MDL-29401 introduce new frankenstyle PARAM types

New PARAM_COMPONENT, PARAM_AREA and PARAM_PLUGIN + fixing of hopefully all current incorrect parameter types. This should help with diagnosing of incorrectly named 3rd party plugins too.
wfuedu · Sep 25, 2011 · aff2431 · aff2431
1 parent dab8148
commit aff2431
Show file tree

Hide file tree

Showing 50 changed files with 264 additions and 142 deletions.
diff --git a/admin/auth.php b/admin/auth.php
@@ -19,7 +19,7 @@
 $PAGE->set_url($returnurl);
 
 $action = optional_param('action', '', PARAM_ACTION);
-$auth   = optional_param('auth', '', PARAM_SAFEDIR);
+$auth   = optional_param('auth', '', PARAM_PLUGIN);
 
 get_enabled_auth_plugins(true); // fix the list of enabled auths
 if (empty($CFG->auth)) {

diff --git a/admin/auth_config.php b/admin/auth_config.php
@@ -6,7 +6,7 @@
 require_once '../config.php';
 require_once $CFG->libdir.'/adminlib.php';
 
-$auth = required_param('auth', PARAM_SAFEDIR);
+$auth = required_param('auth', PARAM_PLUGIN);
 $PAGE->set_pagetype('admin-auth-' . $auth);
 
 admin_externalpage_setup('authsetting'.$auth);

diff --git a/admin/editors.php b/admin/editors.php
@@ -14,7 +14,7 @@
 $returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=manageeditors";
 
 $action = optional_param('action', '', PARAM_ACTION);
-$editor = optional_param('editor', '', PARAM_SAFEDIR);
+$editor = optional_param('editor', '', PARAM_PLUGIN);
 
 // get currently installed and enabled auth plugins
 $available_editors = editors_get_available();

diff --git a/admin/enrol.php b/admin/enrol.php
@@ -27,7 +27,7 @@
 require_once($CFG->libdir.'/adminlib.php');
 
 $action  = required_param('action', PARAM_ACTION);
-$enrol   = required_param('enrol', PARAM_SAFEDIR);
+$enrol   = required_param('enrol', PARAM_PLUGIN);
 $confirm = optional_param('confirm', 0, PARAM_BOOL);
 
 $PAGE->set_url('/admin/enrol.php');

diff --git a/admin/localplugins.php b/admin/localplugins.php
@@ -33,7 +33,7 @@
 
 admin_externalpage_setup('managelocalplugins');
 
-$delete  = optional_param('delete', '', PARAM_SAFEDIR);
+$delete  = optional_param('delete', '', PARAM_PLUGIN);
 $confirm = optional_param('confirm', '', PARAM_BOOL);
 
 /// If data submitted, then process and store.

diff --git a/admin/modules.php b/admin/modules.php
@@ -11,9 +11,9 @@
 
     admin_externalpage_setup('managemodules');
 
-    $show    = optional_param('show', '', PARAM_SAFEDIR);
-    $hide    = optional_param('hide', '', PARAM_SAFEDIR);
-    $delete  = optional_param('delete', '', PARAM_SAFEDIR);
+    $show    = optional_param('show', '', PARAM_PLUGIN);
+    $hide    = optional_param('hide', '', PARAM_PLUGIN);
+    $delete  = optional_param('delete', '', PARAM_PLUGIN);
     $confirm = optional_param('confirm', '', PARAM_BOOL);
 
 

diff --git a/admin/qbehaviours.php b/admin/qbehaviours.php
@@ -85,7 +85,7 @@
 // Process actions ============================================================
 
 // Disable.
-if (($disable = optional_param('disable', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($disable = optional_param('disable', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($behaviours[$disable])) {
         print_error('unknownbehaviour', 'question', $thispageurl, $disable);
     }
@@ -98,7 +98,7 @@
 }
 
 // Enable.
-if (($enable = optional_param('enable', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($enable = optional_param('enable', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($behaviours[$enable])) {
         print_error('unknownbehaviour', 'question', $thispageurl, $enable);
     }
@@ -115,7 +115,7 @@
 }
 
 // Move up in order.
-if (($up = optional_param('up', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($up = optional_param('up', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($behaviours[$up])) {
         print_error('unknownbehaviour', 'question', $thispageurl, $up);
     }
@@ -127,7 +127,7 @@
 }
 
