Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-33295

optional_param_array() not using clean_param_array()

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Not a bug
    • Affects Version/s: 2.2
    • Fix Version/s: None
    • Component/s: General
    • Labels:
      None
    • Affected Branches:
      MOODLE_22_STABLE

      Description

      This issue is caused by the changes in this ticket http://tracker.moodle.org/browse/MDL-26796.

      When I call optional_param_array() it still tries to the clean the param by using clean_param() instead of clean_param_array().

      It is not currently possible to clean a posted array.

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            poltawski Dan Poltawski added a comment -

            Hi Ian,

            I don't think you are using optional_param_array() correctly. Can you give some example code which demonstrates the problem?

            Show
            poltawski Dan Poltawski added a comment - Hi Ian, I don't think you are using optional_param_array() correctly. Can you give some example code which demonstrates the problem?
            Hide
            iantasker Ian Tasker added a comment -

            Hi Dan,

            I am making an ajax call to a page, in the page I am checking to see a check box array has been posted.

            I am use the following code:

            if($CFG->version >= 2011120500)
            $bookings = optional_param_array('zilink_roombooking_maintenance_booking',0, PARAM_RAW);
            else
            $bookings = optional_param('zilink_roombooking_maintenance_booking',0, PARAM_RAW);

            The if statement is to use the optional_param_array() in moodle 2.2 but looking at the code for optional_param_array is still calls clean_param instead of clean_param_array()

            I am trying to get an array of check box back

            Show
            iantasker Ian Tasker added a comment - Hi Dan, I am making an ajax call to a page, in the page I am checking to see a check box array has been posted. I am use the following code: if($CFG->version >= 2011120500) $bookings = optional_param_array('zilink_roombooking_maintenance_booking',0, PARAM_RAW); else $bookings = optional_param('zilink_roombooking_maintenance_booking',0, PARAM_RAW); The if statement is to use the optional_param_array() in moodle 2.2 but looking at the code for optional_param_array is still calls clean_param instead of clean_param_array() I am trying to get an array of check box back
            Hide
            iantasker Ian Tasker added a comment -

            Hi Dan,

            The input tag is as follows

            <input type="checkbox" name="zilink_roombooking_maintenance_booking['.$date.']['.$period.']" value="" '.$title.' >

            As you can see when $value is passed to clean_param() in optional_param_array its an array.

            There is no handling for multi-dimensional arrays.

            Show
            iantasker Ian Tasker added a comment - Hi Dan, The input tag is as follows <input type="checkbox" name="zilink_roombooking_maintenance_booking ['.$date.'] ['.$period.'] " value="" '.$title.' > As you can see when $value is passed to clean_param() in optional_param_array its an array. There is no handling for multi-dimensional arrays.
            Hide
            poltawski Dan Poltawski added a comment -

            There is no handling for multi-dimensional arrays.

            This is by design, see MDL-31793 and this discussion:
            http://moodle.org/mod/forum/discuss.php?d=197118

            Show
            poltawski Dan Poltawski added a comment - There is no handling for multi-dimensional arrays. This is by design, see MDL-31793 and this discussion: http://moodle.org/mod/forum/discuss.php?d=197118
            Show
            poltawski Dan Poltawski added a comment - (And http://moodle.org/mod/forum/discuss.php?d=183360 )
            Hide
            iantasker Ian Tasker added a comment -

            If there isn't any handling for multi-dimensional can it be added?

            There is a use case of dynamic values being submitted in a multi-dimensional when not using moodle forms to perform an ajax call to another file.
            Can support be added to handle the above?

            If not, i would need to access the variable directly from $_POST which is very non moodle.

            Show
            iantasker Ian Tasker added a comment - If there isn't any handling for multi-dimensional can it be added? There is a use case of dynamic values being submitted in a multi-dimensional when not using moodle forms to perform an ajax call to another file. Can support be added to handle the above? If not, i would need to access the variable directly from $_POST which is very non moodle.
            Hide
            poltawski Dan Poltawski added a comment -

            See: http://moodle.org/mod/forum/discuss.php?d=197118

            Use data_submitted() with clean_param()

            Show
            poltawski Dan Poltawski added a comment - See: http://moodle.org/mod/forum/discuss.php?d=197118 Use data_submitted() with clean_param()

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: