From 0c3b06fcc251a70fc44ac0f91b3bec78fb5240a3 Mon Sep 17 00:00:00 2001 From: Julio Date: Mon, 30 Sep 2019 11:21:19 +0200 Subject: [PATCH] Fix double escape_string, remove security::remove_xss BT#15259 --- main/lp/learnpath.class.php | 21 +++++++++++---------- main/lp/lp_controller.php | 5 ++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/main/lp/learnpath.class.php b/main/lp/learnpath.class.php index dd88178b74..ab30eede3f 100755 --- a/main/lp/learnpath.class.php +++ b/main/lp/learnpath.class.php @@ -756,16 +756,10 @@ class learnpath // Check course code exists. // Check lp_name doesn't exist, otherwise append something. $i = 0; - $name = Database::escape_string($name); $categoryId = (int) $categoryId; - // Session id. $session_id = api_get_session_id(); $userId = empty($userId) ? api_get_user_id() : $userId; - $check_name = "SELECT * FROM $tbl_lp - WHERE c_id = $course_id AND name = '$name'"; - - $res_name = Database::query($check_name); if (empty($publicated_on)) { $publicated_on = null; @@ -779,12 +773,16 @@ class learnpath $expired_on = Database::escape_string(api_get_utc_datetime($expired_on)); } + $check_name = "SELECT * FROM $tbl_lp + WHERE c_id = $course_id AND name = '".Database::escape_string($name)."'"; + $res_name = Database::query($check_name); + while (Database::num_rows($res_name)) { // There is already one such name, update the current one a bit. $i++; $name = $name.' - '.$i; $check_name = "SELECT * FROM $tbl_lp - WHERE c_id = $course_id AND name = '$name'"; + WHERE c_id = $course_id AND name = '".Database::escape_string($name)."' "; $res_name = Database::query($check_name); } // New name does not exist yet; keep it. @@ -5051,12 +5049,15 @@ class learnpath if (empty($name)) { return false; } - $this->name = Database::escape_string($name); $lp_table = Database::get_course_table(TABLE_LP_MAIN); + $name = Database::escape_string($name); + + $this->name = $name; + $lp_id = $this->get_id(); $course_id = $this->course_info['real_id']; $sql = "UPDATE $lp_table SET - name = '".Database::escape_string($this->name)."' + name = '$name' WHERE iid = $lp_id"; $result = Database::query($sql); // If the lp is visible on the homepage, change his name there. @@ -5065,7 +5066,7 @@ class learnpath $session_condition = api_get_session_condition($session_id); $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); $link = 'lp/lp_controller.php?action=view&lp_id='.$lp_id.'&id_session='.$session_id; - $sql = "UPDATE $tbl_tool SET name = '$this->name' + $sql = "UPDATE $tbl_tool SET name = '$name' WHERE c_id = $course_id AND (link='$link' AND image='scormbuilder.gif' $session_condition)"; diff --git a/main/lp/lp_controller.php b/main/lp/lp_controller.php index 7d84817a67..17de4f5afc 100755 --- a/main/lp/lp_controller.php +++ b/main/lp/lp_controller.php @@ -769,7 +769,7 @@ switch ($action) { $new_lp_id = learnpath::add_lp( api_get_course_id(), - Security::remove_XSS($_REQUEST['lp_name']), + $_REQUEST['lp_name'], '', 'chamilo', 'manual', @@ -1160,8 +1160,7 @@ switch ($action) { require 'lp_list.php'; } else { Session::write('refresh', 1); - $lp_name = Security::remove_XSS($_REQUEST['lp_name']); - $_SESSION['oLP']->set_name($lp_name); + $_SESSION['oLP']->set_name($_REQUEST['lp_name']); $author = $_REQUEST['lp_author']; // Fixing the author name (no body or html tags). $auth_init = stripos($author, '

');