 // Move down in order.
-if (($down = optional_param('down', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($down = optional_param('down', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($behaviours[$down])) {
         print_error('unknownbehaviour', 'question', $thispageurl, $down);
     }
@@ -139,7 +139,7 @@
 }
 
 // Delete.
-if (($delete = optional_param('delete', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($delete = optional_param('delete', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     // Check it is OK to delete this question type.
     if ($delete == 'missing') {
         print_error('cannotdeletemissingbehaviour', 'question', $thispageurl);

diff --git a/admin/qtypes.php b/admin/qtypes.php
@@ -79,7 +79,7 @@
 // Process actions ============================================================
 
 // Disable.
-if (($disable = optional_param('disable', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($disable = optional_param('disable', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($qtypes[$disable])) {
         print_error('unknownquestiontype', 'question', $thispageurl, $disable);
     }
@@ -89,7 +89,7 @@
 }
 
 // Enable.
-if (($enable = optional_param('enable', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($enable = optional_param('enable', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($qtypes[$enable])) {
         print_error('unknownquestiontype', 'question', $thispageurl, $enable);
     }
@@ -103,7 +103,7 @@
 }
 
 // Move up in order.
-if (($up = optional_param('up', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($up = optional_param('up', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($qtypes[$up])) {
         print_error('unknownquestiontype', 'question', $thispageurl, $up);
     }
@@ -114,7 +114,7 @@
 }
 
 // Move down in order.
-if (($down = optional_param('down', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($down = optional_param('down', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     if (!isset($qtypes[$down])) {
         print_error('unknownquestiontype', 'question', $thispageurl, $down);
     }
@@ -125,7 +125,7 @@
 }
 
 // Delete.
-if (($delete = optional_param('delete', '', PARAM_SAFEDIR)) && confirm_sesskey()) {
+if (($delete = optional_param('delete', '', PARAM_PLUGIN)) && confirm_sesskey()) {
     // Check it is OK to delete this question type.
     if ($delete == 'missingtype') {
         print_error('cannotdeletemissingqtype', 'question', $thispageurl);

diff --git a/admin/report/customlang/locallib.php b/admin/report/customlang/locallib.php
@@ -262,7 +262,7 @@ protected static function dump_strings($lang, $component, $strings) {
             debugging('Unable to dump local strings for non-installed language pack .'.s($lang));
             return false;
         }
-        if ($component !== clean_param($component, PARAM_SAFEDIR)) {
+        if ($component !== clean_param($component, PARAM_COMPONENT)) {
             throw new coding_exception('Incorrect component name');
         }
         if (!$filename = self::get_component_filename($component)) {

diff --git a/admin/report/questioninstances/index.php b/admin/report/questioninstances/index.php
@@ -12,7 +12,7 @@
 require_once($CFG->libdir.'/questionlib.php');
 
 // Get URL parameters.
-$requestedqtype = optional_param('qtype', '', PARAM_SAFEDIR);
+$requestedqtype = optional_param('qtype', '', PARAM_PLUGIN);
 
 // Print the header & check permissions.
 admin_externalpage_setup('reportquestioninstances');

diff --git a/admin/repositoryinstance.php b/admin/repositoryinstance.php
@@ -10,7 +10,7 @@
 $hide    = optional_param('hide', 0, PARAM_INT);
 $delete  = optional_param('delete', 0, PARAM_INT);
 $sure    = optional_param('sure', '', PARAM_ALPHA);
-$type    = optional_param('type', '', PARAM_ALPHAEXT);
+$type    = optional_param('type', '', PARAM_PLUGIN);
 
 $context = get_context_instance(CONTEXT_SYSTEM);
 

diff --git a/admin/tool/health/index.php b/admin/tool/health/index.php
@@ -42,7 +42,7 @@
     define('SEVERITY_SIGNIFICANT', 'significant');
     define('SEVERITY_CRITICAL',    'critical');
 
