".get_string('previewhtml')."
\n"; + echo "".get_string('previewhtml')."
\n"; echo ''."\n"; echo '
'; echo "\n"; @@ -102,7 +102,7 @@ $good = 1; $teachers = array(); foreach ($SESSION->emailto[$id] as $user) { - $good = $good && message_post_message($USER,$user,addslashes($messagebody),$format,'direct'); + $good = $good && message_post_message($USER,$user,$messagebody,$format,'direct'); if ($user->teacher) { $teachers[] = $user->id; } Index: user/edit.php =================================================================== RCS file: /cvsroot/moodle/moodle/user/edit.php,v retrieving revision 1.174 diff -u -r1.174 edit.php --- user/edit.php 30 May 2008 22:11:31 -0000 1.174 +++ user/edit.php 9 Jun 2008 13:38:05 -0000 @@ -89,7 +89,7 @@ $userform = new user_edit_form(); $userform->set_data($user); - if ($usernew = $userform->get_data(false)) { + if ($usernew = $userform->get_data()) { add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", ''); @@ -102,7 +102,7 @@ } // pass a true $userold here - if (! $authplugin->user_update($user, $userform->get_data(false))) { + if (! $authplugin->user_update($user, $userform->get_data())) { // auth update failed, rollback for moodle $DB->update_record('user', $user); print_error('Failed to update user data on external auth: '.$user->auth. Index: admin/uploadpicture.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/uploadpicture.php,v retrieving revision 1.7 diff -u -r1.7 uploadpicture.php --- admin/uploadpicture.php 2 Jun 2008 21:39:24 -0000 1.7 +++ admin/uploadpicture.php 9 Jun 2008 13:36:03 -0000 @@ -62,7 +62,7 @@ print_heading_with_help($struploadpictures, 'uploadpictures'); $mform = new admin_uploadpicture_form(); -if ($formdata = $mform->get_data(false)) { +if ($formdata = $mform->get_data()) { if (!array_key_exists($userfield, $userfields)) { notify(get_string('uploadpicture_baduserfield','admin')); } else { Index: admin/settings.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/settings.php,v retrieving revision 1.45 diff -u -r1.45 settings.php --- admin/settings.php 30 May 2008 21:36:57 -0000 1.45 +++ admin/settings.php 9 Jun 2008 13:36:03 -0000 @@ -31,7 +31,7 @@ $errormsg = ''; $focus = ''; -if ($data = data_submitted(false) and confirm_sesskey()) { +if ($data = data_submitted() and confirm_sesskey()) { if (admin_write_settings($data)) { $statusmsg = get_string('changessaved'); } Index: admin/cliupgrade.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/cliupgrade.php,v retrieving revision 1.14 diff -u -r1.14 cliupgrade.php --- admin/cliupgrade.php 5 Jun 2008 18:01:22 -0000 1.14 +++ admin/cliupgrade.php 9 Jun 2008 13:36:01 -0000 @@ -738,14 +738,6 @@ console_write(STDERR,"The PHP server variable 'file_uploads' is not turned On" ,'',false); } - if (empty($CFG->prefix) && $CFG->dbfamily != 'mysql') { //Enforce prefixes for everybody but mysql - console_write(STDERR,'$CFG->prefix can\'t be empty for your target DB (' . $CFG->dbtype . ')','',false); - } - - if ($CFG->dbfamily == 'oracle' && strlen($CFG->prefix) > 2) { //Max prefix length for Oracle is 2cc - console_write(STDERR,'$CFG->prefix maximum allowed length for Oracle DBs is 2cc.','',false); - } - /// Check that config.php has been edited if ($CFG->wwwroot == "http://example.com/moodle") { @@ -1193,9 +1185,9 @@ } $newsite = new Object(); - $newsite->fullname = addslashes($sitefullname); - $newsite->shortname = addslashes($siteshortname); - $newsite->summary = addslashes($sitesummary); + $newsite->fullname = $sitefullname; + $newsite->shortname = $siteshortname; + $newsite->summary = $sitesummary; $newsite->newsitems = $sitenewsitems; $newsite->numsections = 0; $newsite->category = 0; Index: admin/maintenance.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/maintenance.php,v retrieving revision 1.15 diff -u -r1.15 maintenance.php --- admin/maintenance.php 30 May 2008 21:36:57 -0000 1.15 +++ admin/maintenance.php 9 Jun 2008 13:36:03 -0000 @@ -15,7 +15,7 @@ $filename = $CFG->dataroot.'/'.SITEID.'