chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Minor - update from 1.11.x

Browse Source
pull/2877/head
Julio Montoya 7 years ago
parent 4bdc2ef614
commit 194c5ae446
23 changed files with 225 additions and 157 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      certificates/index.php
  2. 52
      main/admin/course_list.php
  3. 4
      main/admin/user_edit.php
  4. 2
      main/admin/user_list.php
  5. 10
      main/badge/assertion.php
  6. 19
      main/badge/class.php
  7. 45
      main/badge/criteria.php
  8. 6
      main/blog/blog.php
  9. 7
      main/calendar/download.php
  10. 3
      main/course_home/course_home.php
  11. 5
      main/course_info/about.php
  12. 4
      main/course_info/legal.php
  13. 2
      main/course_info/tools.php
  14. 4
      main/document/document_quota.php
  15. 6
      main/document/upload.php
  16. 76
      main/dropbox/dropbox_functions.inc.php
  17. 2
      main/extrafield/translate.php
  18. 69
      main/forum/forumfunction.inc.php
  19. 3
      main/forum/index.php
  20. 1
      main/forum/newthread.php
  21. 1
      main/forum/reply.php
  22. 53
      main/forum/viewthread.php
  23. 2
      main/glossary/glossary_ajax_request.php

6
certificates/index.php
Unescape View File

@ -8,9 +8,11 @@
require_once '../main/inc/global.inc.php'; require_once '../main/inc/global.inc.php';
$action = isset($_GET['action']) ? $_GET['action'] : null; $action = isset($_GET['action']) ? $_GET['action'] : null;
$certificate = new Certificate($_GET['id']); $userId = isset($_GET['user_id']) ? $_GET['user_id'] : 0;
CustomCertificatePlugin::redirectCheck($certificate, $_GET['id']); $certificate = new Certificate($_GET['id'], $userId);
CustomCertificatePlugin::redirectCheck($certificate, $_GET['id'], $userId);
switch ($action) { switch ($action) {
case 'export': case 'export':

52
main/admin/course_list.php
Unescape View File

@ -173,12 +173,9 @@ function get_course_data($from, $number_of_items, $column, $direction)
while ($course = Database::fetch_array($res)) { while ($course = Database::fetch_array($res)) {
// Place colour icons in front of courses. // Place colour icons in front of courses.
$show_visual_code = $course['visual_code'] != $course[2] ? Display::label($course['visual_code'], 'info') : null; $show_visual_code = $course['visual_code'] != $course[2] ? Display::label($course['visual_code'], 'info') : null;
$course[1] = get_course_visibility_icon($course[8]). $course[1] = get_course_visibility_icon($course[8]).PHP_EOL
'<a href="'.$coursePath.$course[9].'/index.php">'. .Display::url(Security::remove_XSS($course[1]), $coursePath.$course[9].'/index.php').PHP_EOL
Security::remove_XSS($course[1]). .$show_visual_code;
'</a> '.
$show_visual_code
;
$course[5] = $course[5] == SUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No'); $course[5] = $course[5] == SUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
$course[6] = $course[6] == UNSUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No'); $course[6] = $course[6] == UNSUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
$language = isset($languages[$course[3]]) ? $languages[$course[3]] : $course[3]; $language = isset($languages[$course[3]]) ? $languages[$course[3]] : $course[3];
@ -186,18 +183,35 @@ function get_course_data($from, $number_of_items, $column, $direction)
$courseCode = $course[0]; $courseCode = $course[0];
$courseId = $course['id']; $courseId = $course['id'];
$actions = '<a href="course_information.php?code='.$courseCode.'">'. $actions = [];
Display::return_icon('info2.png', get_lang('Info')).'</a>&nbsp;'. $actions[] = Display::url(
'<a href="'.$coursePath.$course['directory'].'/index.php">'. Display::return_icon('info2.png', get_lang('Info')),
Display::return_icon('course_home.png', get_lang('CourseHomepage')).'</a>&nbsp;'. "course_information.php?code=$courseCode"
'<a href="'.$path.'tracking/courseLog.php?'.api_get_cidreq_params($courseCode).'">'. );
Display::return_icon('statistics.png', get_lang('Tracking')).'</a>&nbsp;'. $actions[] = Display::url(
'<a href="'.$path.'admin/course_edit.php?id='.$courseId.'">'. Display::return_icon('course_home.png', get_lang('CourseHomepage')),
Display::return_icon('edit.png', get_lang('Edit'), [], ICON_SIZE_SMALL).'</a>&nbsp;'. $coursePath.$course['directory'].'/index.php'
'<a href="'.$path.'coursecopy/create_backup.php?'.api_get_cidreq_params($courseCode).'">'. );
Display::return_icon('backup.png', get_lang('CreateBackup')).'</a>&nbsp;'. $actions[] = Display::url(
'<a href="'.$path.'admin/course_list.php?delete_course='.$courseCode.'" onclick="javascript: if (!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;">'. Display::return_icon('statistics.png', get_lang('Tracking')),
Display::return_icon('delete.png', get_lang('Delete'), [], ICON_SIZE_SMALL).'</a>'; $path.'tracking/courseLog.php?'.api_get_cidreq_params($courseCode)
);
$actions[] = Display::url(
Display::return_icon('edit.png', get_lang('Edit')),
$path.'admin/course_edit.php?id='.$courseId
);
$actions[] = Display::url(
Display::return_icon('backup.png', get_lang('CreateBackup')),
$path.'coursecopy/create_backup.php?'.api_get_cidreq_params($courseCode)
);
$actions[] = Display::url(
Display::return_icon('delete.png', get_lang('Delete')),
$path.'admin/course_list.php?delete_course='.$courseCode,
[
'onclick' => "javascript: if (!confirm('"
.addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."')) return false;",
]
);
$courseItem = [ $courseItem = [
$course[0], $course[0],
@ -207,7 +221,7 @@ function get_course_data($from, $number_of_items, $column, $direction)
$course[4], $course[4],
$course[5], $course[5],
$course[6], $course[6],
$actions, implode(PHP_EOL, $actions),
]; ];
$courses[] = $courseItem; $courses[] = $courseItem;
} }

