Switched to moodle param validation

2024-11-01 18:03:44 +01:00 · 2024-11-01 18:03:44 +01:00 · 5e3d610451
commit 5e3d610451
parent 6b707cc595
1 changed files with 22 additions and 30 deletions
--- a/cfg_grades.php
+++ b/cfg_grades.php
@ -51,23 +51,20 @@ foreach ($mappings as $cfg) {
 }

 print $OUTPUT->header();
-print "<pre>";
-print $CFG->gradebookroles;
-print "</pre>";

-if ($_POST["action"] == "update") {
+$action = optional_param("action","",PARAM_TEXT);
+if ($action == "update") {
    // First loop through the scales to see which need to be updated.
    foreach ($scales as $scale) {
        if (array_key_exists($scale->id, $scalecfgs)) {
            $scalecfg = $scalecfgs[$scale->id];

            $needupdate = false;
-            foreach (["min_progress", "min_completed"] as $handle) {
+            foreach (["min_completed"] as $handle) {
                $key = "s_{$scale->id}_{$handle}";
-                if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) {
-                    $value = intval($_POST[$key]);
-                    if ($value != $scalecfg->$handle) {
-                        $scalecfg->$handle = $value;
+                if (($v = optional_param($key, null, PARAM_INT)) !== null) {
+                    if ($v != $scalecfg->$handle) {
+                        $scalecfg->$handle = $v;
                        $needupdate = true;
                    }
                }
@ -79,10 +76,10 @@ if ($_POST["action"] == "update") {
        } else {
            $scalecfg = (object)[ "scale_id" => $scale->id];
            $requireinsert = false;
-            foreach (["min_progress", "min_completed"] as $handle) {
+            foreach (["min_completed"] as $handle) {
                $key = "s_{$scale->id}_{$handle}";
-                if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) {
-                    $scalecfg->$handle = intval($_POST[$key]);
+                if (($v = optional_param($key, null, PARAM_INT)) !== null) {
+                    $scalecfg->$handle = $v;
                    $requireinsert = true;
                }
            }
@ -98,39 +95,36 @@ if ($_POST["action"] == "update") {
    $deletelist = [];
    foreach ($gradecfgs as $gradecfg) {
        $deletekey = "g_{$gradecfg->grade_points}_delete";
-        if (array_key_exists($deletekey, $_POST) && boolval($_POST[$deletekey]) === true) {
+        $dval = optional_param($deletekey, "", PARAM_TEXT);
+        if (in_array(strtolower($dval),["on","true"])) {
            $DB->delete_records(GRADECFG_TABLE, ["id" => $gradecfg->id]);
            $deletelist[] = $gradecfg;
        } else {
-            foreach (["min_progress", "min_completed"] as $handle) {
+            foreach (["min_completed"] as $handle) {
                $key = "g_{$gradecfg->grade_points}_{$handle}";
-                if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) {
-                    $gradecfg->$handle = floatval($_POST[$key]);
-                }
-            }
+                $gradecfg->$handle = optional_param($key, null, PARAM_LOCALISEDFLOAT);
+                if ($gradecfg->$handle !== null) {
                    $DB->update_record(GRADECFG_TABLE, $gradecfg);
                    // Reload to ensure proper rounding is done.
                    $gradecfgs[$gradecfg->grade_points] = $DB->get_record(GRADECFG_TABLE, ['id' => $gradecfg->id]);
                }
            }
-
+        }
+    }
    foreach ($deletelist as $gradeconfig) {
-        unset($gradecfgs[$gradecfg->grade_points]);
+        unset($gradecfgs[$gradeconfig->grade_points]);
    }
    unset($deletelist);

    // And add an optionally existing new gradepoint setting.
-    if (array_key_exists("g_new_gradepoints", $_POST)
-        && !empty($_POST["g_new_gradepoints"])
-        && is_numeric($_POST["g_new_gradepoints"]) ) {
-        $gp = intval($_POST["g_new_gradepoints"]);
+    if (($gp = optional_param("g_new_gradepoints", null, PARAM_INT)) !== null) {
        if (!array_key_exists($gp, $gradecfgs)) {
            $gradecfg = (object)[ "grade_points" => $gp];
            $requireinsert = false;
            foreach (["min_progress", "min_completed"] as $handle) {
                $key = "g_new_{$handle}";
-                if (array_key_exists($key, $_POST) && is_numeric($_POST[$key])) {
-                    $gradecfg->$handle = floatval($_POST[$key]);
+                if (($v = optional_param($key, null, PARAM_LOCALISEDFLOAT)) !== null) {
+                    $gradecfg->$handle = $v;
                    $requireinsert = true;
                }
            }
@ -146,7 +140,7 @@ if ($_POST["action"] == "update") {

 }

-    // Process all available scales and load the current configuration for it.
+// Process all available scales and load the current configuration for it.
 $data = [];
 foreach ($scales as $scale) {
    $scale->load_items();
@ -205,7 +199,6 @@ print html_writer::tag("input", null, ['name' => "action", 'value' => 'update',
 $table = new html_table();
 $table->id = "";
 $table->attributes['class'] = 'generaltable m-roomtable';
-$table->tablealign = 'center';
 $table->head = [];
 $table->data = $data;
 $table->head[] = get_string('scale');
@ -253,7 +246,6 @@ $data[] = $row;
 $table = new html_table();
 $table->id = "";
 $table->attributes['class'] = 'generaltable m-roomtable';
-$table->tablealign = 'center';
 $table->head = [];
 $table->data = $data;
 $table->head[] = get_string('grade_points', 'local_treestudyplan');