if ($instanceid) {
// this can throw exceptions but there's no point catching and rethrowing here
// as the exporter isn't created yet.
$instance = portfolio_instance($instanceid);
if ($broken = portfolio_instance_sanity_check($instance)) {
throw new portfolio_exception($broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin'));
}
$instance->set('user', $USER);
} else {
$instance = null;
}
// we must be passed this from the caller, we cannot start a new export
// without knowing information about what part of moodle we come from.
if (empty($callbackcomponent) || empty($callbackclass)) {
debugging('no callback file or class');
portfolio_exporter::print_expired_export();
}
// so each place in moodle can pass callback args here
// process the entire request looking for ca_*
// be as lenient as possible while still being secure
// so only accept certain parameter types.
$callbackargs = array();
foreach (array_keys(array_merge($_GET, $_POST)) as $key) {
if (strpos($key, 'ca_') === 0) {
if (!($value = optional_param($key, false, PARAM_ALPHAEXT))) {
if (!($value = optional_param($key, false, PARAM_FLOAT))) {
$value = optional_param($key, false, PARAM_PATH);
}
}
// strip off ca_ for niceness
$callbackargs[substr($key, 3)] = $value;
