Commit 32ae5371 authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Added session key checking and suspended checking to submission of all

forms. Changed pieforms to look for a global pieform_validate function
to do validation for any form
parent d8a86c20
......@@ -864,6 +864,25 @@ function pieform_configure() {
);
}
function pieform_validate(Pieform $form, $values) {
global $USER;
if (!isset($values['sesskey'])) {
throw new UserException('No session key');
}
if ($USER->get('sesskey') != $values['sesskey']) {
throw new UserException('Invalid session key');
}
// Check to make sure the user has not been suspended, so that they cannot
// perform any action
$record = get_record_sql('SELECT suspendedctime, suspendedreason
FROM ' . get_config('dbprefix') . 'usr
WHERE id = ?', array($USER->get('id')));
if ($record->suspendedctime) {
throw new UserException(get_string('accountsuspended', 'mahara', $record->suspendedctime, $record->suspendedreason));
}
}
function pieform_element_calendar_configure($element) {
$element['jsroot'] = '/js/jscalendar/';
$element['themefile'] = get_config('themeurl') . 'style/calendar.css';
......
......@@ -488,7 +488,8 @@ class Pieform {
$this->json_reply(PIEFORM_CANCEL, $element['goto']);
}
header('HTTP/1.1 303 See Other');
header('Location:' . $element['goto']); exit;
header('Location:' . $element['goto']);
exit;
}
}
}
......@@ -498,11 +499,6 @@ class Pieform {
$values = $this->get_submitted_values();
// Perform general validation first
$this->validate($values);
// Then user specific validation if a function is available for that
$function = $this->data['validatecallback'];
if (is_callable($function)) {
call_user_func_array($function, array($this, $values));
}
// Submit the form if things went OK
if ($this->data['submit'] && !$this->has_errors()) {
......@@ -804,6 +800,12 @@ class Pieform {
* @param array $values The submitted values from the form
*/
private function validate($values) {
// Call the overall validation function if it is available
if (function_exists('pieform_validate')) {
pieform_validate($this, $values);
}
// Perform rule validation
foreach ($this->get_elements() as $element) {
if (isset($element['rules']) && is_array($element['rules'])) {
foreach ($element['rules'] as $rule => $data) {
......@@ -828,6 +830,12 @@ class Pieform {
}
}
}
// Then user specific validation if a function is available for that
$function = $this->data['validatecallback'];
if (is_callable($function)) {
call_user_func_array($function, array($this, $values));
}
}
private function whichbutton_js() {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment