chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Blogs: fix URL cidReq added BT#18197

Browse Source
pull/3732/head
Julio Montoya 5 years ago
parent e7d09df01f
commit 1ff4b212bc
2 changed files with 147 additions and 85 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 36
      main/blog/blog.php
  2. 196
      main/inc/lib/blog.lib.php

36
main/blog/blog.php
Unescape View File

@ -1,4 +1,5 @@
<?php <?php
/* For licensing terms, see /license.txt */ /* For licensing terms, see /license.txt */
/** /**
* BLOG HOMEPAGE * BLOG HOMEPAGE
@ -28,11 +29,6 @@ $DaysLong = api_get_week_days_long();
$MonthsLong = api_get_months_long(); $MonthsLong = api_get_months_long();
$action = isset($_GET['action']) ? $_GET['action'] : null; $action = isset($_GET['action']) ? $_GET['action'] : null;
/*
PROCESSING
*/
$safe_post_file_comment = isset($_POST['post_file_comment']) ? Security::remove_XSS($_POST['post_file_comment']) : null; $safe_post_file_comment = isset($_POST['post_file_comment']) ? Security::remove_XSS($_POST['post_file_comment']) : null;
$safe_comment_text = isset($_POST['comment_text']) ? Security::remove_XSS($_POST['comment_text']) : null; $safe_comment_text = isset($_POST['comment_text']) ? Security::remove_XSS($_POST['comment_text']) : null;
$safe_comment_title = isset($_POST['comment_title']) ? Security::remove_XSS($_POST['comment_title']) : null; $safe_comment_title = isset($_POST['comment_title']) ? Security::remove_XSS($_POST['comment_title']) : null;
@ -134,15 +130,15 @@ if (!empty($_GET['unregister'])) {
Blog::unsubscribeUser($_GET['blog_id'], $_GET['user_id']); Blog::unsubscribeUser($_GET['blog_id'], $_GET['user_id']);
} }
if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks') { if (isset($_GET['action']) && $_GET['action'] === 'manage_tasks') {
if (isset($_GET['do']) && $_GET['do'] == 'delete') { if (isset($_GET['do']) && $_GET['do'] === 'delete') {
Blog::deleteTask($blog_id, (int) $_GET['task_id']); Blog::deleteTask($blog_id, (int) $_GET['task_id']);
Display::addFlash( Display::addFlash(
Display::return_message(get_lang('TaskDeleted'), 'success') Display::return_message(get_lang('TaskDeleted'), 'success')
); );
} }
if (isset($_GET['do']) && $_GET['do'] == 'delete_assignment') { if (isset($_GET['do']) && $_GET['do'] === 'delete_assignment') {
Blog::deleteAssignedTask($blog_id, intval($_GET['task_id']), intval($_GET['user_id'])); Blog::deleteAssignedTask($blog_id, intval($_GET['task_id']), intval($_GET['user_id']));
Display::addFlash( Display::addFlash(
Display::return_message(get_lang('TaskAssignmentDeleted'), 'success') Display::return_message(get_lang('TaskAssignmentDeleted'), 'success')
@ -150,10 +146,10 @@ if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks') {
} }
} }
if (isset($_GET['action']) && $_GET['action'] == 'view_post') { if (isset($_GET['action']) && $_GET['action'] === 'view_post') {
$task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0; $task_id = (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0;
if (isset($_GET['do']) && $_GET['do'] == 'delete_comment') { if (isset($_GET['do']) && $_GET['do'] === 'delete_comment') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) { if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) {
Blog::deleteComment($blog_id, (int) $_GET['post_id'], (int) $_GET['comment_id']); Blog::deleteComment($blog_id, (int) $_GET['post_id'], (int) $_GET['comment_id']);
Display::addFlash( Display::addFlash(
@ -166,7 +162,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
} }
} }
if (isset($_GET['do']) && $_GET['do'] == 'delete_article') { if (isset($_GET['do']) && $_GET['do'] === 'delete_article') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) { if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) {
Blog::deletePost($blog_id, (int) $_GET['article_id']); Blog::deletePost($blog_id, (int) $_GET['article_id']);
$action = ''; // Article is gone, go to blog home $action = ''; // Article is gone, go to blog home
@ -179,8 +175,8 @@ if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
); );
} }
} }
if (isset($_GET['do']) && $_GET['do'] == 'rate') { if (isset($_GET['do']) && $_GET['do'] === 'rate') {
