Skip to content
Snippets Groups Projects
Commit dcf4fa9e authored by Tim Steiner's avatar Tim Steiner
Browse files

Add some input filtering to course codes in course search and editting.

parent 471d26db
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
application/modules/courses/controllers/EditController.php
+ 42
28
View file @ dcf4fa9e
......@@ -14,32 +14,46 @@ class Courses_EditController extends App_Controller_Action
public function editPostAction()
{
$in = $this->getRequest()->getParams();
$filter = array(
'subject' => array('Alpha', 'StringToUpper'),
'courseNumber' => array('Digits'),
'courseLetter' => array('Alpha', 'StringToUpper')
);
$validator = array();
$in = new Zend_Filter_Input($filter, $validator, $this->getRequest()->getParams());
//$in = $this->getRequest()->getParams();
//print_r($_FILES); exit;
$session = new Zend_Session_Namespace('Edit Request');
$course = $session->course;
$request = $session->request;
//print_r($course); exit;
if (!in_array($request->getType(), array('RemoveCourse', 'AddACEToCourse', 'RemoveACEFromCourse'))) {
$course->setCourseCode($in['subject'], $in['courseNumber'], $in['courseLetter']);
$course->setTitle($in['title']);
if (Unl_Util::isArray($in['crosslistings'])) {
foreach ($in['crosslistings'] as $id => $crosslisting) {
if ($crosslisting['delete'] == 'yes') {
$course->setCourseCode($in->subject, $in->courseNumber, $in->courseLetter);
$course->setTitle($in->title);
if (Unl_Util::isArray($in->crosslistings)) {
foreach ($in->crosslistings as $id => $crosslisting) {
$filter = array(
'subject' => array('Alpha', 'StringToUpper'),
'courseNumber' => array('Digits'),
'courseLetter' => array('Alpha', 'StringToUpper')
);
$validator = array();
$crosslisting = new Zend_Filter_Input($filter, $validator, $crosslisting);
if ($crosslisting->delete == 'yes') {
$course->removeCrosslisting($id);
} else if ($crosslisting['action'] == 'edit') {
$course->editCrosslisting($id, $crosslisting['type'], $crosslisting['subject'], $crosslisting['courseNumber'], $crosslisting['courseLetter']);
} else if ($crosslisting->action == 'edit') {
$course->editCrosslisting($id, $crosslisting->type, $crosslisting->subject, $crosslisting->courseNumber, $crosslisting->courseLetter);
} else {
$course->addCrosslisting($crosslisting['type'], $crosslisting['subject'], $crosslisting['courseNumber'], $crosslisting['courseLetter']);
$course->addCrosslisting($crosslisting->type, $crosslisting->subject, $crosslisting->courseNumber, $crosslisting->courseLetter);
}
}
}
foreach ($in['credits'] as $type => $credit) {
foreach ($in->credits as $type => $credit) {
if ($type == Courses_CourseModel::CREDIT_TYPE_SINGLE) {
$credit = explode(',', $credit);
foreach($credit as $key => $hours) {
......@@ -49,10 +63,10 @@ class Courses_EditController extends App_Controller_Action
$course->setCredit($type, $credit);
}
$course->setTermsOffered($in['termsOffered']);
$course->setTermsOffered($in->termsOffered);
if (Unl_Util::isArray($in['activities'])) {
foreach ($in['activities'] as $activity) {
if (Unl_Util::isArray($in->activities)) {
foreach ($in->activities as $activity) {
if ($activity['delete'] == 'yes') {
$course->removeActivity($activity['type']);
} else {
......@@ -61,22 +75,22 @@ class Courses_EditController extends App_Controller_Action
}
}
$course->setPrerequisite($in['prerequisite']);
$course->setGradingType($in['gradingType']);
$course->setDfRemoval($in['dfRemoval']);
$course->setDeliveryMethods($in['deliveryMethods']);
$course->setCampuses($in['campuses']);
$course->setNotes($in['notes']);
$course->setDescription($in['description']);
if ($in['gradTieIn']['credits'] || $in['gradTieIn']['prerequisites'] || $in['gradTieIn']['notes']) {
$course->setGradTieIn($in['gradTieIn']['credits'], $in['gradTieIn']['prerequisites'], $in['gradTieIn']['notes']);
$course->setPrerequisite($in->prerequisite);
$course->setGradingType($in->gradingType);
$course->setDfRemoval($in->dfRemoval);
$course->setDeliveryMethods($in->deliveryMethods);
$course->setCampuses($in->campuses);
$course->setNotes($in->notes);
$course->setDescription($in->description);
if ($in->gradTieIn['credits'] || $in->gradTieIn['prerequisites'] || $in->gradTieIn['notes']) {
$course->setGradTieIn($in->gradTieIn['credits'], $in->gradTieIn['prerequisites'], $in->gradTieIn['notes']);
} else {
$course->removeGradTieIn();
}
}
if (in_array($request->getType(), array('NewCourseWithACE', 'AddACEToCourse', 'AddACEAndChangeCourse'))) {
foreach ($in['ace']['outcomes'] as $name => $aceOutcome) {
foreach ($in->ace['outcomes'] as $name => $aceOutcome) {
if ($aceOutcome['enabled']) {
$course->setAceOutcome($name, $aceOutcome['justification'], $aceOutcome['studentWork'], $aceOutcome['assesmentPlan']);
} else {
......@@ -84,7 +98,7 @@ class Courses_EditController extends App_Controller_Action
}
}
foreach ($in['ace']['reinforcements'] as $name => $aceReinforcement) {
foreach ($in->ace['reinforcements'] as $name => $aceReinforcement) {
if ($aceReinforcement['enabled']) {
$course->setAceReinforcement($name, $aceReinforcement['description']);
} else {
......@@ -93,7 +107,7 @@ class Courses_EditController extends App_Controller_Action
}
}
$request->setJustification($in['request']['justification']);
$request->setJustification($in->request['justification']);
$fileTypes = array(
Requests_RequestModel::FILE_TYPE_SYLLABUS,
......@@ -103,7 +117,7 @@ class Courses_EditController extends App_Controller_Action
);
foreach ($fileTypes as $fileType) {
if ($in['removeFiles'][$fileType] == 'yes') {
if ($in->removeFiles[$fileType] == 'yes') {
$request->removeFile($fileType);
}
if ($_FILES['request']['error'][$fileType] === 0) {
......
