest.php | 4 +- mod/feedback/delete_template.php | 4 +- mod/feedback/edit.php | 2 +- mod/feedback/edit_item.php | 2 +- mod/feedback/import.php | 2 +- mod/feedback/item/captcha/lib.php | 4 +- mod/feedback/item/label/lib.php | 2 +- mod/feedback/item/multichoice/lib.php | 16 +++--- mod/feedback/item/multichoicerated/lib.php | 12 ++-- mod/feedback/item/numeric/lib.php | 6 +- mod/feedback/item/textarea/lib.php | 8 +-- mod/feedback/item/textfield/lib.php | 8 +-- mod/feedback/mapcourse.php | 2 +- mod/feedback/print.php | 2 +- mod/feedback/show_entries.php | 2 +- mod/feedback/show_entries_anonym.php | 2 +- mod/forum/lib.php | 8 +-- mod/forum/restorelib.php | 2 +- mod/forum/search.php | 4 +- mod/forum/subscribers.php | 2 +- mod/glossary/comment.php | 4 +- mod/glossary/edit.php | 2 +- mod/glossary/import.php | 8 +-- mod/glossary/rate.php | 2 +- mod/hotpot/attempt.php | 2 +- mod/hotpot/lib.php | 4 +- mod/hotpot/report/overview/report.php | 6 +- mod/hotpot/restorelib.php | 3 +- mod/lesson/action/continue.php | 9 ++- mod/lesson/action/insertpage.php | 6 +- mod/lesson/action/updatepage.php | 2 +- mod/lesson/essay.php | 12 ++-- mod/lesson/format.php | 2 +- mod/lesson/highscores.php | 2 +- mod/lesson/report.php | 4 +- mod/lesson/view.php | 2 +- mod/scorm/datamodels/scorm_12.js.php | 2 +- mod/scorm/datamodels/scorm_13.js.php | 4 +- mod/scorm/datamodels/scorm_13lib.php | 2 +- mod/scorm/datamodels/scormlib.php | 40 ++++++------- mod/survey/report.php | 2 - mod/survey/save.php | 2 +- mod/wiki/ewikimoodlelib.php | 2 +- mod/wiki/view.php | 12 +--- notes/add.php | 4 +- notes/delete.php | 2 +- notes/edit.php | 2 +- question/category_class.php | 2 +- question/comment.html | 2 +- question/format.php | 2 +- question/format/aiken/format.php | 4 +- question/format/blackboard/format.php | 40 ++++++------- question/format/blackboard_6/format.php | 34 +++++------ question/format/coursetestmanager/format.php | 24 ++++---- question/format/examview/format.php | 10 ++-- question/format/gift/format.php | 14 ++--- question/format/hotpot/format.php | 2 +- question/format/missingword/format.php | 8 +-- question/format/multianswer/format.php | 4 +- question/format/qti2/format.php | 2 +- question/format/webct/format.php | 12 ++-- question/format/xml/format.php | 10 ++-- question/type/essay/questiontype.php | 2 +- question/type/match/questiontype.php | 2 +- question/type/multichoice/questiontype.php | 6 +- question/type/numerical/questiontype.php | 2 +- question/type/questiontype.php | 6 +- question/type/shortanswer/questiontype.php | 4 +- sso/hive/login.php | 2 +- tag/edit.php | 2 +- tag/tag_autocomplete.php | 4 +- theme/chameleon/ui/ChameleonCSS.class.php | 2 +- user/edit.php | 4 +- user/editadvanced.php | 4 +- user/filters/lib.php | 4 +- user/messageselect.php | 4 +- user/profile/definelib.php | 2 +- 249 files changed, 498 insertions(+), 632 deletions(-) diff --git a/admin/auth_config.php b/admin/auth_config.php index 9e150a80b7661..4e0b2886eb784 100644 --- a/admin/auth_config.php +++ b/admin/auth_config.php @@ -18,7 +18,7 @@ $returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=manageauths"; // save configuration changes -if ($frm = data_submitted(false) and confirm_sesskey()) { +if ($frm = data_submitted() and confirm_sesskey()) { $authplugin->validate_form($frm, $err); diff --git a/admin/cliupgrade.php b/admin/cliupgrade.php index f54ed4a06bde7..a46ab6264b7a0 100644 --- a/admin/cliupgrade.php +++ b/admin/cliupgrade.php @@ -738,14 +738,6 @@ console_write(STDERR,"The PHP server variable 'file_uploads' is not turned On" ,'',false); } - if (empty($CFG->prefix) && $CFG->dbfamily != 'mysql') { //Enforce prefixes for everybody but mysql - console_write(STDERR,'$CFG->prefix can\'t be empty for your target DB (' . $CFG->dbtype . ')','',false); - } - - if ($CFG->dbfamily == 'oracle' && strlen($CFG->prefix) > 2) { //Max prefix length for Oracle is 2cc - console_write(STDERR,'$CFG->prefix maximum allowed length for Oracle DBs is 2cc.','',false); - } - /// Check that config.php has been edited if ($CFG->wwwroot == "http://example.com/moodle") { @@ -1193,9 +1185,9 @@ } $newsite = new Object(); - $newsite->fullname = addslashes($sitefullname); - $newsite->shortname = addslashes($siteshortname); - $newsite->summary = addslashes($sitesummary); + $newsite->fullname = $sitefullname; + $newsite->shortname = $siteshortname; + $newsite->summary = $sitesummary; $newsite->newsitems = $sitenewsitems; $newsite->numsections = 0; $newsite->category = 0; diff --git a/admin/enrol_config.php b/admin/enrol_config.php index f9fe5cedd9892..0ed836f733754 100644 --- a/admin/enrol_config.php +++ b/admin/enrol_config.php @@ -17,7 +17,7 @@ /// If data submitted, then process and store. - if ($frm = data_submitted(false)) { + if ($frm = data_submitted()) { if (!confirm_sesskey()) { print_error('confirmsesskeybad', 'error'); } diff --git a/admin/filter.php b/admin/filter.php index d9bb97988b0c0..3a3a697f5d1b3 100644 --- a/admin/filter.php +++ b/admin/filter.php @@ -27,7 +27,7 @@ //====================== // if reset pressed let filter config page handle it - if ($config = data_submitted(false) and !$forcereset) { + if ($config = data_submitted() and !$forcereset) { // check session key if (!confirm_sesskey()) { diff --git a/admin/lang.php b/admin/lang.php index 72c61055c8395..b9c98e0668491 100644 --- a/admin/lang.php +++ b/admin/lang.php @@ -1358,7 +1358,7 @@ function lang_help_save_file($helproot, $file, $content) { } error_reporting($CFG->debug); - fwrite($f, stripslashes($content)); + fwrite($f, $content); fclose($f); // Remove file if its empty diff --git a/admin/maintenance.php b/admin/maintenance.php index a4bfa1cdbc700..dc6729e890518 100644 --- a/admin/maintenance.php +++ b/admin/maintenance.php @@ -15,7 +15,7 @@ $filename = $CFG->dataroot.'/'.SITEID.'/maintenance.html'; - if ($form = data_submitted(false)) { + if ($form = data_submitted()) { if (confirm_sesskey()) { if ($form->action == "disable") { unlink($filename); diff --git a/admin/mnet/MethodTable.php b/admin/mnet/MethodTable.php index e5e4b390f8291..e9c4e6e344bbc 100644 --- a/admin/mnet/MethodTable.php +++ b/admin/mnet/MethodTable.php @@ -556,7 +556,7 @@ function showCode($methodTable){ if($key=="arguments"){ $result .= "array("; for($i=0; $iprofile = serialize($profile); - $dataobject->help = addslashes($details['description']); + $dataobject->help = $details['description']; } else { $dataobject->profile = serialize(array(array('type' => 'void', 'description' => 'No return value'))); $dataobject->help = ''; diff --git a/admin/mnet/enr_course_enrol.php b/admin/mnet/enr_course_enrol.php index bc43e9371a224..52dbae7442df5 100644 --- a/admin/mnet/enr_course_enrol.php +++ b/admin/mnet/enr_course_enrol.php @@ -50,7 +50,7 @@ /// Process incoming role assignment - if ($frm = data_submitted(false)) { + if ($frm = data_submitted()) { if ($add and !empty($frm->addselect) and confirm_sesskey()) { $timemodified = time(); diff --git a/admin/mnet/index.php b/admin/mnet/index.php index 321ee3593deb5..a281f1cec0960 100644 --- a/admin/mnet/index.php +++ b/admin/mnet/index.php @@ -37,7 +37,7 @@ } /// If data submitted, process and store - if (($form = data_submitted(false)) && confirm_sesskey()) { + if (($form = data_submitted()) && confirm_sesskey()) { if (!empty($form->submit) && $form->submit == get_string('savechanges')) { if (in_array($form->mode, array("off", "strict", "dangerous"))) { if (set_config('mnet_dispatcher_mode', $form->mode)) { diff --git a/admin/mnet/mnet_themes.php b/admin/mnet/mnet_themes.php index 180d8c33435b8..f566744af48f6 100644 --- a/admin/mnet/mnet_themes.php +++ b/admin/mnet/mnet_themes.php @@ -65,7 +65,7 @@ $report = array('This theme is not installed!'.'3', 'errorbox'); } else { $mnet_peer->force_theme = 1; - $mnet_peer->theme = addslashes($choose); + $mnet_peer->theme = $choose; if ($mnet_peer->commit()) { $report = array(get_string('themesaved').'1', 'informationbox'); } else { diff --git a/admin/replace.php b/admin/replace.php index f9dc986a02d02..4e8df42be21e6 100644 --- a/admin/replace.php +++ b/admin/replace.php @@ -10,9 +10,6 @@ $search = optional_param('search', '', PARAM_RAW); $replace = optional_param('replace', '', PARAM_RAW); -$search = stripslashes($search); // TODO: remove soon -$replace = stripslashes($replace); // TODO: remove soon - ################################################################### admin_externalpage_print_header(); diff --git a/admin/roles/allowoverride.php b/admin/roles/allowoverride.php index cb05671e4ba0f..eacc00d653961 100755 --- a/admin/roles/allowoverride.php +++ b/admin/roles/allowoverride.php @@ -20,7 +20,7 @@ $roles = get_all_roles(); - if ($grant = data_submitted(false)) { + if ($grant = data_submitted()) { foreach ($grant as $grole => $val) { if ($grole == 'dummy') { diff --git a/admin/roles/manage.php b/admin/roles/manage.php index e52236290cb77..254db546f46f5 100755 --- a/admin/roles/manage.php +++ b/admin/roles/manage.php @@ -14,9 +14,6 @@ $confirm = optional_param('confirm', 0, PARAM_BOOL); $cancel = optional_param('cancel', 0, PARAM_BOOL); - $name = stripslashes($name); - $description = stripslashes($description); - $sitecontext = get_context_instance(CONTEXT_SYSTEM); require_capability('moodle/role:manage', $sitecontext); @@ -56,7 +53,7 @@ /// form processing, editing a role, adding a role, deleting a role etc. switch ($action) { case 'add': - if ($data = data_submitted(false) and confirm_sesskey()) { + if ($data = data_submitted() and confirm_sesskey()) { $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters $legacytype = required_param('legacytype', PARAM_RAW); @@ -133,7 +130,7 @@ break; case 'edit': - if ($data = data_submitted(false) and confirm_sesskey()) { + if ($data = data_submitted() and confirm_sesskey()) { $shortname = moodle_strtolower(clean_param(clean_filename($shortname), PARAM_SAFEDIR)); // only lowercase safe ASCII characters $legacytype = required_param('legacytype', PARAM_RAW); diff --git a/admin/roles/override.php b/admin/roles/override.php index 72359f73d6e30..bdd55f6056d8b 100755 --- a/admin/roles/override.php +++ b/admin/roles/override.php @@ -75,7 +75,7 @@ $capabilities = fetch_context_capabilities($context); /// Process incoming role override - if ($data = data_submitted(false) and $roleid and confirm_sesskey()) { + if ($data = data_submitted() and $roleid and confirm_sesskey()) { $allowed_values = array(CAP_INHERIT, CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT); $localoverrides = $DB->get_records_select('role_capabilities', "roleid = ? AND contextid = ?", array($roleid, $context->id), diff --git a/admin/search.php b/admin/search.php index a8ee38ba2fb7c..f3b5557522afa 100644 --- a/admin/search.php +++ b/admin/search.php @@ -7,8 +7,6 @@ $query = trim(optional_param('query', '', PARAM_NOTAGS)); // Search string -$query = stripslashes($query); // TODO: remove soon - $adminroot =& admin_get_root(); // need all settings here $adminroot->search = $query; // So we can reference it in search boxes later in this invocation $statusmsg = ''; @@ -18,7 +16,7 @@ admin_externalpage_setup('search'); // now hidden page // now we'll deal with the case that the admin has submitted the form with changed settings -if ($data = data_submitted(false) and confirm_sesskey()) { +if ($data = data_submitted() and confirm_sesskey()) { if (admin_write_settings($data)) { $statusmsg = get_string('changessaved'); } diff --git a/admin/settings.php b/admin/settings.php index d0f771f77b849..1ee435828488e 100644 --- a/admin/settings.php +++ b/admin/settings.php @@ -31,7 +31,7 @@ $errormsg = ''; $focus = ''; -if ($data = data_submitted(false) and confirm_sesskey()) { +if ($data = data_submitted() and confirm_sesskey()) { if (admin_write_settings($data)) { $statusmsg = get_string('changessaved'); } diff --git a/admin/upgradesettings.php b/admin/upgradesettings.php index 6d4d5e10fa4cc..65fbf3c4cb1ea 100644 --- a/admin/upgradesettings.php +++ b/admin/upgradesettings.php @@ -15,7 +15,7 @@ admin_externalpage_setup('upgradesettings'); // now hidden page // now we'll deal with the case that the admin has submitted the form with new settings -if ($data = data_submitted(false) and confirm_sesskey()) { +if ($data = data_submitted() and confirm_sesskey()) { $count = admin_write_settings($data); $adminroot =& admin_get_root(true); //reload tree } diff --git a/admin/uploadpicture.php b/admin/uploadpicture.php index e9e82d9682043..e8122bf6f1987 100644 --- a/admin/uploadpicture.php +++ b/admin/uploadpicture.php @@ -62,7 +62,7 @@ print_heading_with_help($struploadpictures, 'uploadpictures'); $mform = new admin_uploadpicture_form(); -if ($formdata = $mform->get_data(false)) { +if ($formdata = $mform->get_data()) { if (!array_key_exists($userfield, $userfields)) { notify(get_string('uploadpicture_baduserfield','admin')); } else { diff --git a/admin/uploaduser.php b/admin/uploaduser.php index ba81acf10ec69..1a83c4a4da65a 100755 --- a/admin/uploaduser.php +++ b/admin/uploaduser.php @@ -125,7 +125,7 @@ $cir->cleanup(true); redirect($returnurl); -} else if ($formdata = $mform->get_data(false)) { // no magic quotes here!!! +} else if ($formdata = $mform->get_data()) { // Print the header admin_externalpage_print_header(); print_heading(get_string('uploadusersresult', 'admin')); diff --git a/admin/user/user_bulk.php b/admin/user/user_bulk.php index ae13d7c92941f..acd9a4f60fc15 100755 --- a/admin/user/user_bulk.php +++ b/admin/user/user_bulk.php @@ -16,7 +16,7 @@ // array of bulk operations // create the bulk operations form $action_form = new user_bulk_action_form(); -if ($data = $action_form->get_data(false)) { +if ($data = $action_form->get_data()) { // check if an action should be performed and do so switch ($data->action) { case 1: redirect($CFG->wwwroot.'/'.$CFG->admin.'