/maintenance.html'; - if ($form = data_submitted(false)) { + if ($form = data_submitted()) { if (confirm_sesskey()) { if ($form->action == "disable") { unlink($filename); Index: admin/search.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/search.php,v retrieving revision 1.18 diff -u -r1.18 search.php --- admin/search.php 30 May 2008 21:36:57 -0000 1.18 +++ admin/search.php 9 Jun 2008 13:36:03 -0000 @@ -7,8 +7,6 @@ $query = trim(optional_param('query', '', PARAM_NOTAGS)); // Search string -$query = stripslashes($query); // TODO: remove soon - $adminroot =& admin_get_root(); // need all settings here $adminroot->search = $query; // So we can reference it in search boxes later in this invocation $statusmsg = ''; @@ -18,7 +16,7 @@ admin_externalpage_setup('search'); // now hidden page // now we'll deal with the case that the admin has submitted the form with changed settings -if ($data = data_submitted(false) and confirm_sesskey()) { +if ($data = data_submitted() and confirm_sesskey()) { if (admin_write_settings($data)) { $statusmsg = get_string('changessaved'); } Index: admin/uploaduser.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/uploaduser.php,v retrieving revision 1.87 diff -u -r1.87 uploaduser.php --- admin/uploaduser.php 30 May 2008 22:11:32 -0000 1.87 +++ admin/uploaduser.php 9 Jun 2008 13:36:05 -0000 @@ -125,7 +125,7 @@ $cir->cleanup(true); redirect($returnurl); -} else if ($formdata = $mform->get_data(false)) { // no magic quotes here!!! +} else if ($formdata = $mform->get_data()) { // Print the header admin_externalpage_print_header(); print_heading(get_string('uploadusersresult', 'admin')); Index: admin/upgradesettings.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/upgradesettings.php,v retrieving revision 1.24 diff -u -r1.24 upgradesettings.php --- admin/upgradesettings.php 30 May 2008 21:36:57 -0000 1.24 +++ admin/upgradesettings.php 9 Jun 2008 13:36:03 -0000 @@ -15,7 +15,7 @@ admin_externalpage_setup('upgradesettings'); // now hidden page // now we'll deal with the case that the admin has submitted the form with new settings -if ($data = data_submitted(false) and confirm_sesskey()) { +if ($data = data_submitted() and confirm_sesskey()) { $count = admin_write_settings($data); $adminroot =& admin_get_root(true); //reload tree } Index: admin/enrol_config.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/enrol_config.php,v retrieving revision 1.17 diff -u -r1.17 enrol_config.php --- admin/enrol_config.php 30 May 2008 21:36:57 -0000 1.17 +++ admin/enrol_config.php 9 Jun 2008 13:36:01 -0000 @@ -17,7 +17,7 @@ /// If data submitted, then process and store. - if ($frm = data_submitted(false)) { + if ($frm = data_submitted()) { if (!confirm_sesskey()) { print_error('confirmsesskeybad', 'error'); } Index: admin/lang.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/lang.php,v retrieving revision 1.119 diff -u -r1.119 lang.php --- admin/lang.php 1 Jun 2008 11:18:54 -0000 1.119 +++ admin/lang.php 9 Jun 2008 13:36:03 -0000 @@ -1358,7 +1358,7 @@ } error_reporting($CFG->debug); - fwrite($f, stripslashes($content)); + fwrite($f, $content); fclose($f); // Remove file if its empty Index: admin/replace.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/replace.php,v retrieving revision 1.13 diff -u -r1.13 replace.php --- admin/replace.php 30 May 2008 21:36:58 -0000 1.13 +++ admin/replace.php 9 Jun 2008 13:36:03 -0000 @@ -10,9 +10,6 @@ $search = optional_param('search', '', PARAM_RAW); $replace = optional_param('replace', '', PARAM_RAW); -$search = stripslashes($search); // TODO: remove soon -$replace = stripslashes($replace); // TODO: remove soon - ################################################################### admin_externalpage_print_header(); Index: admin/filter.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/filter.php,v retrieving revision 1.23 diff -u -r1.23 filter.php --- admin/filter.php 30 May 2008 21:36:57 -0000 1.23 +++ admin/filter.php 9 Jun 2008 13:36:01 -0000 @@ -27,7 +27,7 @@ //====================== // if reset pressed let filter config page handle it - if ($config = data_submitted(false) and !