diff options
| author | Simon Rettberg | 2025-08-07 15:21:01 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2025-08-07 15:21:01 +0200 |
| commit | c358ccc4a0a618c62ad6fbda72bd988aa1f71bd0 (patch) | |
| tree | 798b274c8db7a53a04d3b979336334babb91df5a | |
| parent | [session] audit: Use pagination (diff) | |
| download | slx-admin-c358ccc4a0a618c62ad6fbda72bd988aa1f71bd0.tar.gz slx-admin-c358ccc4a0a618c62ad6fbda72bd988aa1f71bd0.tar.xz slx-admin-c358ccc4a0a618c62ad6fbda72bd988aa1f71bd0.zip | |
[exams] Remove db error checks, add POST redirect, response code
- Error checks for DB queries are pointless; the DB functions call
an error handler by default and do not return
- Add a redirect if any of the handlers in doPreprocess return and
we're in a POST request as a safety measure
- Fix virtual HTTP response code when editing lecture
| -rw-r--r-- | modules-available/exams/page.inc.php | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/modules-available/exams/page.inc.php b/modules-available/exams/page.inc.php index 8707c4ae..42294990 100644 --- a/modules-available/exams/page.inc.php +++ b/modules-available/exams/page.inc.php @@ -330,19 +330,16 @@ class Page_Exams extends Page if ($examid === 0) { // No examid given, is add - $res = Database::exec("INSERT INTO exams(lectureid, starttime, endtime, autologin, description) VALUES(:lectureid, :starttime, :endtime, :autologin, :description);", - compact('lectureid', 'starttime', 'endtime', 'autologin', 'description')) !== false; + Database::exec("INSERT INTO exams(lectureid, starttime, endtime, autologin, description) + VALUES(:lectureid, :starttime, :endtime, :autologin, :description);", + compact('lectureid', 'starttime', 'endtime', 'autologin', 'description')); $exam_id = Database::lastInsertId(); foreach ($locationids as $lid) { - $res = $res && Database::exec("INSERT INTO exams_x_location(examid, locationid) VALUES(:exam_id, :lid)", compact('exam_id', 'lid')) !== false; - } - if ($res === false) { - Message::addError('exam-not-added'); - Audit::overrideResponseCode(500); - } else { - Message::addInfo('exam-added-success'); + Database::exec("INSERT INTO exams_x_location(examid, locationid) + VALUES(:exam_id, :lid)", compact('exam_id', 'lid')); } + Message::addInfo('exam-added-success'); Util::redirect('?do=exams', 200); } @@ -354,21 +351,18 @@ class Page_Exams extends Page } /* update fields */ - $res = Database::exec("UPDATE exams SET lectureid = :lectureid, starttime = :starttime, endtime = :endtime, autologin = :autologin, description = :description WHERE examid = :examid", - compact('lectureid', 'starttime', 'endtime', 'description', 'examid', 'autologin')) !== false; + Database::exec("UPDATE exams SET lectureid = :lectureid, starttime = :starttime, endtime = :endtime, + autologin = :autologin, description = :description WHERE examid = :examid", + compact('lectureid', 'starttime', 'endtime', 'description', 'examid', 'autologin')); /* drop all connections and reconnect to rooms */ - $res = $res && Database::exec("DELETE FROM exams_x_location WHERE examid = :examid", compact('examid')) !== false; + Database::exec("DELETE FROM exams_x_location WHERE examid = :examid", compact('examid')); /* reconnect */ foreach ($locationids as $lid) { - $res = $res && Database::exec("INSERT INTO exams_x_location(examid, locationid) VALUES(:examid, :lid)", compact('examid', 'lid')) !== false; + Database::exec("INSERT INTO exams_x_location(examid, locationid) + VALUES(:examid, :lid)", compact('examid', 'lid')); } - if ($res !== false) { Message::addInfo("changes-successfully-saved"); - } else { - Message::addError("error-while-saving-changes"); - Audit::overrideResponseCode(500); - } - Util::redirect('?do=exams'); + Util::redirect('?do=exams', 200); } protected function doPreprocess() @@ -454,6 +448,10 @@ class Page_Exams extends Page ErrorHandler::traceError("action not implemented"); } + if (Request::isPost()) { + // Safety redirect - should not happen + Util::redirect('?do=exams'); + } } private function getLocationLookupJson() |