/user/user_bulk_confirm.php'); @@ -29,7 +29,7 @@ $user_bulk_form = new user_bulk_form(null, get_selection_data($ufiltering)); -if ($data = $user_bulk_form->get_data(false)) { +if ($data = $user_bulk_form->get_data()) { if (!empty($data->addall)) { add_selection_all($ufiltering); diff --git a/admin/user/user_bulk_confirm.php b/admin/user/user_bulk_confirm.php index 163623effd3e8..df433f7d1b526 100755 --- a/admin/user/user_bulk_confirm.php +++ b/admin/user/user_bulk_confirm.php @@ -29,7 +29,7 @@ continue; } $auth = get_auth_plugin($user->auth); - $result = $auth->user_confirm(addslashes($user->username), addslashes($user->secret)); + $result = $auth->user_confirm($user->username, $user->secret); if ($result != AUTH_CONFIRM_OK && $result != AUTH_CONFIRM_ALREADY) { notify(get_string('usernotconfirmed', '', fullname($user, true))); } diff --git a/admin/user/user_bulk_message.php b/admin/user/user_bulk_message.php index bac02b6c7146d..4c7f2d54c36ab 100755 --- a/admin/user/user_bulk_message.php +++ b/admin/user/user_bulk_message.php @@ -43,7 +43,7 @@ if ($msgform->is_cancelled()) { redirect($return); -} else if ($formdata = $msgform->get_data(false)) { +} else if ($formdata = $msgform->get_data()) { $options = new object(); $options->para = false; $options->newlines = true; diff --git a/admin/xmldb/actions/XMLDBAction.class.php b/admin/xmldb/actions/XMLDBAction.class.php index c1eaa9364bc1c..201e67621f612 100644 --- a/admin/xmldb/actions/XMLDBAction.class.php +++ b/admin/xmldb/actions/XMLDBAction.class.php @@ -140,7 +140,7 @@ function invoke() { /// If we are used any dir, save it in the lastused session object /// Some actions can use it to perform positioning if ($lastused = optional_param ('dir', NULL, PARAM_PATH)) { - $SESSION->lastused = stripslashes_safe($lastused); + $SESSION->lastused = $lastused; } $this->postaction = optional_param ('postaction', NULL, PARAM_ALPHAEXT); diff --git a/admin/xmldb/actions/create_xml_file/create_xml_file.class.php b/admin/xmldb/actions/create_xml_file/create_xml_file.class.php index f4fa4870f5367..03f36b88edc7a 100644 --- a/admin/xmldb/actions/create_xml_file/create_xml_file.class.php +++ b/admin/xmldb/actions/create_xml_file/create_xml_file.class.php @@ -66,7 +66,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $file = $dirpath . '/install.xml'; /// Some variables diff --git a/admin/xmldb/actions/delete_field/delete_field.class.php b/admin/xmldb/actions/delete_field/delete_field.class.php index 1cda159f9a392..57ad55ecc3cff 100644 --- a/admin/xmldb/actions/delete_field/delete_field.class.php +++ b/admin/xmldb/actions/delete_field/delete_field.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = required_param('table', PARAM_CLEAN); $fieldparam = required_param('field', PARAM_CLEAN); diff --git a/admin/xmldb/actions/delete_index/delete_index.class.php b/admin/xmldb/actions/delete_index/delete_index.class.php index 8d125c6b1412c..d9ff4e3610b47 100644 --- a/admin/xmldb/actions/delete_index/delete_index.class.php +++ b/admin/xmldb/actions/delete_index/delete_index.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = required_param('table', PARAM_PATH); $indexparam = required_param('index', PARAM_PATH); diff --git a/admin/xmldb/actions/delete_key/delete_key.class.php b/admin/xmldb/actions/delete_key/delete_key.class.php index b5c5f53150d22..f6bfa878ff056 100644 --- a/admin/xmldb/actions/delete_key/delete_key.class.php +++ b/admin/xmldb/actions/delete_key/delete_key.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = required_param('table', PARAM_PATH); $keyparam = required_param('key', PARAM_PATH); diff --git a/admin/xmldb/actions/delete_sentence/delete_sentence.class.php b/admin/xmldb/actions/delete_sentence/delete_sentence.class.php index 41d7a65968a25..6b6a8bbae6729 100644 --- a/admin/xmldb/actions/delete_sentence/delete_sentence.class.php +++ b/admin/xmldb/actions/delete_sentence/delete_sentence.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $statementparam = required_param('statement', PARAM_CLEAN); $sentenceparam = required_param('sentence', PARAM_INT); diff --git a/admin/xmldb/actions/delete_statement/delete_statement.class.php b/admin/xmldb/actions/delete_statement/delete_statement.class.php index 434b13e48ee8b..95f6149a89359 100644 --- a/admin/xmldb/actions/delete_statement/delete_statement.class.php +++ b/admin/xmldb/actions/delete_statement/delete_statement.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $statementparam = required_param('statement', PARAM_CLEAN); $confirmed = optional_param('confirmed', false, PARAM_BOOL); diff --git a/admin/xmldb/actions/delete_table/delete_table.class.php b/admin/xmldb/actions/delete_table/delete_table.class.php index 629eda4d8461b..b03d01f1e612f 100644 --- a/admin/xmldb/actions/delete_table/delete_table.class.php +++ b/admin/xmldb/actions/delete_table/delete_table.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = required_param('table', PARAM_CLEAN); $confirmed = optional_param('confirmed', false, PARAM_BOOL); diff --git a/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php b/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php index 0a21ad79f2ca9..7a4d56f3a8287 100644 --- a/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php +++ b/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_CLEAN); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $confirmed = optional_param('confirmed', false, PARAM_BOOL); diff --git a/admin/xmldb/actions/edit_field/edit_field.class.php b/admin/xmldb/actions/edit_field/edit_field.class.php index 04d79469ef7ac..78f8812905d19 100644 --- a/admin/xmldb/actions/edit_field/edit_field.class.php +++ b/admin/xmldb/actions/edit_field/edit_field.class.php @@ -66,7 +66,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/edit_field_save/edit_field_save.class.php b/admin/xmldb/actions/edit_field_save/edit_field_save.class.php index 512b6c7c08c74..7a842fa85a4b3 100644 --- a/admin/xmldb/actions/edit_field_save/edit_field_save.class.php +++ b/admin/xmldb/actions/edit_field_save/edit_field_save.class.php @@ -75,20 +75,20 @@ function invoke() { /// Do the job, setting result as needed - if (!data_submitted('nomatch')) { ///Basic prevention + if (!data_submitted()) { ///Basic prevention print_error('wrongcall', 'error'); } /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = strtolower(required_param('table', PARAM_PATH)); $fieldparam = strtolower(required_param('field', PARAM_PATH)); $name = substr(trim(strtolower(optional_param('name', $fieldparam, PARAM_PATH))),0,30); $comment = required_param('comment', PARAM_CLEAN); - $comment = trim(stripslashes_safe($comment)); + $comment = trim($comment); $type = required_param('type', PARAM_INT); $length = strtolower(optional_param('length', NULL, PARAM_ALPHANUM)); @@ -98,9 +98,9 @@ function invoke() { $sequence = optional_param('sequence', false, PARAM_BOOL); $enum = optional_param('enum', false, PARAM_BOOL); $enumvalues = optional_param('enumvalues', 0, PARAM_CLEAN); - $enumvalues = trim(stripslashes_safe($enumvalues)); + $enumvalues = trim($enumvalues); $default = optional_param('default', NULL, PARAM_PATH); - $default = trim(stripslashes_safe($default)); + $default = trim($default); $editeddir =& $XMLDB->editeddirs[$dirpath]; $structure =& $editeddir->xml_file->getStructure(); diff --git a/admin/xmldb/actions/edit_index/edit_index.class.php b/admin/xmldb/actions/edit_index/edit_index.class.php index 7422b2311f51b..9ba4588f3d7f0 100644 --- a/admin/xmldb/actions/edit_index/edit_index.class.php +++ b/admin/xmldb/actions/edit_index/edit_index.class.php @@ -66,7 +66,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/edit_index_save/edit_index_save.class.php b/admin/xmldb/actions/edit_index_save/edit_index_save.class.php index 4d8f13942b351..6a047f956c121 100644 --- a/admin/xmldb/actions/edit_index_save/edit_index_save.class.php +++ b/admin/xmldb/actions/edit_index_save/edit_index_save.class.php @@ -69,24 +69,24 @@ function invoke() { /// Do the job, setting result as needed - if (!data_submitted('nomatch')) { ///Basic prevention + if (!data_submitted()) { ///Basic prevention print_error('wrongcall', 'error'); } /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = strtolower(required_param('table', PARAM_PATH)); $indexparam = strtolower(required_param('index', PARAM_PATH)); $name = trim(strtolower(optional_param('name', $indexparam, PARAM_PATH))); $comment = required_param('comment', PARAM_CLEAN); - $comment = trim(stripslashes_safe($comment)); + $comment = trim($comment); $unique = required_param('unique', PARAM_INT); $fields = required_param('fields', PARAM_CLEAN); - $fields = str_replace(' ', '', trim(strtolower(stripslashes_safe($fields)))); + $fields = str_replace(' ', '', trim(strtolower($fields))); $editeddir =& $XMLDB->editeddirs[$dirpath]; $structure =& $editeddir->xml_file->getStructure(); diff --git a/admin/xmldb/actions/edit_key/edit_key.class.php b/admin/xmldb/actions/edit_key/edit_key.class.php index 7858711939e27..085fd719968d8 100644 --- a/admin/xmldb/actions/edit_key/edit_key.class.php +++ b/admin/xmldb/actions/edit_key/edit_key.class.php @@ -66,7 +66,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/edit_key_save/edit_key_save.class.php b/admin/xmldb/actions/edit_key_save/edit_key_save.class.php index 3f3ef0af31560..3e97985a3c99b 100644 --- a/admin/xmldb/actions/edit_key_save/edit_key_save.class.php +++ b/admin/xmldb/actions/edit_key_save/edit_key_save.class.php @@ -75,30 +75,30 @@ function invoke() { /// Do the job, setting result as needed - if (!data_submitted('nomatch')) { ///Basic prevention + if (!data_submitted()) { ///Basic prevention print_error('wrongcall', 'error'); } /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = strtolower(required_param('table', PARAM_PATH)); $keyparam = strtolower(required_param('key', PARAM_PATH)); $name = trim(strtolower(optional_param('name', $keyparam, PARAM_PATH))); $comment = required_param('comment', PARAM_CLEAN); - $comment = trim(stripslashes_safe($comment)); + $comment = trim($comment); $type = required_param('type', PARAM_INT); $fields = required_param('fields', PARAM_CLEAN); - $fields = str_replace(' ', '', trim(strtolower(stripslashes_safe($fields)))); + $fields = str_replace(' ', '', trim(strtolower($fields))); if ($type == XMLDB_KEY_FOREIGN || $type == XMLDB_KEY_FOREIGN_UNIQUE) { $reftable = trim(strtolower(required_param('reftable', PARAM_PATH))); $reffields= required_param('reffields', PARAM_CLEAN); - $reffields = str_replace(' ', '', trim(strtolower(stripslashes_safe($reffields)))); + $reffields = str_replace(' ', '', trim(strtolower($reffields))); } $editeddir =& $XMLDB->editeddirs[$dirpath]; diff --git a/admin/xmldb/actions/edit_sentence/edit_sentence.class.php b/admin/xmldb/actions/edit_sentence/edit_sentence.class.php index d72d1699a8dc4..c8240ea33e8ff 100644 --- a/admin/xmldb/actions/edit_sentence/edit_sentence.class.php +++ b/admin/xmldb/actions/edit_sentence/edit_sentence.class.php @@ -64,7 +64,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php b/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php index 8903d4f17754c..3eb5a292e594d 100644 --- a/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php +++ b/admin/xmldb/actions/edit_sentence_save/edit_sentence_save.class.php @@ -67,15 +67,15 @@ function invoke() { /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $statementparam = strtolower(required_param('statement', PARAM_CLEAN)); $sentenceparam = strtolower(required_param('sentence', PARAM_ALPHANUM)); $fields = required_param('fields', PARAM_CLEAN); - $fields = trim(stripslashes_safe($fields)); + $fields = trim($fields); $values = required_param('values', PARAM_CLEAN); - $values = trim(stripslashes_safe($values)); + $values = trim($values); $editeddir =& $XMLDB->editeddirs[$dirpath]; $structure =& $editeddir->xml_file->getStructure(); diff --git a/admin/xmldb/actions/edit_statement/edit_statement.class.php b/admin/xmldb/actions/edit_statement/edit_statement.class.php index f1c386461c739..7851041c92012 100644 --- a/admin/xmldb/actions/edit_statement/edit_statement.class.php +++ b/admin/xmldb/actions/edit_statement/edit_statement.class.php @@ -69,7 +69,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php b/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php index 16199a5a4c53f..f6b2f92fea1f4 100644 --- a/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php +++ b/admin/xmldb/actions/edit_statement_save/edit_statement_save.class.php @@ -64,12 +64,12 @@ function invoke() { /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $statementparam = strtolower(required_param('statement', PARAM_CLEAN)); $name = trim(strtolower(required_param('name', PARAM_CLEAN))); $comment = required_param('comment', PARAM_CLEAN); - $comment = stripslashes_safe($comment); + $comment = $comment; $editeddir =& $XMLDB->editeddirs[$dirpath]; $structure =& $editeddir->xml_file->getStructure(); diff --git a/admin/xmldb/actions/edit_table/edit_table.class.php b/admin/xmldb/actions/edit_table/edit_table.class.php index d45937b05fbbb..90b4396ae95bd 100644 --- a/admin/xmldb/actions/edit_table/edit_table.class.php +++ b/admin/xmldb/actions/edit_table/edit_table.class.php @@ -77,7 +77,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/edit_table_save/edit_table_save.class.php b/admin/xmldb/actions/edit_table_save/edit_table_save.class.php index 329ca3d02ac30..72868f4362637 100644 --- a/admin/xmldb/actions/edit_table_save/edit_table_save.class.php +++ b/admin/xmldb/actions/edit_table_save/edit_table_save.class.php @@ -65,18 +65,18 @@ function invoke() { /// Do the job, setting result as needed - if (!data_submitted('nomatch')) { ///Basic prevention + if (!data_submitted()) { ///Basic prevention print_error('wrongcall', 'error'); } /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = strtolower(required_param('table', PARAM_PATH)); $name = substr(trim(strtolower(required_param('name', PARAM_PATH))),0,28); $comment = required_param('comment', PARAM_CLEAN); - $comment = stripslashes_safe($comment); + $comment = $comment; $editeddir =& $XMLDB->editeddirs[$dirpath]; $structure =& $editeddir->xml_file->getStructure(); diff --git a/admin/xmldb/actions/edit_xml_file/edit_xml_file.class.php b/admin/xmldb/actions/edit_xml_file/edit_xml_file.class.php index ef2a5bbd27d23..98e60cf1bc298 100644 --- a/admin/xmldb/actions/edit_xml_file/edit_xml_file.class.php +++ b/admin/xmldb/actions/edit_xml_file/edit_xml_file.class.php @@ -78,7 +78,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/edit_xml_file_save/edit_xml_file_save.class.php b/admin/xmldb/actions/edit_xml_file_save/edit_xml_file_save.class.php index 67354a6e560c4..dc4b1ba4e6535 100644 --- a/admin/xmldb/actions/edit_xml_file_save/edit_xml_file_save.class.php +++ b/admin/xmldb/actions/edit_xml_file_save/edit_xml_file_save.class.php @@ -61,16 +61,16 @@ function invoke() { /// Do the job, setting result as needed - if (!data_submitted('nomatch')) { ///Basic prevention + if (!data_submitted()) { ///Basic prevention print_error('wrongcall', 'error'); } /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $comment = required_param('comment', PARAM_CLEAN); - $comment = stripslashes_safe($comment); + $comment = $comment; /// Set comment and recalculate hash $editeddir =& $XMLDB->editeddirs[$dirpath]; diff --git a/admin/xmldb/actions/load_xml_file/load_xml_file.class.php b/admin/xmldb/actions/load_xml_file/load_xml_file.class.php index c672d29cf15f1..a67bad52a4029 100644 --- a/admin/xmldb/actions/load_xml_file/load_xml_file.class.php +++ b/admin/xmldb/actions/load_xml_file/load_xml_file.class.php @@ -66,7 +66,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/move_updown_field/move_updown_field.class.php b/admin/xmldb/actions/move_updown_field/move_updown_field.class.php index 9228fb9d9e130..72f14266913f7 100644 --- a/admin/xmldb/actions/move_updown_field/move_updown_field.class.php +++ b/admin/xmldb/actions/move_updown_field/move_updown_field.