$this->message = "Constructor requires a secret or database information.";
return;
} else {
+ global $addslashes;
$sql = 'SELECT * FROM '.$parm['table'].' WHERE '.
($parm['key_column'] ? $parm['key_column'] : 'oauth_consumer_key').
'='.
- "'".mysql_real_escape_string($oauth_consumer_key)."'";
+ "'".$addslashes($oauth_consumer_key)."'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);
if ( $num_rows != 1 ) {
$fieldvalue = $fieldvalue.'';
} else if ( $type == 'radio' || $type == 'integer') {
if ( strlen($fieldvalue) < 1 ) $fieldvalue = '0';
+ else $fieldvalue = intval($fieldvalue);
} else {
$fieldvalue = "'".$addslashes($fieldvalue)."'";
}
admin_authenticate(AT_ADMIN_PRIV_BASICLTI);
require_once('forms.php');
-if($_POST['submit']){
- // filter all POST data
- $_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
- $_POST['title'] = $addslashes($_POST['title']);
- $_POST['toolid'] = $addslashes($_POST['toolid']);
- $_POST['description'] = $addslashes($_POST['description']);
- $_POST['toolurl'] = $addslashes($_POST['toolurl']);
- $_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
- $_POST['password'] = $addslashes($_POST['password']);
- $_POST['preferheight'] = intval($_POST['preferheight']);
- $_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
- $_POST['launchinpopup'] = intval($_POST['launchinpopup']);
- $_POST['debuglaunch'] = intval($_POST['debuglaunch']);
- $_POST['sendname'] = intval($_POST['sendname']);
- $_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
- $_POST['acceptgrades'] = intval($_POST['acceptgrades']);
- $_POST['allowroster'] = intval($_POST['allowroster']);
- $_POST['allowsetting'] = intval($_POST['allowsetting']);
- $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
-// $_POST['customparameters'] = $addslashes($_POST['customparameters']);
- $_POST['organizationid'] = $addslashes($_POST['organizationid']);
- $_POST['organizationurl'] = $addslashes($_POST['organizationurl']);
- $_POST['organizationdescr'] = $addslashes($_POST['organizationdescr']);
- $_POST['submit'] = $addslashes($_POST['submit']);
-}
if (isset($_POST['cancel'])) {
$msg->addFeedback('CANCELLED');
header('Location: '.AT_BASE_HREF.'mods/basiclti/index_admin.php');
exit;
} else if (isset($_POST['form_basiclti'])) {
-
if ( at_form_validate($blti_admin_form, $msg) ) {
+ global $addslashes;
$sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."basiclti_tools WHERE toolid = '".
- mysql_real_escape_string($_POST['toolid'])."';";
+ $addslashes($_POST['toolid'])."';";
$result = mysql_query($sql, $db) or die(mysql_error());
$row = mysql_fetch_assoc($result);
} else if (isset($_POST['form_basiclti'], $tool)) {
if ( at_form_validate($blti_admin_form, $msg) ) {
+ global $addslashes;
$sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."basiclti_tools WHERE toolid = '".
- mysql_real_escape_string($_POST['toolid'])."' AND id != $tool;";
+ $addslashes($_POST['toolid'])."' AND id != $tool;";
$result = mysql_query($sql, $db) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$_POST['popup'] = intval($_POST['popup']);
$_POST['cid'] = intval($_POST['cid']);
-// Filter all POST data //
-$_POST['toolid'] = $addslashes($_POST['toolid']);
-$_POST['cid'] = intval($_POST['cid']);
-$_POST['preferheight'] = intval($_POST['preferheight']);
-$_POST['launchinpopup'] = intval($_POST['launchinpopup']);
-$_POST['debuglaunch'] = intval($_POST['debuglaunch']);
-$_POST['sendname'] = intval($_POST['sendname']);
-$_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
-$_POST['allowroster'] = intval($_POST['allowroster']);
-$_POST['allowsetting'] = intval($_POST['allowsetting']);
-$_POST['customparameters'] = $addslashes($_POST['customparameters']);
-
if ( !is_int($_SESSION['course_id']) || $_SESSION['course_id'] < 1 ) {
$msg->addFeedback('NEED_COURSE_ID');
exit;
require_once('forms.php');
-if($_POST['submit']){
- // Filter all POST data //
- $_POST['form_basiclti'] = $addslashes($_POST['form_basiclti']);
- $_POST['title'] = $addslashes($_POST['title']);
- $_POST['toolid'] = $addslashes($_POST['toolid']);
- $_POST['description'] = $addslashes($_POST['description']);
- $_POST['toolurl'] = $addslashes($_POST['toolurl']);
- $_POST['resourcekey'] = $addslashes($_POST['resourcekey']);
- $_POST['password'] = $addslashes($_POST['password']);
- $_POST['preferheight'] = intval($_POST['preferheight']);
- $_POST['allowpreferheight'] = intval($_POST['allowpreferheight']);
- $_POST['launchinpopup'] = intval($_POST['launchinpopup']);
- $_POST['debuglaunch'] = intval($_POST['debuglaunch']);
- $_POST['sendname'] = intval($_POST['sendname']);
- $_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
- $_POST['acceptgrades'] = intval($_POST['acceptgrades']);
- $_POST['allowroster'] = intval($_POST['allowroster']);
- $_POST['allowsetting'] = intval($_POST['allowsetting']);
- $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
- //$_POST['customparameters'] = $addslashes($_POST['customparameters']);
- $_POST['submit'] = $addslashes($_POST['submit']);
-}
if ( !is_int($_SESSION['course_id']) || $_SESSION['course_id'] < 1 ) {
$msg->addFeedback('NEED_COURSE_ID');
exit;
} else if (isset($_POST['form_basiclti']) && isset($_POST['submit'])) {
if ( at_form_validate($blti_instructor_form, $msg) ) {
- $sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."basiclti_tools WHERE toolid = '".
- mysql_real_escape_string($_POST['toolid'])."' AND course_id = ". $_SESSION['course_id'];
+ global $addslashes;
+ $sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."basiclti_tools WHERE toolid = '".
+ $addslashes($_POST['toolid'])."' AND course_id = ". $_SESSION['course_id'];
$result = mysql_query($sql, $db) or die(mysql_error());
$row = mysql_fetch_assoc($result);
} else if (isset($_POST['form_basiclti'], $tool)) {
if ( at_form_validate($blti_instructor_form, $msg) ) {
+ global $addslashes;
$sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."basiclti_tools WHERE toolid = '".
- mysql_real_escape_string($_POST['toolid'])."' AND id != $tool".
+ $addslashes($_POST['toolid'])."' AND id != $tool".
" AND course_id = ". $_SESSION['course_id'];
$result = mysql_query($sql, $db) or die(mysql_error());
$row = mysql_fetch_assoc($result);