chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding token when changing order of LP items, requires testings see CT#967

Browse Source
skala
Julio Montoya 16 years ago
parent c1ed4f11d8
commit 1aabf67ff0
2 changed files with 16 additions and 17 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      main/newscorm/learnpath.class.php
  2. 28
      main/newscorm/lp_controller.php

5
main/newscorm/learnpath.class.php
Unescape View File

@ -4319,6 +4319,7 @@ class learnpath {
unset ($this->arrMenu);
if ($is_allowed_to_edit) {
$token = Security::get_token();
$gradebook = Security :: remove_XSS($_GET['gradebook']);
$return .= '<div class="actions">';
@ -4403,7 +4404,7 @@ class learnpath {
if ($arrLP[$i]['previous_item_id'] != 0) {
$return .= '<a href="' . api_get_self() . '?cidReq=' . Security :: remove_XSS($_GET['cidReq']) . '&amp;action=move_item&amp;direction=up&amp;id=' . $arrLP[$i]['id'] . '&amp;lp_id=' . $this->lp_id . '">';
$return .= '<a href="' . api_get_self() . '?cidReq=' . Security :: remove_XSS($_GET['cidReq']) . '&amp;action=move_item&amp;direction=up&amp;id=' . $arrLP[$i]['id'] . '&amp;lp_id=' . $this->lp_id . '&amp;sec_token='.$token.'">';
$return .= '<img style="margin:1px;" alt="" src="../img/arrow_up_' . ($arrLP[$i]['depth'] % 3) . '.gif" title="' . get_lang('MoveUp') . '"/>';
$return .= '</a>';
@ -4411,7 +4412,7 @@ class learnpath {
$return .= '<img alt="" src="../img/blanco.png" title="" />';
if ($arrLP[$i]['next_item_id'] != 0) {
$return .= '<a href="' . api_get_self() . '?cidReq=' . Security :: remove_XSS($_GET['cidReq']). '&amp;action=move_item&amp;direction=down&amp;id=' . $arrLP[$i]['id'] . '&amp;lp_id=' . $this->lp_id . '">';
$return .= '<a href="' . api_get_self() . '?cidReq=' . Security :: remove_XSS($_GET['cidReq']). '&amp;action=move_item&amp;direction=down&amp;id=' . $arrLP[$i]['id'] . '&amp;lp_id=' . $this->lp_id . '&amp;sec_token='.$token.'">';
$return .= '<img style="margin:1px;" src="../img/arrow_down_' . ($arrLP[$i]['depth'] % 3) . '.gif" title="' . get_lang('MoveDown') . '" />';
$return .= '</a>';

28
main/newscorm/lp_controller.php
Unescape View File

@ -424,32 +424,30 @@ switch($action)
case 'move_item':
if(!$is_allowed_to_edit){
if (!$is_allowed_to_edit) {
api_not_allowed(true);
}
if($debug > 0) error_log('New LP - move item action triggered', 0);
if ($debug > 0) error_log('New LP - move item action triggered', 0);
if(!$lp_found){ error_log('New LP - No learnpath given for move item', 0); require('lp_list.php'); }
else
{
if (!$lp_found) { error_log('New LP - No learnpath given for move item', 0); require('lp_list.php'); }
else {
$_SESSION['refresh'] = 1;
if(isset($_POST['submit_button']))
{
if (isset($_POST['submit_button'])) {
$_SESSION['oLP']->edit_item($_GET['id'], $_POST['parent'], $_POST['previous'], Security::remove_XSS($_POST['title'], $_POST['description']) );
$is_success = true;
}
if(isset($_GET['view']) && $_GET['view'] == 'build')
{
if (isset($_GET['view']) && $_GET['view'] == 'build') {
require('lp_move_item.php');
}
else
{
$_SESSION['oLP']->move_item($_GET['id'], $_GET['direction']);
} else {
//avoids weird behaviours see CT#967
$check = Security::check_token('get');
if ($check) {
$_SESSION['oLP']->move_item($_GET['id'], $_GET['direction']);
}
Security::clear_token();
require('lp_admin_view.php');
}
}

Write Preview
Loading…
Cancel
Save