4
main/admin/user_edit.php
Unescape View File

@ -69,8 +69,8 @@ function confirmation(name) {
//$htmlHeadXtra[] = api_get_asset('cropper/dist/cropper.min.js'); //$htmlHeadXtra[] = api_get_asset('cropper/dist/cropper.min.js');
$tool_name = get_lang('ModifyUserInfo'); $tool_name = get_lang('ModifyUserInfo');
$interbreadcrumb[] = ['url' => 'index.php', "name" => get_lang('PlatformAdmin')]; $interbreadcrumb[] = ['url' => 'index.php', 'name' => get_lang('PlatformAdmin')];
$interbreadcrumb[] = ['url' => "user_list.php", "name" => get_lang('UserList')]; $interbreadcrumb[] = ['url' => 'user_list.php', 'name' => get_lang('UserList')];
$table_user = Database::get_main_table(TABLE_MAIN_USER); $table_user = Database::get_main_table(TABLE_MAIN_USER);
$table_admin = Database::get_main_table(TABLE_MAIN_ADMIN); $table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);

2
main/admin/user_list.php
Unescape View File

@ -569,7 +569,7 @@ function email_filter($email)
*/ */
function user_filter($name, $params, $row) function user_filter($name, $params, $row)
{ {
return '<a href="'.api_get_path(WEB_PATH).'whoisonline.php?origin=user_list&id='.$row[0].'">'.$name.'</a>'; return '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_information.php?user_id='.$row[0].'">'.$name.'</a>';
} }
/** /**

10
main/badge/assertion.php
Unescape View File

@ -8,14 +8,12 @@
* *
* @package chamilo.badge * @package chamilo.badge
*/ */
header('Content-Type: application/json');
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$userId = isset($_GET['user']) ? intval($_GET['user']) : 0; $userId = isset($_GET['user']) ? (int) $_GET['user'] : 0;
$skillId = isset($_GET['skill']) ? intval($_GET['skill']) : 0; $skillId = isset($_GET['skill']) ? (int) $_GET['skill'] : 0;
$courseId = isset($_GET['course']) ? intval($_GET['course']) : 0; $courseId = isset($_GET['course']) ? (int) $_GET['course'] : 0;
$sessionId = isset($_GET['session']) ? intval($_GET['session']) : 0; $sessionId = isset($_GET['session']) ? (int) $_GET['session'] : 0;
if ($userId === 0 || $skillId === 0) { if ($userId === 0 || $skillId === 0) {
exit; exit;

19
main/badge/class.php
Unescape View File

@ -10,17 +10,20 @@
*/ */
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$skillId = isset($_GET['id']) ? intval($_GET['id']) : 0; $skillId = isset($_GET['id']) ? (int) $_GET['id'] : 0;
$objSkill = new Skill(); $objSkill = new Skill();
$skill = $objSkill->get($skillId); $skill = $objSkill->get($skillId);
$json = [];
$json = [ if ($skill) {
'name' => $skill['name'], $json = [
'description' => $skill['description'], 'name' => $skill['name'],
'image' => api_get_path(WEB_UPLOAD_PATH)."badges/{$skill['icon']}", 'description' => $skill['description'],
'criteria' => api_get_path(WEB_CODE_PATH)."badge/criteria.php?id=$skillId", 'image' => api_get_path(WEB_UPLOAD_PATH)."badges/{$skill['icon']}",
'issuer' => api_get_path(WEB_CODE_PATH)."badge/issuer.php", 'criteria' => api_get_path(WEB_CODE_PATH)."badge/criteria.php?id=$skillId",
]; 'issuer' => api_get_path(WEB_CODE_PATH).'badge/issuer.php',
];
}
header('Content-Type: application/json'); header('Content-Type: application/json');

