Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-33295

optional_param_array() not using clean_param_array()

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Not a bug
    • Affects Version/s: 2.2
    • Fix Version/s: None
    • Component/s: General
    • Labels:
      None
    • Affected Branches:
      MOODLE_22_STABLE

      Description

      This issue is caused by the changes in this ticket http://tracker.moodle.org/browse/MDL-26796.

      When I call optional_param_array() it still tries to the clean the param by using clean_param() instead of clean_param_array().

      It is not currently possible to clean a posted array.

        Gliffy Diagrams

          Activity

          Hide
          poltawski Dan Poltawski added a comment -

          Hi Ian,

          I don't think you are using optional_param_array() correctly. Can you give some example code which demonstrates the problem?

          Show
          poltawski Dan Poltawski added a comment - Hi Ian, I don't think you are using optional_param_array() correctly. Can you give some example code which demonstrates the problem?
          Hide
          iantasker Ian Tasker added a comment -

          Hi Dan,

          I am making an ajax call to a page, in the page I am checking to see a check box array has been posted.

          I am use the following code:

          if($CFG->version >= 2011120500)
          $bookings = optional_param_array('zilink_roombooking_maintenance_booking',0, PARAM_RAW);
          else
          $bookings = optional_param('zilink_roombooking_maintenance_booking',0, PARAM_RAW);

          The if statement is to use the optional_param_array() in moodle 2.2 but looking at the code for optional_param_array is still calls clean_param instead of clean_param_array()

          I am trying to get an array of check box back

          Show
          iantasker Ian Tasker added a comment - Hi Dan, I am making an ajax call to a page, in the page I am checking to see a check box array has been posted. I am use the following code: if($CFG->version >= 2011120500) $bookings = optional_param_array('zilink_roombooking_maintenance_booking',0, PARAM_RAW); else $bookings = optional_param('zilink_roombooking_maintenance_booking',0, PARAM_RAW); The if statement is to use the optional_param_array() in moodle 2.2 but looking at the code for optional_param_array is still calls clean_param instead of clean_param_array() I am trying to get an array of check box back
          Hide
          iantasker Ian Tasker added a comment -

          Hi Dan,

          The input tag is as follows

          <input type="checkbox" name="zilink_roombooking_maintenance_booking['.$date.']['.$period.']" value="" '.$title.' >

          As you can see when $value is passed to clean_param() in optional_param_array its an array.

          There is no handling for multi-dimensional arrays.

          Show
          iantasker Ian Tasker added a comment - Hi Dan, The input tag is as follows <input type="checkbox" name="zilink_roombooking_maintenance_booking ['.$date.'] ['.$period.'] " value="" '.$title.' > As you can see when $value is passed to clean_param() in optional_param_array its an array. There is no handling for multi-dimensional arrays.
          Hide
          poltawski Dan Poltawski added a comment -

          There is no handling for multi-dimensional arrays.

          This is by design, see MDL-31793 and this discussion:
          http://moodle.org/mod/forum/discuss.php?d=197118

          Show
          poltawski Dan Poltawski added a comment - There is no handling for multi-dimensional arrays. This is by design, see MDL-31793 and this discussion: http://moodle.org/mod/forum/discuss.php?d=197118
          Show
          poltawski Dan Poltawski added a comment - (And http://moodle.org/mod/forum/discuss.php?d=183360 )
          Hide
          iantasker Ian Tasker added a comment -

          If there isn't any handling for multi-dimensional can it be added?

          There is a use case of dynamic values being submitted in a multi-dimensional when not using moodle forms to perform an ajax call to another file.
          Can support be added to handle the above?

          If not, i would need to access the variable directly from $_POST which is very non moodle.

          Show
          iantasker Ian Tasker added a comment - If there isn't any handling for multi-dimensional can it be added? There is a use case of dynamic values being submitted in a multi-dimensional when not using moodle forms to perform an ajax call to another file. Can support be added to handle the above? If not, i would need to access the variable directly from $_POST which is very non moodle.
          Hide
          poltawski Dan Poltawski added a comment -

          See: http://moodle.org/mod/forum/discuss.php?d=197118

          Use data_submitted() with clean_param()

          Show
          poltawski Dan Poltawski added a comment - See: http://moodle.org/mod/forum/discuss.php?d=197118 Use data_submitted() with clean_param()

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: