chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r22573] Fixed security flaw

Browse Source 
Updated license to use global file
skala
Yannick Warnier 16 years ago
parent 383e293e59
commit 0667c5430b
1 changed files with 37 additions and 55 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 92
      main/survey/survey.php

92
main/survey/survey.php
Unescape View File

@ -1,29 +1,10 @@
<?php // $Id: survey.php 21734 2009-07-02 17:12:41Z cvargas1 $
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2004-2009 Dokeos SPRL
Copyright (c) 2003 Ghent University (UGent)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact: Dokeos, rue Notre Dame, 152, B-1140 Evere, Belgium, info@dokeos.com
==============================================================================
*/
<?php // $Id: survey.php 22573 2009-08-03 03:38:13Z yannoo $
/* For licensing terms, see /dokeos_license.txt */
/**
* @package dokeos.survey
* @author unknown
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University: cleanup, refactoring and rewriting large parts of the code
* @version $Id: survey.php 21734 2009-07-02 17:12:41Z cvargas1 $
* @version $Id: survey.php 22573 2009-08-03 03:38:13Z yannoo $
*
* @todo use quickforms for the forms
*/
@ -58,6 +39,7 @@ $table_survey_question_group = Database :: get_course_table(TABLE_SURVEY_QUES
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$user_info = Database :: get_main_table(TABLE_MAIN_SURVEY_REMINDER);
$survey_id = intval($_GET['survey_id']);
// breadcrumbs
$interbreadcrumb[] = array ("url" => "survey_list.php", "name" => get_lang('SurveyList'));
@ -66,7 +48,7 @@ $interbreadcrumb[] = array ("url" => "survey_list.php", "name" => get_lang('Surv
if (isset($_GET['survey_id'])) {
$course_code = api_get_course_id();
if ($course_code!=-1) {
$survey_data = survey_manager::get_survey($_GET['survey_id']);
$survey_data = survey_manager::get_survey($survey_id);
} else {
Display :: display_header(get_lang('Survey'));
Display :: display_error_message(get_lang('NotAllowed'), false);
@ -99,7 +81,7 @@ if($is_survey_type_1 && ($_GET['action']=='addgroup')||($_GET['action']=='delete
}
elseif(!empty($_POST['name']))
{
api_sql_query('INSERT INTO '.$table_survey_question_group.' (name,description,survey_id) values (\''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($_GET['survey_id']).'\') ');
api_sql_query('INSERT INTO '.$table_survey_question_group.' (name,description,survey_id) values (\''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
$sendmsg = 'GroupCreatedSuccessfully';
} else {
$sendmsg = 'GroupNeedName';
@ -107,11 +89,11 @@ if($is_survey_type_1 && ($_GET['action']=='addgroup')||($_GET['action']=='delete
}
if($_GET['action']=='deletegroup'){
api_sql_query('DELETE FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' and survey_id = '.Database::escape_string($_GET['survey_id']));
api_sql_query('DELETE FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' and survey_id = '.Database::escape_string($survey_id));
$sendmsg = 'GroupDeletedSuccessfully';
}
header('Location:survey.php?survey_id='.(int)$_GET['survey_id'].'&sendmsg='.$sendmsg);
header('Location:survey.php?survey_id='.$survey_id.'&sendmsg='.$sendmsg);
exit;
}
@ -151,30 +133,30 @@ if(!empty($survey_data['survey_version'])) echo '<b>'.get_lang('Version').': '.$
SurveyUtil::check_first_last_question($_GET['survey_id']);
// Action links
$survey_actions = '<a href="create_new_survey.php?'.api_get_cidreq().'&amp;action=edit&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('edit.gif', get_lang('Edit')).' '.get_lang('EditSurvey').'</a>';
$survey_actions .= '<a href="survey_list.php?'.api_get_cidreq().'&amp;action=delete&amp;survey_id='.$_GET['survey_id'].'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("DeleteSurvey").'?',ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).' '.get_lang('DeleteSurvey').'</a>';
//$survey_actions .= '<a href="create_survey_in_another_language.php?id_survey='.$_GET['survey_id'].'">'.Display::return_icon('copy.gif', get_lang('Copy')).'</a>';
