Skip to content

Commit

Permalink
[MDL-14442] Resolve reopened bug for importing database records as CS…
Browse files Browse the repository at this point in the history 
…V by applying "MDL-14442-clean_param.patch" (see tracker). Don't use PARAM_NOTAGS anymore. Merged from MOODLE_19_STABLE.
  • Loading branch information
robertall committed May 28, 2008
1 parent aa40f47 commit 8f31ccd
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions mod/data/import.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,16 +126,27 @@
$content = new object();
$content->fieldid = $field->id;
$content->recordid = $recordid;
if ($field->type == 'textarea') {
// the only field type where HTML is possible
$value = clean_param($value, PARAM_CLEANHTML);
} else {
// remove potential HTML:
$patterns[] = '/</';
$replacements[] = '&lt;';
$patterns[] = '/>/';
$replacements[] = '&gt;';
$value = preg_replace($patterns, $replacements, $value);
}
$value = addslashes($value);
// for now, only for "latlong" and "url" fields, but that should better be looked up from
// $CFG->dirroot . '/mod/data/field/' . $field->type . '/field.class.php'
// once there is stored how many contents the field can have.
$value = addslashes($value);
if (preg_match("/^(latlong|url)$/", $field->type)) {
$values = explode(" ", clean_param($value, PARAM_NOTAGS), 2);
$values = explode(" ", $value, 2);
$content->content = $values[0];
$content->content1 = $values[1];
} else {
$content->content = clean_param($value, PARAM_NOTAGS);
$content->content = $value;
}
$oldcontent = get_record('data_content', 'fieldid', $field->id, 'recordid', $recordid);
$content->id = $oldcontent->id;
Expand Down

0 comments on commit 8f31ccd

Please sign in to comment.