chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Format code + use (int) instead of remove_XSS function

Browse Source
pull/2487/head
jmontoyaa 9 years ago
parent a75a14a497
commit 0c3e44ef5e
9 changed files with 49 additions and 33 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/gradebook/gradebook_add_eval.php
  2. 15
      main/gradebook/gradebook_add_link.php
  3. 12
      main/gradebook/gradebook_add_link_select_course.php
  4. 2
      main/gradebook/gradebook_edit_cat.php
  5. 8
      main/gradebook/gradebook_edit_eval.php
  6. 4
      main/gradebook/gradebook_edit_link.php
  7. 4
      main/gradebook/gradebook_flatview.php
  8. 6
      main/gradebook/gradebook_showlog_eval.php
  9. 27
      main/gradebook/gradebook_showlog_link.php

4
main/gradebook/gradebook_add_eval.php
Unescape View File

@ -12,11 +12,11 @@ api_protect_course_script(true);
api_block_anonymous_users(); api_block_anonymous_users();
GradebookUtils::block_students(); GradebookUtils::block_students();
$select_cat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : ''; $select_cat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
$is_allowedToEdit = $is_courseAdmin; $is_allowedToEdit = $is_courseAdmin;
$evaladd = new Evaluation(); $evaladd = new Evaluation();
$evaladd->set_user_id($_user['user_id']); $evaladd->set_user_id($_user['user_id']);
if (isset($_GET['selectcat']) && (!empty($_GET['selectcat']))) { if (!empty($select_cat)) {
$evaladd->set_category_id($_GET['selectcat']); $evaladd->set_category_id($_GET['selectcat']);
$cat = Category :: load($_GET['selectcat']); $cat = Category :: load($_GET['selectcat']);
$evaladd->set_course_code($cat[0]->get_course_code()); $evaladd->set_course_code($cat[0]->get_course_code());

15
main/gradebook/gradebook_add_link.php
Unescape View File

@ -14,8 +14,9 @@ api_block_anonymous_users();
GradebookUtils::block_students(); GradebookUtils::block_students();
$courseCode = isset($_GET['course_code']) ? Security::remove_XSS($_GET['course_code']) : null; $courseCode = isset($_GET['course_code']) ? Security::remove_XSS($_GET['course_code']) : null;
$course_info = api_get_course_info($courseCode); $selectCat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
$course_info = api_get_course_info($courseCode);
$tbl_forum_thread = Database :: get_course_table(TABLE_FORUM_THREAD); $tbl_forum_thread = Database :: get_course_table(TABLE_FORUM_THREAD);
$tbl_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK); $tbl_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
@ -34,8 +35,8 @@ if ($session_id == 0) {
} else { } else {
$all_categories = Category::load_session_categories(null, $session_id); $all_categories = Category::load_session_categories(null, $session_id);
} }
$category = Category :: load($_GET['selectcat']); $category = Category :: load($selectCat);
$url = api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&newtypeselected='.$typeSelected.'&course_code='.api_get_course_id().'&'.api_get_cidreq(); $url = api_get_self().'?selectcat='.$selectCat.'&newtypeselected='.$typeSelected.'&course_code='.api_get_course_id().'&'.api_get_cidreq();
$typeform = new LinkForm( $typeform = new LinkForm(
LinkForm :: TYPE_CREATE, LinkForm :: TYPE_CREATE,
$category[0], $category[0],
@ -49,7 +50,7 @@ $typeform = new LinkForm(
// if user selected a link type // if user selected a link type
if ($typeform->validate() && isset($_GET['newtypeselected'])) { if ($typeform->validate() && isset($_GET['newtypeselected'])) {
// reload page, this time with a parameter indicating the selected type // reload page, this time with a parameter indicating the selected type
header('Location: '.api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']) header('Location: '.api_get_self().'?selectcat='.$selectCat
.'&typeselected='.$typeform->exportValue('select_link') .'&typeselected='.$typeform->exportValue('select_link')
.'&course_code='.Security::remove_XSS($_GET['course_code']).'&'.api_get_cidreq() .'&course_code='.Security::remove_XSS($_GET['course_code']).'&'.api_get_cidreq()
); );
@ -58,7 +59,7 @@ if ($typeform->validate() && isset($_GET['newtypeselected'])) {
// link type selected, show 2nd form to retrieve the link data // link type selected, show 2nd form to retrieve the link data
if (isset($typeSelected) && $typeSelected != '0') { if (isset($typeSelected) && $typeSelected != '0') {
$url = api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&typeselected='.$typeSelected.'&course_code='.$courseCode.'&'.api_get_cidreq(); $url = api_get_self().'?selectcat='.$selectCat.'&typeselected='.$typeSelected.'&course_code='.$courseCode.'&'.api_get_cidreq();
$addform = new LinkAddEditForm( $addform = new LinkAddEditForm(
LinkAddEditForm :: TYPE_ADD, LinkAddEditForm :: TYPE_ADD,
@ -127,14 +128,14 @@ if (isset($typeSelected) && $typeSelected != '0') {
header('Location: gradebook_add_result.php?selecteval='.$link->get_ref_id().'&'.api_get_cidreq()); header('Location: gradebook_add_result.php?selecteval='.$link->get_ref_id().'&'.api_get_cidreq());
exit; exit;
} else { } else {
header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?linkadded=&selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq()); header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?linkadded=&selectcat='.$selectCat.'&'.api_get_cidreq());
exit; exit;
} }
} }
} }
$interbreadcrumb[] = array( $interbreadcrumb[] = array(
'url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq(), 'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectCat.'&'.api_get_cidreq(),
'name' => get_lang('Gradebook') 'name' => get_lang('Gradebook')
); );
$this_section = SECTION_COURSES; $this_section = SECTION_COURSES;