45
main/badge/criteria.php
Unescape View File

@ -10,33 +10,40 @@
*/ */
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$skillId = isset($_GET['id']) ? $_GET['id'] : 0;
if (empty($skillId)) {
exit;
}
$entityManager = Database::getManager(); $entityManager = Database::getManager();
/** @var \Chamilo\CoreBundle\Entity\Skill $skill */ /** @var \Chamilo\CoreBundle\Entity\Skill $skill */
$skill = $entityManager->find('ChamiloCoreBundle:Skill', $_GET['id']); $skill = $entityManager->find('ChamiloCoreBundle:Skill', $_GET['id']);
if (!$skill) { if ($skill) {
Display::addFlash( $skillInfo = [
Display::return_message(get_lang('SkillNotFound'), 'error') 'name' => $skill->getName(),
'short_code' => $skill->getShortCode(),
'description' => $skill->getDescription(),
'criteria' => $skill->getCriteria(),
'badge_image' => Skill::getWebIconPath($skill),
];
$template = new Template();
$template->assign('skill_info', $skillInfo);
$content = $template->fetch(
$template->get_template('skill/criteria.tpl')
); );
header('Location: '.api_get_path(WEB_PATH)); $template->assign('content', $content);
$template->display_one_col_template();
exit; exit;
} }
$skillInfo = [ Display::addFlash(
'name' => $skill->getName(), Display::return_message(get_lang('SkillNotFound'), 'error')
'short_code' => $skill->getShortCode(),
'description' => $skill->getDescription(),
'criteria' => $skill->getCriteria(),
'badge_image' => Skill::getWebIconPath($skill),
];
$template = new Template();
$template->assign('skill_info', $skillInfo);
$content = $template->fetch(
$template->get_template('skill/criteria.tpl')
); );
$template->assign('content', $content); header('Location: '.api_get_path(WEB_PATH));
$template->display_one_col_template(); exit;

6
main/blog/blog.php
Unescape View File

@ -8,7 +8,7 @@
*/ */
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$blog_id = intval($_GET['blog_id']); $blog_id = isset($_GET['blog_id']) ? $_GET['blog_id'] : 0;
if (empty($blog_id)) { if (empty($blog_id)) {
api_not_allowed(true); api_not_allowed(true);
@ -422,11 +422,11 @@ switch ($action) {
$titleSearch = get_lang('PostsOf').' '.$dateSearch; $titleSearch = get_lang('PostsOf').' '.$dateSearch;
$tpl->assign('search', $titleSearch); $tpl->assign('search', $titleSearch);
$tpl->assign('articles', $listArticles); $tpl->assign('articles', $listArticles);
$blogLayout = $tpl->get_template('blog/blog.html.twig'); $blogLayout = $tpl->get_template('blog/blog.tpl');
} else { } else {
$listArticles = Blog::getPosts($blog_id); $listArticles = Blog::getPosts($blog_id);
$tpl->assign('articles', $listArticles); $tpl->assign('articles', $listArticles);
$blogLayout = $tpl->get_template('blog/blog.html.twig'); $blogLayout = $tpl->get_template('blog/blog.tpl');
} }
break; break;
} }

7
main/calendar/download.php
Unescape View File

@ -19,11 +19,9 @@ header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
header('Cache-Control: public'); header('Cache-Control: public');
header('Pragma: no-cache'); header('Pragma: no-cache');
$course_id = intval($_REQUEST['course_id']); $course_id = isset($_REQUEST['course_id']) ? $_REQUEST['course_id'] : 0;
$user_id = api_get_user_id(); $user_id = api_get_user_id();
$course_info = api_get_course_info_by_id($course_id); $course_info = api_get_course_info_by_id($course_id);
$doc_url = $_REQUEST['file'];
$session_id = api_get_session_id();
if (empty($course_id)) { if (empty($course_id)) {
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
@ -32,6 +30,9 @@ if (empty($course_id) || empty($doc_url)) {
api_not_allowed(); api_not_allowed();
} }
$doc_url = $_REQUEST['file'];
$session_id = api_get_session_id();
$is_user_is_subscribed = CourseManager::is_user_subscribed_in_course( $is_user_is_subscribed = CourseManager::is_user_subscribed_in_course(
$user_id, $user_id,
$course_info['code'], $course_info['code'],

3
main/course_home/course_home.php
Unescape View File

@ -32,6 +32,9 @@ use Fhaculty\Graph\Graph;
$use_anonymous = true; $use_anonymous = true;
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$js = '<script>'.api_get_language_translate_html().'</script>';
$htmlHeadXtra[] = $js;
$htmlHeadXtra[] = '<script> $htmlHeadXtra[] = '<script>
/* option show/hide thematic-block */ /* option show/hide thematic-block */
$(function() { $(function() {

5
main/course_info/about.php
Unescape View File

@ -131,7 +131,7 @@ $topics = [
$subscriptionUser = CourseManager::is_user_subscribed_in_course($userId, $course->getCode()); $subscriptionUser = CourseManager::is_user_subscribed_in_course($userId, $course->getCode());
$allowSubscribe = false; $allowSubscribe = false;
if ($course->getSubscribe() == true || api_is_platform_admin()) { if ($course->getSubscribe() || api_is_platform_admin()) {
$allowSubscribe = true; $allowSubscribe = true;
} }
$plugin = BuyCoursesPlugin::create(); $plugin = BuyCoursesPlugin::create();
@ -169,8 +169,7 @@ $metaInfo .= '<meta property="og:image" content="'.$courseItem['image'].'" />';
$htmlHeadXtra[] = $metaInfo; $htmlHeadXtra[] = $metaInfo;
$htmlHeadXtra[] = api_get_asset('readmore-js/readmore.js'); $htmlHeadXtra[] = api_get_asset('readmore-js/readmore.js');
$template = new Template(null); $template = new Template($course->getTitle(), true, true, false, true, false);
//$template->assign('course', $course);
$template->assign('course', $courseItem); $template->assign('course', $courseItem);
$essence = new Essence\Essence(); $essence = new Essence\Essence();
$template->assign('essence', $essence); $template->assign('essence', $essence);

4
main/course_info/legal.php
Unescape View File

@ -8,8 +8,8 @@ $cidReset = true;
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_COURSES; $this_section = SECTION_COURSES;
$course_code = isset($_REQUEST['course_code']) ? $_REQUEST['course_code'] : null; $course_code = isset($_REQUEST['course_code']) ? Security::remove_XSS($_REQUEST['course_code']) : null;
$session_id = isset($_REQUEST['session_id']) ? intval($_REQUEST['session_id']) : null; $session_id = isset($_REQUEST['session_id']) ? (int) $_REQUEST['session_id'] : null;
$user_id = api_get_user_id(); $user_id = api_get_user_id();
if (empty($course_code)) { if (empty($course_code)) {

2
main/course_info/tools.php
Unescape View File

@ -19,7 +19,7 @@ if (!api_is_allowed_to_edit()) {
} }
$action = isset($_GET['action']) ? $_GET['action'] : ''; $action = isset($_GET['action']) ? $_GET['action'] : '';
$id = isset($_GET['id']) ? intval($_GET['id']) : ''; $id = isset($_GET['id']) ? (int) $_GET['id'] : '';
$toolName = get_lang('CustomizeIcons'); $toolName = get_lang('CustomizeIcons');

4
main/document/document_quota.php
Unescape View File

@ -8,13 +8,17 @@
*/ */
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
api_protect_course_script(true);
if (!api_is_allowed_to_edit(null, true)) { if (!api_is_allowed_to_edit(null, true)) {
api_not_allowed(true); api_not_allowed(true);
} }
$current_course_tool = TOOL_DOCUMENT; $current_course_tool = TOOL_DOCUMENT;
$this_section = SECTION_COURSES; $this_section = SECTION_COURSES;
$tool_name = get_lang('DocumentQuota'); $tool_name = get_lang('DocumentQuota');
$interbreadcrumb[] = ['url' => 'document.php', 'name' => get_lang('Documents')]; $interbreadcrumb[] = ['url' => 'document.php', 'name' => get_lang('Documents')];
$htmlHeadXtra[] = api_get_js('jqplot/jquery.jqplot.js'); $htmlHeadXtra[] = api_get_js('jqplot/jquery.jqplot.js');

6
main/document/upload.php
Unescape View File

@ -5,10 +5,10 @@
* @package chamilo.document * @package chamilo.document
*/ */
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
// Including additional libraries
require_once api_get_path(LIBRARY_PATH).'specific_fields_manager.lib.php'; require_once api_get_path(LIBRARY_PATH).'specific_fields_manager.lib.php';
api_protect_course_script(true);
// Adding extra javascript to the form // Adding extra javascript to the form
$htmlHeadXtra[] = api_get_jquery_libraries_js(['jquery-ui', 'jquery-upload']); $htmlHeadXtra[] = api_get_jquery_libraries_js(['jquery-ui', 'jquery-upload']);
@ -20,7 +20,7 @@ $courseDir = $_course['path'].'/document';
$sys_course_path = api_get_path(SYS_COURSE_PATH); $sys_course_path = api_get_path(SYS_COURSE_PATH);
$base_work_dir = $sys_course_path.$courseDir; $base_work_dir = $sys_course_path.$courseDir;
$sessionId = api_get_session_id(); $sessionId = api_get_session_id();
$selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : null; $selectcat = isset($_GET['selectcat']) ? (int) $_GET['selectcat'] : null;
$document_data = []; $document_data = [];