if (isset($_GET['type']) && $_GET['type'] == 'post') { if (isset($_GET['type']) && $_GET['type'] === 'post') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_rate')) { if (api_is_allowed('BLOG_'.$blog_id, 'article_rate')) {
Blog::addRating('post', $blog_id, (int) $_GET['post_id'], (int) $_GET['rating']); Blog::addRating('post', $blog_id, (int) $_GET['post_id'], (int) $_GET['rating']);
Display::addFlash( Display::addFlash(
@ -188,7 +184,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'view_post') {
); );
} }
} }
if (isset($_GET['type']) && $_GET['type'] == 'comment') { if (isset($_GET['type']) && $_GET['type'] === 'comment') {
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add')) { if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_add')) {
Blog::addRating('comment', $blog_id, (int) $_GET['comment_id'], (int) $_GET['rating']); Blog::addRating('comment', $blog_id, (int) $_GET['comment_id'], (int) $_GET['rating']);
Display::addFlash( Display::addFlash(
@ -259,13 +255,11 @@ if (api_is_allowed('BLOG_'.$blog_id, 'member_management')) {
$titleBlog = Blog::getBlogTitle($blog_id); $titleBlog = Blog::getBlogTitle($blog_id);
$descriptionBlog = Blog::getBlogSubtitle($blog_id); $descriptionBlog = Blog::getBlogSubtitle($blog_id);
$idBlog = $blog_id; $idBlog = $blog_id;
$searchBlog = isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : ''; $searchBlog = isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : '';
//calendar blog //calendar blog
$month = isset($_GET['month']) ? (int) $_GET['month'] : (int) date('m'); $month = isset($_GET['month']) ? (int) $_GET['month'] : (int) date('m');
$year = isset($_GET['year']) ? (int) $_GET['year'] : date('Y'); $year = isset($_GET['year']) ? (int) $_GET['year'] : date('Y');
$calendarBlog = Blog::displayMiniMonthCalendar($month, $year, $blog_id); $calendarBlog = Blog::displayMiniMonthCalendar($month, $year, $blog_id);
//task blogs
$taskBlog = Blog::getPersonalTasksList(); $taskBlog = Blog::getPersonalTasksList();
if (isset($flag) && $flag == '1') { if (isset($flag) && $flag == '1') {
@ -274,7 +268,6 @@ if (isset($flag) && $flag == '1') {
} }
$user_task = false; $user_task = false;
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
if (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) { if (isset($_GET['task_id']) && is_numeric($_GET['task_id'])) {
@ -307,6 +300,7 @@ $tpl->assign('id_blog', $idBlog);
$tpl->assign('calendar', $calendarBlog); $tpl->assign('calendar', $calendarBlog);
$tpl->assign('search', $searchBlog); $tpl->assign('search', $searchBlog);
$tpl->assign('task', $taskBlog); $tpl->assign('task', $taskBlog);
$tpl->assign('blog_url', $taskBlog);
$blogLayout = null; $blogLayout = null;
switch ($action) { switch ($action) {
@ -367,19 +361,19 @@ switch ($action) {
case 'manage_tasks': case 'manage_tasks':
if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) { if (api_is_allowed('BLOG_'.$blog_id, 'task_management')) {
$task = null; $task = null;
if (isset($_GET['do']) && $_GET['do'] == 'add') { if (isset($_GET['do']) && $_GET['do'] === 'add') {
$task .= Blog::displayTaskCreateForm($blog_id); $task .= Blog::displayTaskCreateForm($blog_id);
} }
if (isset($_GET['do']) && $_GET['do'] == 'assign') { if (isset($_GET['do']) && $_GET['do'] === 'assign') {
$task .= Blog::displayTaskAssignmentForm($blog_id); $task .= Blog::displayTaskAssignmentForm($blog_id);
} }
if (isset($_GET['do']) && $_GET['do'] == 'edit') { if (isset($_GET['do']) && $_GET['do'] === 'edit') {
$task .= Blog::displayTaskEditForm( $task .= Blog::displayTaskEditForm(
$blog_id, $blog_id,
intval($_GET['task_id']) intval($_GET['task_id'])
); );
} }
if (isset($_GET['do']) && $_GET['do'] == 'edit_assignment') { if (isset($_GET['do']) && $_GET['do'] === 'edit_assignment') {
$task .= Blog::displayAssignedTaskEditForm( $task .= Blog::displayAssignedTaskEditForm(
$blog_id, $blog_id,
intval($_GET['task_id']), intval($_GET['task_id']),

196
main/inc/lib/blog.lib.php
Unescape View File

@ -1,11 +1,11 @@
<?php <?php
/* For licensing terms, see /license.txt */ /* For licensing terms, see /license.txt */
/** /**
* Class Blog. * Class Blog.
