ccalvert
commented
12 years ago We have estimated these fixes at 6 hours.
Closed ccalvert closed 12 years ago
ccalvert
commented
12 years ago We have estimated these fixes at 6 hours.
jstuckle
commented
12 years ago Made some syntactical fixes. Also while I was in there I changed mboard.php to use the db class instead of direct mysql calls.
jstuckle
commented
12 years ago No reports of problems so I'm closing this issue.
Jerry found the following issues as a result of reviewing recent code changes:
site_conf/components/report_progress.php: Line 97: preg_match() does not contain start/end delimiters in the regex expression
site_conf/components/report_survey_results.php: Line 10: preg_match() does not contain start/end delimiters in the regex expression Line 36: preg_match() does not contain start/end delimiters in the regex expression
site_conf/components/report_survey_details.php: Line 3: preg_match() does not contain start/end delimiters in the regex expression
site_conf/components/library.php: Line 134: SELECT * is frowned upon. Rather, explicitly specify the columns requested Variable $_REQUEST['update_folder_id'] in WHERE clause has not been validated.
site_conf/components/content_enrollment.php: From commit 2d444331fd813ce1037983678108dbc691d7cc52: Line 85: Should not be blocking error messages from in_array with '@'. Rather, ensure you have an array before calling in_array().
site_conf/components/board/mboard.php: Lines 5-6: Uses mysql_xxx() calls instead of db class object, probably because the rest of the file also uses mysql_xxx() calls instead of a db object. (All db calls in the script should use a db object). Lines 322, 350, 467, 493, 630: Already in PHP - don't use <?php echo $sid;?> - just use $sid.
site_conf/components/board/settings.php: Line 22: Domain name is hard-coded into the script.
conf.php: Line 9: Disables all error reporting. No way of determining if an error occurred. Should disable E_NOTICE at worst, and log all errors.