76
main/dropbox/dropbox_functions.inc.php
Unescape View File

@ -79,12 +79,6 @@ function handle_multiple_actions()
} }
// STEP 3B: giving comment // STEP 3B: giving comment
if ($_POST['actions'] == 'comment') {
// This has not been implemented.
// The idea was that it would be possible to write the same feedback for the selected documents.
}
// STEP 3C: moving
if (strstr($_POST['action'], 'move_')) { if (strstr($_POST['action'], 'move_')) {
// check move_received_n or move_sent_n command // check move_received_n or move_sent_n command
if (strstr($_POST['action'], 'received')) { if (strstr($_POST['action'], 'received')) {
@ -291,7 +285,9 @@ function get_dropbox_categories($filter = '')
$result = Database::query($sql); $result = Database::query($sql);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
if (($filter == 'sent' && $row['sent'] == 1) || ($filter == 'received' && $row['received'] == 1) || $filter == '') { if (($filter == 'sent' && $row['sent'] == 1) ||
($filter == 'received' && $row['received'] == 1) || $filter == ''
) {
$return_array[$row['cat_id']] = $row; $return_array[$row['cat_id']] = $row;
} }
} }
@ -309,9 +305,12 @@ function get_dropbox_categories($filter = '')
function get_dropbox_category($id) function get_dropbox_category($id)
{ {
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
if (empty($id) or $id != intval($id)) { $id = (int) $id;
if (empty($id)) {
return []; return [];
} }
$sql = "SELECT * FROM ".Database::get_course_table(TABLE_DROPBOX_CATEGORY)." $sql = "SELECT * FROM ".Database::get_course_table(TABLE_DROPBOX_CATEGORY)."
WHERE c_id = $course_id AND cat_id='".$id."'"; WHERE c_id = $course_id AND cat_id='".$id."'";
$res = Database::query($sql); $res = Database::query($sql);
@ -386,7 +385,8 @@ function store_addcategory()
]; ];
$id = Database::insert(Database::get_course_table(TABLE_DROPBOX_CATEGORY), $params); $id = Database::insert(Database::get_course_table(TABLE_DROPBOX_CATEGORY), $params);
if ($id) { if ($id) {
$sql = "UPDATE ".Database::get_course_table(TABLE_DROPBOX_CATEGORY)." SET cat_id = iid WHERE iid = $id"; $sql = "UPDATE ".Database::get_course_table(TABLE_DROPBOX_CATEGORY)." SET cat_id = iid
WHERE iid = $id";
Database::query($sql); Database::query($sql);
} }
@ -420,22 +420,24 @@ function store_addcategory()
/** /**
* This function displays the form to add a new category. * This function displays the form to add a new category.
* *
* @param $category_name this parameter is the name of the category (used when no section is selected) * @param string $category_name this parameter is the name of the category (used when no section is selected)
* @param $id this is the id of the category we are editing * @param int $id this is the id of the category we are editing
* *
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* *
* @version march 2006 * @version march 2006
*/ */
function display_addcategory_form($category_name = '', $id = '', $action) function display_addcategory_form($category_name = '', $id = 0, $action = '')
{ {
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$title = get_lang('AddNewCategory'); $title = get_lang('AddNewCategory');
if (isset($id) && $id != '') { $id = (int) $id;
if (!empty($id)) {
// retrieve the category we are editing // retrieve the category we are editing
$sql = "SELECT * FROM ".Database::get_course_table(TABLE_DROPBOX_CATEGORY)." $sql = "SELECT * FROM ".Database::get_course_table(TABLE_DROPBOX_CATEGORY)."
WHERE c_id = $course_id AND cat_id = ".intval($id); WHERE c_id = $course_id AND cat_id = ".$id;
$result = Database::query($sql); $result = Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
@ -474,8 +476,8 @@ function display_addcategory_form($category_name = '', $id = '', $action)
); );
$form->addElement('header', $title); $form->addElement('header', $title);
if (isset($id) && $id != '') { if (!empty($id)) {
$form->addElement('hidden', 'edit_id', intval($id)); $form->addElement('hidden', 'edit_id', $id);
} }
$form->addElement('hidden', 'action', Security::remove_XSS($action)); $form->addElement('hidden', 'action', Security::remove_XSS($action));
$form->addElement('hidden', 'target', Security::remove_XSS($target)); $form->addElement('hidden', 'target', Security::remove_XSS($target));
@ -485,7 +487,7 @@ function display_addcategory_form($category_name = '', $id = '', $action)
$form->addButtonSave($text, 'StoreCategory'); $form->addButtonSave($text, 'StoreCategory');
$defaults = []; $defaults = [];
$defaults['category_name'] = $category_name; $defaults['category_name'] = Security::remove_XSS($category_name);
$form->setDefaults($defaults); $form->setDefaults($defaults);
$form->display(); $form->display();
} }
@ -755,22 +757,6 @@ function display_add_form($viewReceivedCategory, $viewSentCategory, $view, $id =
); );
} }
/**
* @param string $user_id
*
* @return bool indicating if user with user_id=$user_id is a course member
*
* @todo check if this function is still necessary. There might be a library function for this.
*/
function isCourseMember($user_id)
{
$_course = api_get_course_info();
$course_code = $_course['code'];
$is_course_member = CourseManager::is_user_subscribed_in_course($user_id, $course_code, true);
return $is_course_member;
}
/** /**
* Checks if there are files in the dropbox_file table that aren't used anymore in dropbox_person table. * Checks if there are files in the dropbox_file table that aren't used anymore in dropbox_person table.
* If there are, all entries concerning the file are deleted from the db + the file is deleted from the server. * If there are, all entries concerning the file are deleted from the db + the file is deleted from the server.
@ -817,7 +803,7 @@ function getUserOwningThisMailing($mailingPseudoId, $owner = 0, $or_die = '')
{ {
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$mailingPseudoId = intval($mailingPseudoId); $mailingPseudoId = (int) $mailingPseudoId;
$sql = "SELECT f.uploader_id $sql = "SELECT f.uploader_id
FROM ".Database::get_course_table(TABLE_DROPBOX_FILE)." f FROM ".Database::get_course_table(TABLE_DROPBOX_FILE)." f
LEFT JOIN ".Database::get_course_table(TABLE_DROPBOX_POST)." p LEFT JOIN ".Database::get_course_table(TABLE_DROPBOX_POST)." p
@ -853,7 +839,7 @@ function removeMoreIfMailing($file_id)
// for all content files, delete mailingPseudoId from person-table // for all content files, delete mailingPseudoId from person-table
// 2. finding the owner (getUserOwningThisMailing) is no longer possible, so // 2. finding the owner (getUserOwningThisMailing) is no longer possible, so
// for all content files, replace mailingPseudoId by owner as uploader // for all content files, replace mailingPseudoId by owner as uploader
$file_id = intval($file_id); $file_id = (int) $file_id;
$sql = "SELECT p.dest_user_id $sql = "SELECT p.dest_user_id
FROM ".Database::get_course_table(TABLE_DROPBOX_POST)." p FROM ".Database::get_course_table(TABLE_DROPBOX_POST)." p
WHERE c_id = $course_id AND p.file_id = '".$file_id."'"; WHERE c_id = $course_id AND p.file_id = '".$file_id."'";
@ -899,12 +885,19 @@ function store_add_dropbox($file = [], $work = null)
// Check if all the recipients are valid // Check if all the recipients are valid
$thisIsAMailing = false; $thisIsAMailing = false;
$thisIsJustUpload = false; $thisIsJustUpload = false;
foreach ($_POST['recipients'] as $rec) { foreach ($_POST['recipients'] as $rec) {
if ($rec == 'mailing') { if ($rec == 'mailing') {
$thisIsAMailing = true; $thisIsAMailing = true;
} elseif ($rec == 'upload') { } elseif ($rec == 'upload') {
$thisIsJustUpload = true; $thisIsJustUpload = true;
} elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) { } elseif (strpos($rec, 'user_') === 0 &&
!CourseManager::is_user_subscribed_in_course(
substr($rec, strlen('user_')),
$_course['code'],
true
)
) {
Display::addFlash( Display::addFlash(
Display::return_message( Display::return_message(
get_lang('InvalideUserDetected'), get_lang('InvalideUserDetected'),
@ -1222,8 +1215,8 @@ function feedback_form($url)
function user_can_download_file($id, $user_id) function user_can_download_file($id, $user_id)
{ {
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$id = intval($id); $id = (int) $id;
$user_id = intval($user_id); $user_id = (int) $user_id;
$sql = "SELECT file_id $sql = "SELECT file_id
FROM ".Database::get_course_table(TABLE_DROPBOX_PERSON)." FROM ".Database::get_course_table(TABLE_DROPBOX_PERSON)."
@ -1245,7 +1238,7 @@ function user_can_download_file($id, $user_id)
// add feedback since the other users will never get to see the feedback. // add feedback since the other users will never get to see the feedback.
function check_if_file_exist($id) function check_if_file_exist($id)
{ {
$id = intval($id); $id = (int) $id;
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$sql = "SELECT file_id $sql = "SELECT file_id
FROM ".Database::get_course_table(TABLE_DROPBOX_PERSON)." FROM ".Database::get_course_table(TABLE_DROPBOX_PERSON)."
@ -1451,12 +1444,13 @@ function generate_html_overview($files, $dont_show_columns = [], $make_link = []
* *
* @version march 2006 * @version march 2006
*/ */
function get_total_number_feedback($file_id = '') function get_total_number_feedback()
{ {
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$sql = "SELECT COUNT(feedback_id) AS total, file_id $sql = "SELECT COUNT(feedback_id) AS total, file_id
FROM ".Database::get_course_table(TABLE_DROPBOX_FEEDBACK)." FROM ".Database::get_course_table(TABLE_DROPBOX_FEEDBACK)."
WHERE c_id = $course_id GROUP BY file_id"; WHERE c_id = $course_id
GROUP BY file_id";
$result = Database::query($sql); $result = Database::query($sql);
$return = []; $return = [];
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {

2
main/extrafield/translate.php
Unescape View File

@ -31,7 +31,7 @@ if (!$extraField || empty($variableLanguage) || empty($originalName)) {
api_not_allowed(true); api_not_allowed(true);
} }
$languageId = isset($_GET['sub_language']) ? intval($_GET['sub_language']) : 0; $languageId = isset($_GET['sub_language']) ? (int) $_GET['sub_language'] : 0;
$languages = $em $languages = $em
->getRepository('ChamiloCoreBundle:Language') ->getRepository('ChamiloCoreBundle:Language')

69
main/forum/forumfunction.inc.php
Unescape View File

@ -3122,6 +3122,8 @@ function store_thread(
* (I first thought to put and I-frame with the message only) * (I first thought to put and I-frame with the message only)
* 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). * 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled).
* The message will be in the reply. (I first thought not to put an I-frame here) * The message will be in the reply. (I first thought not to put an I-frame here)
* @param array $form_values
* @param bool $showPreview
* *
* @return FormValidator * @return FormValidator
* *
@ -3129,14 +3131,14 @@ function store_thread(
* *
* @version february 2006, dokeos 1.8 * @version february 2006, dokeos 1.8
*/ */
function show_add_post_form($current_forum, $action, $id = '', $form_values = '') function show_add_post_form($current_forum, $action, $form_values = '', $showPreview = true)
{ {
$_user = api_get_user_info(); $_user = api_get_user_info();
$action = isset($action) ? Security::remove_XSS($action) : ''; $action = isset($action) ? Security::remove_XSS($action) : '';
$myThread = isset($_GET['thread']) ? (int) $_GET['thread'] : ''; $myThread = isset($_GET['thread']) ? (int) $_GET['thread'] : '';
$forumId = isset($_GET['forum']) ? (int) $_GET['forum'] : ''; $forumId = isset($_GET['forum']) ? (int) $_GET['forum'] : '';
$my_post = isset($_GET['post']) ? (int) $_GET['post'] : ''; $my_post = isset($_GET['post']) ? (int) $_GET['post'] : '';
$giveRevision = (isset($_GET['give_revision']) && $_GET['give_revision'] == 1); $giveRevision = isset($_GET['give_revision']) && $_GET['give_revision'] == 1;
$url = api_get_self().'?'.http_build_query( $url = api_get_self().'?'.http_build_query(
[ [
@ -3200,12 +3202,15 @@ function show_add_post_form($current_forum, $action, $id = '', $form_values = ''
} }
$iframe = null; $iframe = null;
$myThread = Security::remove_XSS($myThread); if ($showPreview) {
if ($action != 'newthread' && !empty($myThread)) { $myThread = Security::remove_XSS($myThread);
$iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?".api_get_cidreq()."&forum=".$forumId."&thread=".$myThread."#".$my_post."\" width=\"100%\"></iframe>"; if ($action != 'newthread' && !empty($myThread)) {
} $iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?".api_get_cidreq(
if (!empty($iframe)) { )."&forum=".$forumId."&thread=".$myThread."#".$my_post."\" width=\"100%\"></iframe>";
$form->addElement('label', get_lang('Thread'), $iframe); }
if (!empty($iframe)) {
$form->addElement('label', get_lang('Thread'), $iframe);
}
} }
if (Gradebook::is_active() && if (Gradebook::is_active() &&
@ -3258,7 +3263,7 @@ function show_add_post_form($current_forum, $action, $id = '', $form_values = ''
$form->addElement('html', '</div>'); $form->addElement('html', '</div>');
} }
if ($action == 'newthread') { if ($action === 'newthread') {
Skill::addSkillsToForm($form, ITEM_TYPE_FORUM_THREAD, 0); Skill::addSkillsToForm($form, ITEM_TYPE_FORUM_THREAD, 0);
} }
@ -3282,18 +3287,23 @@ function show_add_post_form($current_forum, $action, $id = '', $form_values = ''
} }
if ($giveRevision) { if ($giveRevision) {
$hide = api_get_configuration_value('hide_forum_post_revision_language');
$form->addHidden('give_revision', 1); $form->addHidden('give_revision', 1);
$extraField = new ExtraField('forum_post'); if ($hide === false) {
$returnParams = $extraField->addElements( $extraField = new ExtraField('forum_post');
$form, $extraField->addElements(
null, $form,
[], //exclude null,
false, // filter [], //exclude
false, // tag as select false, // filter
['revision_language'], //show only fields false, // tag as select
[], // order fields ['revision_language'], //show only fields
[] // extra data [], // order fields
); [] // extra data
);
} else {
$form->addHidden('extra_revision_language', 1);
}
} }
// Setting the class and text of the form title and submit button. // Setting the class and text of the form title and submit button.
@ -3410,10 +3420,13 @@ function show_add_post_form($current_forum, $action, $id = '', $form_values = ''
if (isset($values['give_revision']) && $values['give_revision'] == 1) { if (isset($values['give_revision']) && $values['give_revision'] == 1) {
$extraFieldValues = new ExtraFieldValue('forum_post'); $extraFieldValues = new ExtraFieldValue('forum_post');
$revisionLanguage = isset($values['extra_revision_language']) ? $values['extra_revision_language'] : '';
$params = [ $params = [
'item_id' => $postId, 'item_id' => $postId,
'extra_revision_language' => $values['extra_revision_language'], 'extra_revision_language' => $revisionLanguage,
]; ];
$extraFieldValues->saveFieldValues( $extraFieldValues->saveFieldValues(
$params, $params,
false, false,
@ -6927,17 +6940,3 @@ function reportPost($postId, $forumInfo, $threadInfo)
} }
} }
} }
/**
* @return array
*/
function getLanguageListForFlag()
{
$languages = api_get_languages();
$languages = array_column($languages, 'english_name', 'isocode');
unset($languages['en']);
$languages['gb'] = 'english';
$languages = array_flip($languages);
return $languages;
}