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/move_updown_index/move_updown_index.class.php b/admin/xmldb/actions/move_updown_index/move_updown_index.class.php index 5846078158038..397c595c3d5b1 100644 --- a/admin/xmldb/actions/move_updown_index/move_updown_index.class.php +++ b/admin/xmldb/actions/move_updown_index/move_updown_index.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/move_updown_key/move_updown_key.class.php b/admin/xmldb/actions/move_updown_key/move_updown_key.class.php index bf5bb3d5f45e5..c1019aa3743b1 100644 --- a/admin/xmldb/actions/move_updown_key/move_updown_key.class.php +++ b/admin/xmldb/actions/move_updown_key/move_updown_key.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php b/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php index fe1910f97bc03..10a954b0c339e 100644 --- a/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php +++ b/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/move_updown_table/move_updown_table.class.php b/admin/xmldb/actions/move_updown_table/move_updown_table.class.php index 25f3911e09a70..7470a0c668cc7 100644 --- a/admin/xmldb/actions/move_updown_table/move_updown_table.class.php +++ b/admin/xmldb/actions/move_updown_table/move_updown_table.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_field/new_field.class.php b/admin/xmldb/actions/new_field/new_field.class.php index 5203481ec131b..54aa82a681a91 100644 --- a/admin/xmldb/actions/new_field/new_field.class.php +++ b/admin/xmldb/actions/new_field/new_field.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_index/new_index.class.php b/admin/xmldb/actions/new_index/new_index.class.php index 559d328ee3c2e..47443b146c6a9 100644 --- a/admin/xmldb/actions/new_index/new_index.class.php +++ b/admin/xmldb/actions/new_index/new_index.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_key/new_key.class.php b/admin/xmldb/actions/new_key/new_key.class.php index 78a57ae1bb5c6..bead9052e5e91 100644 --- a/admin/xmldb/actions/new_key/new_key.class.php +++ b/admin/xmldb/actions/new_key/new_key.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_sentence/new_sentence.class.php b/admin/xmldb/actions/new_sentence/new_sentence.class.php index 234e963e40fa6..b6deaaa6ff18b 100644 --- a/admin/xmldb/actions/new_sentence/new_sentence.class.php +++ b/admin/xmldb/actions/new_sentence/new_sentence.class.php @@ -64,7 +64,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_statement/new_statement.class.php b/admin/xmldb/actions/new_statement/new_statement.class.php index 6aaab2fb2cde9..982d55e0a913c 100644 --- a/admin/xmldb/actions/new_statement/new_statement.class.php +++ b/admin/xmldb/actions/new_statement/new_statement.class.php @@ -65,7 +65,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_table/new_table.class.php b/admin/xmldb/actions/new_table/new_table.class.php index 4aae8e5b53eff..c02a8bbf45154 100644 --- a/admin/xmldb/actions/new_table/new_table.class.php +++ b/admin/xmldb/actions/new_table/new_table.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php b/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php index 4721818d10589..ca25a8b3eef5a 100644 --- a/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php +++ b/admin/xmldb/actions/new_table_from_mysql/new_table_from_mysql.class.php @@ -65,7 +65,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/revert_changes/revert_changes.class.php b/admin/xmldb/actions/revert_changes/revert_changes.class.php index 0a7fd71de6e62..7046f07012467 100644 --- a/admin/xmldb/actions/revert_changes/revert_changes.class.php +++ b/admin/xmldb/actions/revert_changes/revert_changes.class.php @@ -64,7 +64,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $confirmed = optional_param('confirmed', false, PARAM_BOOL); diff --git a/admin/xmldb/actions/save_xml_file/save_xml_file.class.php b/admin/xmldb/actions/save_xml_file/save_xml_file.class.php index 8ca105834189c..c42ad85b1f9e3 100644 --- a/admin/xmldb/actions/save_xml_file/save_xml_file.class.php +++ b/admin/xmldb/actions/save_xml_file/save_xml_file.class.php @@ -62,7 +62,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the edited dir if (!empty($XMLDB->editeddirs)) { diff --git a/admin/xmldb/actions/template/template.class.php b/admin/xmldb/actions/template/template.class.php index a2ddae101f445..f139fabfbf039 100644 --- a/admin/xmldb/actions/template/template.class.php +++ b/admin/xmldb/actions/template/template.class.php @@ -62,7 +62,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php b/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php index 8640f4d9ef233..a12ae587c664b 100644 --- a/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php +++ b/admin/xmldb/actions/unload_xml_file/unload_xml_file.class.php @@ -63,7 +63,7 @@ function invoke() { /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the original dir and delete some elements if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/view_field_xml/view_field_xml.class.php b/admin/xmldb/actions/view_field_xml/view_field_xml.class.php index 1ff0a36c57b4d..f46fca549fb47 100644 --- a/admin/xmldb/actions/view_field_xml/view_field_xml.class.php +++ b/admin/xmldb/actions/view_field_xml/view_field_xml.class.php @@ -66,7 +66,7 @@ function invoke() { $select = required_param('select', PARAM_ALPHA); //original/edited /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if ($select == 'original') { diff --git a/admin/xmldb/actions/view_index_xml/view_index_xml.class.php b/admin/xmldb/actions/view_index_xml/view_index_xml.class.php index 0ff21bc657938..9ade23d3301e5 100644 --- a/admin/xmldb/actions/view_index_xml/view_index_xml.class.php +++ b/admin/xmldb/actions/view_index_xml/view_index_xml.class.php @@ -66,7 +66,7 @@ function invoke() { $select = required_param('select', PARAM_ALPHA); //original/edited /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if ($select == 'original') { diff --git a/admin/xmldb/actions/view_key_xml/view_key_xml.class.php b/admin/xmldb/actions/view_key_xml/view_key_xml.class.php index 278091356449a..a973a96dc8c1e 100644 --- a/admin/xmldb/actions/view_key_xml/view_key_xml.class.php +++ b/admin/xmldb/actions/view_key_xml/view_key_xml.class.php @@ -66,7 +66,7 @@ function invoke() { $select = required_param('select', PARAM_ALPHA); //original/edited /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if ($select == 'original') { diff --git a/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php b/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php index fc9d60e8163f4..16b0fa3ef8bbe 100644 --- a/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php +++ b/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php @@ -65,7 +65,7 @@ function invoke() { $select = required_param('select', PARAM_ALPHA); //original/edited /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if ($select == 'original') { diff --git a/admin/xmldb/actions/view_structure_php/view_structure_php.class.php b/admin/xmldb/actions/view_structure_php/view_structure_php.class.php index feb47f82adc02..8e1efb9d67421 100644 --- a/admin/xmldb/actions/view_structure_php/view_structure_php.class.php +++ b/admin/xmldb/actions/view_structure_php/view_structure_php.class.php @@ -65,7 +65,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php b/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php index a49483abe2bad..97044ce88cb20 100644 --- a/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php +++ b/admin/xmldb/actions/view_structure_sql/view_structure_sql.class.php @@ -64,7 +64,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php b/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php index 91511095fdf12..80ff3b06530bc 100644 --- a/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php +++ b/admin/xmldb/actions/view_structure_xml/view_structure_xml.class.php @@ -64,7 +64,7 @@ function invoke() { $select = required_param('select', PARAM_ALPHA); //original/edited /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if ($select == 'original') { diff --git a/admin/xmldb/actions/view_table_php/view_table_php.class.php b/admin/xmldb/actions/view_table_php/view_table_php.class.php index c0f7da7fd2217..5851fda01b71e 100644 --- a/admin/xmldb/actions/view_table_php/view_table_php.class.php +++ b/admin/xmldb/actions/view_table_php/view_table_php.class.php @@ -71,7 +71,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/view_table_sql/view_table_sql.class.php b/admin/xmldb/actions/view_table_sql/view_table_sql.class.php index e583b7d7230b6..5089a2554d215 100644 --- a/admin/xmldb/actions/view_table_sql/view_table_sql.class.php +++ b/admin/xmldb/actions/view_table_sql/view_table_sql.class.php @@ -64,7 +64,7 @@ function invoke() { /// Do the job, setting result as needed /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dirs if (!empty($XMLDB->dbdirs)) { diff --git a/admin/xmldb/actions/view_table_xml/view_table_xml.class.php b/admin/xmldb/actions/view_table_xml/view_table_xml.class.php index 56016c7d55d28..8f997d259ed8e 100644 --- a/admin/xmldb/actions/view_table_xml/view_table_xml.class.php +++ b/admin/xmldb/actions/view_table_xml/view_table_xml.class.php @@ -65,7 +65,7 @@ function invoke() { $select = required_param('select', PARAM_ALPHA); //original/edited /// Get the dir containing the file $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; /// Get the correct dir if ($select == 'original') { diff --git a/admin/xmldb/actions/view_xml/view_xml.class.php b/admin/xmldb/actions/view_xml/view_xml.class.php index d3be196aea3b5..b1354a3098673 100644 --- a/admin/xmldb/actions/view_xml/view_xml.class.php +++ b/admin/xmldb/actions/view_xml/view_xml.class.php @@ -65,7 +65,7 @@ function invoke() { /// Get the file parameter $file = required_param('file', PARAM_PATH); - $file = $CFG->dirroot . stripslashes_safe($file); + $file = $CFG->dirroot . $file; /// File must be under $CFG->wwwroot and /// under one db directory (simple protection) if (substr($file, 0, strlen($CFG->dirroot)) == $CFG->dirroot && diff --git a/auth/db/auth.php b/auth/db/auth.php index c6398d4a26696..a09ba11ab0a8d 100644 --- a/auth/db/auth.php +++ b/auth/db/auth.php @@ -229,7 +229,7 @@ function sync_users($do_updates=false) { /// list external users $userlist = $this->get_userlist(); - $quoteduserlist = implode("', '", addslashes_recursive($userlist)); + $quoteduserlist = implode("', '", $userlist); $quoteduserlist = "'$quoteduserlist'"; /// delete obsolete internal users @@ -667,7 +667,6 @@ function process_config($config) { $config->changepasswordurl = ''; } - $config = stripslashes_recursive($config); // save settings set_config('host', $config->host, 'auth/db'); set_config('type', $config->type, 'auth/db'); diff --git a/auth/mnet/auth.php b/auth/mnet/auth.php index 06667243c48f3..5859c07f4240f 100644 --- a/auth/mnet/auth.php +++ b/auth/mnet/auth.php @@ -906,9 +906,6 @@ function keepalive_server($array) { global $MNET_REMOTE_CLIENT, $CFG, $DB; $CFG->usesid = true; - // Addslashes to all usernames, so we can build the query string real - // simply with 'implode' - $array = array_map('addslashes', $array); // We don't want to output anything to the client machine $start = ob_start(); diff --git a/backup/lib.php b/backup/lib.php index 9a42e410d0616..538757ccd4b7e 100644 --- a/backup/lib.php +++ b/backup/lib.php @@ -463,7 +463,7 @@ function backup_putid($backup_unique_code, $table, $old_id, $new_id, $info="") { //Set info_to save $info_to_save = "infile"; } else { - //Saving to db, addslashes + //Saving to db $info_to_save = $info_ser; } diff --git a/backup/restore_check.html b/backup/restore_check.html index 429e410c517bc..17b2357d5947e 100644 --- a/backup/restore_check.html +++ b/backup/restore_check.html @@ -21,8 +21,8 @@ if ($form1 = data_submitted()) { $currentcourseshortname = $course_header->course_shortname; //"store_ShortName"; - $course_header->course_shortname = stripslashes_safe($form1->shortname); //"update_ShortName"; - $course_header->course_fullname = stripslashes_safe($form1->fullname); //"update_FullName"; + $course_header->course_shortname = $form1->shortname; //"update_ShortName"; + $course_header->course_fullname = $form1->fullname; //"update_FullName"; /// Roll dates only if the backup course has a start date /// (some formats like main page, social..., haven't it and rolling dates /// from 0 produces crazy dates. MDL-10125 diff --git a/backup/restorelib.php b/backup/restorelib.php index 0b9fac102ddaf..f3543c5c46e30 100644 --- a/backup/restorelib.php +++ b/backup/restorelib.php @@ -688,7 +688,7 @@ function restore_create_new_course($restore,&$course_header) { $course->fullname = $course_header->course_fullname; $course->shortname = $course_header->course_shortname; $course->idnumber = $course_header->course_idnumber; - $course->idnumber = ''; //addslashes($course_header->course_idnumber); // we don't want this at all. + $course->idnumber = ''; //$course_header->course_idnumber; // we don't want this at all. $course->summary = backup_todb($course_header->course_summary); $course->format = $course_header->course_format; $course->showgrades = $course_header->course_showgrades; @@ -701,7 +701,7 @@ function restore_create_new_course($restore,&$course_header) { $course->startdate = $course_header->course_startdate; $course->startdate += $restore->course_startdateoffset; $course->numsections = $course_header->course_numsections; - //$course->showrecent = addslashes($course_header->course_showrecent); INFO: This is out in 1.3 + //$course->showrecent = $course_header->course_showrecent; INFO: This is out in 1.3 $course->maxbytes = $course_header->course_maxbytes; $course->showreports = $course_header->course_showreports; if (isset($course_header->course_groupmode)) { @@ -2491,7 +2491,6 @@ function restore_create_users($restore,$xml_file) { //Unset the id because it's going to be inserted with a new one unset ($user->id); // relink the descriptions - $user->description = stripslashes($user->description); /// Disable pictures based on global setting or existing empty value (old backups can contain wrong empties) if (!empty($CFG->disableuserimages) || empty($user->picture)) { @@ -8205,7 +8204,7 @@ function restore_open_html($restore,$course_header) { fwrite ($restorelog_file,"".$course_header->course_shortname." Restored "); fwrite ($restorelog_file,"