$forcereset) { + if ($config = data_submitted() and !$forcereset) { // check session key if (!confirm_sesskey()) { Index: admin/auth_config.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/auth_config.php,v retrieving revision 1.21 diff -u -r1.21 auth_config.php --- admin/auth_config.php 30 May 2008 21:16:16 -0000 1.21 +++ admin/auth_config.php 9 Jun 2008 13:36:00 -0000 @@ -18,7 +18,7 @@ $returnurl = "$CFG->wwwroot/$CFG->admin/settings.php?section=manageauths"; // save configuration changes -if ($frm = data_submitted(false) and confirm_sesskey()) { +if ($frm = data_submitted() and confirm_sesskey()) { $authplugin->validate_form($frm, $err); Index: lib/datalib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/datalib.php,v retrieving revision 1.478 diff -u -r1.478 datalib.php --- lib/datalib.php 4 Jun 2008 21:34:14 -0000 1.478 +++ lib/datalib.php 9 Jun 2008 13:36:52 -0000 @@ -15,25 +15,6 @@ define('LASTACCESS_UPDATE_SECS', 60); /// Number of seconds to wait before /// updating lastaccess information in DB. -/** - * Escape all dangerous characters in a data record - * - * $dataobject is an object containing needed data - * Run over each field exectuting addslashes() function - * to escape SQL unfriendly characters (e.g. quotes) - * Handy when writing back data read from the database - * - * @param $dataobject Object containing the database record - * @return object Same object with neccessary characters escaped - */ -function addslashes_object( $dataobject ) { - $a = get_object_vars( $dataobject); - foreach ($a as $key=>$value) { - $a[$key] = addslashes( $value ); - } - return (object)$a; -} - /// USER DATABASE //////////////////////////////////////////////// /** Index: lib/dmllib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/dmllib.php,v retrieving revision 1.164 diff -u -r1.164 dmllib.php --- lib/dmllib.php 8 Jun 2008 15:25:04 -0000 1.164 +++ lib/dmllib.php 9 Jun 2008 13:36:52 -0000 @@ -251,14 +251,12 @@ function insert_record($table, $dataobject, $returnid=true, $primarykey='id') { global $DB; - $dataobject = stripslashes_recursive($dataobject); return $DB->insert_record($table, $dataobject, $returnid); } function update_record($table, $dataobject) { global $DB; - $dataobject = stripslashes_recursive($dataobject); return $DB->update_record($table, $dataobject, true); } @@ -267,7 +265,7 @@ $conditions = array(); if ($field) { - $conditions[$field] = stripslashes_recursive($value); + $conditions[$field] = $value; } return $DB->get_records($table, $conditions, $sort, $fields, $limitfrom, $limitnum); @@ -278,13 +276,13 @@ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->get_record($table, $conditions, $fields); @@ -295,16 +293,16 @@ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } - return $DB->set_field($table, $newfield, stripslashes_recursive($newvalue), $conditions); + return $DB->set_field($table, $newfield, $newvalue, $conditions); } function count_records($table, $field1='', $value1='', $field2='', $value2='', $field3='', $value3='') { @@ -312,13 +310,13 @@ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->count_records($table, $conditions); @@ -329,13 +327,13 @@ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->record_exists($table, $conditions); @@ -350,13 +348,13 @@ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->delete_records($table, $conditions); @@ -367,13 +365,13 @@ $conditions = array(); if ($field1) { - $conditions[$field1] = stripslashes_recursive($value1); + $conditions[$field1] = $value1; } if ($field2) { - $conditions[$field2] = stripslashes_recursive($value2); + $conditions[$field2] = $value2; } if ($field3) { - $conditions[$field3] = stripslashes_recursive($value3); + $conditions[$field3] = $value3; } return $DB->get_field($table, $return, $conditions); Index: lib/blocklib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/blocklib.php,v retrieving revision 1.139 diff -u -r1.139 blocklib.php --- lib/blocklib.php 4 Jun 2008 21:34:14 -0000 1.139 +++ lib/blocklib.php 9 Jun 2008 13:36:50 -0000 @@ -510,7 +510,7 @@ // To this data, add anything the page itself needs to display $hiddendata = array_merge($hiddendata, $page->url_get_parameters()); - if ($data = data_submitted(false)) { + if ($data = data_submitted()) { $remove = array_keys($hiddendata); foreach($remove as $item) { unset($data->$item); Index: lib/questionlib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/questionlib.php,v retrieving revision 1.135 diff -u -r1.135 questionlib.php --- lib/questionlib.php 9 Jun 2008 12:16:54 -0000 1.135 +++ lib/questionlib.php 9 Jun 2008 13:37:03 -0000 @@ -975,9 +975,9 @@ global $QTYPES; // initialise response to the value in the answer field - $state->responses = array('' => addslashes($state->answer)); + $state->responses = array('' => $state->answer); unset($state->answer); - $state->manualcomment = isset($state->manualcomment) ? addslashes($state->manualcomment) : ''; + $state->manualcomment = isset($state->manualcomment) ? $state->manualcomment : ''; // Set the changed field to false; any code which changes the // question session must set this to true and must increment Index: lib/weblib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/weblib.php,v retrieving revision 1.1081 diff -u -r1.1081 weblib.php --- lib/weblib.php 6 Jun 2008 01:49:07 -0000 1.1081 +++ lib/weblib.php 9 Jun 2008 13:37:10 -0000 @@ -449,20 +449,14 @@ * * Checks that submitted POST data exists and returns it as object. * - * @param bool slashes TEMPORARY - false if strip magic quotes * @return mixed false or object */ -function data_submitted($slashes=true) { +function data_submitted() { if (empty($_POST)) { return false; } else { - if ($slashes===false) { - $post = stripslashes_recursive($_POST); // temporary hack before magic quotes removal - return (object)$post; - } else { - return (object)$_POST; - } + return (object)$_POST; } } @@ -540,41 +534,6 @@ } /** - * Recursive implementation of addslashes() - * - * This function will allow you to add the slashes from a variable. - * If the variable is an array or object, slashes will be added - * to the items (or properties) it contains, even if they are arrays - * or objects themselves. - * - * @param mixed the variable to add slashes from - * @return mixed - */ -function addslashes_recursive($var) { - if (is_object($var)) { - $new_var = new object(); - $properties = get_object_vars($var); - foreach($properties as $property => $value) { - $new_var->$property = addslashes_recursive($value); - } - - } else if (is_array($var)) { - $new_var = array(); - foreach($var as $property => $value) { - $new_var[$property] = addslashes_recursive($value); - } - - } else if (is_string($var)) { - $new_var = addslashes($var); - - } else { // nulls, integers, etc. - $new_var = $var; - } - - return $new_var; -} - -/** * Given some normal text this function will break up any * long words to a given size by inserting the given character * @@ -1312,7 +1271,7 @@ $pathinfo = explode($file, $string); if (!empty($pathinfo[1])) { - return addslashes($pathinfo[1]); + return $pathinfo[1]; } else { return false; } @@ -1811,10 +1770,6 @@ * function that modifies the data! We do not know the origin of trusttext * in database, if it gets there in tweaked form we must not convert it * to supported form!!! - * - * Please be carefull not to use stripslashes on data from database - * or twice stripslashes when processing data recieved from user. - * * @param string $text text that may contain TRUSTTEXT marker * @return text without any TRUSTTEXT marker */ @@ -3834,7 +3789,7 @@ */ function print_heading_with_help($text, $helppage, $module='moodle', $icon='', $return=false) { $output = '';
- $output .= '
';
@@ -3848,7 +3803,7 @@
function print_heading_block($heading, $class='', $return=false) {
//Accessibility: 'headingblock' is now H1, see theme/standard/styles_*.css: ??
- $output = ''.$icon.stripslashes_safe($text).'
'; + $output .= ''.$icon.$text.'
'; $output .= helpbutton($helppage, $text, $module, true, false, '', true); $output .= ''.stripslashes($heading).'
'; + $output = ''.$heading.'