-    $solution = optional_param('solution', 0, PARAM_SAFEDIR); //in fact it is class name alhanumeric and _
+    $solution = optional_param('solution', 0, PARAM_PLUGIN);
 
     require_login();
     require_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM));

diff --git a/backup/backupfilesedit.php b/backup/backupfilesedit.php
@@ -31,8 +31,8 @@
 $contextid = required_param('contextid', PARAM_INT);
 $currentcontext = required_param('currentcontext', PARAM_INT);
 // file parameters
-$component  = optional_param('component', null, PARAM_ALPHAEXT);
-$filearea   = optional_param('filearea', null, PARAM_ALPHAEXT);
+$component  = optional_param('component', null, PARAM_COMPONENT);
+$filearea   = optional_param('filearea', null, PARAM_AREA);
 $returnurl  = optional_param('returnurl', null, PARAM_URL);
 
 list($context, $course, $cm) = get_context_info_array($currentcontext);

diff --git a/backup/restorefile.php b/backup/restorefile.php
@@ -33,8 +33,8 @@
 $action = optional_param('action', '', PARAM_ALPHA);
 // file parameters
 // non js interface may require these parameters
-$component  = optional_param('component', null, PARAM_ALPHAEXT);
-$filearea   = optional_param('filearea', null, PARAM_ALPHAEXT);
+$component  = optional_param('component', null, PARAM_COMPONENT);
+$filearea   = optional_param('filearea', null, PARAM_AREA);
 $itemid     = optional_param('itemid', null, PARAM_INT);
 $filepath   = optional_param('filepath', null, PARAM_PATH);
 $filename   = optional_param('filename', null, PARAM_FILE);

diff --git a/comment/comment_ajax.php b/comment/comment_ajax.php
@@ -48,12 +48,12 @@
 }
 
 $client_id = required_param('client_id', PARAM_ALPHANUM);
-$area      = optional_param('area',      '', PARAM_ALPHAEXT);
+$area      = optional_param('area',      '', PARAM_AREA);
 $commentid = optional_param('commentid', -1, PARAM_INT);
 $content   = optional_param('content',   '', PARAM_RAW);
 $itemid    = optional_param('itemid',    '', PARAM_INT);
 $page      = optional_param('page',      0,  PARAM_INT);
-$component = optional_param('component', '',  PARAM_ALPHAEXT);
+$component = optional_param('component', '',  PARAM_COMPONENT);
 
 // initilising comment object
 $args = new stdClass;

diff --git a/comment/comment_post.php b/comment/comment_post.php
@@ -31,11 +31,11 @@
 require_sesskey();
 
 $action    = optional_param('action',    '',  PARAM_ALPHA);
-$area      = optional_param('area',      '',  PARAM_ALPHAEXT);
+$area      = optional_param('area',      '',  PARAM_AREA);
 $content   = optional_param('content',   '',  PARAM_RAW);
 $itemid    = optional_param('itemid',    '',  PARAM_INT);
 $returnurl = optional_param('returnurl', '/', PARAM_URL);
-$component = optional_param('component', '',  PARAM_ALPHAEXT);
+$component = optional_param('component', '',  PARAM_COMPONENT);
 
 // Currently this script can only add comments
 if ($action !== 'add') {

diff --git a/comment/lib.php b/comment/lib.php
@@ -285,7 +285,7 @@ public static function init(moodle_page $page = null) {
         self::$comment_itemid  = optional_param('comment_itemid',  '', PARAM_INT);
         self::$comment_context = optional_param('comment_context', '', PARAM_INT);
         self::$comment_page    = optional_param('comment_page',    '', PARAM_INT);
-        self::$comment_area    = optional_param('comment_area',    '', PARAM_ALPHAEXT);
+        self::$comment_area    = optional_param('comment_area',    '', PARAM_AREA);
 
         $page->requires->string_for_js('addcomment', 'moodle');
         $page->requires->string_for_js('deletecomment', 'moodle');