The following changes were made during the Restoration of this Course.



"); fwrite ($restorelog_file,"The Course ShortName is now - ".$course_header->course_shortname." The FullName is now - ".$course_header->course_fullname."

"); - $startdate = addslashes($course_header->course_startdate); + $startdate = $course_header->course_startdate; $date = usergetdate($startdate); fwrite ($restorelog_file,"The Originating Courses Start Date was " .$date['weekday'].", ".$date['mday']." ".$date['month']." ".$date['year'].""); $startdate += $restore->course_startdateoffset; diff --git a/blocks/search/config_global.html b/blocks/search/config_global.html index dd694c207a9e3..6e742dbd05abe 100644 --- a/blocks/search/config_global.html +++ b/blocks/search/config_global.html @@ -148,7 +148,7 @@ dirroot}\\lib\\antiword\\win32"); @@ -196,7 +196,7 @@ $propname)) { - echo stripslashes($CFG->$propname); + echo $CFG->$propname; } ?>"/>

diff --git a/blog/edit.php b/blog/edit.php index a2761100f6f77..a0f9d0a4ef948 100755 --- a/blog/edit.php +++ b/blog/edit.php @@ -74,7 +74,7 @@ if ($blogeditform->is_cancelled()){ redirect($returnurl); -} else if ($fromform = $blogeditform->get_data(false)){ +} else if ($fromform = $blogeditform->get_data()){ //save stuff in db switch ($action) { case 'add': diff --git a/calendar/event.php b/calendar/event.php index 1a915c0f6deff..a49dd93af5e97 100644 --- a/calendar/event.php +++ b/calendar/event.php @@ -126,7 +126,7 @@ print_error('nopermissions'); } - if($form = data_submitted(false)) { + if($form = data_submitted()) { $form->name = clean_param(strip_tags($form->name,''), PARAM_CLEAN); @@ -194,7 +194,7 @@ case 'new': $title = get_string('newevent', 'calendar'); - $form = data_submitted(false); + $form = data_submitted(); if(!empty($form) && !empty($form->name)) { $form->name = clean_text(strip_tags($form->name, '')); diff --git a/calendar/preferences.php b/calendar/preferences.php index 28989e413a6f0..6dfe06445ffc6 100644 --- a/calendar/preferences.php +++ b/calendar/preferences.php @@ -18,7 +18,7 @@ /// If data submitted, then process and store. - if ($form = data_submitted(false)) { + if ($form = data_submitted()) { foreach ($form as $preference => $value) { switch ($preference) { case 'timeformat': diff --git a/course/category.php b/course/category.php index 05d7d942b3ac2..423f64f9e2b1e 100644 --- a/course/category.php +++ b/course/category.php @@ -19,8 +19,6 @@ $resort = optional_param('resort', 0, PARAM_BOOL); $categorytheme= optional_param('categorytheme', false, PARAM_CLEAN); - $rename = stripslashes($rename); // TODO: remove soon - if ($CFG->forcelogin) { require_login(); } @@ -164,7 +162,7 @@ if ($creatorediting) { /// Move a specified course to a new category - if (!empty($moveto) and $data = data_submitted(false) and confirm_sesskey()) { // Some courses are being moved + if (!empty($moveto) and $data = data_submitted() and confirm_sesskey()) { // Some courses are being moved // user must have category update in both cats to perform this require_capability('moodle/category:update', $context); diff --git a/course/edit.php b/course/edit.php index cf51ce2838bf2..0318851b10b64 100644 --- a/course/edit.php +++ b/course/edit.php @@ -78,7 +78,7 @@ redirect($CFG->wwwroot.'/course/view.php?id='.$course->id); } - } else if ($data = $editform->get_data(false)) { + } else if ($data = $editform->get_data()) { $data->password = $data->enrolpassword; // we need some other name for password field MDL-9929 /// process data if submitted diff --git a/course/editcategory.php b/course/editcategory.php index 41aa89431f42b..64970cdc7cc13 100644 --- a/course/editcategory.php +++ b/course/editcategory.php @@ -54,7 +54,7 @@ } else { redirect($CFG->wwwroot.'/course/category.php?categoryedit=on&id='.$category->id); } -} else if (($data = $mform->get_data(false))) { +} else if (($data = $mform->get_data())) { $newcategory = new stdClass(); $newcategory->name = $data->name; $newcategory->description = $data->description; diff --git a/course/editsection.php b/course/editsection.php index 9e0ccdee89c1b..97da43f1f40f0 100644 --- a/course/editsection.php +++ b/course/editsection.php @@ -20,7 +20,7 @@ /// If data submitted, then process and store. - if ($form = data_submitted(false) and confirm_sesskey()) { + if ($form = data_submitted() and confirm_sesskey()) { $timenow = time(); diff --git a/course/format/topics/format.php b/course/format/topics/format.php index 4ef28338b0ed3..6b43723dbd24b 100644 --- a/course/format/topics/format.php +++ b/course/format/topics/format.php @@ -113,7 +113,7 @@ /// If currently moving a file then show the current clipboard if (ismoving($course->id)) { - $stractivityclipboard = strip_tags(get_string('activityclipboard', '', addslashes($USER->activitycopyname))); + $stractivityclipboard = strip_tags(get_string('activityclipboard', '', $USER->activitycopyname)); $strcancel= get_string('cancel'); echo '
  • '; echo $stractivityclipboard.'  ('.$strcancel.')'; diff --git a/course/format/weeks/format.php b/course/format/weeks/format.php index 792c765751dbe..9bf6148e396d7 100644 --- a/course/format/weeks/format.php +++ b/course/format/weeks/format.php @@ -103,7 +103,7 @@ /// If currently moving a file then show the current clipboard if (ismoving($course->id)) { - $stractivityclipboard = strip_tags(get_string('activityclipboard', '', addslashes($USER->activitycopyname))); + $stractivityclipboard = strip_tags(get_string('activityclipboard', '', $USER->activitycopyname)); $strcancel= get_string('cancel'); echo '
  • '; echo $stractivityclipboard.'  ('.$strcancel.')'; diff --git a/course/import/activities/index.php b/course/import/activities/index.php index 6ad1aea6f0ea9..12e418889f65f 100644 --- a/course/import/activities/index.php +++ b/course/import/activities/index.php @@ -10,8 +10,6 @@ $page = optional_param('page', 0, PARAM_INT); $filename = optional_param('filename', 0, PARAM_PATH); - $fromcoursesearch = stripslashes($fromcoursesearch); // TODO: remove soon - $strimportactivities = get_string('importactivities'); if (! ($course = $DB->get_record("course", array("id"=>$id)))) { diff --git a/course/import/groups/index.php b/course/import/groups/index.php index 30f715a292911..732052c94c00b 100755 --- a/course/import/groups/index.php +++ b/course/import/groups/index.php @@ -128,11 +128,11 @@ //print_error('missingfield', 'error', 'uploaduser.php?sesskey='.$USER->sesskey, $name); } else if ($name == "groupname") { - $newgroup->name = addslashes($value); + $newgroup->name = $value; } // normal entry else { - $newgroup->{$name} = addslashes($value); + $newgroup->{$name} = $value; } } ///Find the courseid of the course with the given shortname diff --git a/course/importstudents.php b/course/importstudents.php index 7814185ba69b8..e6a20b7669d53 100644 --- a/course/importstudents.php +++ b/course/importstudents.php @@ -15,8 +15,6 @@ $previoussearch = optional_param('previoussearch', 0, PARAM_BOOL); $previoussearch = ($searchtext != '') or ($previoussearch) ? 1:0; - $searchtext = stripslashes($searchtext); // TODO: remove soon - if (! $site = get_site()) { redirect("$CFG->wwwroot/$CFG->admin/index.php"); } @@ -54,7 +52,7 @@ print_heading(get_string('childcourses')); - if (!$frm = data_submitted(false)) { + if (!$frm = data_submitted()) { $note = get_string("importmetacoursenote"); print_simple_box($note, "center", "50%"); diff --git a/course/index.php b/course/index.php index 2715c85348738..db493194980af 100644 --- a/course/index.php +++ b/course/index.php @@ -114,7 +114,7 @@ if ($mform->is_cancelled()) { redirect('index.php'); - } else if (!$data= $mform->get_data(false)) { + } else if (!$data= $mform->get_data()) { require_once($CFG->libdir . '/questionlib.php'); print_category_edit_header(); print_heading($heading); diff --git a/course/info.php b/course/info.php index 92b40c9b14ef6..3ddfcffb1753a 100644 --- a/course/info.php +++ b/course/info.php @@ -8,8 +8,6 @@ $id = optional_param('id', false, PARAM_INT); // Course id $name = optional_param('name', false, PARAM_RAW); // Course short name - $name = stripslashes($name); // TODO: remove soon - if (!$id and !$name) { print_error("unspecifycourseid"); } diff --git a/course/modedit.php b/course/modedit.php index efffa36d33dec..f171fd609d8e8 100644 --- a/course/modedit.php +++ b/course/modedit.php @@ -190,7 +190,7 @@ } else { redirect("$CFG->wwwroot/course/view.php?id=$course->id#section-".$cw->section); } - } else if ($fromform = $mform->get_data(false)) { + } else if ($fromform = $mform->get_data()) { if (empty($fromform->coursemodule)) { //add $cm = null; if (! $course = $DB->get_record("course", array("id"=>$fromform->course))) { @@ -337,7 +337,7 @@ if ($fromform->gradecat == -1) { $grade_category = new grade_category(); $grade_category->courseid = $COURSE->id; - $grade_category->fullname = stripslashes($fromform->name); + $grade_category->fullname = $fromform->name; $grade_category->insert(); if ($grade_item) { $parent = $grade_item->get_parent_category(); diff --git a/course/pending.php b/course/pending.php index 387f0b32fe44c..7564f7a541053 100644 --- a/course/pending.php +++ b/course/pending.php @@ -16,9 +16,6 @@ if (!empty($approve) and confirm_sesskey()) { if ($course = $DB->get_record("course_request", array("id"=>$approve))) { - foreach (array_keys((array)$course) as $key) { - $course->$key = addslashes($course->$key); - } // place at beginning of category fix_course_sortorder(); diff --git a/course/recent.php b/course/recent.php index a9ce454b2f766..30de12596f2d2 100644 --- a/course/recent.php +++ b/course/recent.php @@ -37,7 +37,7 @@ $mform = new recent_form(); $mform->set_data($param); - if ($formdata = $mform->get_data(false)) { + if ($formdata = $mform->get_data()) { $param = $formdata; } diff --git a/course/request.php b/course/request.php index 752c4c43f6533..9c3ead040ce46 100644 --- a/course/request.php +++ b/course/request.php @@ -33,7 +33,7 @@ redirect($CFG->wwwroot); - }elseif ($data = $requestform->get_data(false)) { + }elseif ($data = $requestform->get_data()) { $data->requester = $USER->id; if ($DB->insert_record('course_request', $data)) { diff --git a/course/reset.php b/course/reset.php index 7a403188cfb60..bce5ea64ba7c5 100755 --- a/course/reset.php +++ b/course/reset.php @@ -32,7 +32,7 @@ if ($mform->is_cancelled()) { redirect($CFG->wwwroot.'/course/view.php?id='.$id); -} else if ($data = $mform->get_data(false)) { // no magic quotes +} else if ($data = $mform->get_data()) { // no magic quotes if (isset($data->selectdefault)) { $_POST = array(); diff --git a/course/search.php b/course/search.php index 5c551cacebcb1..ffc0ca31fcbbe 100644 --- a/course/search.php +++ b/course/search.php @@ -15,8 +15,6 @@ $blocklist = optional_param('blocklist', 0, PARAM_INT); $modulelist= optional_param('modulelist', '', PARAM_ALPHAEXT); - $search = stripslashes($search); // TODO: remove soon - $search = trim(strip_tags($search)); // trim & clean raw searched string if ($search) { @@ -107,7 +105,7 @@ exit; } - if (!empty($moveto) and $data = data_submitted(false) and confirm_sesskey()) { // Some courses are being moved + if (!empty($moveto) and $data = data_submitted() and confirm_sesskey()) { // Some courses are being moved if (! $destcategory = $DB->get_record("course_categories", array("id"=>$data->moveto))) { print_error('cannotfindcategory', '', '', $data->moveto); diff --git a/enrol/imsenterprise/enrol.php b/enrol/imsenterprise/enrol.php index 91d6fbba34874..325dce251dcbd 100644 --- a/enrol/imsenterprise/enrol.php +++ b/enrol/imsenterprise/enrol.php @@ -655,7 +655,7 @@ function process_person_tag($tagcontents){ $person->confirmed = 1; $person->timemodified = time(); $person->mnethostid = $CFG->mnet_localhost_id; - if($id = $DB->insert_record('user', addslashes_object($person))){ + if($id = $DB->insert_record('user', $person)){ /* Photo processing is deactivated until we hear from Moodle dev forum about modification to gdlib. diff --git a/enrol/manual/enrol.php b/enrol/manual/enrol.php index 785fc2630d8ee..8436ff321b4c3 100644 --- a/enrol/manual/enrol.php +++ b/enrol/manual/enrol.php @@ -146,7 +146,7 @@ function check_entry($form, $course) { $groupid = $this->check_group_entry($course->id, $form->password); - if ((stripslashes($form->password) == $course->password) or ($groupid !== false) ) { + if (($form->password == $course->password) or ($groupid !== false) ) { if (isguestuser()) { // only real user guest, do not use this for users with guest role $USER->enrolkey[$course->id] = true; @@ -191,7 +191,7 @@ function check_group_entry ($courseid, $password) { if ($groups = groups_get_all_groups($courseid)) { foreach ($groups as $group) { - if ( !empty($group->enrolmentkey) and (stripslashes($password) == $group->enrolmentkey) ) { + if ( !empty($group->enrolmentkey) and ($password == $group->enrolmentkey) ) { return $group->id; } } diff --git a/enrol/paypal/ipn.php b/enrol/paypal/ipn.php index 1897d568a5af2..b143b1af435b3 100644 --- a/enrol/paypal/ipn.php +++ b/enrol/paypal/ipn.php @@ -31,7 +31,6 @@ $data = new object(); foreach ($_POST as $key => $value) { - $value = stripslashes($value); $req .= "&$key=".urlencode($value); $data->$key = $value; } diff --git a/error/index.php b/error/index.php index 02865a5a20642..7ed0b45d8fd5c 100644 --- a/error/index.php +++ b/error/index.php @@ -2,7 +2,7 @@ require('../config.php'); - if ($form = data_submitted('nomatch')) { // form submitted, do not check referer (original page unknown)! + if ($form = data_submitted()) { // form submitted, do not check referer (original page unknown)! /// Only deal with real users if (!isloggedin()) { diff --git a/files/index.php b/files/index.php index 27513ffc42465..a0f055500b803 100644 --- a/files/index.php +++ b/files/index.php @@ -409,7 +409,7 @@ function set_value(txt) { if (($text != '') and confirm_sesskey()) { $fileptr = fopen($basedir.'/'.$file,"w"); $text = preg_replace('/\x0D/', '', $text); // http://moodle.org/mod/forum/discuss.php?d=38860 - fputs($fileptr, stripslashes($text)); + fputs($fileptr, $text); fclose($fileptr); displaydir($wdir); diff --git a/filter/tex/texdebug.php b/filter/tex/texdebug.php index b83c05a7a41ac..6a976f4da13f0 100644 --- a/filter/tex/texdebug.php +++ b/filter/tex/texdebug.php @@ -219,7 +219,6 @@ function TexOutput($expression, $graphic=false) { $gif = "$latex->temp_dir/$md5.gif"; // put the expression as a file into the temp area - $expression = stripslashes($expression); $expression = html_entity_decode($expression); $output .= "

    Processing TeX expression:

