Format code + use (int) instead of remove_XSS function

main/gradebook/gradebook_add_eval.php

@@ -12,11 +12,11 @@ api_protect_course_script(true);
 api_block_anonymous_users();
 GradebookUtils::block_students();
 
-$select_cat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : '';
+$select_cat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
 $is_allowedToEdit = $is_courseAdmin;
 $evaladd = new Evaluation();
 $evaladd->set_user_id($_user['user_id']);
-if (isset($_GET['selectcat']) && (!empty($_GET['selectcat']))) {
+if (!empty($select_cat)) {
     $evaladd->set_category_id($_GET['selectcat']);
     $cat = Category :: load($_GET['selectcat']);
     $evaladd->set_course_code($cat[0]->get_course_code());

main/gradebook/gradebook_add_link.php

@@ -14,8 +14,9 @@ api_block_anonymous_users();
 GradebookUtils::block_students();
 
 $courseCode = isset($_GET['course_code']) ? Security::remove_XSS($_GET['course_code']) : null;
-$course_info = api_get_course_info($courseCode);
+$selectCat =  isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
 
+$course_info = api_get_course_info($courseCode);
 $tbl_forum_thread = Database :: get_course_table(TABLE_FORUM_THREAD);
 $tbl_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
 
@@ -34,8 +35,8 @@ if ($session_id == 0) {
 } else {
     $all_categories = Category::load_session_categories(null, $session_id);
 }
-$category = Category :: load($_GET['selectcat']);
-$url = api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&newtypeselected='.$typeSelected.'&course_code='.api_get_course_id().'&'.api_get_cidreq();
+$category = Category :: load($selectCat);
+$url = api_get_self().'?selectcat='.$selectCat.'&newtypeselected='.$typeSelected.'&course_code='.api_get_course_id().'&'.api_get_cidreq();
 $typeform = new LinkForm(
     LinkForm :: TYPE_CREATE,
     $category[0],
@@ -49,7 +50,7 @@ $typeform = new LinkForm(
 // if user selected a link type
 if ($typeform->validate() && isset($_GET['newtypeselected'])) {
     // reload page, this time with a parameter indicating the selected type
-    header('Location: '.api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat'])
+    header('Location: '.api_get_self().'?selectcat='.$selectCat
         .'&typeselected='.$typeform->exportValue('select_link')
         .'&course_code='.Security::remove_XSS($_GET['course_code']).'&'.api_get_cidreq()
     );
@@ -58,7 +59,7 @@ if ($typeform->validate() && isset($_GET['newtypeselected'])) {
 
 // link type selected, show 2nd form to retrieve the link data
 if (isset($typeSelected) && $typeSelected != '0') {
-    $url = api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&typeselected='.$typeSelected.'&course_code='.$courseCode.'&'.api_get_cidreq();
+    $url = api_get_self().'?selectcat='.$selectCat.'&typeselected='.$typeSelected.'&course_code='.$courseCode.'&'.api_get_cidreq();
 
     $addform = new LinkAddEditForm(
         LinkAddEditForm :: TYPE_ADD,
@@ -127,14 +128,14 @@ if (isset($typeSelected) && $typeSelected != '0') {
             header('Location: gradebook_add_result.php?selecteval='.$link->get_ref_id().'&'.api_get_cidreq());
             exit;
         } else {
-            header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?linkadded=&selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq());
+            header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?linkadded=&selectcat='.$selectCat.'&'.api_get_cidreq());
             exit;
         }
     }
 }
 
 $interbreadcrumb[] = array(
-    'url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq(),
+    'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectCat.'&'.api_get_cidreq(),
     'name' => get_lang('Gradebook')
 );
 $this_section = SECTION_COURSES;

main/gradebook/gradebook_add_link_select_course.php

@@ -13,16 +13,18 @@ api_protect_course_script(true);
 api_block_anonymous_users();
 GradebookUtils::block_students();
 