$survey_actions .= '<a href="preview.php?'.api_get_cidreq().'&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('preview.gif', get_lang('Preview')).' '.get_lang('Preview').'</a>';
$survey_actions .= '<a href="survey_invite.php?'.api_get_cidreq().'&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('survey_publish.gif', get_lang('Publish')).' '.get_lang('Publish').'</a>';
$survey_actions .= '<a href="reporting.php?'.api_get_cidreq().'&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('statistics.gif', get_lang('Reporting')).' '.get_lang('Reporting').'</a>';
$survey_actions = '<a href="create_new_survey.php?'.api_get_cidreq().'&amp;action=edit&amp;survey_id='.$survey_id.'">'.Display::return_icon('edit.gif', get_lang('Edit')).' '.get_lang('EditSurvey').'</a>';
$survey_actions .= '<a href="survey_list.php?'.api_get_cidreq().'&amp;action=delete&amp;survey_id='.$survey_id.'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("DeleteSurvey").'?',ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).' '.get_lang('DeleteSurvey').'</a>';
//$survey_actions .= '<a href="create_survey_in_another_language.php?id_survey='.$survey_id.'">'.Display::return_icon('copy.gif', get_lang('Copy')).'</a>';
$survey_actions .= '<a href="preview.php?'.api_get_cidreq().'&amp;survey_id='.$survey_id.'">'.Display::return_icon('preview.gif', get_lang('Preview')).' '.get_lang('Preview').'</a>';
$survey_actions .= '<a href="survey_invite.php?'.api_get_cidreq().'&amp;survey_id='.$survey_id.'">'.Display::return_icon('survey_publish.gif', get_lang('Publish')).' '.get_lang('Publish').'</a>';
$survey_actions .= '<a href="reporting.php?'.api_get_cidreq().'&amp;survey_id='.$survey_id.'">'.Display::return_icon('statistics.gif', get_lang('Reporting')).' '.get_lang('Reporting').'</a>';
echo '<div class="actions">'.$survey_actions.'</div>';
if ($survey_data['survey_type']==0) {
echo '<div class="actionsbig">';
echo '<a style="padding-left:0px;" href="question.php?'.api_get_cidreq().'&amp;action=add&type=yesno&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('yesno.gif').'<br/>'.get_lang('YesNo').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=multiplechoice&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('mcua.gif').'<br />'.get_lang('UniqueSelect').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=multipleresponse&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('mcma.gif').'<br />'.get_lang('MultipleResponse').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=open&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('open_answer.gif').'<br />'.get_lang('Open').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=dropdown&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('dropdown.gif').'<br />'.get_lang('Dropdown').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=percentage&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('percentagequestion.gif').'<br />'.get_lang('Percentage').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=score&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('scorequestion.gif').'<br />'.get_lang('Score').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=comment&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('commentquestion.gif').'<br />'.get_lang('Comment').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=pagebreak&amp;survey_id='.$_GET['survey_id'].'">'.Display::return_icon('page_end.gif').'<br />'.get_lang('Pagebreak').'</a>';