'; if ($return) { return $output; @@ -3916,7 +3871,6 @@ function print_box($message, $classes='generalbox', $ids='', $return=false) { $output = print_box_start($classes, $ids, true); - $output .= stripslashes_safe($message); $output .= print_box_end(true); if ($return) { @@ -3977,7 +3931,6 @@ function print_container($message, $clearfix=false, $classes='', $idbase='', $return=false) { $output = print_container_start($clearfix, $classes, $idbase, true); - $output .= stripslashes_safe($message); $output .= print_container_end(true); if ($return) { Index: lib/adminlib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/adminlib.php,v retrieving revision 1.214 diff -u -r1.214 adminlib.php --- lib/adminlib.php 6 Jun 2008 03:51:39 -0000 1.214 +++ lib/adminlib.php 9 Jun 2008 13:36:48 -0000 @@ -545,7 +545,7 @@ return; } echo ''; } @@ -1728,7 +1728,7 @@ return true; } else { - $cleaned = stripslashes(clean_param(addslashes($data), $this->paramtype)); + $cleaned = clean_param($data, $this->paramtype); if ("$data" == "$cleaned") { // implicit conversion to string is needed to do exact comparison return true; } else { @@ -2580,7 +2580,7 @@ } function validate($data) { - $cleaned = stripslashes(clean_param(addslashes($data), PARAM_MULTILANG)); + $cleaned = clean_param($data, PARAM_MULTILANG); if ($cleaned === '') { return get_string('required'); } Index: lib/formslib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/formslib.php,v retrieving revision 1.145 diff -u -r1.145 formslib.php --- lib/formslib.php 1 Jun 2008 17:53:26 -0000 1.145 +++ lib/formslib.php 9 Jun 2008 13:36:54 -0000 @@ -244,15 +244,16 @@ * form definition (new entry form); this function is used to load in data where values * already exist and data is being edited (edit entry form). * + * note: $slashed param removed + * * @param mixed $default_values object or array of default values * @param bool $slased true if magic quotes applied to data values */ - function set_data($default_values, $slashed=false) { + function set_data($default_values) { if (is_object($default_values)) { $default_values = (array)$default_values; } - $filter = $slashed ? 'stripslashes' : NULL; - $this->_form->setDefaults($default_values, $filter); + $this->_form->setDefaults($default_values); } /** @@ -369,15 +370,16 @@ /** * Return submitted data if properly submitted or returns NULL if validation fails or * if there is no submitted data. + * + * note: $slashed param removed * - * @param bool $slashed true means return data with addslashes applied * @return object submitted data; NULL if not valid or not submitted */ - function get_data($slashed=true) { + function get_data() { $mform =& $this->_form; if ($this->is_submitted() and $this->is_validated()) { - $data = $mform->exportValues(null, $slashed); + $data = $mform->exportValues(); unset($data['sesskey']); // we do not need to return sesskey unset($data['_qf__'.$this->_formname]); // we do not need the submission marker too if (empty($data)) { @@ -392,15 +394,15 @@ /** * Return submitted data without validation or NULL if there is no submitted data. + * note: $slashed param removed * - * @param bool $slashed true means return data with addslashes applied * @return object submitted data; NULL if not submitted */ - function get_submitted_data($slashed=true) { + function get_submitted_data() { $mform =& $this->_form; if ($this->is_submitted()) { - $data = $mform->exportValues(null, $slashed); + $data = $mform->exportValues(); unset($data['sesskey']); // we do not need to return sesskey unset($data['_qf__'.$this->_formname]); // we do not need the submission marker too if (empty($data)) { @@ -976,19 +978,13 @@ $submission[$key] = clean_param($s, $this->_types[$key]); } } - $this->_submitValues = $this->_recursiveFilter('stripslashes', $submission); + $this->_submitValues = $submission; $this->_flagSubmitted = true; } if (empty($files)) { $this->_submitFiles = array(); } else { - if (1 == get_magic_quotes_gpc()) { - foreach (array_keys($files) as $elname) { - // dangerous characters in filenames are cleaned later in upload_manager - $files[$elname]['name'] = stripslashes($files[$elname]['name']); - } - } $this->_submitFiles = $files; $this->_flagSubmitted = true; } @@ -1011,15 +1007,15 @@ * Initializes a default form value. Used to specify the default for a new entry where * no data is loaded in using moodleform::set_data() * + * note: $slashed param removed + * * @param string $elementname element name * @param mixed $values values for that element name - * @param bool $slashed the default value is slashed * @access public * @return void */ - function setDefault($elementName, $defaultValue, $slashed=false){ - $filter = $slashed ? 