    $expression
    \n"; $doc = $latex->construct_latex_document($expression); diff --git a/grade/edit/letter/edit.php b/grade/edit/letter/edit.php index 587ebe053e0d7..5f9eac8e59920 100644 --- a/grade/edit/letter/edit.php +++ b/grade/edit/letter/edit.php @@ -80,7 +80,7 @@ if ($mform->is_cancelled()) { redirect($returnurl); -} else if ($data = $mform->get_data(false)) { +} else if ($data = $mform->get_data()) { if (!$admin and empty($data->override)) { $DB->delete_records('grade_letters', array('contextid' => $context->id)); redirect($returnurl); diff --git a/grade/edit/outcome/course.php b/grade/edit/outcome/course.php index 2c5173d25d454..e0870f3504db1 100644 --- a/grade/edit/outcome/course.php +++ b/grade/edit/outcome/course.php @@ -105,7 +105,7 @@ /// form processing -if ($data = data_submitted(false)) { +if ($data = data_submitted()) { require_capability('moodle/grade:manageoutcomes', $context); if (!empty($data->add) && !empty($data->addoutcomes)) { /// add all selected to course list diff --git a/grade/edit/outcome/edit.php b/grade/edit/outcome/edit.php index 380e383aefe46..a8bbe7a5263a4 100644 --- a/grade/edit/outcome/edit.php +++ b/grade/edit/outcome/edit.php @@ -92,7 +92,7 @@ if ($mform->is_cancelled()) { redirect($returnurl); -} else if ($data = $mform->get_data(false)) { +} else if ($data = $mform->get_data()) { $outcome = new grade_outcome(array('id'=>$id)); $data->usermodified = $USER->id; grade_outcome::set_properties($outcome, $data); diff --git a/grade/edit/outcome/index.php b/grade/edit/outcome/index.php index 550cb16e00266..3ce3632ac6d15 100644 --- a/grade/edit/outcome/index.php +++ b/grade/edit/outcome/index.php @@ -56,7 +56,7 @@ require_once('import_outcomes_form.php'); $upload_form = new import_outcomes_form(); -if ($upload_form_data = $upload_form->get_data(false)) { +if ($upload_form_data = $upload_form->get_data()) { require_once('import.php'); exit(); } diff --git a/grade/edit/scale/edit.php b/grade/edit/scale/edit.php index d7be7d4c833a4..f909fc7202a92 100644 --- a/grade/edit/scale/edit.php +++ b/grade/edit/scale/edit.php @@ -92,7 +92,7 @@ if ($mform->is_cancelled()) { redirect($returnurl); -} else if ($data = $mform->get_data(false)) { +} else if ($data = $mform->get_data()) { $scale = new grade_scale(array('id'=>$id)); $data->userid = $USER->id; grade_scale::set_properties($scale, $data); diff --git a/grade/edit/settings/index.php b/grade/edit/settings/index.php index f3532d0c1f4bc..c11c3c467cd3a 100644 --- a/grade/edit/settings/index.php +++ b/grade/edit/settings/index.php @@ -56,7 +56,7 @@ if ($mform->is_cancelled()) { redirect($returnurl); -} else if ($data = $mform->get_data(false)) { +} else if ($data = $mform->get_data()) { $data = (array)$data; $general = array('displaytype', 'decimalpoints', 'aggregationposition'); foreach ($data as $key=>$value) { diff --git a/grade/edit/tree/calculation.php b/grade/edit/tree/calculation.php index 02ed33b6d7015..a28c8a9ceac5c 100644 --- a/grade/edit/tree/calculation.php +++ b/grade/edit/tree/calculation.php @@ -67,7 +67,7 @@ $errors = array(); -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { $calculation = calc_formula::unlocalize($data->calculation); $grade_item->set_calculation($calculation); @@ -88,7 +88,7 @@ continue; } - if (empty($gi->idnumber) and !$gi->add_idnumber(stripslashes($idnumbers[$gi->id]))) { + if (empty($gi->idnumber) and !$gi->add_idnumber($idnumbers[$gi->id])) { $errors[$giid] = get_string('error'); continue; } diff --git a/grade/edit/tree/category.php b/grade/edit/tree/category.php index d958317516a79..a0c77e3c4814c 100644 --- a/grade/edit/tree/category.php +++ b/grade/edit/tree/category.php @@ -74,7 +74,7 @@ if ($mform->is_cancelled()) { redirect($returnurl); -} else if ($data = $mform->get_data(false)) { +} else if ($data = $mform->get_data()) { // If no fullname is entered for a course category, put ? in the DB if (!isset($data->fullname) || $data->fullname == '') { $data->fullname = '?'; diff --git a/grade/edit/tree/grade.php b/grade/edit/tree/grade.php index 1e0e328b59950..923e0a5af601b 100644 --- a/grade/edit/tree/grade.php +++ b/grade/edit/tree/grade.php @@ -153,7 +153,7 @@ redirect($returnurl); // form processing -} else if ($data = $mform->get_data(false)) { +} else if ($data = $mform->get_data()) { $old_grade_grade = new grade_grade(array('userid'=>$data->userid, 'itemid'=>$grade_item->id), true); //might not exist yet // fix no grade for scales diff --git a/grade/edit/tree/item.php b/grade/edit/tree/item.php index 9109eb5cab70f..ad7d5b3971466 100644 --- a/grade/edit/tree/item.php +++ b/grade/edit/tree/item.php @@ -101,7 +101,7 @@ $mform->set_data($item); -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { if (!isset($data->aggregationcoef)) { $data->aggregationcoef = 0; diff --git a/grade/edit/tree/outcomeitem.php b/grade/edit/tree/outcomeitem.php index 9190b5a16af16..c77ea41748a17 100644 --- a/grade/edit/tree/outcomeitem.php +++ b/grade/edit/tree/outcomeitem.php @@ -100,7 +100,7 @@ $mform->set_data($item); -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { if (!isset($data->aggregationcoef)) { $data->aggregationcoef = 0; diff --git a/grade/export/key.php b/grade/export/key.php index 589fdedad0e09..331216e1f4459 100644 --- a/grade/export/key.php +++ b/grade/export/key.php @@ -89,7 +89,7 @@ if ($editform->is_cancelled()) { redirect($returnurl); -} elseif ($data = $editform->get_data(false)) { +} elseif ($data = $editform->get_data()) { if ($data->id) { $record = new object(); diff --git a/grade/export/ods/index.php b/grade/export/ods/index.php index 3916448626e64..faf484ac4ab41 100755 --- a/grade/export/ods/index.php +++ b/grade/export/ods/index.php @@ -54,7 +54,7 @@ $mform = new grade_export_form(null, array('publishing' => true)); // process post information -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { $export = new grade_export_ods($course, groups_get_course_group($course), '', false, false, $data->display, $data->decimals); // print the grades on screen for feedbacks diff --git a/grade/export/txt/index.php b/grade/export/txt/index.php index 665b9535021e9..ea78755adcca7 100755 --- a/grade/export/txt/index.php +++ b/grade/export/txt/index.php @@ -54,7 +54,7 @@ $mform = new grade_export_form(null, array('includeseparator'=>true, 'publishing' => true)); // process post information -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { $export = new grade_export_txt($course, groups_get_course_group($course), '', false, false, $data->display, $data->decimals); // print the grades on screen for feedback diff --git a/grade/export/xls/index.php b/grade/export/xls/index.php index e187f534ef054..b2d6eaf916d0f 100755 --- a/grade/export/xls/index.php +++ b/grade/export/xls/index.php @@ -54,7 +54,7 @@ $mform = new grade_export_form(null, array('publishing' => true)); // process post information -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { $export = new grade_export_xls($course, groups_get_course_group($course), '', false, false, $data->display, $data->decimals); // print the grades on screen for feedbacks diff --git a/grade/export/xml/index.php b/grade/export/xml/index.php index 6b9fff641f104..8b8dae34a2c21 100755 --- a/grade/export/xml/index.php +++ b/grade/export/xml/index.php @@ -54,7 +54,7 @@ $mform = new grade_export_form(null, array('idnumberrequired'=>true, 'publishing'=>true, 'updategradesonly'=>true)); // process post information -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { $export = new grade_export_xml($course, groups_get_course_group($course), '', false, $data->updatedgradesonly, $data->display, $data->decimals); // print the grades on screen for feedbacks diff --git a/grade/import/csv/index.php b/grade/import/csv/index.php index c4ea5c502dad9..838487550e35d 100755 --- a/grade/import/csv/index.php +++ b/grade/import/csv/index.php @@ -89,7 +89,7 @@ $mform2 = new grade_import_mapping_form(null, array('gradeitems'=>$gradeitems, 'header'=>$header)); // if import form is submitted -if ($formdata = $mform->get_data(false)) { +if ($formdata = $mform->get_data()) { // Large files are likely to take their time and memory. Let PHP know // that we'll take longer, and that the process should be recycled soon @@ -151,10 +151,10 @@ $mform2->set_data(array('importcode'=>$importcode, 'id'=>$id)); $mform2->display(); -//} else if (($formdata = data_submitted(false)) && !empty($formdata->map)) { +//} else if (($formdata = data_submitted()) && !empty($formdata->map)) { // else if grade import mapping form is submitted -} else if ($formdata = $mform2->get_data(false)) { +} else if ($formdata = $mform2->get_data()) { $importcode = clean_param($formdata->importcode, PARAM_FILE); $filename = $CFG->dataroot.'/temp/gradeimport/cvs/'.$USER->id.'/'.$importcode; diff --git a/grade/import/key.php b/grade/import/key.php index 73c78d4fd9d36..9ab857cf100a3 100644 --- a/grade/import/key.php +++ b/grade/import/key.php @@ -89,7 +89,7 @@ if ($editform->is_cancelled()) { redirect($returnurl); -} elseif ($data = $editform->get_data(false)) { +} elseif ($data = $editform->get_data()) { if ($data->id) { $record = new object(); diff --git a/grade/import/xml/index.php b/grade/import/xml/index.php index 31a71c3baafa4..662deca097f48 100755 --- a/grade/import/xml/index.php +++ b/grade/import/xml/index.php @@ -49,7 +49,7 @@ $mform = new grade_import_form(); -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { // Large files are likely to take their time and memory. Let PHP know // that we'll take longer, and that the process should be recycled soon // to free up memory. diff --git a/grade/report/grader/ajax_callbacks.php b/grade/report/grader/ajax_callbacks.php index 9a03484d62be8..7365207f2384c 100644 --- a/grade/report/grader/ajax_callbacks.php +++ b/grade/report/grader/ajax_callbacks.php @@ -94,7 +94,7 @@ if (empty($trimmed)) { $feedback = NULL; } else { - $feedback = stripslashes($newvalue); + $feedback = $newvalue; } $finalvalue = $feedback; diff --git a/grade/report/grader/index.php b/grade/report/grader/index.php index 64ff7f53d167f..c2bb6f028c3cb 100644 --- a/grade/report/grader/index.php +++ b/grade/report/grader/index.php @@ -149,7 +149,7 @@ } /// processing posted grades & feedback here -if ($data = data_submitted(false) and confirm_sesskey() and has_capability('moodle/grade:edit', $context)) { +if ($data = data_submitted() and confirm_sesskey() and has_capability('moodle/grade:edit', $context)) { $warnings = $report->process_data($data); } else { $warnings = array(); diff --git a/grade/report/grader/lib.php b/grade/report/grader/lib.php index b6dcebfc0de51..e0f007bc7faf6 100644 --- a/grade/report/grader/lib.php +++ b/grade/report/grader/lib.php @@ -227,7 +227,7 @@ public function process_data($data) { if (empty($trimmed)) { $feedback = NULL; } else { - $feedback = stripslashes($postedvalue); + $feedback = $postedvalue; } } diff --git a/grade/report/grader/preferences.php b/grade/report/grader/preferences.php index b2568d76623dd..3dd93db9a4db6 100644 --- a/grade/report/grader/preferences.php +++ b/grade/report/grader/preferences.php @@ -49,7 +49,7 @@ } // If data submitted, then process and store. -if ($data = $mform->get_data(false)) { +if ($data = $mform->get_data()) { foreach ($data as $preference => $value) { if (substr($preference, 0, 6) !== 'grade_') { continue; diff --git a/group/assign.php b/group/assign.php index 2d1c936667c53..01f7b65b46570 100644 --- a/group/assign.php +++ b/group/assign.php @@ -24,7 +24,7 @@ $returnurl = $CFG->wwwroot.'/group/groupings.php?id='.$courseid; -if ($frm = data_submitted(false) and confirm_sesskey()) { +if ($frm = data_submitted() and confirm_sesskey()) { if (isset($frm->cancel)) { redirect($returnurl); diff --git a/group/autogroup.php b/group/autogroup.php index b42957ec56399..427c60fffd0ed 100644 --- a/group/autogroup.php +++ b/group/autogroup.php @@ -69,7 +69,7 @@ if ($editform->is_cancelled()) { redirect($returnurl); -} elseif ($data = $editform->get_data(false)) { +} elseif ($data = $editform->get_data()) { /// Allocate members from the selected role to groups switch ($data->allocateby) { @@ -190,7 +190,7 @@ $grouping = new object(); $grouping->courseid = $COURSE->id; $grouping->name = $groupingname; - if (!$grouping->id = groups_create_grouping(addslashes_recursive($grouping))) { + if (!$grouping->id = groups_create_grouping($grouping)) { $error = 'Can not create grouping'; //should not happen $failed = true; } @@ -210,7 +210,7 @@ $newgroup = new object(); $newgroup->courseid = $data->courseid; $newgroup->name = $group['name']; - if (!$groupid = groups_create_group(addslashes_recursive($newgroup))) { + if (!$groupid = groups_create_group($newgroup)) { $error = 'Can not create group!'; // should not happen $failed = true; break; diff --git a/group/members.php b/group/members.php index 8fe24f4060783..61d39acbb7a8f 100644 --- a/group/members.php +++ b/group/members.php @@ -17,8 +17,6 @@ $searchtext = optional_param('searchtext', '', PARAM_RAW); // search string $showall = optional_param('showall', 0, PARAM_BOOL); -$searchtext = stripslashes($searchtext); // TODO: remove soon - if ($showall) { $searchtext = ''; } diff --git a/index.php b/index.php index 014d5c292df4d..dcf1356d1c583 100644 --- a/index.php +++ b/index.php @@ -154,7 +154,7 @@ /// If currently moving a file then show the current clipboard if (ismoving($SITE->id)) { - $stractivityclipboard = strip_tags(get_string('activityclipboard', '', addslashes($USER->activitycopyname))); + $stractivityclipboard = strip_tags(get_string('activityclipboard', '', $USER->activitycopyname)); echo '

    '; echo "$stractivityclipboard  (sesskey\">". get_string('cancel') .')'; echo '