diff --git a/course/externallib.php b/course/externallib.php
@@ -146,7 +146,7 @@ public static function get_courses_returns() {
                             'summary' => new external_value(PARAM_RAW, 'summary'),
                             'summaryformat' => new external_value(PARAM_INT,
                                     'the summary text Moodle format'),
-                            'format' => new external_value(PARAM_ALPHANUMEXT,
+                            'format' => new external_value(PARAM_PLUGIN,
                                     'course format: weeks, topics, social, site,..'),
                             'showgrades' => new external_value(PARAM_INT,
                                     '1 if grades are shown, otherwise 0', VALUE_OPTIONAL),
@@ -185,9 +185,9 @@ public static function get_courses_returns() {
                                     VALUE_OPTIONAL),
                             'completionnotify' => new external_value(PARAM_INT,
                                     '1: yes 0: no', VALUE_OPTIONAL),
-                            'lang' => new external_value(PARAM_ALPHANUMEXT,
+                            'lang' => new external_value(PARAM_SAFEDIR,
                                     'forced course language', VALUE_OPTIONAL),
-                            'forcetheme' => new external_value(PARAM_ALPHANUMEXT,
+                            'forcetheme' => new external_value(PARAM_PLUGIN,
                                     'name of the force theme', VALUE_OPTIONAL),
                         ), 'course'
                 )
@@ -212,7 +212,7 @@ public static function create_courses_parameters() {
                             'summary' => new external_value(PARAM_RAW, 'summary', VALUE_OPTIONAL),
                             'summaryformat' => new external_value(PARAM_INT,
                                     'the summary text Moodle format', VALUE_DEFAULT, FORMAT_MOODLE),
-                            'format' => new external_value(PARAM_ALPHANUMEXT,
+                            'format' => new external_value(PARAM_PLUGIN,
                                     'course format: weeks, topics, social, site,..',
                                     VALUE_DEFAULT, $courseconfig->format),
                             'showgrades' => new external_value(PARAM_INT,
@@ -252,9 +252,9 @@ public static function create_courses_parameters() {
                                     VALUE_OPTIONAL),
                             'completionnotify' => new external_value(PARAM_INT,
                                     '1: yes 0: no', VALUE_OPTIONAL),
-                            'lang' => new external_value(PARAM_ALPHANUMEXT,
+                            'lang' => new external_value(PARAM_SAFEDIR,
                                     'forced course language', VALUE_OPTIONAL),
-                            'forcetheme' => new external_value(PARAM_ALPHANUMEXT,
+                            'forcetheme' => new external_value(PARAM_PLUGIN,
                                     'name of the force theme', VALUE_OPTIONAL),
                         )
                     ), 'courses to create'

diff --git a/course/modedit.php b/course/modedit.php
@@ -248,7 +248,7 @@
     }
 
     $fromform->course = $course->id;
-    $fromform->modulename = clean_param($fromform->modulename, PARAM_SAFEDIR);  // For safety
+    $fromform->modulename = clean_param($fromform->modulename, PARAM_PLUGIN);  // For safety
 
     $addinstancefunction    = $fromform->modulename."_add_instance";
     $updateinstancefunction = $fromform->modulename."_update_instance";
@@ -342,7 +342,7 @@
             set_coursemodule_idnumber($fromform->coursemodule, $fromform->cmidnumber);
         }
 
-        // Now that module is fully updated, also update completion data if 
+        // Now that module is fully updated, also update completion data if
         // required (this will wipe all user completion data and recalculate it)
         if ($completion->is_enabled() && !empty($fromform->completionunlocked)) {
             $completion->reset_all_state($cm);

diff --git a/course/moodleform_mod.php b/course/moodleform_mod.php
@@ -623,7 +623,7 @@ function standard_hidden_coursemodule_elements(){
         $mform->setType('module', PARAM_INT);
 
         $mform->addElement('hidden', 'modulename', '');
-        $mform->setType('modulename', PARAM_SAFEDIR);
+        $mform->setType('modulename', PARAM_PLUGIN);
 
         $mform->addElement('hidden', 'instance', 0);
         $mform->setType('instance', PARAM_INT);

diff --git a/course/report/log/index.php b/course/report/log/index.php
@@ -23,7 +23,7 @@
     $group       = optional_param('group', 0, PARAM_INT); // Group to display
     $user        = optional_param('user', 0, PARAM_INT); // User to display
     $date        = optional_param('date', 0, PARAM_FILE); // Date to display - number or some string
-    $modname     = optional_param('modname', '', PARAM_SAFEDIR); // course_module->id
+    $modname     = optional_param('modname', '', PARAM_PLUGIN); // course_module->id
     $modid       = optional_param('modid', 0, PARAM_FILE); // number or 'site_errors'
     $modaction   = optional_param('modaction', '', PARAM_PATH); // an action as recorded in the logs
     $page        = optional_param('page', '0', PARAM_INT);     // which page to show

diff --git a/course/search.php b/course/search.php
@@ -13,7 +13,7 @@
     $hide      = optional_param('hide', 0, PARAM_INT);
     $show      = optional_param('show', 0, PARAM_INT);
     $blocklist = optional_param('blocklist', 0, PARAM_INT);
-    $modulelist= optional_param('modulelist', '', PARAM_ALPHAEXT);
+    $modulelist= optional_param('modulelist', '', PARAM_PLUGIN);
 
