chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Blogs: fix URL cidReq added BT#18197

Browse Source
pull/3732/head
Julio Montoya 5 years ago
parent e7d09df01f
commit 1ff4b212bc
2 changed files with 147 additions and 85 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 36
      main/blog/blog.php
  2. 196
      main/inc/lib/blog.lib.php

36
main/blog/blog.php
Unescape View File

@ -1,4 +1,5 @@
<?php
/* For licensing terms, see /license.txt */
/**
* BLOG HOMEPAGE
@ -28,11 +29,6 @@ $DaysLong = api_get_week_days_long();
$MonthsLong = api_get_months_long();
$action = isset($_GET['action']) ? $_GET['action'] : null;
/*
PROCESSING
*/
$safe_post_file_comment = isset($_POST['post_file_comment']) ? Security::remove_XSS($_POST['post_file_comment']) : null;
$safe_comment_text = isset($_POST['comment_text']) ? Security::remove_XSS($_POST['comment_text']) : null;
$safe_comment_title = isset($_POST['comment_title']) ? Security::remove_XSS($_POST['comment_title']) : null;
@ -134,15 +130,15 @@ if (!empty($_GET['unregister'])) {
Blog::unsubscribeUser($_GET['blog_id'], $_GET['user_id']);
}
if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks') {
if (isset($_GET['do']) && $_GET['do'] == 'delete') {
if (isset($_GET['action']) && $_GET['action'] === 'manage_tasks') {
if (isset($_GET['do']) && $_GET['do'] === 'delete') {
Blog::deleteTask($blog_id, (int) $_GET['task_id']);
Display::addFlash(
Display::return_message(get_lang('TaskDeleted'), 'success')
);
}
if (isset($_GET['do']) && $_GET['do'] == 'delete_assignment') {
if (isset($_GET['do']) && $_GET['do'] === 'delete_assignment') {
Blog::deleteAssignedTask($blog_id, intval($_GET['task_id']), intval($_GET['user_id']));
Display::addFlash(
Display::return_message(get_lang('TaskAssignmentDeleted'), 'success')
@ -150,10 +146,10 @@ if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks') {
}
}
if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
if (isset($_GET['action']) && $_GET['action'] === 'view_post') {
$task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
if (isset($_GET['do']) && $_GET['do'] == 'delete_comment') {
if (isset($_GET['do']) && $_GET['do'] === 'delete_comment') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) {
Blog::deleteComment($blog_id, (int) $_GET['post_id'], (int) $_GET['comment_id']);
Display::addFlash(
@ -166,7 +162,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
}
}
if (isset($_GET['do']) && $_GET['do'] == 'delete_article') {
if (isset($_GET['do']) && $_GET['do'] === 'delete_article') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) {
Blog::deletePost($blog_id, (int) $_GET['article_id']);
$action = ''; // Article is gone, go to blog home
@ -179,8 +175,8 @@ if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
);
}
}
if (isset($_GET['do']) && $_GET['do'] == 'rate') {
if (isset($_GET['type']) && $_GET['type'] == 'post') {
if (isset($_GET['do']) && $_GET['do'] === 'rate') {
if (isset($_GET['type']) && $_GET['type'] === 'post') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_rate')) {
Blog::addRating('post', $blog_id, (int) $_GET['post_id'], (int) $_GET['rating']);
Display::addFlash(
@ -188,7 +184,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
);
}
}
if (isset($_GET['type']) && $_GET['type'] == 'comment') {
if (isset($_GET['type']) && $_GET['type'] === 'comment') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add')) {
Blog::addRating('comment', $blog_id, (int) $_GET['comment_id'], (int) $_GET['rating']);
Display::addFlash(
@ -259,13 +255,11 @@ if (api_is_allowed('BLOG_'.$blog_id, 'member_management')) {
$titleBlog = Blog::getBlogTitle($blog_id);
$descriptionBlog = Blog::getBlogSubtitle($blog_id);
$idBlog = $blog_id;
$searchBlog = isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : '';
//calendar blog
$month = isset($_GET['month']) ? (int) $_GET['month'] : (int) date('m');
$year = isset($_GET['year']) ? (int) $_GET['year'] : date('Y');
$calendarBlog = Blog::displayMiniMonthCalendar($month, $year, $blog_id);
//task blogs
$taskBlog = Blog::getPersonalTasksList();
if (isset($flag) && $flag == '1') {
@ -274,7 +268,6 @@ if (isset($flag) && $flag == '1') {
}
$user_task = false;
$course_id = api_get_course_int_id();
if (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) {
@ -307,6 +300,7 @@ $tpl->assign('id_blog', $idBlog);
$tpl->assign('calendar', $calendarBlog);
$tpl->assign('search', $searchBlog);
$tpl->assign('task', $taskBlog);
$tpl->assign('blog_url', $taskBlog);
$blogLayout = null;
switch ($action) {
@ -367,19 +361,19 @@ switch ($action) {
case 'manage_tasks':
if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) {
$task = null;
if (isset($_GET['do']) && $_GET['do'] == 'add') {
if (isset($_GET['do']) && $_GET['do'] === 'add') {
$task .= Blog::displayTaskCreateForm($blog_id);
}
if (isset($_GET['do']) && $_GET['do'] == 'assign') {
if (isset($_GET['do']) && $_GET['do'] === 'assign') {
$task .= Blog::displayTaskAssignmentForm($blog_id);
}
if (isset($_GET['do']) && $_GET['do'] == 'edit') {
if (isset($_GET['do']) && $_GET['do'] === 'edit') {
$task .= Blog::displayTaskEditForm(
$blog_id,
intval($_GET['task_id'])
);
}
if (isset($_GET['do']) && $_GET['do'] == 'edit_assignment') {
if (isset($_GET['do']) && $_GET['do'] === 'edit_assignment') {
$task .= Blog::displayAssignedTaskEditForm(
$blog_id,
intval($_GET['task_id']),

196
main/inc/lib/blog.lib.php
Unescape View File

@ -1,11 +1,11 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Class Blog.
*
* Contains several functions dealing with displaying,
* editing,... of a blog
* Contains several functions dealing with displaying editing of a blog
*
* @author Toon Keppens <toon@vi-host.net>
* @author Julio Montoya - Cleaning code
@ -872,6 +872,7 @@ class Blog
$course_id = api_get_course_int_id();
$blog_id = intval($_GET['blog_id']);
$cidReq = api_get_cidreq();
if ($_user['user_id']) {
$sql = "SELECT task_rel_user.*, task.title, blog.blog_name
@ -887,14 +888,16 @@ class Blog
task_rel_user.c_id = $course_id AND
task_rel_user.user_id = ".$_user['user_id']."
ORDER BY target_date ASC";
$result = Database::query($sql);
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.$cidReq.'&action=execute_task';
if (Database::num_rows($result) > 0) {
$html .= '<ul>';
while ($mytask = Database::fetch_array($result)) {
$html .= '<li>
<a href="blog.php?action=execute_task&blog_id='.$mytask['blog_id'].'&task_id='.intval($mytask['task_id']).'" title="[Blog: '.stripslashes($mytask['blog_name']).'] '.get_lang('ExecuteThisTask').'">'.
<a
href="'.$url.'&blog_id='.$mytask['blog_id'].'&task_id='.intval($mytask['task_id']).'"
title="[Blog: '.stripslashes($mytask['blog_name']).'] '.
get_lang('ExecuteThisTask').'">'.
stripslashes($mytask['title']).'</a></li>';
}
$html .= '<ul>';
@ -1101,6 +1104,7 @@ class Blog
global $charset;
$course_id = api_get_course_int_id();
$courseParams = api_get_cidreq();
$blog_id = intval($blog_id);
$post_id = intval($post_id);
@ -1141,14 +1145,23 @@ class Blog
$post_text = make_clickable(stripslashes($blog_post['full_text']));
$post_text = stripslashes($post_text);
$blogUrl = api_get_path(WEB_CODE_PATH).'blog/blog.php?blog_id='.$blog_id.