application/modules/courses/controllers/NewController.php
+ 45
36
View file @ dcf4fa9e
......@@ -8,22 +8,25 @@ class Courses_NewController extends App_Controller_Action
. '/courses/new/search';
$this->getResponse()->setRedirect($redirectUrl);
}
public function searchAction()
{
$subject = $this->getRequest()->getParam('subject');
$courseNumber = $this->getRequest()->getParam('courseNumber');
$courseLetter = $this->getRequest()->getParam('courseLetter');
if (!$subject || !$courseNumber) {
$filter = array(
'subject' => array('Alpha', 'StringToUpper'),
'courseNumber' => array('Digits'),
'courseLetter' => array('Alpha', 'StringToUpper')
);
$in = new Zend_Filter_Input($filter, array(), $this->getRequest()->getParams());
if (!$in->subject || !$in->courseNumber) {
return;
}
$course = Courses_CourseModel::findByCourseCode($subject, $courseNumber, $courseLetter);
$activeRequests = Courses_CourseModel::findActiveRequestByCourseCode($subject, $courseNumber, $courseLetter);
$course = Courses_CourseModel::findByCourseCode($in->subject, $in->courseNumber, $in->courseLetter);
$activeRequests = Courses_CourseModel::findActiveRequestByCourseCode($in->subject, $in->courseNumber, $in->courseLetter);
if ($course) {
$render = 'found';
if ($subject != $course->getSubject()) {
if ($in->subject != $course->getSubject()) {
$this->view->crosslisting = true;
} else {
$this->view->crosslisting = false;
......@@ -32,59 +35,65 @@ class Courses_NewController extends App_Controller_Action
} else {
$render = 'create';
}
$this->view->subject = $subject;
$this->view->courseLetter = $courseLetter;
$this->view->courseNumber = $courseNumber;
$this->view->subject = $in->subject;
$this->view->courseLetter = $in->courseLetter;
$this->view->courseNumber = $in->courseNumber;
$this->view->activeRequest = (count($activeRequests) > 0);
$this->render($render);
}
public function searchPostAction()
{
$subject = $this->getRequest()->getParam('subject');
$courseNumber = $this->getRequest()->getParam('courseNumber');
$courseLetter = $this->getRequest()->getParam('courseLetter');
$filter = array(
'subject' => array('Alpha', 'StringToUpper'),
'courseNumber' => array('Digits'),
'courseLetter' => array('Alpha', 'StringToUpper')
);
$in = new Zend_Filter_Input($filter, array(), $this->getRequest()->getParams());
$redirectUrl = Zend_Controller_Front::getInstance()->getBaseUrl()
. '/courses/new/search';
if ($subject) {
$redirectUrl .= '/subject/' . $subject;
if ($in->subject) {
$redirectUrl .= '/subject/' . $in->subject;
}
if ($courseNumber) {
$redirectUrl .= '/courseNumber/' . $courseNumber;
if ($in->courseNumber) {
$redirectUrl .= '/courseNumber/' . $in->courseNumber;
}
if ($courseLetter) {
$redirectUrl .= '/courseLetter/' . $courseLetter;
if ($in->courseLetter) {
$redirectUrl .= '/courseLetter/' . $in->courseLetter;
}
$this->getResponse()->setRedirect($redirectUrl);
}
public function createAction()
{
$type = $this->getRequest()->getParam('type');
$subject = $this->getRequest()->getParam('subject');
$courseNumber = $this->getRequest()->getParam('courseNumber');
$courseLetter = $this->getRequest()->getParam('courseLetter');
$filter = array(
'type' => array('StringTrim'),
'subject' => array('Alpha', 'StringToUpper'),
'courseNumber' => array('Digits'),
'courseLetter' => array('Alpha', 'StringToUpper')
);
$in = new Zend_Filter_Input($filter, array(), $this->getRequest()->getParams());
$request = Requests_RequestModel::fetchNew();
$request->setType($type);
$request->setType($in->type);
$request->setModule('courses');
$request->setOwner(Auth_UserModel::findCurrentUser());
$parentCourse = Courses_CourseModel::findByCourseCode($subject, $courseNumber, $courseLetter);
$parentCourse = Courses_CourseModel::findByCourseCode($in->subject, $in->courseNumber, $in->courseLetter);
if ($parentCourse) {
$course = clone $parentCourse;
} else {
$course = Courses_CourseModel::fetchNew();
$course->setCourseCode($subject, $courseNumber, $courseLetter);
$course->setCourseCode($in->subject, $in->courseNumber, $in->courseLetter);
}
$session = new Zend_Session_Namespace('Edit Request');
$session->parentCourse = $parentCourse;
$session->course = $course;
$session->request = $request;
unset($session->currentSavedRequestId);
$this->_redirect('/courses/edit');
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment