admin_authenticate(AT_ADMIN_PRIV_BASICLTI);
require_once('forms.php');
-
-$_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
-$_POST['title'] = $addslashes($_POST['title']);
-$_POST['toolid'] = $addslashes($_POST['toolid']);
-$_POST['description'] = $addslashes($_POST['description']);
-$_POST['toolurl'] = $addslashes($_POST['toolurl']);
-$_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
-$_POST['password'] = $addslashes($_POST['password']);
-$_POST['preferheight'] = intval($_POST['preferheight']);
-$_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
-$_POST['launchinpopup'] = intval($_POST['launchinpopup']);
-$_POST['debuglaunch'] = intval($_POST['debuglaunch']);
-$_POST['sendname'] = intval($_POST['sendname']);
-$_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
-$_POST['acceptgrades'] = intval($_POST['acceptgrades']);
-$_POST['allowroster'] = intval($_POST['allowroster']);
-$_POST['allowsetting'] = intval($_POST['allowsetting']);
-$_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
-$_POST['customparameters'] = $addslashes($_POST['customparameters']);
-$_POST['organizationid'] = $addslashes($_POST['organizationid']);
-$_POST['organizationurl'] = $addslashes($_POST['organizationurl']);
-$_POST['organizationdescr'] = $addslashes($_POST['organizationdescr']);
-$_POST['submit'] = $addslashes($_POST['submit']);
-
+if($_POST['submit']){
+ // filter all POST data
+ $_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
+ $_POST['title'] = $addslashes($_POST['title']);
+ $_POST['toolid'] = $addslashes($_POST['toolid']);
+ $_POST['description'] = $addslashes($_POST['description']);
+ $_POST['toolurl'] = $addslashes($_POST['toolurl']);
+ $_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
+ $_POST['password'] = $addslashes($_POST['password']);
+ $_POST['preferheight'] = intval($_POST['preferheight']);
+ $_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
+ $_POST['launchinpopup'] = intval($_POST['launchinpopup']);
+ $_POST['debuglaunch'] = intval($_POST['debuglaunch']);
+ $_POST['sendname'] = intval($_POST['sendname']);
+ $_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
+ $_POST['acceptgrades'] = intval($_POST['acceptgrades']);
+ $_POST['allowroster'] = intval($_POST['allowroster']);
+ $_POST['allowsetting'] = intval($_POST['allowsetting']);
+ $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
+ $_POST['customparameters'] = $addslashes($_POST['customparameters']);
+ $_POST['organizationid'] = $addslashes($_POST['organizationid']);
+ $_POST['organizationurl'] = $addslashes($_POST['organizationurl']);
+ $_POST['organizationdescr'] = $addslashes($_POST['organizationdescr']);
+ $_POST['submit'] = $addslashes($_POST['submit']);
+}
if (isset($_POST['cancel'])) {
$msg->addFeedback('CANCELLED');
echo '<h3>'.$basiclti_tool_row['title'].' '._AT('bl_settings').'</h3>';
echo '<ul style="list-style-type:none;">';
foreach($basiclti_tool_row as $title=>$setting){
- if($title == "password" && $basiclti_tool_row['course_id'] == 0){
+ if($title == "password" || $title == "resourcekey" && $basiclti_tool_row['course_id'] == 0){
// Hide the tool password if its not an instructor created tool //
- echo '<li>'.$title.' = #########</li>';
+ // Don't print out the key or password id its an admin added tool
+ continue;
} else {
+
echo '<li>'.$title.' = '.$setting.'</li>';
}
}
require_once('forms.php');
-// Filter all POST data //
-$_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
-$_POST['title'] = $addslashes($_POST['title']);
-$_POST['toolid'] = $addslashes($_POST['toolid']);
-$_POST['description'] = $addslashes($_POST['description']);
-$_POST['toolurl'] = $addslashes($_POST['toolurl']);
-$_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
-$_POST['password'] = $addslashes($_POST['password']);
-$_POST['preferheight'] = intval($_POST['preferheight']);
-$_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
-$_POST['launchinpopup'] = intval($_POST['launchinpopup']);
-$_POST['debuglaunch'] = intval($_POST['debuglaunch']);
-$_POST['sendname'] = intval($_POST['sendname']);
-$_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
-$_POST['acceptgrades'] = intval($_POST['acceptgrades']);
-$_POST['allowroster'] = intval($_POST['allowroster']);
-$_POST['allowsetting'] = intval($_POST['allowsetting']);
-$_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
-$_POST['customparameters'] = $addslashes($_POST['customparameters']);
-$_POST['submit'] = $addslashes($_POST['submit']);
-
+if($_POST['submit']){
+ // Filter all POST data //
+ $_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
+ $_POST['title'] = $addslashes($_POST['title']);
+ $_POST['toolid'] = $addslashes($_POST['toolid']);
+ $_POST['description'] = $addslashes($_POST['description']);
+ $_POST['toolurl'] = $addslashes($_POST['toolurl']);
+ $_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
+ $_POST['password'] = $addslashes($_POST['password']);
+ $_POST['preferheight'] = intval($_POST['preferheight']);
+ $_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
+ $_POST['launchinpopup'] = intval($_POST['launchinpopup']);
+ $_POST['debuglaunch'] = intval($_POST['debuglaunch']);
+ $_POST['sendname'] = intval($_POST['sendname']);
+ $_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
+ $_POST['acceptgrades'] = intval($_POST['acceptgrades']);
+ $_POST['allowroster'] = intval($_POST['allowroster']);
+ $_POST['allowsetting'] = intval($_POST['allowsetting']);
+ $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
+ $_POST['customparameters'] = $addslashes($_POST['customparameters']);
+ $_POST['submit'] = $addslashes($_POST['submit']);
+}
if ( !is_int($_SESSION['course_id']) || $_SESSION['course_id'] < 1 ) {
$msg->addFeedback('NEED_COURSE_ID');
exit;
$msg->addFeedback('CANCELLED');
header('Location: '.AT_BASE_HREF.'mods/basiclti/index_instructor.php');
exit;
-} else if (isset($_POST['form_basiclti'])) {
+} else if (isset($_POST['form_basiclti']) && isset($_POST['submit'])) {
if ( at_form_validate($blti_instructor_form, $msg) ) {
$sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."basiclti_tools WHERE toolid = '".
require_once('forms.php');
// Filter all POST data //
-if($_POST['submit']) {
+if($_POST['submit']){
$_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
$_POST['title'] = $addslashes($_POST['title']);
$_POST['toolid'] = $addslashes($_POST['toolid']);
$_POST['allowroster'] = intval($_POST['allowroster']);
$_POST['allowsetting'] = intval($_POST['allowsetting']);
$_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
- $_POST['customparameters'] = $addslashes($_POST['customparameters']);
+ // this param won't take $addslashes. Some other form of filter is needed here before V1.0 goes out.
+ //$_POST['customparameters'] = $addslashes($_POST['customparameters']);
$_POST['submit'] = $addslashes($_POST['submit']);
-}
+}
$tool = intval($_REQUEST['id']);
if (isset($_POST['cancel'])) {
projects / atutor.git / commitdiff