'stripslashes' : NULL; - $this->setDefaults(array($elementName=>$defaultValue), $filter); + function setDefault($elementName, $defaultValue){ + $this->setDefaults(array($elementName=>$defaultValue)); } // end func setDefault /** * Add an array of buttons to the form @@ -1060,7 +1056,7 @@ } } - function exportValues($elementList= null, $addslashes=true){ + function exportValues($elementList = null){ $unfiltered = array(); if (null === $elementList) { // iterate over all elements, calling their exportValue() methods @@ -1090,11 +1086,7 @@ } } - if ($addslashes){ - return $this->_recursiveFilter('addslashes', $unfiltered); - } else { - return $unfiltered; - } + return $unfiltered; } /** * Adds a validation rule for the given field Index: lib/recaptchalib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/recaptchalib.php,v retrieving revision 1.5 diff -u -r1.5 recaptchalib.php --- lib/recaptchalib.php 31 Mar 2008 12:13:46 -0000 1.5 +++ lib/recaptchalib.php 9 Jun 2008 13:37:03 -0000 @@ -47,7 +47,7 @@ function _recaptcha_qsencode ($data) { $req = ""; foreach ( $data as $key => $value ) - $req .= $key . '=' . urlencode( stripslashes($value) ) . '&'; + $req .= $key . '=' . urlencode( $value ) . '&'; // Cut the last '&' $req=substr($req,0,strlen($req)-1); Index: lib/setup.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/setup.php,v retrieving revision 1.234 diff -u -r1.234 setup.php --- lib/setup.php 19 May 2008 18:02:34 -0000 1.234 +++ lib/setup.php 9 Jun 2008 13:37:04 -0000 @@ -385,36 +385,36 @@ . "cannot work with magic_quotes_gpc. Please disable " . "magic_quotes_gpc."); } -/// A hack to get around magic_quotes_gpc being turned off -/// It is strongly recommended to enable "magic_quotes_gpc"! - if (!ini_get_bool('magic_quotes_gpc') && !defined('MOODLE_SANE_INPUT') ) { - function addslashes_deep($value) { +/// A hack to get around magic_quotes_gpc being turned on +/// It is strongly recommended to disable "magic_quotes_gpc"! + if (ini_get_bool('magic_quotes_gpc')) { + function stripslashes_deep($value) { $value = is_array($value) ? - array_map('addslashes_deep', $value) : - addslashes($value); + array_map('stripslashes_deep', $value) : + stripslashes($value); return $value; } - $_POST = array_map('addslashes_deep', $_POST); - $_GET = array_map('addslashes_deep', $_GET); - $_COOKIE = array_map('addslashes_deep', $_COOKIE); - $_REQUEST = array_map('addslashes_deep', $_REQUEST); + $_POST = array_map('stripslashes_deep', $_POST); + $_GET = array_map('stripslashes_deep', $_GET); + $_COOKIE = array_map('stripslashes_deep', $_COOKIE); + $_REQUEST = array_map('stripslashes_deep', $_REQUEST); if (!empty($_SERVER['REQUEST_URI'])) { - $_SERVER['REQUEST_URI'] = addslashes($_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']); } if (!empty($_SERVER['QUERY_STRING'])) { - $_SERVER['QUERY_STRING'] = addslashes($_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']); } if (!empty($_SERVER['HTTP_REFERER'])) { - $_SERVER['HTTP_REFERER'] = addslashes($_SERVER['HTTP_REFERER']); + $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']); } if (!empty($_SERVER['PATH_INFO'])) { - $_SERVER['PATH_INFO'] = addslashes($_SERVER['PATH_INFO']); + $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']); } if (!empty($_SERVER['PHP_SELF'])) { - $_SERVER['PHP_SELF'] = addslashes($_SERVER['PHP_SELF']); + $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']); } if (!empty($_SERVER['PATH_TRANSLATED'])) { - $_SERVER['PATH_TRANSLATED'] = addslashes($_SERVER['PATH_TRANSLATED']); + $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']); } } Index: lib/searchlib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/searchlib.php,v retrieving revision 1.15 diff -u -r1.15 searchlib.php --- lib/searchlib.php 2 Jun 2008 21:56:06 -0000 1.15 +++ lib/searchlib.php 9 Jun 2008 13:37:04 -0000 @@ -29,7 +29,7 @@ // Need to think about this some more. function sanitize($userstring){ - return htmlspecialchars(addslashes($userstring)); + return htmlspecialchars($userstring); } function getValue(){ return $this->value; Index: lib/deprecatedlib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/deprecatedlib.php,v retrieving revision 1.87 diff -u -r1.87 deprecatedlib.php --- lib/deprecatedlib.php 1 Jun 2008 13:20:02 -0000 1.87 +++ lib/deprecatedlib.php 9 Jun 2008 13:36:52 -0000 @@ -222,7 +222,7 @@ function print_simple_box($message, $align='', $width='', $color='', $padding=5, $class='generalbox', $id='', $return=false) { $output = ''; $output .= print_simple_box_start($align, $width, $color, $padding, $class, $id, true); - $output .= stripslashes_safe($message); + $output .= $message; $output .= print_simple_box_end(true); if ($return) { @@ -496,4 +496,16 @@ die; } + +/// removed functions +function addslashes_object( $dataobject ) { + error('addslashes() not available anymore'); +} + +function addslashes_recursive($var) { + error('addslashes_recursive() not available anymore'); +} + + + ?> Index: lib/moodlelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/moodlelib.php,v retrieving revision 1.1056 diff -u -r1.1056 moodlelib.php --- lib/moodlelib.php 5 Jun 2008 20:35:28 -0000 1.1056 +++ lib/moodlelib.php 9 Jun 2008 13:37:00 -0000 @@ -197,7 +197,6 @@ /** * PARAM_CLEANHTML - cleans submitted HTML code and removes slashes - * note: do not forget to addslashes() before storing into database! */ define('PARAM_CLEANHTML',0x1000); @@ -403,12 +402,9 @@ if (is_numeric($param)) { return $param; } - $param = stripslashes($param); // Needed for kses to work fine - $param = clean_text($param); // Sweep for scripts, etc - return addslashes($param); // Restore original request parameter slashes + return clean_text($param); // Sweep for scripts, etc case PARAM_CLEANHTML: // prepare html fragment for display, do not store it into db!! - $param = stripslashes($param); // Remove any slashes $param = clean_text($param); // Sweep for scripts, etc return trim($param); Index: admin/xmldb/actions/edit_table_save/edit_table_save.class.php =================================================================== RCS file: /cvsroot/moodle/moodle/admin/xmldb/actions/edit_table_save/edit_table_save.class.php,v retrieving revision 1.10 diff -u -r1.10 edit_table_save.class.php --- admin/xmldb/actions/edit_table_save/edit_table_save.class.php 20 May 2008 23:24:40 -0000 1.10 +++ admin/xmldb/actions/edit_table_save/edit_table_save.class.php 9 Jun 2008 13:36:11 -0000 @@ -65,18 +65,18 @@ /// Do the job, setting result as needed - if (!data_submitted('nomatch')) { ///Basic prevention + if (!data_submitted()) { ///Basic prevention print_error('wrongcall', 'error'); } /// Get parameters $dirpath = required_param('dir', PARAM_PATH); - $dirpath = $CFG->dirroot . stripslashes_safe($dirpath); + $dirpath = $CFG->dirroot . $dirpath; $tableparam = strtolower(required_param('table', PARAM_PATH)); $name = substr(trim(strtolower(required_param('name', PARAM_PATH))),0,28); $comment = required_param('comment', PARAM_CLEAN); - $comment = stripslashes_safe($comment); + $comment = $comment; $editeddir =& $XMLDB->editeddirs[$dirpath]; $structure =& $editeddir->xml_file->getStructure(); Index: auth/db/auth.php =================================================================== RCS file: /cvsroot/moodle/moodle/auth/db/auth.php,v retrieving revision 1.32 diff -u -r1.32 auth.php --- auth/db/auth.php 7 Jun 2008 15:41:25 -0000 1.32 +++ auth/db/auth.php 9 Jun 2008 13:36:17 -0000 @@ -229,7 +229,7 @@ /// list external users $userlist = $this->get_userlist(); - $quoteduserlist = implode("', '", addslashes_recursive($userlist)); + $quoteduserlist = implode("', '", $userlist); $quoteduserlist = "'$quoteduserlist'"; /// delete obsolete internal users @@ -667,7 +667,6 @@ $config->changepasswordurl = ''; } - $config = stripslashes_recursive($config); // save settings set_config('host', $config->host, 'auth/db'); set_config('type', $config->type, 'auth/db'); Index: mod/feedback/import.