'&post_id='.$post_id.'&article_id='.$blog_post['post_id'].'&task_id='.$task_id.'&'.api_get_cidreq();
if (api_is_allowed('BLOG_'.$blog_id, 'article_edit', $task_id)) {
$blogActions .= '<a class="btn btn-default" href="blog.php?action=edit_post&blog_id='.$blog_id.'&post_id='.$post_id.'&article_id='.$blog_post['post_id'].'&task_id='.$task_id.'" title="'.get_lang('EditThisPost').'">';
$blogActions .= '<a
class="btn btn-default"
href="'.$blogUrl.'&action=edit_post"
title="'.get_lang('EditThisPost').'">';
$blogActions .= Display::return_icon('edit.png', get_lang('Edit'), null, ICON_SIZE_TINY);
$blogActions .= '</a>';
}
if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) {
$blogActions .= '<a class="btn btn-default" href="blog.php?action=view_post&blog_id='.$blog_id.'&post_id='.$post_id.'&do=delete_article&article_id='.$blog_post['post_id'].'&task_id='.$task_id.'" title="'.get_lang(
$blogActions .= '<a
class="btn btn-default"
href="'.$blogUrl.'&action=view_post&do=delete_article"
title="'.get_lang(
'DeleteThisArticle'
).'" onclick="javascript:if(!confirm(\''.addslashes(
api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)
@ -1213,12 +1226,10 @@ class Blog
$tbl_users = Database::get_main_table(TABLE_MAIN_USER);
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
$charset = api_get_system_encoding();
$course_id = api_get_course_int_id();
$blog_id = intval($blog_id);
$post_id = intval($post_id);
$task_id = intval($task_id);
$listComments = [];
// Select top level comments
$next_level = $current_level + 1;
@ -1236,12 +1247,12 @@ class Blog
$result = Database::query($sql);
$html = null;
$cidReq = api_get_cidreq();
while ($comment = Database::fetch_array($result)) {
$commentActions = null;
$ratingSelect = null;
$comment_text = make_clickable(stripslashes($comment['comment']));
$comment_text = stripslashes($comment_text);
$commentActions .= Display::toolbarButton(
get_lang('ReplyToThisComment'),
'#',
@ -1252,7 +1263,10 @@ class Blog
);
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) {
$commentActions .= ' <a class="btn btn-default" href="blog.php?action=view_post&blog_id='.$blog_id.'&post_id='.$post_id.'&do=delete_comment&comment_id='.$comment['comment_id'].'&task_id='.$task_id.'" title="'.get_lang(
$commentActions .= ' <a
class="btn btn-default"
href="blog.php?'.$cidReq.'&action=view_post&blog_id='.$blog_id.'&post_id='.$post_id.'&do=delete_comment&comment_id='.$comment['comment_id'].'&task_id='.$task_id.'"
title="'.get_lang(
'DeleteThisComment'
).'" onclick="javascript:if(!confirm(\''.addslashes(
api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)
@ -1337,7 +1351,7 @@ class Blog
$type = Database::escape_string($type);
$html = null;
if ($type == 'post') {
if ($type === 'post') {
// Check if the user has already rated this post
$sql = "SELECT rating_id FROM $tbl_blogs_rating
WHERE c_id = $course_id AND
@ -1347,12 +1361,38 @@ class Blog
AND user_id = ".$_user['user_id'];
$result = Database::query($sql);
// Add rating
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq();
if (Database::num_rows($result) == 0) {
$html .= '<form class="form-horizontal" method="get" action="blog.php" id="frm_rating_'.$type.'_'.$post_id.'" name="frm_rating_'.$type.'_'.$post_id.'">';
$html .= '<form
class="form-horizontal"
method="get"
action="'.$url.'"
id="frm_rating_'.$type.'_'.$post_id.'"
name="frm_rating_'.$type.'_'.$post_id.'">';
$html .= '<div class="form-group">';
$html .= '<label class="col-sm-3 control-label">'.get_lang('RateThis').'</label>';
$html .= '<div class="col-sm-9">';
$html .= '<select class="selectpicker" name="rating" onchange="document.forms[\'frm_rating_'.$type.'_'.$post_id.'\'].submit()"><option value="">-</option><option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option value="5">5</option><option value="6">6</option><option value="7">7</option><option value="8">8</option><option value="9">9</option><option value="10">10</option></select><input type="hidden" name="action" value="view_post" /><input type="hidden" name="type" value="'.$type.'" /><input type="hidden" name="do" value="rate" /><input type="hidden" name="blog_id" value="'.$blog_id.'" /><input type="hidden" name="post_id" value="'.$post_id.'" />';
$html .= '<select
class="selectpicker"
name="rating"
onchange="document.forms[\'frm_rating_'.$type.'_'.$post_id.'\'].submit()">
<option value="">-</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
<input type="hidden" name="action" value="view_post" />
<input type="hidden" name="type" value="'.$type.'" />
<input type="hidden" name="do" value="rate" />
<input type="hidden" name="blog_id" value="'.$blog_id.'" />
<input type="hidden" name="post_id" value="'.$post_id.'" />';
$html .= '</div>';
$html .= '</div>';
$html .= '</form>';
@ -1371,13 +1411,31 @@ class Blog
AND rating_type = '$type'
AND user_id = ".$_user['user_id'];
$result = Database::query($sql);
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq();
if (Database::num_rows($result) == 0) {
$html .= '<form class="form-horizontal" method="get" action="blog.php" id="frm_rating_'.$type.'_'.$comment_id.'" name="frm_rating_'.$type.'_'.$comment_id.'">';
$html .= '<form
class="form-horizontal"
method="get"
action="'.$url.'"
id="frm_rating_'.$type.'_'.$comment_id.'" name="frm_rating_'.$type.'_'.$comment_id.'">';
$html .= '<div class="form-group">';
$html .= '<label class="col-sm-3 control-label">'.get_lang('RateThis').'</label>';
$html .= '<div class="col-sm-9">';
$html .= '<select class="selectpicker" name="rating" onchange="document.forms[\'frm_rating_'.$type.'_'.$comment_id.'\'].submit()">';
$html .= '<option value="">-</option><option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option value="5">5</option><option value="6">6</option><option value="7">7</option><option value="8">8</option><option value="9">9</option><option value="10">10</option>
$html .= '<select
class="selectpicker"
name="rating"
onchange="document.forms[\'frm_rating_'.$type.'_'.$comment_id.'\'].submit()">';
$html .= '<option value="">-</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
<input type="hidden" name="action" value="view_post" />
<input type="hidden" name="type" value="'.$type.'" />
@ -1657,11 +1715,12 @@ class Blog
$result = Database::query($sql);
$blog_post = Database::fetch_array($result);
// Form
$form = new FormValidator(
'edit_post',
'post',
api_get_path(WEB_CODE_PATH).'blog/blog.php?action=edit_post&post_id='.intval($_GET['post_id']).'&blog_id='.intval($blog_id).'&article_id='.intval($_GET['article_id']).'&task_id='.intval($_GET['task_id'])
api_get_path(WEB_CODE_PATH).
'blog/blog.php?action=edit_post&post_id='.intval($_GET['post_id']).'&blog_id='.intval($blog_id).
'&article_id='.intval($_GET['article_id']).'&task_id='.intval($_GET['task_id']).'&'.api_get_cidreq()
);
$form->addHeader(get_lang('EditPost'));
@ -1839,10 +1898,12 @@ class Blog
$return .= '<td>'.stripslashes($assignment['description']).'</td>';
$return .= '<td>'.$assignment['target_date'].'</td>';
$return .= '<td width="50">';
$return .= '<a href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=edit_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'">';
$return .= '<a
href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=edit_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'">';
$return .= Display::return_icon('edit.png', get_lang('EditTask'));
$return .= "</a>";
$return .= '<a href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=delete_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'" ';
$return .= '<a
href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=delete_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'" ';
$return .= 'onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)).'\')) return false;"';
$return .= Display::return_icon($delete_icon, $delete_title);
$return .= "</a>";
@ -1868,7 +1929,7 @@ class Blog
public static function displayTaskCreateForm($blog_id)
{
$blog_id = intval($blog_id);
// Init
$colors = [
'FFFFFF',
'FFFF99',
@ -1887,13 +1948,9 @@ class Blog
'000000',
];
// form
$return = '<form name="add_task" method="post" action="blog.php?action=manage_tasks&blog_id='.$blog_id.'">';
// form title
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq().'&action=manage_tasks';
$return = '<form name="add_task" method="post" action="'.$url.'&blog_id='.$blog_id.'">';
$return .= '<legend>'.get_lang('AddTask').'</legend>';
// task title
$return .= ' <div class="control-group">
<label class="control-label">
<span class="form_required">*</span>'.get_lang('Title').'
