projects / atutor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 607a895)
Use $addslahes instead of mysql_real_escape_string()
authorcindy li <cli@ocad.ca>
Tue, 22 Feb 2011 14:47:48 +0000 (14:47 -0000)
committercindy li <cli@ocad.ca>
Tue, 22 Feb 2011 14:47:48 +0000 (14:47 -0000)
mods/basiclti/lib/at_form_util.php patch | blob | history
mods/basiclti/tool/instructor_edit.php patch | blob | history

diff --git a/mods/basiclti/lib/at_form_util.php b/mods/basiclti/lib/at_form_util.php
index cdab05b..77a6cae 100644 (file)
--- a/mods/basiclti/lib/at_form_util.php
+++ b/mods/basiclti/lib/at_form_util.php
@@ -200,14 +200,16 @@ function at_form_validate($form_definition, $msg ) {
 }
 
 function at_get_field_value($fieldvalue, $type = false) {
-    if ( $fieldvalue === false ) {
+    global $addslashes;
+    
+       if ( $fieldvalue === false ) {
        $fieldvalue = 'NULL';
     } else if ( is_int($fieldvalue) ) {
        $fieldvalue = $fieldvalue.'';
     } else if ( $type == 'radio' || $type == 'integer') {
         if ( strlen($fieldvalue) < 1 ) $fieldvalue = '0';
     } else {
-        $fieldvalue = "'".mysql_real_escape_string($fieldvalue)."'";
+        $fieldvalue = "'".$addslashes($fieldvalue)."'";
     }
     return $fieldvalue;
 }
diff --git a/mods/basiclti/tool/instructor_edit.php b/mods/basiclti/tool/instructor_edit.php
index 927b44a..b78bdf3 100644 (file)
--- a/mods/basiclti/tool/instructor_edit.php
+++ b/mods/basiclti/tool/instructor_edit.php
@@ -11,29 +11,6 @@ if ( !is_int($_SESSION['course_id']) || $_SESSION['course_id'] < 1 ) {
 require_once('forms.php');
 
 // Filter all POST data //
-if($_POST['submit']){
-       $_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
-       $_POST['title'] = $addslashes($_POST['title']);
-       $_POST['toolid'] = $addslashes($_POST['toolid']);
-       $_POST['description'] = $addslashes($_POST['description']);
-       $_POST['toolurl'] = $addslashes($_POST['toolurl']);
-       $_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
-       $_POST['password'] = $addslashes($_POST['password']);
-       $_POST['preferheight'] = intval($_POST['preferheight']);
-       $_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
-       $_POST['launchinpopup'] = intval($_POST['launchinpopup']);
-       $_POST['debuglaunch'] = intval($_POST['debuglaunch']);
-       $_POST['sendname'] = intval($_POST['sendname']);
-       $_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
-       $_POST['acceptgrades'] = intval($_POST['acceptgrades']);
-       $_POST['allowroster'] = intval($_POST['allowroster']);
-       $_POST['allowsetting'] = intval($_POST['allowsetting']);
-       $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
-       // this param won't take $addslashes. Some other form of filter is needed here before V1.0 goes out.
-       //$_POST['customparameters'] = $addslashes($_POST['customparameters']);
-       $_POST['submit'] = $addslashes($_POST['submit']);
-
-}
 $tool = intval($_REQUEST['id']);
 
 if (isset($_POST['cancel'])) {
Course Management Learning Management Tools