chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r20804] minor - logic changes - replace COURSEMANAGER by COURSEMANAGERLOWSECURITY in survey tool - (partial FS#3909)

Browse Source
skala
Isaac Flores 17 years ago
parent 27f31dd532
commit 15de9fd3c7
1 changed files with 5 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      main/survey/survey.lib.php

10
main/survey/survey.lib.php
Unescape View File

@ -24,7 +24,7 @@
* @package dokeos.survey * @package dokeos.survey
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University: cleanup, refactoring and rewriting large parts (if not all) of the code * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University: cleanup, refactoring and rewriting large parts (if not all) of the code
@author Julio Montoya Armas <gugli100@gmail.com>, Dokeos: Personality Test modification and rewriting large parts of the code @author Julio Montoya Armas <gugli100@gmail.com>, Dokeos: Personality Test modification and rewriting large parts of the code
* @version $Id: survey.lib.php 20717 2009-05-16 10:32:10Z ivantcholakov $ * @version $Id: survey.lib.php 20804 2009-05-18 19:22:35Z iflorespaz $
* *
* @todo move this file to inc/lib * @todo move this file to inc/lib
* @todo use consistent naming for the functions (save vs store for instance) * @todo use consistent naming for the functions (save vs store for instance)
@ -241,16 +241,16 @@ class survey_manager
} }
$sql = "INSERT INTO $table_survey (code, title, subtitle, author, lang, avail_from, avail_till, is_shared, template, intro, surveythanks, creation_date, anonymous".$additional['columns'].", session_id) VALUES ( $sql = "INSERT INTO $table_survey (code, title, subtitle, author, lang, avail_from, avail_till, is_shared, template, intro, surveythanks, creation_date, anonymous".$additional['columns'].", session_id) VALUES (
'".Database::escape_string(Security::remove_XSS($values['survey_code']))."', '".Database::escape_string(Security::remove_XSS($values['survey_code']))."',
'".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_title'])),COURSEMANAGER))."', '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_title'])),COURSEMANAGERLOWSECURITY))."',
'".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_subtitle'])),COURSEMANAGER))."', '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_subtitle'])),COURSEMANAGERLOWSECURITY))."',
'".Database::escape_string($_user['user_id'])."', '".Database::escape_string($_user['user_id'])."',
'".Database::escape_string($values['survey_language'])."', '".Database::escape_string($values['survey_language'])."',
'".Database::escape_string($values['start_date'])."', '".Database::escape_string($values['start_date'])."',
'".Database::escape_string($values['end_date'])."', '".Database::escape_string($values['end_date'])."',
'".Database::escape_string($shared_survey_id)."', '".Database::escape_string($shared_survey_id)."',
'".Database::escape_string('template')."', '".Database::escape_string('template')."',
'".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_introduction'])),COURSEMANAGER))."', '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_introduction'])),COURSEMANAGERLOWSECURITY))."',
'".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_thanks'])),COURSEMANAGER))."', '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_thanks'])),COURSEMANAGERLOWSECURITY))."',
'".date('Y-m-d H:i:s')."', '".date('Y-m-d H:i:s')."',
'".Database::escape_string($values['anonymous'])."'".$additional['values'].", '".Database::escape_string($values['anonymous'])."'".$additional['values'].",
".intval($_SESSION['id_session'])." ".intval($_SESSION['id_session'])."

Write Preview
Loading…
Cancel
Save