12
main/gradebook/gradebook_add_link_select_course.php
Unescape View File

@ -13,16 +13,18 @@ api_protect_course_script(true);
api_block_anonymous_users(); api_block_anonymous_users();
GradebookUtils::block_students(); GradebookUtils::block_students();
$selectCat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
$catadd = new Category(); $catadd = new Category();
$catadd->set_user_id(api_get_user_id()); $catadd->set_user_id(api_get_user_id());
$catadd->set_parent_id($_GET['selectcat']); $catadd->set_parent_id($selectCat);
$catcourse = Category :: load ($_GET['selectcat']); $catcourse = Category :: load ($selectCat);
$form = new CatForm( $form = new CatForm(
CatForm :: TYPE_SELECT_COURSE, CatForm :: TYPE_SELECT_COURSE,
$catadd, $catadd,
'add_cat_form', 'add_cat_form',
null, null,
api_get_self() . '?selectcat=' . Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq() api_get_self() . '?selectcat=' . $selectCat.'&'.api_get_cidreq()
); );
if ($form->validate()) { if ($form->validate()) {
@ -30,12 +32,12 @@ if ($form->validate()) {
$cat = new Category(); $cat = new Category();
$cat->set_course_code($values['select_course']); $cat->set_course_code($values['select_course']);
$cat->set_name($values['name']); $cat->set_name($values['name']);
header('location: gradebook_add_link.php?selectcat=' .Security::remove_XSS($_GET['selectcat']).'&course_code='.Security::remove_XSS($values['select_course']).'&'.api_get_cidreq()); header('location: gradebook_add_link.php?selectcat=' .$selectCat.'&course_code='.Security::remove_XSS($values['select_course']).'&'.api_get_cidreq());
exit; exit;
} }
$interbreadcrumb[] = array ( $interbreadcrumb[] = array (
'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq(), 'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$selectCat.'&'.api_get_cidreq(),
'name' => get_lang('Gradebook') 'name' => get_lang('Gradebook')
); );
Display :: display_header(get_lang('NewCategory')); Display :: display_header(get_lang('NewCategory'));

