Merge branch '1.10.x' of github.com:chamilo/chamilo-lms into 1.10.x

main/inc/lib/sessionmanager.lib.php

@@ -1474,6 +1474,7 @@ class SessionManager
         $tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
         $tbl_url_session = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
         $tbl_item_properties = Database::get_course_table(TABLE_ITEM_PROPERTY);
+        $em = Database::getManager();
 
         $userId = api_get_user_id();
 
@@ -1486,10 +1487,16 @@ class SessionManager
         }
 
         if (SessionManager::allowed($id_checked) && !$from_ws) {
-            $sql = 'SELECT session_admin_id FROM ' . $tbl_session. '
-                    WHERE id IN (' . $id_checked.')';
-            $rs = Database::query($sql);
-            if (Database::result($rs, 0, 0) != $userId) {
+            $qb = $em
+                ->createQuery('
+                    SELECT s.sessionAdminId FROM ChamiloCoreBundle:Session s
+                    WHERE s.id = ?1
+                ')
+                ->setParameter(1, $id_checked);
+
+            $res = $qb->getSingleScalarResult();
+
+            if ($res != $userId) {
                 api_not_allowed(true);
             }
         }
@@ -3878,6 +3885,10 @@ class SessionManager
             return false;
         }
 
+        if (api_is_platform_admin()) {
+            return true;
+        }
+
         $userId = api_get_user_id();
 
         if (api_is_session_admin() &&