    '; diff --git a/lib/adminlib.php b/lib/adminlib.php index 24e694fb67cf5..ba6c92ab6fc38 100644 --- a/lib/adminlib.php +++ b/lib/adminlib.php @@ -545,7 +545,7 @@ function print_progress_redraw($thisbarid, $done, $total, $width, $donetext='') return; } echo ''; } @@ -1728,7 +1728,7 @@ function validate($data) { return true; } else { - $cleaned = stripslashes(clean_param(addslashes($data), $this->paramtype)); + $cleaned = clean_param($data, $this->paramtype); if ("$data" == "$cleaned") { // implicit conversion to string is needed to do exact comparison return true; } else { @@ -2580,7 +2580,7 @@ function get_setting() { } function validate($data) { - $cleaned = stripslashes(clean_param(addslashes($data), PARAM_MULTILANG)); + $cleaned = clean_param($data, PARAM_MULTILANG); if ($cleaned === '') { return get_string('required'); } diff --git a/lib/blocklib.php b/lib/blocklib.php index a94c80420eb0a..0853a9f293c60 100644 --- a/lib/blocklib.php +++ b/lib/blocklib.php @@ -510,7 +510,7 @@ function blocks_execute_action($page, &$pageblocks, $blockaction, $instanceorid, // To this data, add anything the page itself needs to display $hiddendata = array_merge($hiddendata, $page->url_get_parameters()); - if ($data = data_submitted(false)) { + if ($data = data_submitted()) { $remove = array_keys($hiddendata); foreach($remove as $item) { unset($data->$item); diff --git a/lib/datalib.php b/lib/datalib.php index 8e3d7506e25ed..f9a96df79b24f 100644 --- a/lib/datalib.php +++ b/lib/datalib.php @@ -15,25 +15,6 @@ define('LASTACCESS_UPDATE_SECS', 60); /// Number of seconds to wait before /// updating lastaccess information in DB. -/** - * Escape all dangerous characters in a data record - * - * $dataobject is an object containing needed data - * Run over each field exectuting addslashes() function - * to escape SQL unfriendly characters (e.g. quotes) - * Handy when writing back data read from the database - * - * @param $dataobject Object containing the database record - * @return object Same object with neccessary characters escaped - */ -function addslashes_object( $dataobject ) { - $a = get_object_vars( $dataobject); - foreach ($a as $key=>$value) { - $a[$key] = addslashes( $value ); - } - return (object)$a; -} - /// USER DATABASE //////////////////////////////////////////////// /** diff --git a/lib/deprecatedlib.php b/lib/deprecatedlib.php index e0f5f0f81c0ea..648a4fa0da9aa 100644 --- a/lib/deprecatedlib.php +++ b/lib/deprecatedlib.php @@ -222,7 +222,7 @@ function get_recent_enrolments($courseid, $timestart) { function print_simple_box($message, $align='', $width='', $color='', $padding=5, $class='generalbox', $id='', $return=false) { $output = ''; $output .= print_simple_box_start($align, $width, $color, $padding, $class, $id, true); - $output .= stripslashes_safe($message); + $output .= $message; $output .= print_simple_box_end(true); if ($return) { @@ -496,4 +496,16 @@ function error ($message, $link='') { die; } + +/// removed functions +function addslashes_object( $dataobject ) { + error('addslashes() not available anymore'); +} + +function addslashes_recursive($var) { + error('addslashes_recursive() not available anymore'); +} + + + ?> diff --git a/lib/dml/mssql_adodb_moodle_database.php b/lib/dml/mssql_adodb_moodle_database.php index 65b9f2a7fd880..79f7ae73b39af 100644 --- a/lib/dml/mssql_adodb_moodle_database.php +++ b/lib/dml/mssql_adodb_moodle_database.php @@ -48,11 +48,6 @@ protected function configure_dbconnection() { /// Force ANSI nulls so the NULL check was done by IS NULL and NOT IS NULL /// instead of equal(=) and distinct(<>) simbols $this->db->Execute('SET ANSI_NULLS ON'); - /// Enable sybase quotes, so addslashes and stripslashes will use "'" - ini_set('magic_quotes_sybase', '1'); - /// NOTE: Not 100% useful because GPC has been addslashed with the setting off - /// so IT'S MANDATORY TO CHANGE THIS UNDER php.ini or .htaccess for this DB - /// or to turn off magic_quotes to allow Moodle to do it properly return true; } diff --git a/lib/dml/oci8po_adodb_moodle_database.php b/lib/dml/oci8po_adodb_moodle_database.php index e6373260ff05e..cfb3e46333be0 100644 --- a/lib/dml/oci8po_adodb_moodle_database.php +++ b/lib/dml/oci8po_adodb_moodle_database.php @@ -57,11 +57,6 @@ protected function configure_dbconnection() { /// DB using DOTS. Manually introduced floats (if using other characters) must be /// converted back to DOTs (like gradebook does) $this->db->Execute("ALTER SESSION SET NLS_NUMERIC_CHARACTERS='.,'"); - /// Enable sybase quotes, so addslashes and stripslashes will use "'" - ini_set('magic_quotes_sybase', '1'); - /// NOTE: Not 100% useful because GPC has been addslashed with the setting off - /// so IT'S MANDATORY TO ENABLE THIS UNDER php.ini or .htaccess for this DB - /// or to turn off magic_quotes to allow Moodle to do it properly return true; } diff --git a/lib/dmllib.php b/lib/dmllib.php index e82918fc6a9ec..c862a635ae9f2 100644 --- a/lib/dmllib.php +++ b/lib/dmllib.php @@ -251,14 +251,12 @@ function rollback_sql() { function insert_record($table, $dataobject, $returnid=true, $primarykey='id') { global $DB; - $dataobject = stripslashes_recursive($dataobject); return $DB->insert_record($table, $dataobject, $returnid); } function update_record($table, $dataobject) { global $DB; - $dataobject = stripslashes_recursive($dataobject); return $DB->update_record($table, $dataobject, true); } @@ -267,7 +265,7 @@ function get_records($table, $field='', $value='', $sort='', $fields='*', $limit $conditions = array(); if ($field) { - $conditions[$field] = stripslashes_recursive($value); + $conditions[$field] = $value; } return $DB->get_records($table, $conditions, $sort, $fields, $limitfrom, $limitnum); @@ -278,13 +276,13 @@ function get_record($table, $field1, $value1, $field2='', $value2='', $field3='' $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->get_record($table, $conditions, $fields); @@ -295,16 +293,16 @@ function set_field($table, $newfield, $newvalue, $field1, $value1, $field2='', $ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } - return $DB->set_field($table, $newfield, stripslashes_recursive($newvalue), $conditions); + return $DB->set_field($table, $newfield, $newvalue, $conditions); } function count_records($table, $field1='', $value1='', $field2='', $value2='', $field3='', $value3='') { @@ -312,13 +310,13 @@ function count_records($table, $field1='', $value1='', $field2='', $value2='', $ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->count_records($table, $conditions); @@ -329,13 +327,13 @@ function record_exists($table, $field1='', $value1='', $field2='', $value2='', $ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->record_exists($table, $conditions); @@ -350,13 +348,13 @@ function delete_records($table, $field1='', $value1='', $field2='', $value2='', $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->delete_records($table, $conditions); @@ -367,13 +365,13 @@ function get_field($table, $return, $field1, $value1, $field2='', $value2='', $f $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->get_field($table, $return, $conditions); diff --git a/lib/editor/htmlarea/coursefiles.php b/lib/editor/htmlarea/coursefiles.php index 2abcefd07a020..7a818f50d2cd5 100644 --- a/lib/editor/htmlarea/coursefiles.php +++ b/lib/editor/htmlarea/coursefiles.php @@ -387,7 +387,7 @@ function reset_value() { html_header($course, $wdir); if (($text != '') and confirm_sesskey()) { $fileptr = fopen($basedir.$file,"w"); - fputs($fileptr, stripslashes($text)); + fputs($fileptr, $text); fclose($fileptr); displaydir($wdir); diff --git a/lib/editor/htmlarea/htmlarea.php b/lib/editor/htmlarea/htmlarea.php index 83aaf533b2722..f80305d0ad614 100644 --- a/lib/editor/htmlarea/htmlarea.php +++ b/lib/editor/htmlarea/htmlarea.php @@ -1817,8 +1817,8 @@ function (str, l1, l2, l3) { var editor = this; var selectedtxt = ""; var strReplaced = ''; var strNotfound = ''; @@ -2076,10 +2076,7 @@ classAttr = classAttr.replace(/multilang/, '').trim(); if (HTMLArea.is_gecko) { if (confirm("', '\\n', $strmoz); - - echo addslashes($strmoz); + echo addslashes_js($strmoz); ?>")) window.open("http://moodle.org/mozillahelp"); diff --git a/lib/editor/htmlarea/popups/preview.php b/lib/editor/htmlarea/popups/preview.php index 204302ed104b1..0bf291da72537 100644 --- a/lib/editor/htmlarea/popups/preview.php +++ b/lib/editor/htmlarea/popups/preview.php @@ -11,7 +11,7 @@ @header('Content-Type: text/html; charset=utf-8'); - $imagetag = clean_text(''); + $imagetag = clean_text(''); ?> '); + $imagetag = clean_text(''); ?> _form->setDefaults($default_values, $filter); + $this->_form->setDefaults($default_values); } /** @@ -369,15 +370,16 @@ function is_cancelled(){ /** * Return submitted data if properly submitted or returns NULL if validation fails or * if there is no submitted data. + * + * note: $slashed param removed * - * @param bool $slashed true means return data with addslashes applied * @return object submitted data; NULL if not valid or not submitted */ - function get_data($slashed=true) { + function get_data() { $mform =& $this->_form; if ($this->is_submitted() and $this->is_validated()) { - $data = $mform->exportValues(null, $slashed); + $data = $mform->exportValues(); unset($data['sesskey']); // we do not need to return sesskey unset($data['_qf__'.$this->_formname]); // we do not need the submission marker too if (empty($data)) { @@ -392,15 +394,15 @@ function get_data($slashed=true) { /** * Return submitted data without validation or NULL if there is no submitted data. + * note: $slashed param removed * - * @param bool $slashed true means return data with addslashes applied * @return object submitted data; NULL if not submitted */ - function get_submitted_data($slashed=true) { + function get_submitted_data() { $mform =& $this->_form; if ($this->is_submitted()) { - $data = $mform->exportValues(null, $slashed); + $data = $mform->exportValues(); unset($data['sesskey']); // we do not need to return sesskey unset($data['_qf__'.$this->_formname]); // we do not need the submission marker too if (empty($data)) { @@ -976,19 +978,13 @@ function updateSubmission($submission, $files) { $submission[$key] = clean_param($s, $this->_types[$key]); } } - $this->_submitValues = $this->_recursiveFilter('stripslashes', $submission); + $this->_submitValues = $submission; $this->_flagSubmitted = true; } if (empty($files)) { $this->_submitFiles = array(); } else { - if (1 == get_magic_quotes_gpc()) { - foreach (array_keys($files) as $elname) { - // dangerous characters in filenames are cleaned later in upload_manager - $files[$elname]['name'] = stripslashes($files[$elname]['name']); - } - } $this->_submitFiles = $files; $this->_flagSubmitted = true; } @@ -1011,15 +1007,15 @@ function getAdvancedHTML(){ * Initializes a default form value. Used to specify the default for a new entry where * no data is loaded in using moodleform::set_data() * + * note: $slashed param removed + * * @param string $elementname element name * @param mixed $values values for that element name - * @param bool $slashed the default value is slashed * @access public * @return void */ - function setDefault($elementName, $defaultValue, $slashed=false){ - $filter = $slashed ? 'stripslashes' : NULL; - $this->setDefaults(array($elementName=>$defaultValue), $filter); + function setDefault($elementName, $defaultValue){ + $this->setDefaults(array($elementName=>$defaultValue)); } // end func setDefault /** * Add an array of buttons to the form @@ -1060,7 +1056,7 @@ function setHelpButton($elementname, $button, $suppresscheck=false, $function='h } } - function exportValues($elementList= null, $addslashes=true){ + function exportValues($elementList = null){ $unfiltered = array(); if (null === $elementList) { // iterate over all elements, calling their exportValue() methods @@ -1090,11 +1086,7 @@ function exportValues($elementList= null, $addslashes=true){ } } - if ($addslashes){ - return $this->_recursiveFilter('addslashes', $unfiltered); - } else { - return $unfiltered; - } + return $unfiltered; } /** * Adds a validation rule for the given field diff --git a/lib/grade/grade_object.php b/lib/grade/grade_object.php index ab25af0e6bb68..177a7cb3c9190 100644 --- a/lib/grade/grade_object.php +++ b/lib/grade/grade_object.php @@ -256,7 +256,7 @@ public function delete($source=null) { */ public function get_record_data() { $data = new object(); - // we need to do this to prevent infinite loops in addslashes_recursive - grade_item -> category ->grade_item + foreach ($this as $var=>$value) { if (in_array($var, $this->required_fields) or array_key_exists($var, $this->optional_fields)) { if (is_object($value) or is_array($value)) { diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 38f45727d236d..beb745027c103 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -197,7 +197,6 @@ /** * PARAM_CLEANHTML - cleans submitted HTML code and removes slashes - * note: do not forget to addslashes() before storing into database! */ define('PARAM_CLEANHTML',0x1000); @@ -403,12 +402,9 @@ function clean_param($param, $type) { if (is_numeric($param)) { return $param; } - $param = stripslashes($param); // Needed for kses to work fine - $param = clean_text($param); // Sweep for scripts, etc - return addslashes($param); // Restore original request parameter slashes + return clean_text($param); // Sweep for scripts, etc case PARAM_CLEANHTML: // prepare html fragment for display, do not store it into db!! - $param = stripslashes($param); // Remove any slashes $param = clean_text($param); // Sweep for scripts, etc return trim($param); diff --git a/lib/questionlib.php b/lib/questionlib.php index 81bfaa13cb573..bba7790722d96 100644 --- a/lib/questionlib.php +++ b/lib/questionlib.php @@ -975,9 +975,9 @@ function restore_question_state(&$question, &$state) { global $QTYPES; // initialise response to the value in the answer field - $state->responses = array('' => addslashes($state->answer)); + $state->responses = array('' => $state->answer); unset($state->answer); - $state->manualcomment = isset($state->manualcomment) ? addslashes($state->manualcomment) : ''; + $state->manualcomment = isset($state->manualcomment) ? $state->manualcomment : ''; // Set the changed field to false; any code which changes the // question session must set this to true and must increment diff --git a/lib/recaptchalib.php b/lib/recaptchalib.php index 8b0ed0fb58cff..baad668883d01 100644 --- a/lib/recaptchalib.php +++ b/lib/recaptchalib.php @@ -47,7 +47,7 @@ function _recaptcha_qsencode ($data) { $req = ""; foreach ( $data as $key => $value ) - $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; + $req .= $key . '=' . urlencode( $value ) . '&'; // Cut the last '&' $req=substr($req,0,strlen($req)-1); diff --git a/lib/searchlib.php b/lib/searchlib.php index 2f50c17f4aedf..40a0f000ccfe9 100644 --- a/lib/searchlib.php +++ b/lib/searchlib.php @@ -29,7 +29,7 @@ function search_token($type,$value){ // Need to think about this some more. function sanitize($userstring){ - return htmlspecialchars(addslashes($userstring)); + return htmlspecialchars($userstring); } function getValue(){ return $this->value; diff --git a/lib/setup.php b/lib/setup.php index 782b5f2091e0f..457cd70118043 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -385,36 +385,36 @@ . "cannot work with magic_quotes_gpc. Please disable " . "magic_quotes_gpc."); } -/// A hack to get around magic_quotes_gpc being turned off -/// It is strongly recommended to enable "magic_quotes_gpc"! - if (!ini_get_bool('magic_quotes_gpc') && !defined('MOODLE_SANE_INPUT') ) { - function addslashes_deep($value) { +/// A hack to get around magic_quotes_gpc being turned on +/// It is strongly recommended to disable "magic_quotes_gpc"! + if (ini_get_bool('magic_quotes_gpc')) { + function stripslashes_deep($value) { $value = is_array($value) ? - array_map('addslashes_deep', $value) : - addslashes($value); + array_map('stripslashes_deep', $value) : + stripslashes($value); return $value; } - $_POST = array_map('addslashes_deep', $_POST); - $_GET = array_map('addslashes_deep', $_GET); - $_COOKIE = array_map('addslashes_deep', $_COOKIE); - $_REQUEST = array_map('addslashes_deep', $_REQUEST); + $_POST = array_map('stripslashes_deep', $_POST); + $_GET = array_map('stripslashes_deep', $_GET); + $_COOKIE = array_map('stripslashes_deep', $_COOKIE); + $_REQUEST = array_map('stripslashes_deep', $_REQUEST); if (!empty($_SERVER['REQUEST_URI'])) { - $_SERVER['REQUEST_URI'] = addslashes($_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']); } if (!empty($_SERVER['QUERY_STRING'])) { - $_SERVER['QUERY_STRING'] = addslashes($_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']); } if (!empty($_SERVER['HTTP_REFERER'])) { - $_SERVER['HTTP_REFERER'] = addslashes($_SERVER['HTTP_REFERER']); + $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']); } if (!empty($_SERVER['PATH_INFO'])) { - $_SERVER['PATH_INFO'] = addslashes($_SERVER['PATH_INFO']); + $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']); } if (!empty($_SERVER['PHP_SELF'])) { - $_SERVER['PHP_SELF'] = addslashes($_SERVER['PHP_SELF']); + $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']); } if (!empty($_SERVER['PATH_TRANSLATED'])) { - $_SERVER['PATH_TRANSLATED'] = addslashes($_SERVER['PATH_TRANSLATED']); + $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']); } } diff --git a/lib/weblib.php b/lib/weblib.php index 8ed4d451cee1c..e8a1cab486ce1 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -449,20 +449,14 @@ function out_action($overrideparams = array()) { * * Checks that submitted POST data exists and returns it as object. * - * @param bool slashes TEMPORARY - false if strip magic quotes * @return mixed false or object */ -function data_submitted($slashes=true) { +function data_submitted() { if (empty($_POST)) { return false; } else { - if ($slashes===false) { - $post = stripslashes_recursive($_POST); // temporary hack before magic quotes removal - return (object)$post; - } else { - return (object)$_POST; - } + return (object)$_POST; } } @@ -539,41 +533,6 @@ function stripslashes_recursive($var) { return $new_var; } -/** - * Recursive implementation of addslashes() - * - * This function will allow you to add the slashes from a variable. - * If the variable is an array or object, slashes will be added - * to the items (or properties) it contains, even if they are arrays - * or objects themselves. - * - * @param mixed the variable to add slashes from - * @return mixed - */ -function addslashes_recursive($var) { - if (is_object($var)) { - $new_var = new object(); - $properties = get_object_vars($var); - foreach($properties as $property => $value) { - $new_var->$property = addslashes_recursive($value); - } - - } else if (is_array($var)) { - $new_var = array(); - foreach($var as $property => $value) { - $new_var[$property] = addslashes_recursive($value); - } - - } else if (is_string($var)) { - $new_var = addslashes($var); - - } else { // nulls, integers, etc. - $new_var = $var; - } - - return $new_var; -} - /** * Given some normal text this function will break up any * long words to a given size by inserting the given character @@ -1312,7 +1271,7 @@ function get_slash_arguments($file='file.php') { $pathinfo = explode($file, $string); if (!empty($pathinfo[1])) { - return addslashes($pathinfo[1]); + return $pathinfo[1]; } else { return false; } @@ -1811,10 +1770,6 @@ function trusttext_present($text) { * function that modifies the data! We do not know the origin of trusttext * in database, if it gets there in tweaked form we must not convert it * to supported form!!! - * - * Please be carefull not to use stripslashes on data from database - * or twice stripslashes when processing data recieved from user. - * * @param string $text text that may contain TRUSTTEXT marker * @return text without any TRUSTTEXT marker */ @@ -3834,7 +3789,7 @@ function print_heading($text, $align='', $size=2, $class='main', $return=false) */ function print_heading_with_help($text, $helppage, $module='moodle', $icon='', $return=false) { $output = '
    '; - $output .= '

    '.$icon.stripslashes_safe($text).'

    '; + $output .= '

    '.$icon.$text.'

    '; $output .= helpbutton($helppage, $text, $module, true, false, '', true); $output .= '
    '; @@ -3848,7 +3803,7 @@ function print_heading_with_help($text, $helppage, $module='moodle', $icon='', $ function print_heading_block($heading, $class='', $return=false) { //Accessibility: 'headingblock' is now H1, see theme/standard/styles_*.css: ?? - $output = '

    '.stripslashes($heading).'