echo '<a style="padding-left:0px;" href="question.php?'.api_get_cidreq().'&amp;action=add&type=yesno&amp;survey_id='.$survey_id.'">'.Display::return_icon('yesno.gif').'<br/>'.get_lang('YesNo').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=multiplechoice&amp;survey_id='.$survey_id.'">'.Display::return_icon('mcua.gif').'<br />'.get_lang('UniqueSelect').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=multipleresponse&amp;survey_id='.$survey_id.'">'.Display::return_icon('mcma.gif').'<br />'.get_lang('MultipleResponse').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=open&amp;survey_id='.$survey_id.'">'.Display::return_icon('open_answer.gif').'<br />'.get_lang('Open').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=dropdown&amp;survey_id='.$survey_id.'">'.Display::return_icon('dropdown.gif').'<br />'.get_lang('Dropdown').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=percentage&amp;survey_id='.$survey_id.'">'.Display::return_icon('percentagequestion.gif').'<br />'.get_lang('Percentage').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=score&amp;survey_id='.$survey_id.'">'.Display::return_icon('scorequestion.gif').'<br />'.get_lang('Score').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=comment&amp;survey_id='.$survey_id.'">'.Display::return_icon('commentquestion.gif').'<br />'.get_lang('Comment').'</a>';
echo '<a href="question.php?'.api_get_cidreq().'&amp;action=add&type=pagebreak&amp;survey_id='.$survey_id.'">'.Display::return_icon('page_end.gif').'<br />'.get_lang('Pagebreak').'</a>';
echo '</div>';
} else {
echo '<div class="actionsbig">';
//echo '<a href="group.php?'.api_get_cidreq().'&amp;action=add&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/yesno.gif" /><br />'.get_lang('Add groups').'</a></div>';
echo '<a style="padding-left:0px;" href="question.php?'.api_get_cidreq().'&amp;action=add&type=personality&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/yesno.gif" />'.get_lang('PersonalityQuestion').'</a></div>';
//echo '<a href="group.php?'.api_get_cidreq().'&amp;action=add&amp;survey_id='.$survey_id.'"><img src="../img/yesno.gif" /><br />'.get_lang('Add groups').'</a></div>';
echo '<a style="padding-left:0px;" href="question.php?'.api_get_cidreq().'&amp;action=add&type=personality&amp;survey_id='.$survey_id.'"><img src="../img/yesno.gif" />'.get_lang('PersonalityQuestion').'</a></div>';
echo '</div>';
}
@ -193,7 +175,7 @@ if($is_survey_type_1) {
echo ' </tr>';
// Displaying the table contents with all the questions
$question_counter = 1;
$sql = "SELECT * FROM $table_survey_question_group WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."' ORDER BY id";
$sql = "SELECT * FROM $table_survey_question_group WHERE survey_id = '".Database::escape_string($survey_id)."' ORDER BY id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$groups = array();
while($row = Database::fetch_array($result)) {
@ -203,7 +185,7 @@ $sql = "SELECT survey_question.*, count(survey_question_option.question_option_i
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
WHERE survey_question.survey_id = '".Database::escape_string($survey_id)."'
GROUP BY survey_question.question_id
ORDER BY survey_question.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
@ -231,17 +213,17 @@ while ($row = Database::fetch_array($result,'ASSOC')) {
echo ' <td>'.$tool_name.'</td>';
echo ' <td>'.$row['number_of_options'].'</td>';
echo ' <td>';
echo ' <a href="question.php?'.api_get_cidreq().'&amp;action=edit&amp;type='.$row['type'].'&amp;survey_id='.$_GET['survey_id'].'&amp;question_id='.$row['question_id'].'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>';
echo ' <a href="survey.php?'.api_get_cidreq().'&amp;action=delete&amp;survey_id='.$_GET['survey_id'].'&amp;question_id='.$row['question_id'].'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("DeleteSurveyQuestion").'?',ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
echo ' <a href="question.php?'.api_get_cidreq().'&amp;action=edit&amp;type='.$row['type'].'&amp;survey_id='.$survey_id.'&amp;question_id='.$row['question_id'].'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>';
echo ' <a href="survey.php?'.api_get_cidreq().'&amp;action=delete&amp;survey_id='.$survey_id.'&amp;question_id='.$row['question_id'].'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("DeleteSurveyQuestion").'?',ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
if ($question_counter > 1)
{
