[#MDL-15603] an array of 'choosecoursefile' elements returns no value (with a solution)

Issue Details (XML | Word | Printable)

Key:	MDL-15603
Type:	Bug
Status:	Open
Priority:	Major
Assignee:	Jamie Pratt
Reporter:	Matthieu Nué
Votes:	0
Watchers:	1

Operations

Add/Edit UI Mockup to this issue

If you were logged in you would be able to see more operations.

Moodle

an array of 'choosecoursefile' elements returns no value (with a solution)

Created: 10/Jul/08 08:55 PM Updated: 12/Jul/08 05:59 AM

Return to search

Component/s:

Forms Library

Affects Version/s:

2.0

Fix Version/s:

None

File Attachments:

choosecoursefile.php.patch (1.0 kB)

Participants:	Jamie Pratt and Matthieu Nué
Security Level:	None
Affected Branches:	MOODLE_20_STABLE

Description

« Hide

The problem :

when i used several 'choosecoursefile' element with an array of it, the return key of the value is for example :
file[0]
file[1]

and not an array of file.

The solution :
The problem is in the 'MoodleQuickForm_choosecoursefile' class with the function 'exportValue' (file : \lib\form\choosecoursefile.php).

The original code is :
#
function exportValue(&$submitValues, $assoc = false)
{
    $value = null;
    $valuearray = $this->_elements[0]->exportValue($submitValues[$this->getName()], true);
    $value[$this->getName()]=$valuearray['value'];
     return $value;
}
#

I proposed this modification wich works fine
#
    function exportValue(&$submitValues, $assoc = false)
    {
        $value = null;
        $valuearray = $this->_elements[0]->exportValue($submitValues[$this->getName()], true);

$name = $this->getName();
if (!strpos($name, '[')) {
$value[$this->getName()]=$valuearray['value'];
return $value;
} else {
$valueAry = array();
$myIndex = "['" . str_replace(array(']', '['), array('', "']['"), $name) . "']";
eval("\$valueAry$myIndex = \$valuearray['value'];");
return $valueAry;
}
    }
#

All

Comments

Change History

Version Control

Sort Order:

[ Permalink | « Hide ]

Jamie Pratt added a comment - 11/Jul/08 12:09 PM

We would have to consider this very carefully. Haven't looked in detail at the code yet but I don't think we need to use eval here do we? This could be a potential security hole. Better not to use eval even if the data is not coming from the user / browser IMHO.

[ Permalink | « Hide ]

Matthieu Nué added a comment - 11/Jul/08 05:31 PM

I have taken for example the "exportValue" and "_prepareValue" of the HTML_QuickForm_element class (in "lib\pear\HTML\QuickForm\element.php" file) which use eval.

[ Permalink | « Hide ]

Matthieu Nué added a comment - 12/Jul/08 05:59 AM - edited

After reading the 'Guidelines for contributed code', i have put this issue in "Add a project here" of the "contrib" project.
Excuse me for my ignorance.
Perhaps, someone can delete this one.

Amitiés

Matthieu

All content on this web site is made available under the GNU General Public License, unless otherwise stated.