@ -2008,17 +2065,23 @@ class Blog
$result = Database::query($sql);
$task = Database::fetch_array($result);
// Display
$return = '<form name="edit_task" method="post" action="blog.php?action=manage_tasks&blog_id='.$blog_id.'">
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq().'&action=manage_tasks';
$return = '<form name="edit_task" method="post" action="'.$url.'&blog_id='.$blog_id.'">
<legend>'.get_lang('EditTask').'</legend>
<table width="100%" border="0" cellspacing="2">
<tr>
<td align="right">'.get_lang('Title').':&nbsp;&nbsp;</td>
<td><input name="task_name" type="text" size="70" value="'.Security::remove_XSS($task['title']).'" /></td>
<td>
<input name="task_name" type="text" size="70" value="'.Security::remove_XSS($task['title']).'" />
</td>
</tr>
<tr>
<td align="right">'.get_lang('Description').':&nbsp;&nbsp;</td>
<td><textarea name="task_description" cols="45">'.Security::remove_XSS($task['description']).'</textarea></td>
<td>
<textarea name="task_description" cols="45">'.
Security::remove_XSS($task['description']).'
</textarea>
</td>
</tr>';
/* edit by Kevin Van Den Haute (kevin@develop-it.be) */
@ -2157,9 +2220,8 @@ class Blog
$form = new FormValidator(
'assign_task',
'post',
api_get_path(
WEB_CODE_PATH
).'blog/blog.php?action=manage_tasks&blog_id='.$blog_id
api_get_path(WEB_CODE_PATH).
'blog/blog.php?action=manage_tasks&blog_id='.$blog_id.'&'.api_get_cidreq()
);
$form->addHeader(get_lang('AssignTask'));
@ -2362,7 +2424,8 @@ class Blog
$result = Database::query($sql);
// Display
$return = '<span class="blogpost_title">'.get_lang('SelectTaskArticle').' "'.stripslashes($row['title']).'"</span>';
$return = '<span class="blogpost_title">'.
get_lang('SelectTaskArticle').' "'.stripslashes($row['title']).'"</span>';
$return .= '<span style="font-style: italic;"">'.stripslashes($row['description']).'</span><br><br>';
if (Database::num_rows($result) == 0) {
@ -2370,10 +2433,11 @@ class Blog
return $return;
}
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq().'&action=execute_task';
while ($blog_post = Database::fetch_array($result)) {
$username = api_htmlentities(sprintf(get_lang('LoginX'), $blog_post['username']), ENT_QUOTES);
$return .= '<a href="blog.php?action=execute_task&blog_id='.$blog_id.'&task_id='.$task_id.'&post_id='.$blog_post['post_id'].'#add_comment">'.stripslashes(
$return .= '<a href="'.$url.'&blog_id='.$blog_id.'&task_id='.$task_id.'&post_id='.$blog_post['post_id'].'#add_comment">'.
stripslashes(
$blog_post['title']
).'</a>, '.get_lang('WrittenBy').' '.stripslashes(
Display::tag(
@ -2515,13 +2579,18 @@ class Blog
// Display
$query_vars['action'] = 'manage_members';
$query_vars['blog_id'] = $blog_id;
$html .= '<form class="form-inline" method="post" action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">';
$html .= '<form
class="form-inline"
method="post"
action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">';
$html .= Display::return_sortable_table($column_header, $user_data, null, null, $query_vars);
$link = isset($_GET['action']) ? 'action='.Security::remove_XSS($_GET['action']).'&' : '';
$link .= "blog_id=$blog_id&".api_get_cidreq();
$html .= '<a class="btn btn-default" href="blog.php?'.$link.'selectall=subscribe">'.get_lang('SelectAll').'</a> - ';
$html .= '<a
class="btn btn-default" href="blog.php?'.$link.'selectall=subscribe">'.