    '; + $output = '

    '.$heading.'

    '; if ($return) { return $output; @@ -3916,7 +3871,6 @@ function print_continue($link, $return=false) { function print_box($message, $classes='generalbox', $ids='', $return=false) { $output = print_box_start($classes, $ids, true); - $output .= stripslashes_safe($message); $output .= print_box_end(true); if ($return) { @@ -3977,7 +3931,6 @@ function print_box_end($return=false) { function print_container($message, $clearfix=false, $classes='', $idbase='', $return=false) { $output = print_container_start($clearfix, $classes, $idbase, true); - $output .= stripslashes_safe($message); $output .= print_container_end(true); if ($return) { diff --git a/login/change_password.php b/login/change_password.php index cc9a35b856470..94a9b28b96b99 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -62,7 +62,7 @@ if ($mform->is_cancelled()) { redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&course='.$course->id); - } else if ($data = $mform->get_data(false)) { + } else if ($data = $mform->get_data()) { if (!$userauth->user_update_password($USER, $data->newpassword1)) { print_error('errorpasswordupdate', 'auth'); diff --git a/login/forgot_password.php b/login/forgot_password.php index fe62cf984782f..c39e09f94aa79 100644 --- a/login/forgot_password.php +++ b/login/forgot_password.php @@ -43,7 +43,7 @@ print_header($strforgotten, $strforgotten, $navigation); print_error('secretalreadyused'); - } else if (!empty($user) and $user->secret == stripslashes($p_secret)) { + } else if (!empty($user) and $user->secret == $p_secret) { // make sure that url relates to a valid user // check this isn't guest user diff --git a/login/index.php b/login/index.php index e1c59d39edfa4..01551bf4dbdfd 100644 --- a/login/index.php +++ b/login/index.php @@ -90,11 +90,11 @@ if ($user) { $frm->username = $user->username; } else { - $frm = data_submitted(false); + $frm = data_submitted(); } } else { - $frm = data_submitted(false); + $frm = data_submitted(); } /// Check if the user has actually submitted login data to us diff --git a/login/signup.php b/login/signup.php index 26f5d3a2ca0de..a3e6e2fcbe54e 100644 --- a/login/signup.php +++ b/login/signup.php @@ -31,7 +31,7 @@ function signup_captcha_enabled() { if ($mform_signup->is_cancelled()) { redirect($CFG->httpswwwroot.'/login/index.php'); - } else if ($user = $mform_signup->get_data(false)) { + } else if ($user = $mform_signup->get_data()) { $user->confirmed = 0; $user->lang = current_language(); $user->firstaccess = time(); diff --git a/message/lib.php b/message/lib.php index 4015379f722ae..7d650a5495763 100644 --- a/message/lib.php +++ b/message/lib.php @@ -179,7 +179,7 @@ function message_count_messages($messagearray, $field='', $value='') { function message_print_search() { global $USER; - if ($frm = data_submitted(false)) { + if ($frm = data_submitted()) { message_print_search_results($frm); @@ -203,7 +203,7 @@ function message_print_search() { function message_print_settings() { global $USER; - if ($frm = data_submitted(false)) { + if ($frm = data_submitted()) { $pref = array(); $pref['message_showmessagewindow'] = (isset($frm->showmessagewindow)) ? '1' : '0'; @@ -985,7 +985,6 @@ function message_post_message($userfrom, $userto, $message, $format, $messagetyp } if ($emailforced || (time() - $userto->lastaccess) > ((int)$preference->message_emailtimenosee * 60)) { // Long enough - $message = stripslashes_safe($message); $tagline = get_string('emailtagline', 'message', $SITE->shortname); $messagesubject = preg_replace('/\s+/', ' ', strip_tags($message)); // make sure it's all on one line diff --git a/message/send.php b/message/send.php index 07518901ba254..546601b65e00a 100644 --- a/message/send.php +++ b/message/send.php @@ -66,7 +66,7 @@ if ($message!='' and confirm_sesskey()) { /// Current user has just sent a message /// Save it to the database... - $messageid = message_post_message($USER, $user, addslashes($message), $format, 'direct'); + $messageid = message_post_message($USER, $user, $message, $format, 'direct'); /// Format the message as HTML $options = NULL; diff --git a/mod/assignment/lib.php b/mod/assignment/lib.php index a24a57fc9875c..c731a98a219d2 100644 --- a/mod/assignment/lib.php +++ b/mod/assignment/lib.php @@ -1376,7 +1376,7 @@ function process_feedback() { global $CFG, $USER; require_once($CFG->libdir.'/gradelib.php'); - if (!$feedback = data_submitted(false)) { // No incoming data? + if (!$feedback = data_submitted()) { // No incoming data? return false; } @@ -1444,7 +1444,7 @@ function process_outcomes($userid) { require_once($CFG->libdir.'/gradelib.php'); - if (!$formdata = data_submitted(false)) { + if (!$formdata = data_submitted()) { return; } diff --git a/mod/assignment/type/upload/assignment.class.php b/mod/assignment/type/upload/assignment.class.php index 0197090e2c7c9..ada594bee7930 100644 --- a/mod/assignment/type/upload/assignment.class.php +++ b/mod/assignment/type/upload/assignment.class.php @@ -502,7 +502,7 @@ function upload_notes() { die; } - if ($data = $mform->get_data(false) and $action == 'savenotes') { + if ($data = $mform->get_data() and $action == 'savenotes') { $submission = $this->get_submission($USER->id, true); // get or create submission $updated = new object(); $updated->id = $submission->id; @@ -544,7 +544,7 @@ function upload_responsefile() { $returnurl = "submissions.php?id={$this->cm->id}&userid=$userid&mode=$mode&offset=$offset"; - if (data_submitted('nomatch') and $this->can_manage_responsefiles()) { + if (data_submitted() and $this->can_manage_responsefiles()) { $dir = $this->file_area_name($userid).'/responses'; check_dir_exists($CFG->dataroot.'/'.$dir, true, true); diff --git a/mod/chat/gui_header_js/insert.php b/mod/chat/gui_header_js/insert.php index 29f89f1a20969..484b6afa0ca5e 100644 --- a/mod/chat/gui_header_js/insert.php +++ b/mod/chat/gui_header_js/insert.php @@ -36,7 +36,7 @@ /// Clean up the message - $chat_message = clean_text(stripslashes($chat_message), FORMAT_MOODLE); // Strip bad tags + $chat_message = clean_text($chat_message, FORMAT_MOODLE); // Strip bad tags /// Add the message to the database diff --git a/mod/choice/lib.php b/mod/choice/lib.php index 82e9de9aa78c1..17adb0d02468e 100644 --- a/mod/choice/lib.php +++ b/mod/choice/lib.php @@ -351,7 +351,7 @@ function choice_show_results($choice, $course, $cm, $allresponses, $forcepublish switch ($forcepublish) { case CHOICE_PUBLISH_NAMES: echo '
    '; - echo '
    '; + echo ''; echo '
    '; echo ''; echo ''; diff --git a/mod/data/comment.php b/mod/data/comment.php index b486812535b95..571efbfa6367d 100755 --- a/mod/data/comment.php +++ b/mod/data/comment.php @@ -68,7 +68,7 @@ switch ($mode) { case 'add': - if (!$formadata = $mform->get_data(false)) { + if (!$formadata = $mform->get_data()) { break; // something is wrong here, try again } diff --git a/mod/data/edit.php b/mod/data/edit.php index 25a4f3f512e42..eb8262ec8f842 100755 --- a/mod/data/edit.php +++ b/mod/data/edit.php @@ -141,7 +141,7 @@ /// Process incoming data for adding/updating records - if ($datarecord = data_submitted(false) and confirm_sesskey()) { + if ($datarecord = data_submitted() and confirm_sesskey()) { $ignorenames = array('MAX_FILE_SIZE','sesskey','d','rid','saveandview','cancel'); // strings to be ignored in input data diff --git a/mod/data/field.php b/mod/data/field.php index 2a62ffacf5142..ba68976288753 100755 --- a/mod/data/field.php +++ b/mod/data/field.php @@ -74,7 +74,7 @@ switch ($mode) { case 'add': ///add a new field - if (confirm_sesskey() and $fieldinput = data_submitted(false)){ + if (confirm_sesskey() and $fieldinput = data_submitted()){ //$fieldinput->name = data_clean_field_name($fieldinput->name); @@ -108,7 +108,7 @@ case 'update': ///update a field - if (confirm_sesskey() and $fieldinput = data_submitted(false)){ + if (confirm_sesskey() and $fieldinput = data_submitted()){ //$fieldinput->name = data_clean_field_name($fieldinput->name); diff --git a/mod/data/field/menu/field.class.php b/mod/data/field/menu/field.class.php index 8ebaf2119a24d..ff002da3ed0e3 100755 --- a/mod/data/field/menu/field.class.php +++ b/mod/data/field/menu/field.class.php @@ -88,7 +88,7 @@ function display_search_field($content = '') { return ''; } - return choose_from_menu($options, 'f_'.$this->field->id, stripslashes($content), ' ', '', 0, true); + return choose_from_menu($options, 'f_'.$this->field->id, $content, ' ', '', 0, true); } function parse_search_field() { diff --git a/mod/data/templates.php b/mod/data/templates.php index 86c24c0e2e0b2..a2519e8c4d16b 100755 --- a/mod/data/templates.php +++ b/mod/data/templates.php @@ -116,7 +116,7 @@ /// html editor is by default disabled $editor = isset($SESSION->data_use_editor) ? $SESSION->data_use_editor : (can_use_html_editor() ? 1 : 0); - if (($mytemplate = data_submitted($CFG->wwwroot.'/mod/data/templates.php')) && confirm_sesskey()) { + if (($mytemplate = data_submitted()) && confirm_sesskey()) { $newtemplate->id = $data->id; $newtemplate->{$mode} = $mytemplate->template; diff --git a/mod/feedback/analysis_to_excel.php b/mod/feedback/analysis_to_excel.php index 1dd558b2d094b..5a5fc19d5fe31 100644 --- a/mod/feedback/analysis_to_excel.php +++ b/mod/feedback/analysis_to_excel.php @@ -14,7 +14,7 @@ $id = required_param('id', PARAM_INT); //the POST dominated the GET - $formdata = data_submitted('nomatch'); + $formdata = data_submitted(); if ($id) { if (! $cm = get_coursemodule_from_id('feedback', $id)) { @@ -177,7 +177,7 @@ function feedback_excelprint_detailed_head(&$worksheet, $items, $rowOffset) { foreach($items as $item) { $worksheet->setFormat(''); - $worksheet->write_string($rowOffset, $colOffset, stripslashes_safe($item->name)); + $worksheet->write_string($rowOffset, $colOffset, $item->name); $colOffset++; } diff --git a/mod/feedback/complete.php b/mod/feedback/complete.php index c869083347f94..8abb270fa6e40 100644 --- a/mod/feedback/complete.php +++ b/mod/feedback/complete.php @@ -23,7 +23,7 @@ $highlightrequired = false; - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } @@ -255,7 +255,7 @@ if($feedback->page_after_submit) { // print_simple_box_start('center', '75%'); print_box_start('generalbox boxaligncenter boxwidthwide'); - echo format_text(stripslashes_safe($feedback->page_after_submit)); + echo format_text($feedback->page_after_submit); // print_simple_box_end(); print_box_end(); } else { diff --git a/mod/feedback/complete_guest.php b/mod/feedback/complete_guest.php index 1bd14f1494f0b..3e3caf9f733f3 100644 --- a/mod/feedback/complete_guest.php +++ b/mod/feedback/complete_guest.php @@ -22,7 +22,7 @@ $highlightrequired = false; - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } @@ -230,7 +230,7 @@ if($feedback->page_after_submit) { // print_simple_box_start('center', '75%'); print_box_start('generalbox boxaligncenter boxwidthwide'); - echo format_text(stripslashes_safe($feedback->page_after_submit)); + echo format_text($feedback->page_after_submit); // print_simple_box_end(); print_box_end(); } else { diff --git a/mod/feedback/delete_template.php b/mod/feedback/delete_template.php index 7f29f36923d1c..01c1e7cd7b8d6 100644 --- a/mod/feedback/delete_template.php +++ b/mod/feedback/delete_template.php @@ -19,9 +19,9 @@ $canceldelete = optional_param('canceldelete', false, PARAM_INT); $shoulddelete = optional_param('shoulddelete', false, PARAM_INT); $deletetempl = optional_param('deletetempl', false, PARAM_INT); - // $formdata = data_submitted('nomatch'); + // $formdata = data_submitted(); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } diff --git a/mod/feedback/edit.php b/mod/feedback/edit.php index 433c10b87486f..0279ac0797ed8 100644 --- a/mod/feedback/edit.php +++ b/mod/feedback/edit.php @@ -14,7 +14,7 @@ $id = required_param('id', PARAM_INT); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } diff --git a/mod/feedback/edit_item.php b/mod/feedback/edit_item.php index cd62883393743..22857c7bf0d0c 100644 --- a/mod/feedback/edit_item.php +++ b/mod/feedback/edit_item.php @@ -21,7 +21,7 @@ $usehtmleditor = can_use_html_editor(); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } diff --git a/mod/feedback/import.php b/mod/feedback/import.php index 7766b89d6df65..3fdd94e5fd6dd 100644 --- a/mod/feedback/import.php +++ b/mod/feedback/import.php @@ -16,7 +16,7 @@ $choosefile = optional_param('choosefile', false, PARAM_PATH); $action = optional_param('action', false, PARAM_ALPHA); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } diff --git a/mod/feedback/item/captcha/lib.php b/mod/feedback/item/captcha/lib.php index 43f0db5e66ffc..04b307940fc9e 100644 --- a/mod/feedback/item/captcha/lib.php +++ b/mod/feedback/item/captcha/lib.php @@ -87,7 +87,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi $requiredmark = ($item->required == 1)?'':''; ?> valign="top" align=""> - name) . $requiredmark, true, false, false);?> + name . $requiredmark, true, false, false);?> <?php echo $this->type;?> @@ -123,7 +123,7 @@ function check_value($value, $item) { } function create_value($data) { - $data = addslashes(clean_text($data)); + $data = clean_text($data); return $data; } diff --git a/mod/feedback/item/label/lib.php b/mod/feedback/item/label/lib.php index e998e498cc480..f62c9c7a4c01c 100644 --- a/mod/feedback/item/label/lib.php +++ b/mod/feedback/item/label/lib.php @@ -35,7 +35,7 @@ function create_value($data) { //used by create_item and update_item functions, //when provided $data submitted from feedback_show_edit function get_presentation($data) { - return stripslashes($data->presentation); + return $data->presentation; } function get_hasvalue() { diff --git a/mod/feedback/item/multichoice/lib.php b/mod/feedback/item/multichoice/lib.php index 43e7f709d6216..229cf431db54d 100644 --- a/mod/feedback/item/multichoice/lib.php +++ b/mod/feedback/item/multichoice/lib.php @@ -35,7 +35,7 @@ function show_edit($item) { $item_form->selecttype->setValue($info->subtype); - $itemvalues = str_replace(FEEDBACK_MULTICHOICE_LINE_SEP, "\n", stripslashes_safe($info->presentation)); + $itemvalues = str_replace(FEEDBACK_MULTICHOICE_LINE_SEP, "\n", $info->presentation); $itemvalues = str_replace("\n\n", "\n", $itemvalues); $item_form->values->setValue($itemvalues); return $item_form; @@ -54,7 +54,7 @@ function get_analysed($item, $groupid = false, $courseid = false) { // $presentation = ''; // @list($presentation) = explode(FEEDBACK_RADIO_ADJUST_SEP, $item->presentation); //remove the adjustment-info - $answers = explode (FEEDBACK_MULTICHOICE_LINE_SEP, stripslashes_safe($info->presentation)); + $answers = explode (FEEDBACK_MULTICHOICE_LINE_SEP, $info->presentation); if(!is_array($answers)) return null; //die Werte holen @@ -108,7 +108,7 @@ function get_printval($item, $value) { // @list($presentation) = explode(FEEDBACK_RADIO_ADJUST_SEP, $item->presentation); //remove the adjustment-info - $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, stripslashes_safe($info->presentation)); + $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, $info->presentation); if($info->subtype == 'c') { $vallist = array_values(explode (FEEDBACK_MULTICHOICE_LINE_SEP, $value->value)); @@ -147,7 +147,7 @@ function print_analysed($item, $itemnr = '', $groupid = false, $courseid = false $analysedItem = $this->get_analysed($item, $groupid, $courseid); if($analysedItem) { // $itemnr++; - $itemname = stripslashes($analysedItem[1]); + $itemname = $analysedItem[1]; echo ''. $itemnr . ' ' . $itemname .''; $analysedVals = $analysedItem[2]; $pixnr = 0; @@ -175,7 +175,7 @@ function excelprint_item(&$worksheet, $rowOffset, $item, $groupid, $courseid = f $worksheet->setFormat(""); //frage schreiben - $worksheet->write_string($rowOffset, 0, stripslashes($analysed_item[1])); + $worksheet->write_string($rowOffset, 0, $analysed_item[1]); if(is_array($data)) { for($i = 0; $i < sizeof($data); $i++) { $aData = $data[$i]; @@ -197,7 +197,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi $info = $this->get_info($item); $align = get_string('thisdirection') == 'ltr' ? 