diff --git a/main/dropbox/dropbox_functions.inc.php b/main/dropbox/dropbox_functions.inc.php index aeecaf43c2..b936af9171 100644 --- a/main/dropbox/dropbox_functions.inc.php +++ b/main/dropbox/dropbox_functions.inc.php @@ -108,11 +108,21 @@ function handle_multiple_actions() { * @author Patrick Cool , Ghent University * @version march 2006 */ -function delete_category($action, $id) { +function delete_category($action, $id, $user_id = null) { $course_id = api_get_course_int_id(); global $dropbox_cnf; - global $_user, $is_courseAdmin, $is_courseTutor; + global $is_courseAdmin, $is_courseTutor; + + if (empty($user_id)) { + $user_id = api_get_user_id(); + } + + $cat = get_dropbox_category($id); + if (count($cat)==0) { return false; } + if ($cat['user_id'] != $user_id && !api_is_platform_admin($user_id)) { + return false; + } // an additional check that might not be necessary if ($action == 'deletereceivedcategory') { @@ -130,11 +140,11 @@ function delete_category($action, $id) { } // step 1: delete the category - $sql = "DELETE FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id='".Database::escape_string($id)."' AND $sentreceived='1'"; + $sql = "DELETE FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id='".intval($id)."' AND $sentreceived='1'"; $result = Database::query($sql); // step 2: delete all the documents in this category - $sql = "SELECT * FROM ".$entries_table." WHERE c_id = $course_id AND cat_id='".Database::escape_string($id)."'"; + $sql = "SELECT * FROM ".$entries_table." WHERE c_id = $course_id AND cat_id='".intval($id)."'"; $result = Database::query($sql); while($row = Database::fetch_array($result)) { @@ -261,7 +271,7 @@ function display_file_checkbox($id, $part) { } /** -* This function retrieves all the dropbox categories and returns them as an array +* This function retrieves all dropbox categories and returns them as an array * * @param $filter default '', when we need only the categories of the sent or the received part. * @@ -292,6 +302,23 @@ function get_dropbox_categories($filter = '') { return $return_array; } +/** + * Get a dropbox category details + * @param int The category ID + * @return array The details of this category + */ +function get_dropbox_category($id) { + global $dropbox_cnf; + if (empty($id) or $id != intval($id)) { return array(); } + $sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE cat_id='".$id."'"; + $res = Database::query($sql); + if ($res === false) { + return array(); + } + $row = Database::fetch_assoc($res); + return $row; +} + /** * This functions stores a new dropboxcategory * diff --git a/main/dropbox/index.php b/main/dropbox/index.php index ede976c5df..6357fb5091 100644 --- a/main/dropbox/index.php +++ b/main/dropbox/index.php @@ -286,7 +286,7 @@ if ($action != 'add') { echo '
'; if ($view_dropbox_category_received != 0 && api_is_allowed_to_session_edit(false, true)) { echo ''.Display::return_icon('folder_up.png', get_lang('Up').' '.get_lang('Root'),'',ICON_SIZE_MEDIUM).""; - echo get_lang('Category').': '.$dropbox_categories[$view_dropbox_category_received]['cat_name'].' '; + echo get_lang('Category').': '.Security::remove_XSS($dropbox_categories[$view_dropbox_category_received]['cat_name']).' '; $movelist[0] = 'Root'; // move_received selectbox content } else { echo ''.Display::return_icon('new_folder.png', get_lang('AddNewCategory'),'',ICON_SIZE_MEDIUM).''; @@ -297,7 +297,7 @@ if ($action != 'add') { echo '
'; if ($view_dropbox_category_received != 0 && api_is_allowed_to_session_edit(false, true)) { echo ''.Display::return_icon('folder_up.png', get_lang('Up').' '.get_lang('Root'),'',ICON_SIZE_MEDIUM).""; - echo get_lang('Category').': '.$dropbox_categories[$view_dropbox_category_received]['cat_name'].' '; + echo get_lang('Category').': '.Security::remove_XSS($dropbox_categories[$view_dropbox_category_received]['cat_name']).' '; $movelist[0] = 'Root'; // move_received selectbox content } else { echo ''.Display::return_icon('new_folder.png', get_lang('AddNewCategory'),'',ICON_SIZE_MEDIUM).''; @@ -323,7 +323,7 @@ if ($action != 'add') { echo '
'; if ($view_dropbox_category_sent != 0) { echo ''.Display::return_icon('folder_up.png', get_lang('Up').' '.get_lang('Root'),'',ICON_SIZE_MEDIUM).""; - echo get_lang('Category').': '.$dropbox_categories[$view_dropbox_category_sent]['cat_name'].' '; + echo get_lang('Category').': '.Security::remove_XSS($dropbox_categories[$view_dropbox_category_sent]['cat_name']).' '; } else { echo "".Display::return_icon('new_folder.png', get_lang('AddNewCategory'),'',ICON_SIZE_MEDIUM)."\n"; } @@ -335,7 +335,7 @@ if ($action != 'add') { if (api_is_allowed_to_session_edit(false, true)) { echo '
'; if ($view_dropbox_category_sent != 0) { - echo get_lang('CurrentlySeeing').': '.$dropbox_categories[$view_dropbox_category_sent]['cat_name'].' '; + echo get_lang('CurrentlySeeing').': '.Security::remove_XSS($dropbox_categories[$view_dropbox_category_sent]['cat_name']).' '; echo ''.Display::return_icon('folder_up.png', get_lang('Up').' '.get_lang('Root'),'',ICON_SIZE_MEDIUM).""; } else { echo "".Display::return_icon('new_folder.png', get_lang('AddNewCategory'),'',ICON_SIZE_MEDIUM)."\n"; @@ -492,7 +492,7 @@ if ($action != 'add') { $dropbox_category_data[] = ''; $dropbox_category_data[] = ''; $dropbox_category_data[] = ''.Display::return_icon('edit.png',get_lang('Edit'),'',ICON_SIZE_SMALL).' - '.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).''; + '.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).''; } if (is_array($dropbox_category_data) && count($dropbox_category_data) > 0) { $dropbox_data_recieved[] = $dropbox_category_data; @@ -504,7 +504,7 @@ if ($action != 'add') { $selectlist = array('delete_received' => get_lang('Delete'), 'download_received' => get_lang('Download')); if (is_array($movelist)) { foreach ($movelist as $catid => $catname){ - $selectlist['move_received_'.$catid] = get_lang('Move') . '->'. $catname; + $selectlist['move_received_'.$catid] = get_lang('Move') . '->'. Security::remove_XSS($catname); } } @@ -629,15 +629,17 @@ if ($action != 'add') { if ($category['sent'] == '1') { $dropbox_category_data[] = $category['cat_id']; // This is where the checkbox icon for the files appear. $link_open = ''; - $dropbox_category_data[] = $link_open.build_document_icon_tag('folder', $category['cat_name']).''; - $dropbox_category_data[] = ''.Display::return_icon('save_pack.png', get_lang('Save'), array('style' => 'float:right;'),ICON_SIZE_SMALL).''.$link_open.$category['cat_name'].''; + $dropbox_category_data[] = $link_open.build_document_icon_tag('folder', Security::remove_XSS($category['cat_name'])).''; + $dropbox_category_data[] = ''.Display::return_icon('save_pack.png', get_lang('Save'), array('style' => 'float:right;'),ICON_SIZE_SMALL).''.$link_open.Security::remove_XSS($category['cat_name']).''; //$dropbox_category_data[] = ''; $dropbox_category_data[] = ''; //$dropbox_category_data[] = ''; $dropbox_category_data[] = ''; $dropbox_category_data[] = ''; - $dropbox_category_data[] = ''.Display::return_icon('edit.png', get_lang('Edit'),'',ICON_SIZE_SMALL).' - '.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).''; + $dropbox_category_data[] = ''. + Display::return_icon('edit.png', get_lang('Edit'),'',ICON_SIZE_SMALL).' + '. + Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).''; } if (is_array($dropbox_category_data) && count($dropbox_category_data) > 0) { $dropbox_data_sent[] = $dropbox_category_data; diff --git a/main/inc/lib/phpdocx/pdf/www/examples.php b/main/inc/lib/phpdocx/pdf/www/examples.php index 63d56a42e1..5f4c7882d0 100755 --- a/main/inc/lib/phpdocx/pdf/www/examples.php +++ b/main/inc/lib/phpdocx/pdf/www/examples.php @@ -1,5 +1,5 @@