     $PAGE->set_url('/course/search.php', compact('search', 'page', 'perpage', 'blocklist', 'modulelist', 'edit'));
     $PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));

diff --git a/files/externallib.php b/files/externallib.php
@@ -142,8 +142,8 @@ public static function get_files_returns() {
                     new external_single_structure(
                         array(
                             'contextid' => new external_value(PARAM_INT, ''),
-                            'component' => new external_value(PARAM_ALPHAEXT, ''),
-                            'filearea'  => new external_value(PARAM_ALPHAEXT, ''),
+                            'component' => new external_value(PARAM_COMPONENT, ''),
+                            'filearea'  => new external_value(PARAM_AREA, ''),
                             'itemid'    => new external_value(PARAM_INT, ''),
                             'filepath'  => new external_value(PARAM_TEXT, ''),
                             'filename'  => new external_value(PARAM_TEXT, ''),
@@ -154,8 +154,8 @@ public static function get_files_returns() {
                     new external_single_structure(
                         array(
                             'contextid' => new external_value(PARAM_INT, ''),
-                            'component' => new external_value(PARAM_ALPHAEXT, ''),
-                            'filearea'  => new external_value(PARAM_ALPHAEXT, ''),
+                            'component' => new external_value(PARAM_COMPONENT, ''),
+                            'filearea'  => new external_value(PARAM_AREA, ''),
                             'itemid'   => new external_value(PARAM_INT, ''),
                             'filepath' => new external_value(PARAM_TEXT, ''),
                             'filename' => new external_value(PARAM_FILE, ''),
@@ -176,8 +176,8 @@ public static function upload_parameters() {
         return new external_function_parameters(
             array(
                 'contextid' => new external_value(PARAM_INT, 'context id'),
-                'component' => new external_value(PARAM_ALPHAEXT, 'component'),
-                'filearea'  => new external_value(PARAM_ALPHAEXT, 'file area'),
+                'component' => new external_value(PARAM_COMPONENT, 'component'),
+                'filearea'  => new external_value(PARAM_AREA, 'file area'),
                 'itemid'    => new external_value(PARAM_INT, 'associated id'),
                 'filepath'  => new external_value(PARAM_PATH, 'file path'),
                 'filename'  => new external_value(PARAM_FILE, 'file name'),
@@ -286,8 +286,8 @@ public static function upload_returns() {
         return new external_single_structure(
              array(
                  'contextid' => new external_value(PARAM_INT, ''),
-                 'component' => new external_value(PARAM_ALPHAEXT, ''),
-                 'filearea'  => new external_value(PARAM_ALPHAEXT, ''),
+                 'component' => new external_value(PARAM_COMPONENT, ''),
+                 'filearea'  => new external_value(PARAM_AREA, ''),
                  'itemid'   => new external_value(PARAM_INT, ''),
                  'filepath' => new external_value(PARAM_TEXT, ''),
                  'filename' => new external_value(PARAM_FILE, ''),

diff --git a/files/filebrowser_ajax.php b/files/filebrowser_ajax.php
@@ -46,8 +46,8 @@
     // used by course file tree viewer
     case 'getfiletree':
         $contextid  = required_param('contextid', PARAM_INT);
-        $component  = required_param('component', PARAM_ALPHAEXT);
-        $filearea   = required_param('filearea', PARAM_ALPHAEXT);
+        $component  = required_param('component', PARAM_COMPONENT);
+        $filearea   = required_param('filearea', PARAM_AREA);
         $itemid     = required_param('itemid', PARAM_INT);
         $filepath   = required_param('filepath', PARAM_PATH);
 

diff --git a/filter/local_settings_form.php b/filter/local_settings_form.php
@@ -53,7 +53,7 @@ public function definition() {
         $mform->setDefault('contextid', $this->context->id);
 
         $mform->addElement('hidden', 'filter');
-        $mform->setType('filter', PARAM_ALPHAEXT);
+        $mform->setType('filter', PARAM_PLUGIN);
         $mform->setDefault('filter', $this->filter);
 
         $this->add_action_buttons();