2
main/gradebook/gradebook_edit_cat.php
Unescape View File

@ -84,7 +84,7 @@ if ($form->validate()) {
header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?editcat=&selectcat=' . $cat->get_parent_id().'&'.api_get_cidreq()); header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?editcat=&selectcat=' . $cat->get_parent_id().'&'.api_get_cidreq());
exit; exit;
} }
$selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : ''; $selectcat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : '';
$interbreadcrumb[] = array( $interbreadcrumb[] = array(
'url' => Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $selectcat . '&' . api_get_cidreq(), 'url' => Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $selectcat . '&' . api_get_cidreq(),
'name' => get_lang('Gradebook') 'name' => get_lang('Gradebook')

8
main/gradebook/gradebook_edit_eval.php
Unescape View File

@ -48,13 +48,13 @@ if ($form->validate()) {
header('Location: '.$_SESSION['gradebook_dest'].'?editeval=&selectcat=' . $eval->get_category_id()); header('Location: '.$_SESSION['gradebook_dest'].'?editeval=&selectcat=' . $eval->get_category_id());
exit; exit;
} }
$selectcat_inter=isset($_GET['selectcat'])?Security::remove_XSS($_GET['selectcat']):''; $selectcat_inter=isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
$interbreadcrumb[] = array ( $interbreadcrumb[] = array(
'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectcat_inter, 'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectcat_inter,
'name' => get_lang('Gradebook' 'name' => get_lang('Gradebook'
)); ));
$htmlHeadXtra[] = '<script type="text/javascript"> $htmlHeadXtra[] = '<script>
$(document).ready( function() { $(document).ready( function() {
$("#hid_category_id").change(function() { $("#hid_category_id").change(function() {
$("#hid_category_id option:selected").each(function () { $("#hid_category_id option:selected").each(function () {

4
main/gradebook/gradebook_edit_link.php
Unescape View File

@ -16,14 +16,14 @@ $tbl_forum_thread = Database :: get_course_table(TABLE_FORUM_THREAD);
$tbl_attendance = Database :: get_course_table(TABLE_ATTENDANCE); $tbl_attendance = Database :: get_course_table(TABLE_ATTENDANCE);
$em = Database::getManager(); $em = Database::getManager();
$linkarray = LinkFactory :: load($_GET['editlink']); $linkarray = LinkFactory :: load($_GET['editlink']);
/** @var AbstractLink $link */ /** @var AbstractLink $link */
$link = $linkarray[0]; $link = $linkarray[0];
if ($link->is_locked() && !api_is_platform_admin()) { if ($link->is_locked() && !api_is_platform_admin()) {
api_not_allowed(); api_not_allowed();
} }
$linkcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']):''; $linkcat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
$linkedit = isset($_GET['editlink']) ? Security::remove_XSS($_GET['editlink']):''; $linkedit = isset($_GET['editlink']) ? Security::remove_XSS($_GET['editlink']):'';
$session_id = api_get_session_id(); $session_id = api_get_session_id();

4
main/gradebook/gradebook_flatview.php
Unescape View File

@ -23,7 +23,7 @@ if (!$isDrhOfCourse) {
} }
if (isset ($_POST['submit']) && isset ($_POST['keyword'])) { if (isset ($_POST['submit']) && isset ($_POST['keyword'])) {
header('Location: '.api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&search='.Security::remove_XSS($_POST['keyword'])); header('Location: '.api_get_self().'?selectcat='.intval($_GET['selectcat']).'&search='.Security::remove_XSS($_POST['keyword']));
exit; exit;
} }
@ -64,7 +64,7 @@ if (isset($export_flatview_form) && (!$file_type == 'pdf')) {
} }
if (isset($_GET['selectcat'])) { if (isset($_GET['selectcat'])) {
$category_id = Security::remove_XSS($_GET['selectcat']); $category_id = (int) $_GET['selectcat'];
} else { } else {
$category_id = ''; $category_id = '';
} }