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/import.php,v retrieving revision 1.3 diff -u -r1.3 import.php --- mod/feedback/import.php 7 Jun 2008 22:22:07 -0000 1.3 +++ mod/feedback/import.php 9 Jun 2008 13:37:26 -0000 @@ -16,7 +16,7 @@ $choosefile = optional_param('choosefile', false, PARAM_PATH); $action = optional_param('action', false, PARAM_ALPHA); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } Index: mod/feedback/show_entries.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/show_entries.php,v retrieving revision 1.7 diff -u -r1.7 show_entries.php --- mod/feedback/show_entries.php 7 Jun 2008 22:22:07 -0000 1.7 +++ mod/feedback/show_entries.php 9 Jun 2008 13:37:26 -0000 @@ -64,7 +64,7 @@ require_login($course->id, true, $cm); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } Index: mod/feedback/mapcourse.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/mapcourse.php,v retrieving revision 1.4 diff -u -r1.4 mapcourse.php --- mod/feedback/mapcourse.php 7 Jun 2008 22:22:06 -0000 1.4 +++ mod/feedback/mapcourse.php 9 Jun 2008 13:37:26 -0000 @@ -17,7 +17,7 @@ $coursefilter = optional_param('coursefilter', '', PARAM_INT); $courseid = optional_param('courseid', false, PARAM_INT); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } Index: mod/feedback/edit.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/edit.php,v retrieving revision 1.5 diff -u -r1.5 edit.php --- mod/feedback/edit.php 7 Jun 2008 22:22:07 -0000 1.5 +++ mod/feedback/edit.php 9 Jun 2008 13:37:25 -0000 @@ -14,7 +14,7 @@ $id = required_param('id', PARAM_INT); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } Index: mod/feedback/edit_item.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/edit_item.php,v retrieving revision 1.8 diff -u -r1.8 edit_item.php --- mod/feedback/edit_item.php 7 Jun 2008 22:22:07 -0000 1.8 +++ mod/feedback/edit_item.php 9 Jun 2008 13:37:25 -0000 @@ -21,7 +21,7 @@ $usehtmleditor = can_use_html_editor(); - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } Index: mod/feedback/print.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/print.php,v retrieving revision 1.4 diff -u -r1.4 print.php --- mod/feedback/print.php 7 Jun 2008 22:22:06 -0000 1.4 +++ mod/feedback/print.php 9 Jun 2008 13:37:26 -0000 @@ -13,7 +13,7 @@ $id = required_param('id', PARAM_INT); - $formdata = data_submitted('nomatch'); + $formdata = data_submitted(); if ($id) { if (! $cm = get_coursemodule_from_id('feedback', $id)) { Index: mod/feedback/complete.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/complete.php,v retrieving revision 1.7 diff -u -r1.7 complete.php --- mod/feedback/complete.php 7 Jun 2008 22:22:06 -0000 1.7 +++ mod/feedback/complete.php 9 Jun 2008 13:37:24 -0000 @@ -23,7 +23,7 @@ $highlightrequired = false; - if(($formdata = data_submitted('nomatch')) AND !confirm_sesskey()) { + if(($formdata = data_submitted()) AND !confirm_sesskey()) { error('no sesskey defined'); } @@ -255,7 +255,7 @@ if($feedback->page_after_submit) { // print_simple_box_start('center', '75%'); print_box_start('generalbox boxaligncenter boxwidthwide'); - echo format_text(stripslashes_safe($feedback->page_after_submit)); + echo format_text($feedback->page_after_submit); // print_simple_box_end(); print_box_end(); } else { Index: mod/feedback/analysis_to_excel.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/feedback/analysis_to_excel.php,v retrieving revision 1.4 diff -u -r1.4 analysis_to_excel.php --- mod/feedback/analysis_to_excel.php 7 Jun 2008 22:22:07 -0000 1.4 +++ mod/feedback/analysis_to_excel.php 9 Jun 2008 13:37:24 -0000 @@ -14,7 +14,7 @@ $id = required_param('id', PARAM_INT); //the POST dominated the GET - $formdata = data_submitted('nomatch'); + $formdata = data_submitted(); if ($id) { if (! $cm = get_coursemodule_from_id('feedback', $id)) { @@ -177,7 +177,7 @@ foreach($items as $item) { $worksheet->setFormat('Processing TeX expression:
$expression\n"; $doc = $latex->construct_latex_document($expression); Index: mod/forum/restorelib.php =================================================================== RCS file: /cvsroot/moodle/moodle/mod/forum/restorelib.php,v retrieving revision 1.68 diff -u -r1.68 restorelib.php --- mod/forum/restorelib.php 5 Jun 2008 20:16:09 -0000 1.68 +++ mod/forum/restorelib.php 9 Jun 2008 13:37:36 -0000 @@ -95,7 +95,7 @@ //Do some output if (!defined('RESTORE_SILENTLY')) { - echo "
';
- echo '