* *
* Contains several functions dealing with displaying, * Contains several functions dealing with displaying editing of a blog
* editing,... of a blog
* *
* @author Toon Keppens <toon@vi-host.net> * @author Toon Keppens <toon@vi-host.net>
* @author Julio Montoya - Cleaning code * @author Julio Montoya - Cleaning code
@ -872,6 +872,7 @@ class Blog
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$blog_id = intval($_GET['blog_id']); $blog_id = intval($_GET['blog_id']);
$cidReq = api_get_cidreq();
if ($_user['user_id']) { if ($_user['user_id']) {
$sql = "SELECT task_rel_user.*, task.title, blog.blog_name $sql = "SELECT task_rel_user.*, task.title, blog.blog_name
@ -887,14 +888,16 @@ class Blog
task_rel_user.c_id = $course_id AND task_rel_user.c_id = $course_id AND
task_rel_user.user_id = ".$_user['user_id']." task_rel_user.user_id = ".$_user['user_id']."
ORDER BY target_date ASC"; ORDER BY target_date ASC";
$result = Database::query($sql); $result = Database::query($sql);
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.$cidReq.'&action=execute_task';
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
$html .= '<ul>'; $html .= '<ul>';
while ($mytask = Database::fetch_array($result)) { while ($mytask = Database::fetch_array($result)) {
$html .= '<li> $html .= '<li>
<a href="blog.php?action=execute_task&blog_id='.$mytask['blog_id'].'&task_id='.intval($mytask['task_id']).'" title="[Blog: '.stripslashes($mytask['blog_name']).'] '.get_lang('ExecuteThisTask').'">'. <a
href="'.$url.'&blog_id='.$mytask['blog_id'].'&task_id='.intval($mytask['task_id']).'"
title="[Blog: '.stripslashes($mytask['blog_name']).'] '.
get_lang('ExecuteThisTask').'">'.
stripslashes($mytask['title']).'</a></li>'; stripslashes($mytask['title']).'</a></li>';
} }
$html .= '<ul>'; $html .= '<ul>';
@ -1101,6 +1104,7 @@ class Blog
global $charset; global $charset;
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$courseParams = api_get_cidreq();
$blog_id = intval($blog_id); $blog_id = intval($blog_id);
$post_id = intval($post_id); $post_id = intval($post_id);
@ -1141,14 +1145,23 @@ class Blog
$post_text = make_clickable(stripslashes($blog_post['full_text'])); $post_text = make_clickable(stripslashes($blog_post['full_text']));
$post_text = stripslashes($post_text); $post_text = stripslashes($post_text);
$blogUrl = api_get_path(WEB_CODE_PATH).'blog/blog.php?blog_id='.$blog_id.