3
main/forum/index.php
Unescape View File

@ -211,8 +211,7 @@ if (!empty($allCourseForums)) {
$actions = Display::toolbarAction('toolbar-forum', [$actionLeft]); $actions = Display::toolbarAction('toolbar-forum', [$actionLeft]);
$languages = getLanguageListForFlag(); $languages = api_get_language_list_for_flag();
$defaultUserLanguage = ucfirst(api_get_interface_language()); $defaultUserLanguage = ucfirst(api_get_interface_language());
if (isset($_user['language']) && !empty($_user['language'])) { if (isset($_user['language']) && !empty($_user['language'])) {
$defaultUserLanguage = ucfirst($_user['language']); $defaultUserLanguage = ucfirst($_user['language']);

1
main/forum/newthread.php
Unescape View File

@ -155,7 +155,6 @@ $htmlHeadXtra[] = "
$form = show_add_post_form( $form = show_add_post_form(
$current_forum, $current_forum,
'newthread', 'newthread',
'',
isset($_SESSION['formelements']) ? $_SESSION['formelements'] : null isset($_SESSION['formelements']) ? $_SESSION['formelements'] : null
); );

1
main/forum/reply.php
Unescape View File

@ -164,7 +164,6 @@ Event::registerLog($logInfo);
$form = show_add_post_form( $form = show_add_post_form(
$current_forum, $current_forum,
$my_action, $my_action,
$my_post,
$my_elements $my_elements
); );

53
main/forum/viewthread.php
Unescape View File

@ -464,17 +464,18 @@ foreach ($posts as $post) {
$postIsARevision = false; $postIsARevision = false;
$flagRevision = ''; $flagRevision = '';
if ($post['poster_id'] == $userId) { if ($post['poster_id'] == $userId) {
$revision = getPostRevision($post['post_id']); $revision = getPostRevision($post['post_id']);
if (empty($revision)) { if (empty($revision)) {
$askForRevision = getAskRevisionButton($post['post_id'], $current_thread); $askForRevision = getAskRevisionButton($post['post_id'], $current_thread);
} else { } else {
$postIsARevision = true;
$languageId = api_get_language_id(strtolower($revision)); $languageId = api_get_language_id(strtolower($revision));
$languageInfo = api_get_language_info($languageId); $languageInfo = api_get_language_info($languageId);
if ($languageInfo) { if ($languageInfo) {
$languages = getLanguageListForFlag(); $languages = api_get_language_list_for_flag();
$flagRevision = '<span class="flag-icon flag-icon-'.$languages[$languageInfo['english_name']].'"></span> '; $flagRevision = '<span class="flag-icon flag-icon-'.$languages[$languageInfo['english_name']].'"></span> ';
$postIsARevision = true;
} }
} }
} else { } else {
@ -483,12 +484,12 @@ foreach ($posts as $post) {
} else { } else {
$revision = getPostRevision($post['post_id']); $revision = getPostRevision($post['post_id']);
if (!empty($revision)) { if (!empty($revision)) {
$postIsARevision = true;
$languageId = api_get_language_id(strtolower($revision)); $languageId = api_get_language_id(strtolower($revision));
$languageInfo = api_get_language_info($languageId); $languageInfo = api_get_language_info($languageId);
if ($languageInfo) { if ($languageInfo) {
$languages = getLanguageListForFlag(); $languages = api_get_language_list_for_flag();
$flagRevision = '<span class="flag-icon flag-icon-'.$languages[$languageInfo['english_name']].'"></span> '; $flagRevision = '<span class="flag-icon flag-icon-'.$languages[$languageInfo['english_name']].'"></span> ';
$postIsARevision = true;
} }
} }
} }
@ -677,6 +678,50 @@ foreach ($posts as $post) {
$template->assign('posts', $postList); $template->assign('posts', $postList);
$formToString = '';
$showForm = true;
if (!api_is_allowed_to_edit(false, true) &&
(($current_forum_category && $current_forum_category['visibility'] == 0) || $current_forum['visibility'] == 0)
) {
$showForm = false;
}
if (!api_is_allowed_to_edit(false, true) &&
(
($current_forum_category && $current_forum_category['locked'] != 0) ||
$current_forum['locked'] != 0 || $current_thread['locked'] != 0
)
) {
$showForm = false;
}
if (!$_user['user_id'] && $current_forum['allow_anonymous'] == 0) {
$showForm = false;
}
if ($current_forum['forum_of_group'] != 0) {
$show_forum = GroupManager::user_has_access(
api_get_user_id(),
$current_forum['forum_of_group'],
GroupManager::GROUP_TOOL_FORUM
);
if (!$show_forum) {
$showForm = false;
}
}
if ($showForm) {
$form = show_add_post_form(
$current_forum,
'replythread',
null,
false
);
$formToString = $form->returnForm();
}
$template->assign('form', $formToString);
$layout = $template->get_template('forum/posts.tpl'); $layout = $template->get_template('forum/posts.tpl');
$template->display($layout); $template->display($layout);

2
main/glossary/glossary_ajax_request.php
Unescape View File

@ -9,6 +9,8 @@
*/ */
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
api_protect_course_script(true);
/** /**
* Search a term and return description from a glossary. * Search a term and return description from a glossary.
*/ */

Write Preview
Loading…
Cancel
Save