Fix psalm issues: Double casting, add phpdoc, fix php warning

Update from 1.11.x

public/main/course_info/download.php

@@ -30,7 +30,7 @@ if (in_array($extension, ['xml', 'csv']) &&
     (api_is_platform_admin(true) || api_is_drh())
 ) {
     $content_type = 'application/force-download';
-} elseif ('zip' === $extension && $_cid && (api_is_platform_admin(true) || api_is_course_admin())) {
+} elseif ('zip' === $extension && api_get_course_id() && (api_is_platform_admin(true) || api_is_course_admin())) {
     $content_type = 'application/force-download';
 }
 

public/main/course_info/infocours.php

@@ -984,11 +984,8 @@ if ($form->validate() && $isEditable) {
         $illustrationRepo->deleteIllustration($courseEntity);
     }
 
-    global $_configuration;
+    $limitCourses = api_get_configuration_value('hosting_limit_active_courses');
-    if (isset($_configuration[$urlId]) &&
+    if ($limitCourses > 0) {
-        isset($_configuration[$urlId]['hosting_limit_active_courses']) &&
-        $_configuration[$urlId]['hosting_limit_active_courses'] > 0
-    ) {
         $courseInfo = api_get_course_info_by_id($courseId);
 
         // Check if
@@ -996,7 +993,7 @@ if ($form->validate() && $isEditable) {
             $visibility != $courseInfo['visibility']
         ) {
             $num = CourseManager::countActiveCourses($urlId);
-            if ($num >= $_configuration[$urlId]['hosting_limit_active_courses']) {
+            if ($num >= $limitCourses) {
                 api_warn_hosting_contact('hosting_limit_active_courses');
 
                 Display::addFlash(

public/main/forum/forumfunction.inc.php

@@ -765,7 +765,7 @@ function store_forum($values, $courseInfo = [], $returnId = false)
     //'forum_image' => $new_file_name,
     $forum
         ->setForumTitle($values['forum_title'])
-        ->setForumComment($values['forum_comment'] ?? null)
+        ->setForumComment($values['forum_comment'] ?? '')
         ->setForumCategory($forumCategory)
         ->setAllowAnonymous($values['allow_anonymous_group']['allow_anonymous'] ?? null)
         ->setAllowEdit($values['students_can_edit_group']['students_can_edit'] ?? null)

public/main/inc/ajax/course.ajax.php

@@ -153,14 +153,14 @@ switch ($action) {
                 //TODO change this function to search not only courses STARTING with $_GET['q']
                 if (api_is_platform_admin()) {
                     $courseList = CourseManager::get_courses_list(
-                        0, //offset
+                        0,
-                        0, //howMany
+                        0,
-                        1, //$orderby = 1
+                        1,
                         'ASC',
-                        -1, //visibility
+                        -1,
                         $_GET['q'],
-                        null, //$urlId
+                        null,
-                        true //AlsoSearchCode
+                        true
                     );
                 } elseif (api_is_teacher()) {
                     $courseList = CourseManager::get_course_list_of_user_as_course_admin(api_get_user_id(), $_GET['q']);
@@ -257,12 +257,18 @@ switch ($action) {
         }
         break;
     case 'search_user_by_course':
-        if (api_is_platform_admin()) {
-            $user = Database::get_main_table(TABLE_MAIN_USER);
-            $session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
         $sessionId = $_GET['session_id'];
         $course = api_get_course_info_by_id($_GET['course_id']);
 
+        $isPlatformAdmin = api_is_platform_admin();
+        $userIsSubscribedInCourse = CourseManager::is_user_subscribed_in_course(
+            api_get_user_id(),
+            $course['code'],
+            !empty($sessionId),
+            $sessionId
+        );
+
+        if ($isPlatformAdmin || $userIsSubscribedInCourse) {
             $json = [
                 'items' => [],
             ];

public/main/inc/ajax/exercise.ajax.php

@@ -160,7 +160,6 @@ switch ($action) {
         }
 
         // 1. Setting variables needed by jqgrid
-        $action = $_GET['a'];
         $exercise_id = (int) $_GET['exercise_id'];
         $page = (int) $_REQUEST['page']; //page
         $limit = (int) $_REQUEST['rows']; //quantity of rows
@@ -391,12 +390,44 @@ switch ($action) {
         echo 1;
         exit;
         break;
+    case 'check_answers':
+        if (false === api_is_allowed_to_session_edit()) {
+            echo 'error';
+            exit;
+        }
+
+        /** @var Exercise $objExercise */
+        $objExercise = Session::read('objExercise');
+        $questionList = Session::read('questionList');
+        $exeId = Session::read('exe_id');
+
+        // If exercise or question is not set then exit.
+        if (empty($questionList) || empty($objExercise)) {
+            echo 'error';
+            exit;
+        }
+
+        $statInfo = $objExercise->get_stat_track_exercise_info_by_exe_id($exeId);
+
+        echo Display::page_subheader(get_lang('QuestionsToReview'));
+        echo $objExercise->getReminderTable($questionList, $statInfo, true);
+        break;
     case 'save_exercise_by_now':
         $course_info = api_get_course_info_by_id($course_id);
         $course_id = $course_info['real_id'];
 
