From ae64c686089ba0317f8a579854af9a5cddec5c77 Mon Sep 17 00:00:00 2001 From: Tim Hunt Date: Fri, 28 Sep 2012 18:13:10 +0100 Subject: [PATCH] MDL-47494 ddimageortext: Form validation should ensure coordinates are ints. --- .../type/ddimageortext/edit_ddimageortext_form.php | 24 ++++++++++++++-------- .../ddimageortext/edit_ddtoimage_form_base.php | 1 - .../ddimageortext/lang/en/qtype_ddimageortext.php | 4 +++- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/question/type/ddimageortext/edit_ddimageortext_form.php b/question/type/ddimageortext/edit_ddimageortext_form.php index d3f0833c536..ee6c36bc229 100644 --- a/question/type/ddimageortext/edit_ddimageortext_form.php +++ b/question/type/ddimageortext/edit_ddimageortext_form.php @@ -217,6 +217,8 @@ class qtype_ddimageortext_edit_form extends qtype_ddtoimage_edit_form_base { protected function drop_zones_repeated_options() { $repeatedoptions = array(); + $repeatedoptions['xleft']['type'] = PARAM_INT; + $repeatedoptions['ytop']['type'] = PARAM_INT; $repeatedoptions['choice']['default'] = '0'; return $repeatedoptions; } @@ -230,19 +232,23 @@ class qtype_ddimageortext_edit_form extends qtype_ddtoimage_edit_form_base { $allchoices = array(); for ($i=0; $i < $data['nodropzone']; $i++) { $ytoppresent = (trim($data['drops'][$i]['ytop']) !== ''); - $xleftpresent = (trim($data['drops'][$i]['ytop']) !== ''); + $xleftpresent = (trim($data['drops'][$i]['xleft']) !== ''); + $ytopisint = (string) clean_param($data['drops'][$i]['ytop'], PARAM_INT) === trim($data['drops'][$i]['ytop']); + $xleftisint = (string) clean_param($data['drops'][$i]['xleft'], PARAM_INT) === trim($data['drops'][$i]['xleft']); $labelpresent = (trim($data['drops'][$i]['droplabel']) !== ''); $choice = $data['drops'][$i]['choice']; $imagechoicepresent = ($choice !== '0'); if ($imagechoicepresent) { if (!$ytoppresent) { - $errors["drops[$i]"] = - get_string('formerror_noytop', 'qtype_ddimageortext'); + $errors["drops[$i]"] = get_string('formerror_noytop', 'qtype_ddimageortext'); + } else if (!$ytopisint) { + $errors["drops[$i]"] = get_string('formerror_notintytop', 'qtype_ddimageortext'); } if (!$xleftpresent) { - $errors["drops[$i]"] = - get_string('formerror_noxleft', 'qtype_ddimageortext'); + $errors["drops[$i]"] = get_string('formerror_noxleft', 'qtype_ddimageortext'); + } else if (!$xleftisint) { + $errors["drops[$i]"] = get_string('formerror_notintxleft', 'qtype_ddimageortext'); } if ($data['dragitemtype'][$choice - 1] != 'word' && @@ -253,17 +259,17 @@ class qtype_ddimageortext_edit_form extends qtype_ddtoimage_edit_form_base { if (isset($allchoices[$choice]) && !$data['drags'][$choice-1]['infinite']) { $errors["drops[$i]"] = - get_string('formerror_multipledraginstance', 'qtype_ddimageortext', $choice); + get_string('formerror_multipledraginstance', 'qtype_ddimageortext', $choice); $errors['drops['.($allchoices[$choice]).']'] = - get_string('formerror_multipledraginstance', 'qtype_ddimageortext', $choice); + get_string('formerror_multipledraginstance', 'qtype_ddimageortext', $choice); $errors['drags['.($choice-1).']'] = - get_string('formerror_multipledraginstance2', 'qtype_ddimageortext', $choice); + get_string('formerror_multipledraginstance2', 'qtype_ddimageortext', $choice); } $allchoices[$choice] = $i; } else { if ($ytoppresent || $xleftpresent || $labelpresent) { $errors["drops[$i]"] = - get_string('formerror_noimageselected', 'qtype_ddimageortext'); + get_string('formerror_noimageselected', 'qtype_ddimageortext'); } } } diff --git a/question/type/ddimageortext/edit_ddtoimage_form_base.php b/question/type/ddimageortext/edit_ddtoimage_form_base.php index ee5b2904c29..3e7f5c28388 100644 --- a/question/type/ddimageortext/edit_ddtoimage_form_base.php +++ b/question/type/ddimageortext/edit_ddtoimage_form_base.php @@ -36,7 +36,6 @@ abstract class qtype_ddtoimage_edit_form_base extends question_edit_form { const START_NUM_ITEMS = 6; const ADD_NUM_ITEMS = 3; - /** * * Options shared by all file pickers in the form. diff --git a/question/type/ddimageortext/lang/en/qtype_ddimageortext.php b/question/type/ddimageortext/lang/en/qtype_ddimageortext.php index d7e9948adc6..384b1a84566 100644 --- a/question/type/ddimageortext/lang/en/qtype_ddimageortext.php +++ b/question/type/ddimageortext/lang/en/qtype_ddimageortext.php @@ -42,9 +42,11 @@ $string['editingddimageortext'] = 'Editing drag and drop onto image'; $string['formerror_disallowedtags'] = 'You have used html tags here that are not allowed in a draggable text drag item type.'; $string['formerror_noallowedtags'] = 'No html tags are allowed in this text which is the alt text for a draggable image'; $string['formerror_noytop'] = 'You must provide a value for the y coords for the top left corner of this drop area. You can drag and drop the drop area above to set the coordinates or enter them manually here.'; -$string['formerror_noxleft'] = 'You must provide a value for the y coords for the top left corner of this drop area. You can drag and drop the drop area above to set the coordinates or enter them manually here.'; +$string['formerror_noxleft'] = 'You must provide a value for the x coords for the top left corner of this drop area. You can drag and drop the drop area above to set the coordinates or enter them manually here.'; $string['formerror_nofile'] = 'You need to upload or select a file to use here.'; $string['formerror_nofile3'] = 'You need to select an image file here, or delete the associated label and uncheck the infinite checkbox.'; +$string['formerror_notintytop'] = 'The y coords must be an integer.'; +$string['formerror_notintxleft'] = 'The x coords must be an integer.'; $string['formerror_multipledraginstance'] = 'You have selected this image {$a} more than once as the correct choice for a drop zone but it is not marked as being an infinite drag item.'; $string['formerror_multipledraginstance2'] = 'You have selected this image more than once as the correct choice for a drop zone but it is not marked as being an infinite drag item.'; $string['formerror_noimageselected'] = 'You need to select a drag item to be the correct choice for this drop zone.'; -- 2.11.4.GIT