get_lang('SelectAll').'</a> - ';
$html .= '<a class="btn btn-default" href="blog.php?'.$link.'">'.get_lang('UnSelectAll').'</a> ';
$html .= '<div class="form-group">';
$html .= '<label>';
@ -2590,7 +2659,10 @@ class Blog
$user_data = [];
while ($myrow = Database::fetch_array($sql_result)) {
$row = [];
$row[] = '<input type="checkbox" name="user[]" value="'.$myrow['user_id'].'" '.((isset($_GET['selectall']) && $_GET['selectall'] == "unsubscribe") ? ' checked="checked" ' : '').'/>';
$row[] = '<input
type="checkbox"
name="user[]"
value="'.$myrow['user_id'].'" '.((isset($_GET['selectall']) && $_GET['selectall'] == "unsubscribe") ? ' checked="checked" ' : '').'/>';
$username = api_htmlentities(sprintf(get_lang('LoginX'), $myrow["username"]), ENT_QUOTES);
if ($is_western_name_order) {
$row[] = $myrow["firstname"];
@ -2618,13 +2690,10 @@ class Blog
btu.blog_id = $blog_id AND
btu.user_id = ".$myrow['user_id'];
$sql_res = Database::query($sql);
$task = '';
while ($r = Database::fetch_array($sql_res)) {
$task .= stripslashes($r['task']).', ';
}
//echo $task;
$task = (api_strlen(trim($task)) != 0) ? api_substr($task, 0, api_strlen($task) - 2) : get_lang('Reader');
$row[] = $task;
//Link to register users
@ -2643,7 +2712,10 @@ class Blog
$query_vars['action'] = 'manage_members';
$query_vars['blog_id'] = $blog_id;
$html .= '<form class="form-inline" method="post" action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">';
$html .= '<form
class="form-inline"
method="post"
action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">';
$html .= Display::return_sortable_table($column_header, $user_data, null, null, $query_vars);
$link = isset($_GET['action']) ? 'action='.Security::remove_XSS($_GET['action']).'&' : '';
@ -2702,7 +2774,6 @@ class Blog
*/
public static function displayMiniMonthCalendar($month, $year, $blog_id)
{
// Init
$_user = api_get_user_info();
global $DaysShort;
global $MonthsLong;
@ -2732,15 +2803,13 @@ class Blog
//Get the first day of the month
$dayone = getdate(mktime(0, 0, 0, $month, 1, $year));
$monthName = $MonthsLong[$month - 1];
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq();
//Start the week on monday
$startdayofweek = $dayone['wday'] != 0 ? ($dayone['wday'] - 1) : 6;
$blogId = isset($_GET['blog_id']) ? intval($_GET['blog_id']) : null;
$filter = isset($_GET['filter']) ? Security::remove_XSS($_GET['filter']) : null;
$backwardsURL = api_get_self(
)."?blog_id=".$blogId."&filter=".$filter."&month=".($month == 1 ? 12 : $month - 1)."&year=".($month == 1 ? $year - 1 : $year);
$forewardsURL = api_get_self(
)."?blog_id=".$blogId."&filter=".$filter."&month=".($month == 12 ? 1 : $month + 1)."&year=".($month == 12 ? $year + 1 : $year);
$backwardsURL = $url."&blog_id=".$blogId."&filter=".$filter."&month=".($month == 1 ? 12 : $month - 1)."&year=".($month == 1 ? $year - 1 : $year);
$forewardsURL = $url."&blog_id=".$blogId."&filter=".$filter."&month=".($month == 12 ? 1 : $month + 1)."&year=".($month == 12 ? $year + 1 : $year);
// Get posts for this month
$sql = "SELECT post.*, DAYOFMONTH(date_creation) as post_day, user.lastname, user.firstname
@ -2754,7 +2823,6 @@ class Blog
YEAR(date_creation) = '$year'
ORDER BY date_creation";
$result = Database::query($sql);
// We will create an array of days on which there are posts.