+$selectCat =  isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
+
 $catadd = new Category();
 $catadd->set_user_id(api_get_user_id());
-$catadd->set_parent_id($_GET['selectcat']);
-$catcourse = Category :: load ($_GET['selectcat']);
+$catadd->set_parent_id($selectCat);
+$catcourse = Category :: load ($selectCat);
 $form = new CatForm(
     CatForm :: TYPE_SELECT_COURSE,
     $catadd,
     'add_cat_form',
     null,
-    api_get_self() . '?selectcat=' . Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq()
+    api_get_self() . '?selectcat=' . $selectCat.'&'.api_get_cidreq()
 );
 
 if ($form->validate()) {
@@ -30,12 +32,12 @@ if ($form->validate()) {
     $cat = new Category();
     $cat->set_course_code($values['select_course']);
     $cat->set_name($values['name']);
-    header('location: gradebook_add_link.php?selectcat=' .Security::remove_XSS($_GET['selectcat']).'&course_code='.Security::remove_XSS($values['select_course']).'&'.api_get_cidreq());
+    header('location: gradebook_add_link.php?selectcat=' .$selectCat.'&course_code='.Security::remove_XSS($values['select_course']).'&'.api_get_cidreq());
     exit;
 }
 
 $interbreadcrumb[] = array (
-    'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq(),
+    'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$selectCat.'&'.api_get_cidreq(),
     'name' => get_lang('Gradebook')
 );
 Display :: display_header(get_lang('NewCategory'));

main/gradebook/gradebook_edit_cat.php

@@ -84,7 +84,7 @@ if ($form->validate()) {
     header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?editcat=&selectcat=' . $cat->get_parent_id().'&'.api_get_cidreq());
     exit;
 }
-$selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : '';
+$selectcat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : '';
 $interbreadcrumb[] = array(
     'url' => Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $selectcat . '&' . api_get_cidreq(),
     'name' => get_lang('Gradebook')

main/gradebook/gradebook_edit_eval.php

@@ -48,13 +48,13 @@ if ($form->validate()) {
     header('Location: '.$_SESSION['gradebook_dest'].'?editeval=&selectcat=' . $eval->get_category_id());
     exit;
 }
-$selectcat_inter=isset($_GET['selectcat'])?Security::remove_XSS($_GET['selectcat']):'';
-$interbreadcrumb[] = array (
+$selectcat_inter=isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
+$interbreadcrumb[] = array(
     'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectcat_inter,
     'name' => get_lang('Gradebook'
-    ));
+));
 
-$htmlHeadXtra[] = '<script type="text/javascript">
+$htmlHeadXtra[] = '<script>
 $(document).ready( function() {
     $("#hid_category_id").change(function() {
        $("#hid_category_id option:selected").each(function () {

main/gradebook/gradebook_edit_link.php

@@ -16,14 +16,14 @@ $tbl_forum_thread 		= Database :: get_course_table(TABLE_FORUM_THREAD);
 $tbl_attendance 		= Database :: get_course_table(TABLE_ATTENDANCE);
 $em = Database::getManager();
 
-$linkarray 				= LinkFactory :: load($_GET['editlink']);
+$linkarray = LinkFactory :: load($_GET['editlink']);
 /** @var AbstractLink $link */
 $link = $linkarray[0];
 if ($link->is_locked() && !api_is_platform_admin()) {
     api_not_allowed();
 }
 
-$linkcat  = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']):'';
+$linkcat  = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
 $linkedit = isset($_GET['editlink']) ? Security::remove_XSS($_GET['editlink']):'';
 
 $session_id = api_get_session_id();

main/gradebook/gradebook_flatview.php

@@ -23,7 +23,7 @@ if (!$isDrhOfCourse) {
 }
 
 if (isset ($_POST['submit']) && isset ($_POST['keyword'])) {
-    header('Location: '.api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&search='.Security::remove_XSS($_POST['keyword']));
+    header('Location: '.api_get_self().'?selectcat='.intval($_GET['selectcat']).'&search='.Security::remove_XSS($_POST['keyword']));
     exit;
 }
 