-        // Use have permissions?
+        // Use have permissions to edit exercises results now?
-        if (api_is_allowed_to_session_edit()) {
+        if (false === api_is_allowed_to_session_edit()) {
+            echo 'error';
+            if ($debug) {
+                error_log(
+                    'Exercises attempt '.$exeId.': Failed saving question(s) in course/session '.
+                    $course_id.'/'.$session_id.
+                    ': The user ('.api_get_user_id().') does not have the permission to access this session now'
+                );
+            }
+            exit;
+        }
         // "all" or "simple" strings means that there's one or all questions exercise type
         $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
 
@@ -476,7 +507,7 @@ switch ($action) {
             $attemptList = Event::getAllExerciseEventByExeId($exeId);
         }
 
-            // Updating Reminder algorithm.
+        // No exe id? Can't save answer.
         if (empty($exeId)) {
             // Fires an error.
             echo 'error';
@@ -510,7 +541,7 @@ switch ($action) {
             }
         }
 
-            // No exe id? Can't save answer.
+        // Getting the total weight if the request is simple.
         $total_weight = 0;
         if ('simple' === $type) {
             foreach ($question_list as $my_question_id) {
@@ -519,12 +550,12 @@ switch ($action) {
             }
         }
         unset($objQuestionTmp);
-            // Fires an error.
         if ($debug) {
             error_log('Starting questions loop in save_exercise_by_now');
         }
 
-            // Getting the total weight if the request is simple
+        // Check we have at least one non-empty answer in the array
+        // provided by the user's click on the "Finish test" button.
         if ('all' === $type) {
             $atLeastOneAnswer = false;
             foreach ($question_list as $my_question_id) {
@@ -545,7 +576,7 @@ switch ($action) {
             }
         }
 
-            // Looping the question list
+        // Looping the question list from database (not from the user answer)
         foreach ($question_list as $my_question_id) {
             if ('simple' === $type && $question_id != $my_question_id) {
                 if ($debug) {
@@ -556,7 +587,6 @@ switch ($action) {
 
             $my_choice = isset($choice[$my_question_id]) ? $choice[$my_question_id] : null;
 
-                // Creates a temporary Question object
             $objQuestionTmp = Question::read($my_question_id, $objExercise->course);
 
             $myChoiceDegreeCertainty = null;
@@ -589,7 +619,7 @@ switch ($action) {
             }
 
             if ('simple' === $type) {
-                    // Getting old attempt in order to decrees the total score.
+            // Getting old attempt in order to decrease the total score.
                 $old_result = $objExercise->manage_answer(
                     $exeId,
                     $my_question_id,
@@ -620,7 +650,7 @@ switch ($action) {
                     }
                 }
             }
-                // Deleting old attempt
+            // Deleting old attempt.
             if (isset($attemptList) && !empty($attemptList[$my_question_id])) {
                 if ($debug) {
                     error_log("delete_attempt exe_id : $exeId, my_question_id: $my_question_id");
@@ -780,20 +810,11 @@ switch ($action) {
         if ($debug) {
             error_log('Finished questions loop in save_exercise_by_now');
         }
-        } else {
+        if ($type === 'all') {
             if ($debug) {
-                error_log(
+                error_log("result: ok - all");
-                    'Exercises attempt '.$exeId.': Failed saving question(s) in course/session '.
+                error_log(" ------ end ajax call ------- ");
-                    $course_id.'/'.$session_id.
-                    ': The user ('.
-                    api_get_user_id().
-                    ') does not have the permission to access this session now');
             }
-            echo 'error';
-            exit;
-        }
-
-        if ('all' == $type) {
             echo 'ok';
             exit;
         }

public/main/inc/ajax/extra_field.ajax.php

@@ -151,7 +151,6 @@ switch ($action) {
                             dataType: "json",
                             data: "values="+save,
                             success: function(data) {
-                                console.log(data);
                             }
                         });
 