echo ' <a href="survey.php?'.api_get_cidreq().'&amp;action=moveup&amp;survey_id='.$_GET['survey_id'].'&amp;question_id='.$row['question_id'].'">'.Display::return_icon('up.gif', get_lang('MoveUp')).'</a>';
echo ' <a href="survey.php?'.api_get_cidreq().'&amp;action=moveup&amp;survey_id='.$survey_id.'&amp;question_id='.$row['question_id'].'">'.Display::return_icon('up.gif', get_lang('MoveUp')).'</a>';
} else {
Display::display_icon('up_na.gif');
}
if ($question_counter < $question_counter_max)
{
echo ' <a href="survey.php?'.api_get_cidreq().'&amp;action=movedown&amp;survey_id='.$_GET['survey_id'].'&amp;question_id='.$row['question_id'].'">'.Display::return_icon('down.gif', get_lang('MoveDown')).'</a>';
echo ' <a href="survey.php?'.api_get_cidreq().'&amp;action=movedown&amp;survey_id='.$survey_id.'&amp;question_id='.$row['question_id'].'">'.Display::return_icon('down.gif', get_lang('MoveDown')).'</a>';
} else {
Display::display_icon('down_na.gif');
}
@ -271,16 +253,16 @@ if($is_survey_type_1)
echo '<table border="0"><tr><td width="100">'.get_lang('Name').'</td><td>'.get_lang('Description').'</td></tr></table>';
echo '<form action="survey.php?action=addgroup&survey_id='.(int)$_GET['survey_id'].'" method="post">';
echo '<form action="survey.php?action=addgroup&survey_id='.$survey_id.'" method="post">';
if($_GET['action']=='editgroup') {
$sql = 'SELECT name,description FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' AND survey_id = '.Database::escape_string($_GET['survey_id']).' limit 1';
$sql = 'SELECT name,description FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' AND survey_id = '.Database::escape_string($survey_id).' limit 1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$editedrow = Database::fetch_array($rs,'ASSOC');
echo '<input type="text" maxlength="20" name="name" value="'.$editedrow['name'].'" size="10" disabled>';
echo '<input type="text" maxlength="150" name="description" value="'.$editedrow['description'].'" size="40">';
echo '<input type="hidden" name="group_id" value="'.Security::remove_XSS($_GET['gid']).'">';
echo '<input type="submit" value="'.get_lang('Save').'"'.'<input type="button" value="'.get_lang('Cancel').'" onclick="window.location.href = \'survey.php?survey_id='.Security::remove_XSS($_GET['survey_id']).'\';" />';
echo '<input type="submit" value="'.get_lang('Save').'"'.'<input type="button" value="'.get_lang('Cancel').'" onclick="window.location.href = \'survey.php?survey_id='.Security::remove_XSS($survey_id).'\';" />';
} else {
echo '<input type="text" maxlength="20" name="name" value="" size="10">';
echo '<input type="text" maxlength="250" name="description" value="" size="80">';
@ -295,14 +277,14 @@ if($is_survey_type_1)
echo ' <th width="100">'.get_lang('Modify').'</th>';
echo ' </tr>';
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE survey_id = '.Database::escape_string($_GET['survey_id']).' ORDER BY name';
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE survey_id = '.Database::escape_string($survey_id).' ORDER BY name';
$rs = api_sql_query($sql,__FILE__,__LINE__);
while($row = Database::fetch_array($rs,ASSOC)){
$grouplist .= '<tr><td>'.$row['name'].'</td><td>'.$row['description'].'</td><td>'.
'<a href="survey.php?survey_id='.(int)$_GET['survey_id'].'&gid='.$row['id'].'&action=editgroup">'.
'<a href="survey.php?survey_id='.$survey_id.'&gid='.$row['id'].'&action=editgroup">'.
Display::return_icon('edit.gif', get_lang('Edit')).'</a> '.
'<a href="survey.php?survey_id='.(int)$_GET['survey_id'].'&gid='.$row['id'].'&action=deletegroup" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(sprintf(get_lang('DeleteSurveyGroup'),$row['name']).'?',ENT_QUOTES,$charset)).'\')) return false;">'.
'<a href="survey.php?survey_id='.$survey_id.'&gid='.$row['id'].'&action=deletegroup" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(sprintf(get_lang('DeleteSurveyGroup'),$row['name']).'?',ENT_QUOTES,$charset)).'\')) return false;">'.
Display::return_icon('delete.gif', get_lang('Delete')).'</a>'.
'</td></tr>';
}

Write Preview
Loading…
Cancel
Save