'left' : 'right'; - $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, stripslashes_safe($info->presentation)); + $presentation = explode (FEEDBACK_MULTICHOICE_LINE_SEP, $info->presentation); //test if required and no value is set so we have to mark this item @@ -215,7 +215,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi } $requiredmark = ($item->required == 1)?'':''; - echo ''.format_text(stripslashes_safe($item->name).$requiredmark, true, false, false).''; + echo ''.format_text($item->name.$requiredmark, true, false, false).''; echo ''; }else { if($highlightrequire AND $item->required AND intval($value) <= 0) { @@ -225,7 +225,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi } $requiredmark = ($item->required == 1)?'':''; ?> - valign="top" align="">name) . $requiredmark, true, false, false);?> + valign="top" align="">name . $requiredmark, true, false, false);?> get_info($item); $lines = null; - $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, stripslashes_safe($info->presentation)); + $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, $info->presentation); if(!is_array($lines)) return null; //die Werte holen @@ -96,7 +96,7 @@ function get_printval($item, $value) { $info = $this->get_info($item); - $presentation = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, stripslashes_safe($info->presentation)); + $presentation = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, $info->presentation); $index = 1; foreach($presentation as $pres){ if($value->value == $index){ @@ -124,7 +124,7 @@ function print_analysed($item, $itemnr = '', $groupid = false, $courseid = false if($analysedItem) { //echo ''; // $itemnr++; - echo ''; + echo ''; $analysedVals = $analysedItem[2]; $pixnr = 0; $avg = 0.0; @@ -157,7 +157,7 @@ function excelprint_item(&$worksheet, $rowOffset, $item, $groupid, $courseid = f $worksheet->setFormat(""); //frage schreiben - $worksheet->write_string($rowOffset, 0, stripslashes($analysed_item[1])); + $worksheet->write_string($rowOffset, 0, $analysed_item[1]); if(is_array($data)) { $avg = 0.0; for($i = 0; $i < sizeof($data); $i++) { @@ -187,7 +187,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi $align = get_string('thisdirection') == 'ltr' ? 'left' : 'right'; $info = $this->get_info($item); - $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, stripslashes_safe($info->presentation)); + $lines = explode (FEEDBACK_MULTICHOICERATED_LINE_SEP, $info->presentation); $requiredmark = ($item->required == 1)?'':''; if($highlightrequire AND $item->required AND intval($value) <= 0) { $highlight = 'bgcolor="#FFAAAA" class="missingrequire"'; @@ -195,7 +195,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi $highlight = ''; } ?> - +
    '. $itemnr . ' ' . stripslashes($analysedItem[1]) .'
    '. $itemnr . ' ' . $analysedItem[1] .'
    valign="top" align="">name) . $requiredmark, true, false, false);?> valign="top" align="">name . $requiredmark, true, false, false);?> data) AND is_array($values->data)) { //echo '';2 // $itemnr++; - echo ''; + echo ''; foreach($values->data as $value) { echo ''; } @@ -106,7 +106,7 @@ function excelprint_item(&$worksheet, $rowOffset, $item, $groupid, $courseid = f $analysed_item = $this->get_analysed($item, $groupid, $courseid); $worksheet->setFormat(""); - $worksheet->write_string($rowOffset, 0, stripslashes($item->name)); + $worksheet->write_string($rowOffset, 0, $item->name); $data = $analysed_item->data; if(is_array($data)) { // $worksheet->setFormat(""); @@ -148,7 +148,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi ?>
    '. $itemnr . ' ' . stripslashes($item->name) .'
    '. $itemnr . ' ' . $item->name .'
    -  ' . $value . '
    valign="top" align=""> name) . $requiredmark, true, false, false); + echo format_text($item->name . $requiredmark, true, false, false); switch(true) { case ($range_from === 0 AND $range_to > 0): echo ' ('.get_string('maximal', 'feedback').': '.$range_to.')'; diff --git a/mod/feedback/item/textarea/lib.php b/mod/feedback/item/textarea/lib.php index 58bc125b12fb8..0b0049b6b0474 100644 --- a/mod/feedback/item/textarea/lib.php +++ b/mod/feedback/item/textarea/lib.php @@ -65,7 +65,7 @@ function print_analysed($item, $itemnr = '', $groupid = false, $courseid = false if($values) { //echo '';2 // $itemnr++; - echo ''; + echo ''; foreach($values as $value) { echo ''; } @@ -78,7 +78,7 @@ function excelprint_item(&$worksheet, $rowOffset, $item, $groupid, $courseid = f $analysed_item = $this->get_analysed($item, $groupid, $courseid); $worksheet->setFormat(""); - $worksheet->write_string($rowOffset, 0, stripslashes_safe($item->name)); + $worksheet->write_string($rowOffset, 0, $item->name); $data = $analysed_item->data; if(is_array($data)) { $worksheet->setFormat(""); @@ -105,7 +105,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi } $requiredmark = ($item->required == 1)?'':''; ?> - + '; + echo ''; foreach($values as $value) { echo ''; } @@ -77,7 +77,7 @@ function excelprint_item(&$worksheet, $rowOffset, $item, $groupid, $courseid = f $analysed_item = $this->get_analysed($item, $groupid, $courseid); $worksheet->setFormat(""); - $worksheet->write_string($rowOffset, 0, stripslashes_safe($item->name)); + $worksheet->write_string($rowOffset, 0, $item->name); $data = $analysed_item->data; if(is_array($data)) { $worksheet->setFormat(""); @@ -104,7 +104,7 @@ function print_item($item, $value = false, $readonly = false, $edit = false, $hi } $requiredmark = ($item->required == 1)?'':''; ?> - +
    '. $itemnr . ' ' . stripslashes_safe($item->name) .'
    '. $itemnr . ' ' . $item->name .'
    -  ' . str_replace("\n", '
    ', $value->value) . '
    valign="top" align="">name) . $requiredmark, true, false, false);?> valign="top" align="">name . $requiredmark, true, false, false);?> ';2 // $itemnr++; - echo '
    '. $itemnr . ' ' . stripslashes_safe($item->name) .'
    '. $itemnr . ' ' . $item->name .'
    -  ' . str_replace("\n", '
    ', $value->value) . '
    valign="top" align="">name) . $requiredmark, true, false, false);?> valign="top" align="">name . $requiredmark, true, false, false);?> id, true, $cm); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } diff --git a/mod/feedback/show_entries_anonym.php b/mod/feedback/show_entries_anonym.php index 1e94ade7f0827..f35b5b26fecd0 100644 --- a/mod/feedback/show_entries_anonym.php +++ b/mod/feedback/show_entries_anonym.php @@ -17,7 +17,7 @@ $id = required_param('id', PARAM_INT); $userid = optional_param('userid', false, PARAM_INT); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } diff --git a/mod/forum/lib.php b/mod/forum/lib.php index ee13a08e9ce7a..8cb4e9208c1d3 100644 --- a/mod/forum/lib.php +++ b/mod/forum/lib.php @@ -2550,8 +2550,8 @@ function forum_get_course_forum($courseid, $type) { $forum->type = "$type"; switch ($forum->type) { case "news": - $forum->name = addslashes(get_string("namenews", "forum")); - $forum->intro = addslashes(get_string("intronews", "forum")); + $forum->name = get_string("namenews", "forum"); + $forum->intro = get_string("intronews", "forum"); $forum->forcesubscribe = FORUM_FORCESUBSCRIBE; $forum->assessed = 0; if ($courseid == SITEID) { @@ -2560,8 +2560,8 @@ function forum_get_course_forum($courseid, $type) { } break; case "social": - $forum->name = addslashes(get_string("namesocial", "forum")); - $forum->intro = addslashes(get_string("introsocial", "forum")); + $forum->name = get_string("namesocial", "forum"); + $forum->intro = get_string("introsocial", "forum"); $forum->assessed = 0; $forum->forcesubscribe = 0; break; diff --git a/mod/forum/restorelib.php b/mod/forum/restorelib.php index 9ff69d06292bf..300e0b1adf782 100644 --- a/mod/forum/restorelib.php +++ b/mod/forum/restorelib.php @@ -95,7 +95,7 @@ function forum_restore_mods($mod,$restore) { //Do some output if (!defined('RESTORE_SILENTLY')) { - echo "
  • ".get_string("modulename","forum")." \"".format_string(stripslashes($forum->name),true)."\"
    • "; + echo "
  • ".get_string("modulename","forum")." \"".format_string($forum->name,true)."\"
    • "; } backup_flush(300); diff --git a/mod/forum/search.php b/mod/forum/search.php index e052aee190c39..373e37853ad5f 100644 --- a/mod/forum/search.php +++ b/mod/forum/search.php @@ -160,7 +160,7 @@ print_heading("$strsearchresults: $totalcount"); - print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode(stripslashes($search))."&id=$course->id&perpage=$perpage&"); + print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode($search)."&id=$course->id&perpage=$perpage&"); //added to implement highlighting of search terms found only in HTML markup //fiedorow - 9/2/2005 @@ -236,7 +236,7 @@ $fulllink, $strippedsearch, -99, false); } - print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode(stripslashes($search))."&id=$course->id&perpage=$perpage&"); + print_paging_bar($totalcount, $page, $perpage, "search.php?search=".urlencode($search)."&id=$course->id&perpage=$perpage&"); print_footer($course); diff --git a/mod/forum/subscribers.php b/mod/forum/subscribers.php index 265b842cc0783..2952ed6be88f5 100644 --- a/mod/forum/subscribers.php +++ b/mod/forum/subscribers.php @@ -93,7 +93,7 @@ $strsubscribers = get_string("subscribers", "forum"); $strforums = get_string("forums", "forum"); - if ($frm = data_submitted(false)) { + if ($frm = data_submitted()) { /// A form was submitted so process the input diff --git a/mod/glossary/comment.php b/mod/glossary/comment.php index 7ad4ab3509075..014ae18ea8639 100644 --- a/mod/glossary/comment.php +++ b/mod/glossary/comment.php @@ -59,7 +59,7 @@ function glossary_comment_add() { redirect("comments.php?id=$cm->id&eid=$entry->id"); } - if ($data = $mform->get_data(false)) { + if ($data = $mform->get_data()) { trusttext_after_edit($data->entrycomment, $context); $newcomment = new object(); @@ -179,7 +179,7 @@ function glossary_comment_edit() { trusttext_prepare_edit($comment->entrycomment, $comment->format, can_use_html_editor(), $context); $mform->set_data(array('cid'=>$cid, 'action'=>'edit', 'entrycomment'=>$comment->entrycomment, 'format'=>$comment->format)); - if ($data = $mform->get_data(false)) { + if ($data = $mform->get_data()) { trusttext_after_edit($data->entrycomment, $context); $updatedcomment = new object(); diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php index a7f6938b8c95e..3f2a4e56777fc 100644 --- a/mod/glossary/edit.php +++ b/mod/glossary/edit.php @@ -55,7 +55,7 @@ redirect("view.php?id=$cm->id"); } -} elseif ($fromform = $mform->get_data(false)) { +} elseif ($fromform = $mform->get_data()) { trusttext_after_edit($fromform->definition, $context); if ( !isset($fromform->usedynalink) ) { diff --git a/mod/glossary/import.php b/mod/glossary/import.php index cfebff2f0a61f..cf370af47a6ad 100644 --- a/mod/glossary/import.php +++ b/mod/glossary/import.php @@ -194,12 +194,12 @@ // Inserting the entries $xmlentry = $xmlentries[$i]; unset($newentry); - $newentry->concept = trim(addslashes($xmlentry['#']['CONCEPT'][0]['#'])); - $newentry->definition = trusttext_strip(addslashes($xmlentry['#']['DEFINITION'][0]['#'])); + $newentry->concept = trim($xmlentry['#']['CONCEPT'][0]['#']); + $newentry->definition = trusttext_strip($xmlentry['#']['DEFINITION'][0]['#']); if ( isset($xmlentry['#']['CASESENSITIVE'][0]['#']) ) { - $newentry->casesensitive = addslashes($xmlentry['#']['CASESENSITIVE'][0]['#']); + $newentry->casesensitive = $xmlentry['#']['CASESENSITIVE'][0]['#']; } else { - $newentry->casesensitive = $CFG->glossary_casesensitive; + $newentry->casesensitive = $CFG->glossary_casesensitive; } $permissiongranted = 1; diff --git a/mod/glossary/rate.php b/mod/glossary/rate.php index f12396dcbc6d8..2dd714a73cc49 100644 --- a/mod/glossary/rate.php +++ b/mod/glossary/rate.php @@ -42,7 +42,7 @@ $returnurl = $CFG->wwwroot.'/mod/glossary/view.php?id='.$cm->id; } - if ($data = data_submitted(false)) { // form submitted + if ($data = data_submitted()) { // form submitted foreach ((array)$data as $entryid => $rating) { if (!is_numeric($entryid)) { continue; diff --git a/mod/hotpot/attempt.php b/mod/hotpot/attempt.php index 14a0ff4e8342a..ab189ec2930fd 100644 --- a/mod/hotpot/attempt.php +++ b/mod/hotpot/attempt.php @@ -102,7 +102,7 @@ } // remove slashes added by lib/setup.php - $attempt->details = stripslashes($attempt->details); + $attempt->details = $attempt->details; // add details of this attempt hotpot_add_attempt_details($attempt); diff --git a/mod/hotpot/lib.php b/mod/hotpot/lib.php index 030a3078342b3..cb9d775698556 100644 --- a/mod/hotpot/lib.php +++ b/mod/hotpot/lib.php @@ -665,9 +665,9 @@ function hotpot_set_name_summary_reference(&$hotpot, $chain_index=NULL) { hotpot_get_titles_and_next_ex($hotpot, $xml_quiz->filepath); } if ($textfield=='name') { - $hotpot->$textfield = addslashes($hotpot->exercisetitle); + $hotpot->$textfield = $hotpot->exercisetitle; } else if ($textfield=='summary') { - $hotpot->$textfield = addslashes($hotpot->exercisesubtitle); + $hotpot->$textfield = $hotpot->exercisesubtitle; } } switch ($hotpot->$textsource) { diff --git a/mod/hotpot/report/overview/report.php b/mod/hotpot/report/overview/report.php index 738b9ac358cd1..266ee9d21cb5a 100644 --- a/mod/hotpot/report/overview/report.php +++ b/mod/hotpot/report/overview/report.php @@ -120,16 +120,16 @@ function create_overview_table(&$hotpot, &$cm, &$course, &$users, &$attempts, &$ $table->finish = '
    '."\n"; $table->finish .= ' '."\n"; if ($abandoned) { - $table->finish .= ''."\n"; + $table->finish .= ''."\n"; } - $table->finish .= ''."\n"; + $table->finish .= ''."\n"; $table->finish .= '
    '."\n"; $table->finish .= ''."\n"; } $tables[] = &$table; } function deleteform_javascript() { - $strselectattempt = addslashes(get_string('selectattempt','hotpot')); + $strselectattempt = addslashes_js(get_string('selectattempt','hotpot')); return <<