@@ -64,7 +64,7 @@ if (isset($export_flatview_form) && (!$file_type == 'pdf')) {
 }
 
 if (isset($_GET['selectcat'])) {
-    $category_id = Security::remove_XSS($_GET['selectcat']);
+    $category_id = (int) $_GET['selectcat'];
 } else {
     $category_id = '';
 }

main/gradebook/gradebook_showlog_eval.php

@@ -9,16 +9,18 @@ require_once '../inc/global.inc.php';
 api_block_anonymous_users();
 GradebookUtils::block_students();
 
+$selectCat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
+
 $interbreadcrumb[] = array (
     'url' => $_SESSION['gradebook_dest'].'?',
     'name' => get_lang('Gradebook'
 ));
 $interbreadcrumb[] = array (
-    'url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']),
+    'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectCat,
     'name' => get_lang('Details'
 ));
 $interbreadcrumb[] = array (
-    'url' => 'gradebook_showlog_eval.php?visiblelog='.Security::remove_XSS($_GET['visiblelog']).'&selectcat='.Security::remove_XSS($_GET['selectcat']),
+    'url' => 'gradebook_showlog_eval.php?visiblelog='.Security::remove_XSS($_GET['visiblelog']).'&selectcat='.$selectCat,
     'name' => get_lang('GradebookQualifyLog')
 );
 $this_section = SECTION_COURSES;

main/gradebook/gradebook_showlog_link.php

@@ -11,19 +11,30 @@ require_once '../inc/global.inc.php';
 api_block_anonymous_users();
 GradebookUtils::block_students();
 
-$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?','name' => get_lang('Gradebook'));
-$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']),'name' => get_lang('Details'));
-$interbreadcrumb[] = array ('url' => 'gradebook_showlog_link.php?visiblelink='.Security::remove_XSS($_GET['visiblelink']).'&selectcat='.Security::remove_XSS($_GET['selectcat']),	'name' => get_lang('GradebookQualifyLog'));
+$selectCat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
+
+$interbreadcrumb[] = array(
+    'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?',
+    'name' => get_lang('Gradebook'),
+);
+$interbreadcrumb[] = array(
+    'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$selectCat,
+    'name' => get_lang('Details')
+);
+$interbreadcrumb[] = array(
+    'url' => 'gradebook_showlog_link.php?visiblelink='.Security::remove_XSS($_GET['visiblelink']).'&selectcat='.$selectCat,
+    'name' => get_lang('GradebookQualifyLog')
+);
 $this_section = SECTION_COURSES;
 Display :: display_header('');
 echo '<div class="actions">';
 api_display_tool_title(get_lang('GradebookQualifyLog'));
 echo '</div>';
 
-$t_user     = Database :: get_main_table(TABLE_MAIN_USER);
-$t_link_log = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG);
-$visible_link=Security::remove_XSS($_GET['visiblelink']);
-$evaledit   = EvalLink :: load($visible_link);
+$t_user = Database:: get_main_table(TABLE_MAIN_USER);
+$t_link_log = Database:: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG);
+$visible_link = Security::remove_XSS($_GET['visiblelink']);
+$evaledit = EvalLink:: load($visible_link);
 $sql = "SELECT lk.name,lk.description,lk.weight,lk.visible,lk.type,lk.created_at,us.username
         FROM ".$t_link_log." lk inner join ".$t_user." us
         ON lk.user_id_log=us.user_id
@@ -41,7 +52,7 @@ foreach($list_info as $key => $info_log) {
 
 $parameters = array(
     'visiblelink' => Security::remove_XSS($_GET['visiblelink']),
-    'selectcat' => Security::remove_XSS($_GET['selectcat']),
+    'selectcat' => $selectCat,
 );
 
 $table = new SortableTableFromArrayConfig($list_info, 1,20,'gradebooklink');