6
main/gradebook/gradebook_showlog_eval.php
Unescape View File

@ -9,16 +9,18 @@ require_once '../inc/global.inc.php';
api_block_anonymous_users(); api_block_anonymous_users();
GradebookUtils::block_students(); GradebookUtils::block_students();
$selectCat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
$interbreadcrumb[] = array ( $interbreadcrumb[] = array (
'url' => $_SESSION['gradebook_dest'].'?', 'url' => $_SESSION['gradebook_dest'].'?',
'name' => get_lang('Gradebook' 'name' => get_lang('Gradebook'
)); ));
$interbreadcrumb[] = array ( $interbreadcrumb[] = array (
'url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']), 'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectCat,
'name' => get_lang('Details' 'name' => get_lang('Details'
)); ));
$interbreadcrumb[] = array ( $interbreadcrumb[] = array (
'url' => 'gradebook_showlog_eval.php?visiblelog='.Security::remove_XSS($_GET['visiblelog']).'&amp;selectcat='.Security::remove_XSS($_GET['selectcat']), 'url' => 'gradebook_showlog_eval.php?visiblelog='.Security::remove_XSS($_GET['visiblelog']).'&amp;selectcat='.$selectCat,
'name' => get_lang('GradebookQualifyLog') 'name' => get_lang('GradebookQualifyLog')
); );
$this_section = SECTION_COURSES; $this_section = SECTION_COURSES;

27
main/gradebook/gradebook_showlog_link.php
Unescape View File

@ -11,19 +11,30 @@ require_once '../inc/global.inc.php';
api_block_anonymous_users(); api_block_anonymous_users();
GradebookUtils::block_students(); GradebookUtils::block_students();
$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?','name' => get_lang('Gradebook')); $selectCat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : 0;
$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']),'name' => get_lang('Details'));
$interbreadcrumb[] = array ('url' => 'gradebook_showlog_link.php?visiblelink='.Security::remove_XSS($_GET['visiblelink']).'&amp;selectcat='.Security::remove_XSS($_GET['selectcat']), 'name' => get_lang('GradebookQualifyLog')); $interbreadcrumb[] = array(
'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?',
'name' => get_lang('Gradebook'),
);
$interbreadcrumb[] = array(
'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$selectCat,
'name' => get_lang('Details')
);
$interbreadcrumb[] = array(
'url' => 'gradebook_showlog_link.php?visiblelink='.Security::remove_XSS($_GET['visiblelink']).'&selectcat='.$selectCat,
'name' => get_lang('GradebookQualifyLog')
);
$this_section = SECTION_COURSES; $this_section = SECTION_COURSES;
Display :: display_header(''); Display :: display_header('');
echo '<div class="actions">'; echo '<div class="actions">';
api_display_tool_title(get_lang('GradebookQualifyLog')); api_display_tool_title(get_lang('GradebookQualifyLog'));
echo '</div>'; echo '</div>';
$t_user = Database :: get_main_table(TABLE_MAIN_USER); $t_user = Database:: get_main_table(TABLE_MAIN_USER);
$t_link_log = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG); $t_link_log = Database:: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG);
$visible_link=Security::remove_XSS($_GET['visiblelink']); $visible_link = Security::remove_XSS($_GET['visiblelink']);
$evaledit = EvalLink :: load($visible_link); $evaledit = EvalLink:: load($visible_link);
$sql = "SELECT lk.name,lk.description,lk.weight,lk.visible,lk.type,lk.created_at,us.username $sql = "SELECT lk.name,lk.description,lk.weight,lk.visible,lk.type,lk.created_at,us.username
FROM ".$t_link_log." lk inner join ".$t_user." us FROM ".$t_link_log." lk inner join ".$t_user." us
ON lk.user_id_log=us.user_id ON lk.user_id_log=us.user_id
@ -41,7 +52,7 @@ foreach($list_info as $key => $info_log) {
$parameters = array( $parameters = array(
'visiblelink' => Security::remove_XSS($_GET['visiblelink']), 'visiblelink' => Security::remove_XSS($_GET['visiblelink']),
'selectcat' => Security::remove_XSS($_GET['selectcat']), 'selectcat' => $selectCat,
); );
$table = new SortableTableFromArrayConfig($list_info, 1,20,'gradebooklink'); $table = new SortableTableFromArrayConfig($list_info, 1,20,'gradebooklink');

Write Preview
Loading…
Cancel
Save