Skip to content

Commit

Permalink
Fixed issue #2 and #3
Browse files Browse the repository at this point in the history
  • Loading branch information
nelson-edalex committed Jul 20, 2018
1 parent 604e2bd commit eff5f81
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 12 deletions.
4 changes: 2 additions & 2 deletions block_equella_links.php
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ function instance_config_save($data, $nolongerused = false) {
$contextid = $context->id;
$DB->delete_records('block_equella_links', array('contextid'=>$contextid, 'tagged'=>1));
if (!empty($data->includetaggeditems) && !empty($idnumber)) {
$xml = self::grab_tagged_items($data->xmlpath, $idnumber);
$xml = self::grab_tagged_items(filter_var($data->xmlpath, FILTER_SANITIZE_STRING), $idnumber);
self::update_records_from_xml($xml, $this->instance->id, $contextid);
}

Expand Down Expand Up @@ -88,7 +88,7 @@ function get_content() {
$this->content->icons = array();

if (has_any_capability(array('block/equella_links:manageanylinks'), $this->context)) {
$url = new moodle_url('/blocks/equella_links/managelinks.php', array('courseid'=>$this->page->course->id));
$url = new moodle_url('/blocks/equella_links/managelinks.php', array('courseid'=>$this->page->course->id, 'sesskey' => sesskey()));
$this->content->footer = $OUTPUT->action_icon($url, new pix_icon('t/edit', get_string('edit')));
}

Expand Down
19 changes: 9 additions & 10 deletions managelinks.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
$action = optional_param('action', '', PARAM_ALPHA);
$linkid = optional_param('linkid', '', PARAM_INT);

$baseurl = new moodle_url('/blocks/equella_links/managelinks.php', array('courseid'=>$courseid));
$baseurl = new moodle_url('/blocks/equella_links/managelinks.php', array('courseid'=>$courseid, 'sesskey' => sesskey()));
$course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
$context = context_course::instance($courseid);

Expand All @@ -19,7 +19,7 @@
$PAGE->set_heading(get_string('linksaddedit', 'block_equella_links'));

require_capability('block/equella_links:manageanylinks', $context);

require_sesskey();

if (!empty($action)) {
$link = $DB->get_record('block_equella_links', array('id' => $linkid, 'contextid'=>$context->id), '*', MUST_EXIST);
Expand All @@ -42,17 +42,16 @@
if ($formdata = $mform->get_data()) {
if (!empty($formdata->linkid)) {
$editinglink = new stdClass;
$editinglink->id = $formdata->linkid;
$editinglink->title = $formdata->title;
$editinglink->url = $formdata->url;
$editinglink->id = filter_var($formdata->linkid, FILTER_SANITIZE_STRING);
$editinglink->title = filter_var($formdata->title, FILTER_SANITIZE_STRING);
$editinglink->url = filter_var($formdata->url, FILTER_SANITIZE_URL);
$editinglink->contextid = $context->id;
$DB->update_record('block_equella_links', $editinglink);
} else {
$addinglink = new stdClass;
$addinglink->title = $formdata->title;
$addinglink->url = $formdata->url;
$addinglink->title = filter_var($formdata->title, FILTER_SANITIZE_STRING);
$addinglink->url = filter_var($formdata->url, FILTER_SANITIZE_URL);
$addinglink->created = time();
$addinglink->tagged = 0;
$addinglink->contextid = $context->id;
$DB->insert_record('block_equella_links', $addinglink);
}
Expand All @@ -72,10 +71,10 @@
$table->setup();
$links = $DB->get_records('block_equella_links', array('contextid'=>$context->id));
foreach ($links as $link) {
$editurl = new moodle_url('/blocks/equella_links/managelinks.php', array('linkid'=>$link->id, 'action'=>'edit', 'courseid'=>$courseid));
$editurl = new moodle_url('/blocks/equella_links/managelinks.php', array('linkid'=>$link->id, 'action'=>'edit', 'courseid'=>$courseid, 'sesskey' => sesskey()));
$editaction = $OUTPUT->action_icon($editurl, new pix_icon('t/edit', get_string('edit')));

$deleteurl = new moodle_url('/blocks/equella_links/managelinks.php', array('linkid'=>$link->id, 'action'=>'delete', 'courseid'=>$courseid));
$deleteurl = new moodle_url('/blocks/equella_links/managelinks.php', array('linkid'=>$link->id, 'action'=>'delete', 'courseid'=>$courseid, 'sesskey' => sesskey()));
$deleteicon = new pix_icon('t/delete', get_string('delete'));
$deleteaction = $OUTPUT->action_icon($deleteurl, $deleteicon, new confirm_action(get_string('deletelinkconfirm', 'block_equella_links')));
$action = $editaction . ' ' . $deleteaction;
Expand Down

0 comments on commit eff5f81

Please sign in to comment.