if (Database::num_rows($result) > 0) {
while ($blog_post = Database::fetch_array($result)) {
@ -2786,7 +2854,6 @@ class Blog
YEAR(target_date) = '$year'
ORDER BY target_date ASC";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
while ($mytask = Database::fetch_array($result)) {
$tasks[$mytask['task_day']][$mytask['task_id']]['task_id'] = $mytask['task_id'];
@ -2805,13 +2872,10 @@ class Blog
<th width="10%" align="right"><a href="'.$forewardsURL.'">&raquo;</a></th></tr>';
$html .= '<tr>';
for ($ii = 1; $ii < 8; $ii++) {
$html .= '<td class="weekdays">'.$DaysShort[$ii % 7].'</td>';
}
$html .= '</tr>';
$curday = -1;
$today = getdate();
@ -2832,12 +2896,11 @@ class Blog
}
$html .= '<td '.$class.'>';
// If there are posts on this day, create a filter link.
if (in_array($curday, $posts)) {
$html .= '<a href="blog.php?blog_id='.$blog_id.'&filter='.$year.'-'.$month.'-'.$curday.'&month='.$month.'&year='.$year.'" title="'.get_lang(
'ViewPostsOfThisDay'
).'">'.$curday.'</a>';
$html .= '<a
href="'.$url.'&blog_id='.$blog_id.'&filter='.$year.'-'.$month.'-'.$curday.'&month='.$month.'&year='.$year.'"
title="'.get_lang('ViewPostsOfThisDay').'">'.$curday.'</a>';
} else {
$html .= $dayheader;
}
@ -2846,7 +2909,8 @@ class Blog
if (isset($tasks[$curday]) && is_array($tasks[$curday])) {
// Add tasks to calendar
foreach ($tasks[$curday] as $task) {
$html .= '<a href="blog.php?action=execute_task&blog_id='.$task['blog_id'].'&task_id='.stripslashes($task['task_id']).'" title="'.$task['title'].' : '.get_lang('InBlog').' : '.$task['blog_name'].' - '.get_lang('ExecuteThisTask').'">';
$html .= '<a
href="blog.php?action=execute_task&blog_id='.$task['blog_id'].'&task_id='.stripslashes($task['task_id']).'" title="'.$task['title'].' : '.get_lang('InBlog').' : '.$task['blog_name'].' - '.get_lang('ExecuteThisTask').'">';
$html .= Display::return_icon('blog_task.gif', get_lang('ExecuteThisTask'));
$html .= '</a>';
}
@ -2874,7 +2938,7 @@ class Blog
$form = new FormValidator(
'add_blog',
'post',
'blog_admin.php?action=add'
'blog_admin.php?action=add&'.api_get_cidreq()
);
$form->addElement('header', get_lang('AddBlog'));
$form->addElement('text', 'blog_name', get_lang('Title'));
@ -3150,7 +3214,9 @@ class Blog
'blog_article.png',
get_lang('BlogPosts')
).' '.
$row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<div style="float:right;margin-top:-18px"><a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.$courseCode.' " >'.
$row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<div style="float:right;margin-top:-18px">
<a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.$courseCode.' " >'.
get_lang('SeeBlog').'</a></div></div>';
$return_data .= '<br / >';
$return_data .= $row['full_text'];
@ -3193,7 +3259,9 @@ class Blog
while ($row = Database::fetch_array($result)) {
$return_data .= '<div class="clear"></div><br />';
$return_data .= '<div class="actions" style="margin-left:5px;margin-right:5px;">'.
$row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<div style="float:right;margin-top:-18px"><a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.Security::remove_XSS($courseCode).' " >'.
$row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<div style="float:right;margin-top:-18px">
<a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.Security::remove_XSS($courseCode).' " >'.
get_lang('SeeBlog').'</a></div></div>';
$return_data .= '<br / >';
$return_data .= $row['comment'];

Write Preview
Loading…
Cancel
Save