Merge

16 years ago · 016a50a6f7
parent 363c2d4c2d 5636b2818d
commit 016a50a6f7
2 changed files with 35 additions and 30 deletions
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@ -230,12 +230,14 @@ class Security {
 	 * @return	mixed	Filtered string or array
 	 */
 	public static function remove_XSS ($var,$user_status=ANONYMOUS) {
-		$purifier = new HTMLPurifier(null,$user_status);
-		if (is_array($var)) {
-			return $purifier->purifyArray($var);
-		} else {
-			return $purifier->purify($var);
-		}
-
+        static $purifier = array();
+        if (!isset($purifier[$user_status])) {
+            $purifier[$user_status] = new HTMLPurifier(null, $user_status);
+        }
+        if (is_array($var)) {
+            return $purifier[$user_status]->purifyArray($var);
+        } else {
+            return $purifier[$user_status]->purify($var);
+        }
 	}
-}
+}
--- a/main/newscorm/learnpath.class.php
+++ b/main/newscorm/learnpath.class.php
@ -4512,7 +4512,8 @@ class learnpath {
 		$return .= "\tm.add(" . $menu . ", -1, '" . addslashes(Security::remove_XSS(($this->name))) . "');\n";
 		$tbl_lp_item = Database :: get_course_table(TABLE_LP_ITEM);

-		$sql = " SELECT * FROM " . $tbl_lp_item . "
+		$sql = " SELECT id, title, description, item_type, path, parent_item_id, previous_item_id, next_item_id, max_score, min_score, mastery_score, display_order
+				 FROM " . $tbl_lp_item . "
 				 WHERE lp_id = " . Database :: escape_string($this->lp_id);
 		$result = Database::query($sql);
 		$arrLP = array ();
@ -4520,20 +4521,20 @@ class learnpath {
 		while ($row = Database :: fetch_array($result)) {
 			$row['title'] = Security :: remove_XSS(api_convert_encoding($row['title'], $platform_charset, $this->encoding));
 			$row['description'] = Security :: remove_XSS(api_convert_encoding($row['description'], $platform_charset, $this->encoding));
-			//$row['title'] = Security :: remove_XSS($row['title']);
+
 			$arrLP[] = array (
-				'id' => $row['id'],
-				'item_type' => $row['item_type'],
-				'title' => $row['title'],
-				'path' => $row['path'],
-				'description' => $row['description'],
-				'parent_item_id' => $row['parent_item_id'],
-				'previous_item_id' => $row['previous_item_id'],
-				'next_item_id' => $row['next_item_id'],
-				'max_score' => $row['max_score'],
-				'min_score' => $row['min_score'],
-				'mastery_score' => $row['mastery_score'],
-				'display_order' => $row['display_order']
+				'id' 				=> $row['id'],
+				'item_type' 		=> $row['item_type'],
+				'title' 			=> $row['title'],
+				'path' 				=> $row['path'],
+				'description' 		=> $row['description'],
+				'parent_item_id' 	=> $row['parent_item_id'],
+				'previous_item_id' 	=> $row['previous_item_id'],
+				'next_item_id' 		=> $row['next_item_id'],
+				'max_score' 		=> $row['max_score'],
+				'min_score' 		=> $row['min_score'],
+				'mastery_score' 	=> $row['mastery_score'],
+				'display_order' 	=> $row['display_order']
 			);
 		}

@ -6973,12 +6974,14 @@ class learnpath {
 					$return .= $this->display_manipulate($item_id, $row['item_type']);
 					$return .= $this->display_student_publication_form('move', $item_id, $row);
 					break;
-				case TOOL_FORUM :
+				case TOOL_FORUM :				
 					$return .= $this->display_manipulate($item_id, $row['item_type']);
 					$return .= $this->display_forum_form('move', $item_id, $row);
+					break;
 				case TOOL_THREAD :
 					$return .= $this->display_manipulate($item_id, $row['item_type']);
 					$return .= $this->display_forum_form('move', $item_id, $row);
+					break;
 			}
 		}

