Moodle

wrong use of optional_param() in calculatedsimple question tpye

Details

  • Type: Sub-task Sub-task
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.9.5
  • Fix Version/s: 2.0
  • Component/s: Questions
  • Labels:
    None
  • Affected Branches:
    MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_20_STABLE

Description

I do not know who is responsible for this, but the sloppy use of optional_param() without parameter type needs to be fixed immediately, I am going to commit a codeing exception if somebody forgets to specify the parameter - this code is going to stop working completely. Please fix asap.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

temporary hacks in cvs

Show
Petr Škoda (skodak) added a comment - temporary hacks in cvs
Hide
Permalink
Tim Hunt added a comment -

Calculated question type is Pierre.

Show
Tim Hunt added a comment - Calculated question type is Pierre.
Hide
Permalink
Pierre Pichet added a comment -

Sorry Petr for the "temporary hacks" about optional_param().
As the code was working correctly ,I did not notice.

Show
Pierre Pichet added a comment - Sorry Petr for the "temporary hacks" about optional_param(). As the code was working correctly ,I did not notice.
Hide
Permalink
Pierre Pichet added a comment -

I will fix the real types normally before the next weekly code review.

Show
Pierre Pichet added a comment - I will fix the real types normally before the next weekly code review.
Hide
Permalink
Pierre Pichet added a comment -

Hi Petr
Although it could at first sight appears as sloppy use of optional_param() in most case the default PARAM_CLEAN is a valid option because the edit_calculatedsimple_form.php does not store in the database the values retrieved.
They will be further processed in the validation steps and other internal moodleform functions.
The edit_calculaledsimple_form.php is built progressively following the wild card parameters {x} the user defined in the answer text .
The other parameters necessary to specify the wild card values are added to the form progessively.

As an option I prefered that the display reflects the user typing as much as possible and I used the validation process to warn the user that the value is not valid (i.e. typin a , in a number ).
Using PARAM_CLEAN which either returns a number if there is a valid number or clean the text of any possible hack is a good option in most cases.
So the actual code will not create problems at the block level and given your CVS Hack is not even a real major bug.
In any case I willreview the code and add more specific optional_param PARAM on user input field items IFnecessary.

Show
Pierre Pichet added a comment - Hi Petr Although it could at first sight appears as sloppy use of optional_param() in most case the default PARAM_CLEAN is a valid option because the edit_calculatedsimple_form.php does not store in the database the values retrieved. They will be further processed in the validation steps and other internal moodleform functions. The edit_calculaledsimple_form.php is built progressively following the wild card parameters {x} the user defined in the answer text . The other parameters necessary to specify the wild card values are added to the form progessively. As an option I prefered that the display reflects the user typing as much as possible and I used the validation process to warn the user that the value is not valid (i.e. typin a , in a number ). Using PARAM_CLEAN which either returns a number if there is a valid number or clean the text of any possible hack is a good option in most cases. So the actual code will not create problems at the block level and given your CVS Hack is not even a real major bug. In any case I willreview the code and add more specific optional_param PARAM on user input field items IFnecessary.
Hide
Permalink
Pierre Pichet added a comment -

All PARAM_CLEAN were replaced by more specific types.

Show
Pierre Pichet added a comment - All PARAM_CLEAN were replaced by more specific types.

People

Vote (0)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.5#665-sha1:422aead) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.