chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Internal: Add cidReq to validate course access in Lp - refs BT#21540

Browse Source
pull/5447/head
christianbeeznst 1 year ago
parent d36d2d7fab
commit 0e26fd9a63
5 changed files with 30 additions and 25 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      public/main/exercise/exercise.class.php
  2. 3
      public/main/inc/lib/api.lib.php
  3. 6
      public/main/inc/lib/usermanager.lib.php
  4. 29
      public/main/lp/lp_controller.php
  5. 11
      public/main/lp/lp_view.php

6
public/main/exercise/exercise.class.php
Unescape View File

@ -9784,7 +9784,7 @@ class Exercise
]; ];
} }
public static function saveExerciseInLp($safe_item_id, $safe_exe_id) public static function saveExerciseInLp($safe_item_id, $safe_exe_id, $course_id = null)
{ {
$lp = Session::read('oLP'); $lp = Session::read('oLP');
@ -9796,7 +9796,9 @@ class Exercise
} }
$viewId = $lp->get_view_id(); $viewId = $lp->get_view_id();
$course_id = api_get_course_int_id(); if (!isset($course_id)) {
$course_id = api_get_course_int_id();
}
$userId = (int) api_get_user_id(); $userId = (int) api_get_user_id();
$viewId = (int) $viewId; $viewId = (int) $viewId;

3
public/main/inc/lib/api.lib.php
Unescape View File

@ -888,6 +888,9 @@ function api_valid_email($address)
function api_protect_course_script($print_headers = false, $allow_session_admins = false, string $checkTool = '', $cid = null): bool function api_protect_course_script($print_headers = false, $allow_session_admins = false, string $checkTool = '', $cid = null): bool
{ {
$course_info = api_get_course_info(); $course_info = api_get_course_info();
if (empty($course_info) && isset($_REQUEST['cid'])) {
$course_info = api_get_course_info_by_id((int) $_REQUEST['cid']);
}
if (isset($cid)) { if (isset($cid)) {
$course_info = api_get_course_info_by_id($cid); $course_info = api_get_course_info_by_id($cid);

6
public/main/inc/lib/usermanager.lib.php
Unescape View File

@ -4559,11 +4559,11 @@ class UserManager
if (1 == $num_rows) { if (1 == $num_rows) {
$row = Database::fetch_array($rs); $row = Database::fetch_array($rs);
return $row['uid']; return (int) $row['uid'];
} else { } else {
$my_num_rows = $num_rows; $my_num_rows = $num_rows;
return Database::result($rs, $my_num_rows - 1, 'uid'); return (int) Database::result($rs, $my_num_rows - 1, 'uid');
} }
} elseif ($session > 0) { } elseif ($session > 0) {
$sql = 'SELECT u.id as uid FROM '.$table_user.' u $sql = 'SELECT u.id as uid FROM '.$table_user.' u
@ -4576,7 +4576,7 @@ class UserManager
if (Database::num_rows($rs) > 0) { if (Database::num_rows($rs) > 0) {
$row = Database::fetch_assoc($rs); $row = Database::fetch_assoc($rs);
return $row['uid']; return (int) $row['uid'];
} }
} }

29
public/main/lp/lp_controller.php
Unescape View File

@ -27,12 +27,12 @@ $debug = false;
$current_course_tool = TOOL_LEARNPATH; $current_course_tool = TOOL_LEARNPATH;
$lpItemId = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : 0; $lpItemId = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : 0;
$lpId = isset($_REQUEST['lp_id']) ? (int) $_REQUEST['lp_id'] : 0; $lpId = isset($_REQUEST['lp_id']) ? (int) $_REQUEST['lp_id'] : 0;
$course_id = api_get_course_int_id(); $courseId = isset($_REQUEST['cid']) ? (int) $_REQUEST['cid'] : api_get_course_int_id();
$session_id = api_get_session_id(); $sessionId = isset($_REQUEST['sid']) ? (int) $_REQUEST['sid'] : api_get_session_id();
$lpRepo = Container::getLpRepository(); $lpRepo = Container::getLpRepository();
$lpItemRepo = Container::getLpItemRepository(); $lpItemRepo = Container::getLpItemRepository();
$courseInfo = api_get_course_info(); $courseInfo = api_get_course_info_by_id($courseId);
$course = api_get_course_entity(); $course = api_get_course_entity($courseId);
$userId = api_get_user_id(); $userId = api_get_user_id();
$glossaryExtraTools = api_get_setting('show_glossary_in_extra_tools'); $glossaryExtraTools = api_get_setting('show_glossary_in_extra_tools');
$showGlossary = in_array($glossaryExtraTools, ['true', 'lp', 'exercise_and_lp']); $showGlossary = in_array($glossaryExtraTools, ['true', 'lp', 'exercise_and_lp']);
@ -71,15 +71,15 @@ if (!empty($lpObject)) {
if (isset($oLP) && is_object($oLP)) { if (isset($oLP) && is_object($oLP)) {
if (1 == $myrefresh || if (1 == $myrefresh ||
empty($oLP->cc) || empty($oLP->cc) ||
$oLP->cc != api_get_course_id() || $oLP->cc != $course->getCode() ||
$oLP->lp_view_session_id != $session_id $oLP->lp_view_session_id != $sessionId
) { ) {
if ($debug) { if ($debug) {
error_log('Course has changed, discard lp object'); error_log('Course has changed, discard lp object');
error_log('$oLP->lp_view_session_id: '.$oLP->lp_view_session_id); error_log('$oLP->lp_view_session_id: '.$oLP->lp_view_session_id);
error_log('api_get_session_id(): '.$session_id); error_log('api_get_session_id(): '.$sessionId);
error_log('$oLP->cc: '.$oLP->cc); error_log('$oLP->cc: '.$oLP->cc);
error_log('api_get_course_id(): '.api_get_course_id()); error_log('api_get_course_id(): '.$course->getCode());
} }
if (1 === $myrefresh) { if (1 === $myrefresh) {
@ -237,11 +237,8 @@ switch ($action) {
case 'send_notify_teacher': case 'send_notify_teacher':
// Send notification to the teacher // Send notification to the teacher
$studentInfo = api_get_user_info(); $studentInfo = api_get_user_info();
$course_info = api_get_course_info(); $courseName = $courseInfo['title'];
$sessionId = api_get_session_id(); $courseUrl = $courseInfo['course_public_url'];
$courseName = $course_info['title'];
$courseUrl = $course_info['course_public_url'];
if (!empty($sessionId)) { if (!empty($sessionId)) {
$sessionInfo = api_get_session_info($sessionId); $sessionInfo = api_get_session_info($sessionId);
$courseName = $sessionInfo['name']; $courseName = $sessionInfo['name'];
@ -249,7 +246,7 @@ switch ($action) {
} }
$url = Display::url($courseName, $courseUrl, ['title' => get_lang('Go to the course')]); $url = Display::url($courseName, $courseUrl, ['title' => get_lang('Go to the course')]);
$coachList = CourseManager::get_coachs_from_course($sessionId, api_get_course_int_id()); $coachList = CourseManager::get_coachs_from_course($sessionId, $courseId);
foreach ($coachList as $coach_course) { foreach ($coachList as $coach_course) {
$recipientName = $coach_course['full_name']; $recipientName = $coach_course['full_name'];
$coachInfo = api_get_user_info($coach_course['user_id']); $coachInfo = api_get_user_info($coach_course['user_id']);
@ -693,7 +690,7 @@ switch ($action) {
if (!$lp_found) { if (!$lp_found) {
require 'lp_list.php'; require 'lp_list.php';
} else { } else {
$result = ScormExport::exportToPdf($lpId, api_get_course_info()); $result = ScormExport::exportToPdf($lpId, $courseInfo);
if (!$result) { if (!$result) {
require 'lp_list.php'; require 'lp_list.php';
} }
@ -1005,7 +1002,7 @@ switch ($action) {
$redirectTo = isset($_GET['redirectTo']) ? $_GET['redirectTo'] : ''; $redirectTo = isset($_GET['redirectTo']) ? $_GET['redirectTo'] : '';
switch ($redirectTo) { switch ($redirectTo) {
case 'course_home': case 'course_home':
$url = api_get_path(WEB_PATH).'course/'.api_get_course_int_id().'/home?'.api_get_cidreq(); $url = api_get_path(WEB_PATH).'course/'.$courseId.'/home?'.api_get_cidreq();
break; break;
case 'lp_list': case 'lp_list':
$url = 'lp_controller.php?'.api_get_cidreq(); $url = 'lp_controller.php?'.api_get_cidreq();

11
public/main/lp/lp_view.php
Unescape View File

@ -28,9 +28,12 @@ $lp_id = !empty($_GET['lp_id']) ? (int) $_GET['lp_id'] : 0;
if (empty($lp_id)) { if (empty($lp_id)) {
api_not_allowed(); api_not_allowed();
} }
$sessionId = api_get_session_id();
$course_code = api_get_course_id(); $course_id = isset($_REQUEST['cid']) ? (int) $_REQUEST['cid'] : api_get_course_int_id();
$course_id = api_get_course_int_id(); $sessionId = isset($_REQUEST['sid']) ? (int) $_REQUEST['sid'] : api_get_session_id();
$courseInfo = api_get_course_info_by_id($course_id);
$course_code = $courseInfo['code'];
$user_id = api_get_user_id(); $user_id = api_get_user_id();
$course = api_get_course_entity($course_id); $course = api_get_course_entity($course_id);
$session = api_get_session_entity($sessionId); $session = api_get_session_entity($sessionId);
@ -282,7 +285,7 @@ if (!empty($_REQUEST['exeId']) &&
$safe_exe_id = (int) $_REQUEST['exeId']; $safe_exe_id = (int) $_REQUEST['exeId'];
if (!empty($safe_id) && !empty($safe_item_id)) { if (!empty($safe_id) && !empty($safe_item_id)) {
Exercise::saveExerciseInLp($safe_item_id, $safe_exe_id); Exercise::saveExerciseInLp($safe_item_id, $safe_exe_id, $course_id);
} }
if (EXERCISE_FEEDBACK_TYPE_END != intval($_GET['fb_type'])) { if (EXERCISE_FEEDBACK_TYPE_END != intval($_GET['fb_type'])) {
$src = 'blank.php?msg=exerciseFinished&'.api_get_cidreq(true, true, 'learnpath'); $src = 'blank.php?msg=exerciseFinished&'.api_get_cidreq(true, true, 'learnpath');

Write Preview
Loading…
Cancel
Save