diff --git a/duration_form.php b/duration_form.php index 92877ba..3051642 100644 --- a/duration_form.php +++ b/duration_form.php @@ -61,8 +61,11 @@ class mod_attendance_duration_form extends moodleform { $mform->addGroup($durselect, 'durtime', get_string('newduration', 'attendance'), array(' '), true); $mform->addElement('hidden', 'ids', $ids); + $mform->setType('ids', PARAM_ALPHANUMEXT); $mform->addElement('hidden', 'id', $cm->id); + $mform->setType('id', PARAM_INT); $mform->addElement('hidden', 'action', att_sessions_page_params::ACTION_CHANGE_DURATION); + $mform->setType('action', PARAM_INT); $mform->setDefaults(array('durtime' => array('hours'=>0, 'minutes'=>0))); diff --git a/lang/en/attendance.php b/lang/en/attendance.php index 68f5477..60788fd 100644 --- a/lang/en/attendance.php +++ b/lang/en/attendance.php @@ -126,6 +126,7 @@ $string['includenottaken'] = 'Include not taken sessions'; $string['includeremarks'] = 'Include remarks'; $string['indetail'] = 'In detail...'; $string['invalidsessionenddate'] = 'The session end date can not be earlier than the session start date'; +$string['invalidaction'] = 'You must select an action'; $string['jumpto'] = 'Jump to'; $string['modulename'] = 'Attendance'; $string['modulename_help'] = 'The attendance activity module enables a teacher to take attendance during class and students to view their own attendance record. diff --git a/renderer.php b/renderer.php index 7138e15..d8d17c1 100644 --- a/renderer.php +++ b/renderer.php @@ -294,6 +294,7 @@ class mod_attendance_renderer extends plugin_renderer_base { $options = array( att_sessions_page_params::ACTION_DELETE_SELECTED => get_string('delete'), att_sessions_page_params::ACTION_CHANGE_DURATION => get_string('changeduration', 'attendance')); + $controls = html_writer::select($options, 'action'); $attributes = array( 'type' => 'submit', diff --git a/sessions.php b/sessions.php index fda84fe..1bc08f5 100644 --- a/sessions.php +++ b/sessions.php @@ -33,6 +33,13 @@ $pageparams = new att_sessions_page_params(); $id = required_param('id', PARAM_INT); $pageparams->action = required_param('action', PARAM_INT); +if (empty($pageparams->action)) { + // The form on manage.php can submit with the "choose" option - this should be fixed in the long term, + // but in the meantime show a useful error and redirect when it occurs. + $url = new moodle_url('/mod/attendance/view.php', array('id' => $id)); + redirect($url, get_string('invalidaction', 'mod_attendance'), 2); +} + $cm = get_coursemodule_from_id('attendance', $id, 0, false, MUST_EXIST); $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST); $att = $DB->get_record('attendance', array('id' => $cm->instance), '*', MUST_EXIST); @@ -119,7 +126,7 @@ switch ($att->pageparams->action) { } redirect($att->url_manage(), get_string('sessiondeleted', 'attendance')); } - $sessid = required_param('sessid', PARAM_SEQUENCE); + $sessid = required_param_array('sessid', PARAM_SEQUENCE); $sessionsinfo = $att->get_sessions_info($sessid); @@ -142,10 +149,10 @@ switch ($att->pageparams->action) { echo $OUTPUT->footer(); exit; case att_sessions_page_params::ACTION_CHANGE_DURATION: - $sessid = optional_param('sessid', '', PARAM_SEQUENCE); + $sessid = optional_param_array('sessid', '', PARAM_SEQUENCE); $ids = optional_param('ids', '', PARAM_ALPHANUMEXT); - $slist = isset($sessid) ? implode('_', $sessid) : ''; + $slist = !empty($sessid) ? implode('_', $sessid) : ''; $url = $att->url_sessions(array('action' => att_sessions_page_params::ACTION_CHANGE_DURATION)); $formparams['ids'] = $slist;