if ($instanceid) { // this can throw exceptions but there's no point catching and rethrowing here // as the exporter isn't created yet. $instance = portfolio_instance($instanceid); if ($broken = portfolio_instance_sanity_check($instance)) { throw new portfolio_exception($broken[$instance->get('id')], 'portfolio_' . $instance->get('plugin')); } $instance->set('user', $USER); } else { $instance = null; } // we must be passed this from the caller, we cannot start a new export // without knowing information about what part of moodle we come from. if (empty($callbackcomponent) || empty($callbackclass)) { debugging('no callback file or class'); portfolio_exporter::print_expired_export(); } // so each place in moodle can pass callback args here // process the entire request looking for ca_* // be as lenient as possible while still being secure // so only accept certain parameter types. $callbackargs = array(); foreach (array_keys(array_merge($_GET, $_POST)) as $key) { if (strpos($key, 'ca_') === 0) { if (!($value = optional_param($key, false, PARAM_ALPHAEXT))) { if (!($value = optional_param($key, false, PARAM_FLOAT))) { $value = optional_param($key, false, PARAM_PATH); } } // strip off ca_ for niceness $callbackargs[substr($key, 3)] = $value;