public/main/inc/ajax/gradebook.ajax.php

@@ -53,6 +53,44 @@ switch ($action) {
             $form->display();
         }
         break;*/
+    case 'export_all_certificates':
+        $categoryId = (int) $_GET['cat_id'];
+        $filterOfficialCodeGet = isset($_GET['filter']) ? Security::remove_XSS($_GET['filter']) : null;
+
+        if (api_is_student_boss()) {
+            $userGroup = new UserGroup();
+            $userList = $userGroup->getGroupUsersByUser(api_get_user_id());
+        } else {
+            $userList = [];
+            if (!empty($filterOfficialCodeGet)) {
+                $userList = UserManager::getUsersByOfficialCode($filterOfficialCodeGet);
+            }
+        }
+
+        $courseCode = api_get_course_id();
+        $sessionId = api_get_session_id();
+
+        $commandScript = api_get_path(SYS_CODE_PATH).'gradebook/cli/export_all_certificates.php';
+
+        $userList = implode(',', $userList);
+
+        shell_exec("php $commandScript $courseCode $sessionId $categoryId $userList > /dev/null &");
+        break;
+    case 'verify_export_all_certificates':
+        $categoryId = (int) $_GET['cat_id'];
+        $courseCode = isset($_GET['cidReq']) ? Security::remove_XSS($_GET['cidReq']) : api_get_course_id();
+        $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : api_get_session_id();
+        $date = api_get_utc_datetime(null, false, true);
+
+        $pdfName = 'certs_'.$courseCode.'_'.$sessionId.'_'.$categoryId.'_'.$date->format('Y-m-d');
+
+        $sysFinalFile = api_get_path(SYS_ARCHIVE_PATH)."$pdfName.pdf";
+        $webFinalFile = api_get_path(WEB_ARCHIVE_PATH)."$pdfName.pdf";
+
+        if (file_exists($sysFinalFile)) {
+            echo $webFinalFile;
+        }
+        break;
     default:
         echo '';
         break;

public/main/inc/ajax/myspace.ajax.php

@@ -23,7 +23,6 @@ switch ($action) {
         if (empty($userId)) {
             exit;
         }
-    // At this date : 23/02/2017, a minor review can't determine where is used this case 'access_detail'
         $cacheAvailable = api_get_configuration_value('apc');
         $table = null;
         $variable = 'lp_global_report_'.$userId;
@@ -41,7 +40,7 @@ switch ($action) {
         $sessionCategoryList = UserManager::get_sessions_by_category($userId, false);
         $total = 0;
         $totalAverage = 0;
-        $table = new HTML_Table(['class' => 'data_table']);
+        $table = new HTML_Table(['class' => 'table table-hover table-striped data_table']);
         $row = 0;
         $col = 0;
         foreach ($sessionCategoryList as $category) {

public/main/inc/ajax/record_audio_rtc.ajax.php

@@ -5,7 +5,6 @@ use ChamiloSession as Session;
 
 require_once __DIR__.'/../global.inc.php';
 
-// Add security from Chamilo
 api_block_anonymous_users();
 
 $courseInfo = api_get_course_info();

public/main/inc/ajax/record_audio_wami.ajax.php

@@ -19,12 +19,12 @@ if (isset($params['waminame']) && isset($params['wamidir']) && isset($params['wa
     $wamiuserid = $params['wamiuserid'];
 } else {
     api_not_allowed();
-    die();
+    exit();
 }
 
 if (empty($wamiuserid)) {
     api_not_allowed();
-    die();
+    exit();
 }
 
 $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : 'document'; // can be document or message
@@ -49,7 +49,7 @@ $ext = explode('.', $waminame);
 $ext = strtolower($ext[sizeof($ext) - 1]);
 
 if ('wav' != $ext) {
-    die();
+    exit();
 }
 
 switch ($type) {
@@ -67,7 +67,7 @@ switch ($type) {
         $documentPath = $saveDir.'/'.$waminame_to_save;
 
         // Add to disk
-        $fh = fopen($documentPath, 'w') or die("can't open file");
+        $fh = fopen($documentPath, 'w') or exit("can't open file");
         fwrite($fh, $content);
         fclose($fh);
 

public/main/inc/lib/pdf.lib.php

@@ -559,10 +559,10 @@ class PDF
      *
      * @return bool
      */
-    public function delete_watermark($courseCode = null)
+    public static function delete_watermark($courseCode = null)
     {
         $urlId = api_get_current_access_url_id();
-        if (!empty($courseCode) && 'true' == api_get_setting('pdf_export_watermark_by_course')) {
+        if (!empty($courseCode) && 'true' === api_get_setting('pdf_export_watermark_by_course')) {
             $course_info = api_get_course_info($courseCode);
             // course path
             $store_path = api_get_path(SYS_COURSE_PATH).$course_info['path'].'/'.$urlId.'_pdf_watermark.png';
@@ -588,10 +588,10 @@ class PDF
      *
      * @return mixed web path of the file if sucess, false otherwise
      */
-    public function upload_watermark($filename, $source_file, $courseCode = null)
+    public static function upload_watermark($filename, $source_file, $courseCode = null)
     {
         $urlId = api_get_current_access_url_id();
-        if (!empty($courseCode) && 'true' == api_get_setting('pdf_export_watermark_by_course')) {
+        if (!empty($courseCode) && 'true' === api_get_setting('pdf_export_watermark_by_course')) {
             $course_info = api_get_course_info($courseCode);
             $store_path = api_get_path(SYS_COURSE_PATH).$course_info['path']; // course path
             $web_path = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/pdf_watermark.png';