@ -7578,7 +7581,7 @@ class learnpath {
 	 	foreach($this->items as $index => $item){
 	 		if(!in_array($item->type , array(TOOL_QUIZ, TOOL_FORUM, TOOL_THREAD, TOOL_LINK, TOOL_STUDENTPUBLICATION)))
 	 		{
-		 		//get included documents from this item
+                                //get included documents from this item
 		 		if($item->type=='sco')
 		 			$inc_docs = $item->get_resources_from_source(null,api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.'scorm/'.$this->path.'/'.$item->get_path());
 		 		else
@ -7592,7 +7595,7 @@ class learnpath {
 		 		//give a child element <title> to the <item> element
 		 		$my_title = $xmldoc->createElement('title',htmlspecialchars($item->get_title(), ENT_QUOTES, $this->encoding));
 		 		$my_item->appendChild($my_title);
-		 		//give a child element <adlcp:prerequisites> to the <item> element
+                                //give a child element <adlcp:prerequisites> to the <item> element
 		 		$my_prereqs = $xmldoc->createElement('adlcp:prerequisites',$this->get_scorm_prereq_string($my_item_id));
 		 		$my_prereqs->setAttribute('type','aicc_script');
 		 		$my_item->appendChild($my_prereqs);
@ -7603,7 +7606,7 @@ class learnpath {
 		 		//give a child element <adlcp:datafromlms> to the <item> element - not yet supported
 		 		//$xmldoc->createElement('adlcp:datafromlms','');
 		 		//give a child element <adlcp:masteryscore> to the <item> element
-		 		$my_masteryscore = $xmldoc->createElement('adlcp:masteryscore',$item->get_mastery_score());
+                                $my_masteryscore = $xmldoc->createElement('adlcp:masteryscore',$item->get_mastery_score());
 		 		$my_item->appendChild($my_masteryscore);


@ -8056,7 +8059,7 @@ class learnpath {
 				 					}
 			 						break;
 			 					case 'abs': //absolute path from DocumentRoot. Save file and leave path as is in the zip
-				 					$current_dir = dirname($current_course_path.'/'.$item->get_file_path()).'/';
+                                                                        $current_dir = dirname($current_course_path.'/'.$item->get_file_path()).'/';
 									$file_path = realpath($doc_info[0]);
 					 				$my_dep_file->setAttribute('href',$file_path);
 			 			 			$my_dep->setAttribute('xml:base','');
@ -8092,7 +8095,7 @@ class learnpath {
 				 					}
 			 						break;
 			 					case 'rel': //path relative to the current document. Save xml:base as current document's directory and save file in zip as subdir.file_path
-				 					if(substr($doc_info[0],0,2)=='..')
+                                                                        if(substr($doc_info[0],0,2)=='..')
 					 				{ //relative path going up
 					 					$current_dir = dirname($current_course_path.'/'.$item->get_file_path()).'/';
 					 					$file_path = realpath($current_dir.$doc_info[0]);
@ -8107,7 +8110,7 @@ class learnpath {
 											//file path is courses/DOKEOS/document/....
 											$info_file_path=explode('/',$file_path);
 											if ($info_file_path[0]=='courses') {//add character "/" in file path
-												 $file_path_dest='/'.$file_path;
+												$file_path_dest='document/'.$file_path;                                                                                                
 											}

 					 						//error_log('Reduced path: '.$file_path,0);
@ -8121,7 +8124,7 @@ class learnpath {
 					 					$zip_files[] = $my_sub_dir.'/'.$doc_info[0];
 						 				$my_dep_file->setAttribute('href',$doc_info[0]);
 				 			 			$my_dep->setAttribute('xml:base',$my_xml_sub_dir);
-					 				}
+					 				}                                                                         

 			 						break;
 			 					default: