merge update conflict course_home.lib.php

12 years ago · 13e5be157a
parent 5f4792be83 4d460d7461
commit 13e5be157a
9 changed files with 39 additions and 12 deletions
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -335,7 +335,8 @@ $form->addElement('button', 'submit', get_lang('RegisterUser'), array('class' =>

 if ($form->validate()) {

-    $values = $form->exportValues();
+    //$values = $form->exportValues();
+    $values = $form->getSubmitValues(1);
    $values['username'] = api_substr($values['username'], 0, USERNAME_MAX_LENGTH); //make *sure* the login isn't too long

    if (api_get_setting('allow_registration_as_teacher') == 'false') {
@ -363,6 +364,10 @@ if ($form->validate()) {
        foreach ($values as $key => $value) {
            if (substr($key, 0, 6) == 'extra_') { //an extra field
                $extras[substr($key,6)] = $value;
+            } elseif (strpos($key, 'remove_extra_') !== false) {
+                $extra_value = Security::filter_filename(urldecode(key($value)));
+                // To remove from user_field_value and folder
+                UserManager::update_extra_field_value($user_id, substr($key,13), $extra_value);
            }
        }

@ -370,7 +375,23 @@ if ($form->validate()) {
        $count_extra_field = count($extras);
        if ($count_extra_field > 0) {
            foreach ($extras as $key => $value) {
-                UserManager::update_extra_field_value($user_id, $key, $value);
+                // For array $value -> if exists key 'tmp_name' then must not be empty
+                // This avoid delete from user field value table when doesn't upload a file
+                if (is_array($value)) {
+                    if (array_key_exists('tmp_name', $value) && empty($value['tmp_name'])) {
+                        //Nothing to do
+                    } else {
+                        if (array_key_exists('tmp_name', $value)) {
+                            $value['tmp_name'] = Security::filter_filename($value['tmp_name']);
+                        }
+                        if (array_key_exists('name', $value)) {
+                            $value['name'] = Security::filter_filename($value['name']);
+                        }
+                        UserManager::update_extra_field_value($user_id, $key, $value);
+                    }
+                } else {
+                    UserManager::update_extra_field_value($user_id, $key, $value);
+                }
            }
        }

@ -596,3 +617,4 @@ if ($form->validate()) {
    }
 }
 Display :: display_footer();
+
--- a/main/auth/profile.php
+++ b/main/auth/profile.php
@ -143,6 +143,7 @@ if (api_get_setting('profile', 'name') !== 'true') {
 }
 $form->applyFilter(array('lastname', 'firstname'), 'stripslashes');
 $form->applyFilter(array('lastname', 'firstname'), 'trim');
+$form->applyFilter(array('lastname', 'firstname'), 'html_filter');
 $form->addRule('lastname' , get_lang('ThisFieldIsRequired'), 'required');
 $form->addRule('firstname', get_lang('ThisFieldIsRequired'), 'required');

@ -165,6 +166,7 @@ if (CONFVAL_ASK_FOR_OFFICIAL_CODE) {
    }
    $form->applyFilter('official_code', 'stripslashes');
    $form->applyFilter('official_code', 'trim');
+    $form->applyFilter('official_code', 'html_filter');
    if (api_get_setting('registration', 'officialcode') == 'true' && api_get_setting('profile', 'officialcode') == 'true') {
        $form->addRule('official_code', get_lang('ThisFieldIsRequired'), 'required');
    }
@ -202,6 +204,7 @@ if (api_get_setting('profile', 'phone') !== 'true') {
 }
 $form->applyFilter('phone', 'stripslashes');
 $form->applyFilter('phone', 'trim');
+$form->applyFilter('phone', 'html_filter');
 /*if (api_get_setting('registration', 'phone') == 'true') {
    $form->addRule('phone', get_lang('ThisFieldIsRequired'), 'required');
 }
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@ -3691,7 +3691,7 @@ function display_forum_search_results($search_term)
          4. post is visible
         */
        if (!api_is_allowed_to_edit(null, true)) {
-            if ($forum_categories_list[$row['forum_id']['forum_category']]['visibility'] == '1' AND
+            if ($forum_categories_list[$forum_list[$row['forum_id']]['forum_category']]['visibility'] == '1' AND
                $forum_list[$row['forum_id']]['visibility'] == '1' AND $row['visible'] == '1'
            ) {
                $display_result = true;
--- a/main/inc/lib/banner.lib.php
+++ b/main/inc/lib/banner.lib.php
@ -484,6 +484,7 @@ function return_breadcrumb($interbreadcrumb, $language_file, $nameTools)
    if (!empty($_course) && !isset($_GET['hide_course_breadcrumb'])) {

        $navigation_item['url'] = $web_course_path . $_course['path'].'/index.php'.(!empty($session_id) ? '?id_session='.$session_id : '');
+        $_course['name'] = api_htmlentities($_course['name']);
        $course_title = cut($_course['name'], MAX_LENGTH_BREADCRUMB);

        switch (api_get_setting('breadcrumbs_course_homepage')) {
--- a/main/inc/lib/course.lib.php
+++ b/main/inc/lib/course.lib.php
@ -3372,7 +3372,7 @@ class CourseManager
                        $course['status'] = STUDENT;
                    }

-                    $params['icon'] = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
+                    $params['icon'] = Display::return_icon('blackboard.png', api_htmlentities($course_info['title']), array(), ICON_SIZE_LARGE);

                    $params['right_actions'] = '';
                    if (api_is_platform_admin()) {
@ -3448,7 +3448,7 @@ class CourseManager
        while ($row = Database::fetch_array($result)) {
            // We simply display the title of the category.
            $params = array(
-               'icon' => Display::return_icon('folder_yellow.png', $row['title'], array(), ICON_SIZE_LARGE),
+               'icon' => Display::return_icon('folder_yellow.png', api_htmlentities($row['title']), array(), ICON_SIZE_LARGE),
               'title' => $row['title'],
               'class' => 'table_user_course_category'
            );
@ -3542,7 +3542,7 @@ class CourseManager
            $show_notification = Display::show_notification($course_info);

            // New code displaying the user's status in respect to this course.
-            $status_icon = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
+            $status_icon = Display::return_icon('blackboard.png', api_htmlentities($course_info['title']), array(), ICON_SIZE_LARGE);

            $params = array();
            $params['right_actions'] = '';
@ -3741,7 +3741,7 @@ class CourseManager
        }

        $params = array();
-        $params['icon'] = Display::return_icon('blackboard_blue.png', $course_info['name'], array(), ICON_SIZE_LARGE);
+        $params['icon'] = Display::return_icon('blackboard_blue.png', api_htmlentities($course_info['name']), array(), ICON_SIZE_LARGE);
        $params['link'] = $session_url;
        $params['title'] = $session_title;

--- a/main/inc/lib/course_home.lib.php
+++ b/main/inc/lib/course_home.lib.php
@ -694,7 +694,7 @@ class CourseHome
                        }
                    }
                } else {
-                    $item['visibility'] .= '&nbsp;';
+                    $item['visibility'] .= '';
                }

                // NOTE : Table contains only the image file name, not full path
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -4323,6 +4323,7 @@ class UserManager
                    $form->addElement('text', 'extra_'.$field_details[1], $field_details[3], array('size' => 40));
                    $form->applyFilter('extra_'.$field_details[1], 'stripslashes');
                    $form->applyFilter('extra_'.$field_details[1], 'trim');
+                    $form->applyFilter('extra_'.$field_details[1], 'html_filter');

                    if (!$admin_permissions) {
                        if ($field_details[7] == 0)
--- a/main/newscorm/lp_list.php
+++ b/main/newscorm/lp_list.php
@ -110,11 +110,11 @@ if (!empty($flat_list)) {
    echo '<tr>';

    if ($is_allowed_to_edit) {
-        echo '<th width="50%">'.get_lang('Title').'</th>';
+        echo '<th width="40%">'.get_lang('Title').'</th>';
        echo '<th>'.get_lang('PublicationDate').'</th>';
        echo '<th>'.get_lang('ExpirationDate').'</th>';
        echo '<th>'.get_lang('Progress')."</th>";
-        echo '<th width="240px">'.get_lang('AuthoringOptions')."</th>";
+        echo '<th width="260px">'.get_lang('AuthoringOptions')."</th>";
    } else {
        echo '<th width="50%">'.get_lang('Title').'</th>';
        echo '<th>'.get_lang('Progress')."</th>";
--- a/main/template/default/auth/courses_categories.php
+++ b/main/template/default/auth/courses_categories.php
@ -251,10 +251,10 @@ function display_thumbnail($course, $icon_title)
    echo '<div class="thumbnail">';
    if (api_get_setting('show_courses_descriptions_in_catalog') == 'true') {
        echo '<a class="ajax" href="'.api_get_path(WEB_CODE_PATH).'inc/ajax/course_home.ajax.php?a=show_course_information&amp;code='.$course['code'].'" title="'.$icon_title.'" rel="gb_page_center[778]">';
-        echo '<img src="'.$course_medium_image.'" alt="'.$title.'" />';
+        echo '<img src="'.$course_medium_image.'" alt="'.api_htmlentities($title).'" />';
        echo '</a>';
    } else {
-        echo '<img src="'.$course_medium_image.'" alt="'.$title.'"/>';
+        echo '<img src="'.$course_medium_image.'" alt="'.api_htmlentities($title).'"/>';
    }
    echo '</div>';  // thumbail
    echo '</div>';  // span2