public/main/social/group_topics.php

@@ -51,9 +51,7 @@ if (isset($_REQUEST['action']) && 'delete' == $_REQUEST['action']) {
 }
 
 // My friends
-$friend_html = SocialManager::listMyFriendsBlock(
+$friend_html = SocialManager::listMyFriendsBlock(api_get_user_id());
-    $user_id
-);
 $content = null;
 $social_right_content = '';
 

public/main/social/home.php

@@ -39,6 +39,7 @@ if (!empty($threadList)) {
 $posts = SocialManager::getMyWallMessages($user_id, 0, 10, $threadIdList);
 $countPost = $posts['count'];
 $posts = $posts['posts'];
+$htmlHeadXtra = [];
 SocialManager::getScrollJs($countPost, $htmlHeadXtra);
 
 // Block Menu

public/main/social/personal_data.php

@@ -88,14 +88,14 @@ switch ($action) {
                 $contentEmail = sprintf(
                     get_lang('User %s signed the agreement.TheDateY'),
                     $currentUserInfo['complete_name'],
-                    api_get_local_time($time)
+                    api_get_local_time()
                 );
 
                 MessageManager::send_message_simple(
                     $bossId,
                     $subjectEmail,
                     $contentEmail,
-                    $user_id
+                    api_get_user_id()
                 );
             }
         }
@@ -400,7 +400,7 @@ $personalData['data'] = $personalDataContent;
 
 $em = Database::getManager();
 /** @var LegalRepository $legalTermsRepo */
-$legalTermsRepo = $em->getRepository('ChamiloCoreBundle:Legal');
+$legalTermsRepo = $em->getRepository(\Chamilo\CoreBundle\Entity\Legal::class);
 // Get data about the treatment of data
 $treatmentTypes = LegalManager::getTreatmentTypeList();
 

public/main/social/profile.php

@@ -106,6 +106,7 @@ if (isset($_GET['u'])) {
 
 api_block_anonymous_users();
 $countPost = SocialManager::getCountWallMessagesByUser($friendId);
+$htmlHeadXtra = [];
 SocialManager::getScrollJs($countPost, $htmlHeadXtra);
 $link_shared = '';
 if (isset($_GET['shared'])) {
@@ -237,7 +238,7 @@ if ($show_full_profile) {
 
     if (!empty($user_info['competences']) || !empty($user_info['diplomas'])
         || !empty($user_info['openarea']) || !empty($user_info['teach'])) {
-        $more_info .= '<div><h3>'.get_lang('More information').'</h3></div>';
+        $more_info = '<div><h3>'.get_lang('More information').'</h3></div>';
         if (!empty($user_info['competences'])) {
             $more_info .= '<br />';
             $more_info .= '<div class="social-actions-message"><strong>'.get_lang('My competences').'</strong></div>';

public/main/survey/ch_personality.php

@@ -53,6 +53,7 @@ class ch_personality extends survey_question
         // Values of question options
         if (is_array($formData['values'])) { // Check if data is correct
             foreach ($formData['values'] as $key => &$value) {
+                $value = Security::remove_XSS($value);
                 $question_values[] = '<input size="3" type="text" id="values['.$key.']" name="values['.$key.']" value="'.$value.'" />';
             }
         }
@@ -62,14 +63,9 @@ class ch_personality extends survey_question
                 $this->html .= '<tr>';
                 $this->html .= '<td align="right"><label for="answers['.$key.']">'.($key + 1).'</label></td>';
                 $this->html .= '<td width="550">';
-                $this->html .= api_return_html_area(
+                $dataValue = api_html_entity_decode(stripslashes($formData['answers'][$key]));
-                    'answers['.$key.']',
+                $dataValue = Security::remove_XSS($dataValue);
-                    api_html_entity_decode(stripslashes($formData['answers'][$key])),
+                $this->html .= '<textarea name="answers['.$key.']" >'.$dataValue.'</textarea>';
-                    '',
-                    '',
-                    null,
-                    ['ToolbarSet' => 'Survey', 'Width' => '100%', 'Height' => '120']
-                );
                 $this->html .= '</td>';
                 $this->html .= '<td>';