danmarsden
commented
1 year ago I've halted the review at this point to be honest, the code in /pages is really quite dangerous and needs a significant amount of refactoring before we could consider reviewing this again. Please take a look through the links provided and make sure you understand them and how to apply them to your code before resubmitting to the moodle plugins db again for review - thanks.
As mentioned previously (and it doesn't appear to have been fixed) Your use of SQL in the code does not follow our guidelines, (and must be fixed prior to approval.) raw access to $_GET/$_POST is not allowed
Please review the following:
https://moodledev.io/docs/apis/core/dml make sure all your DB queries are using parameters instead of injecting variables into inline SQL statements
and this one too: https://docs.moodle.org/dev/Security#Summary_of_the_guidelines
note this is a clear blocker for plugins db approval - the quality of your code particularly the stuff in the "/pages/" folder needs a lot of work to comply with these guidelines before we could review this further.