'&post_id='.$post_id.'&article_id='.$blog_post['post_id'].'&task_id='.$task_id.'&'.api_get_cidreq();
if (api_is_allowed('BLOG_'.$blog_id, 'article_edit', $task_id)) { if (api_is_allowed('BLOG_'.$blog_id, 'article_edit', $task_id)) {
$blogActions .= '<a class="btn btn-default" href="blog.php?action=edit_post&blog_id='.$blog_id.'&post_id='.$post_id.'&article_id='.$blog_post['post_id'].'&task_id='.$task_id.'" title="'.get_lang('EditThisPost').'">'; $blogActions .= '<a
class="btn btn-default"
href="'.$blogUrl.'&action=edit_post"
title="'.get_lang('EditThisPost').'">';
$blogActions .= Display::return_icon('edit.png', get_lang('Edit'), null, ICON_SIZE_TINY); $blogActions .= Display::return_icon('edit.png', get_lang('Edit'), null, ICON_SIZE_TINY);
$blogActions .= '</a>'; $blogActions .= '</a>';
} }
if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) { if (api_is_allowed('BLOG_'.$blog_id, 'article_delete', $task_id)) {
$blogActions .= '<a class="btn btn-default" href="blog.php?action=view_post&blog_id='.$blog_id.'&post_id='.$post_id.'&do=delete_article&article_id='.$blog_post['post_id'].'&task_id='.$task_id.'" title="'.get_lang( $blogActions .= '<a
class="btn btn-default"
href="'.$blogUrl.'&action=view_post&do=delete_article"
title="'.get_lang(
'DeleteThisArticle' 'DeleteThisArticle'
).'" onclick="javascript:if(!confirm(\''.addslashes( ).'" onclick="javascript:if(!confirm(\''.addslashes(
api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset) api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)
@ -1213,12 +1226,10 @@ class Blog
$tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_users = Database::get_main_table(TABLE_MAIN_USER);
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
$charset = api_get_system_encoding(); $charset = api_get_system_encoding();
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$blog_id = intval($blog_id); $blog_id = intval($blog_id);
$post_id = intval($post_id); $post_id = intval($post_id);
$task_id = intval($task_id); $task_id = intval($task_id);
$listComments = []; $listComments = [];
// Select top level comments // Select top level comments
$next_level = $current_level + 1; $next_level = $current_level + 1;
@ -1236,12 +1247,12 @@ class Blog
$result = Database::query($sql); $result = Database::query($sql);
$html = null; $html = null;
$cidReq = api_get_cidreq();
while ($comment = Database::fetch_array($result)) { while ($comment = Database::fetch_array($result)) {
$commentActions = null; $commentActions = null;
$ratingSelect = null; $ratingSelect = null;
$comment_text = make_clickable(stripslashes($comment['comment'])); $comment_text = make_clickable(stripslashes($comment['comment']));
$comment_text = stripslashes($comment_text); $comment_text = stripslashes($comment_text);
$commentActions .= Display::toolbarButton( $commentActions .= Display::toolbarButton(
get_lang('ReplyToThisComment'), get_lang('ReplyToThisComment'),
'#', '#',
@ -1252,7 +1263,10 @@ class Blog
); );
if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) { if (api_is_allowed('BLOG_'.$blog_id, 'article_comments_delete', $task_id)) {
$commentActions .= ' <a class="btn btn-default" href="blog.php?action=view_post&blog_id='.$blog_id.'&post_id='.$post_id.'&do=delete_comment&comment_id='.$comment['comment_id'].'&task_id='.$task_id.'" title="'.get_lang( $commentActions .= ' <a
class="btn btn-default"
href="blog.php?'.$cidReq.'&action=view_post&blog_id='.$blog_id.'&post_id='.$post_id.'&do=delete_comment&comment_id='.$comment['comment_id'].'&task_id='.$task_id.'"
title="'.get_lang(
'DeleteThisComment' 'DeleteThisComment'
).'" onclick="javascript:if(!confirm(\''.addslashes( ).'" onclick="javascript:if(!confirm(\''.addslashes(
api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset) api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)
@ -1337,7 +1351,7 @@ class Blog
$type = Database::escape_string($type); $type = Database::escape_string($type);
$html = null; $html = null;
if ($type == 'post') { if ($type === 'post') {
// Check if the user has already rated this post // Check if the user has already rated this post
$sql = "SELECT rating_id FROM $tbl_blogs_rating $sql = "SELECT rating_id FROM $tbl_blogs_rating
WHERE c_id = $course_id AND WHERE c_id = $course_id AND
@ -1347,12 +1361,38 @@ class Blog
AND user_id = ".$_user['user_id']; AND user_id = ".$_user['user_id'];
$result = Database::query($sql); $result = Database::query($sql);
// Add rating // Add rating
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq();
if (Database::num_rows($result) == 0) { if (Database::num_rows($result) == 0) {
$html .= '<form class="form-horizontal" method="get" action="blog.php" id="frm_rating_'.$type.'_'.$post_id.'" name="frm_rating_'.$type.'_'.$post_id.'">'; $html .= '<form
class="form-horizontal"
method="get"
action="'.$url.'"
id="frm_rating_'.$type.'_'.$post_id.'"
name="frm_rating_'.$type.'_'.$post_id.'">';
$html .= '<div class="form-group">'; $html .= '<div class="form-group">';
$html .= '<label class="col-sm-3 control-label">'.get_lang('RateThis').'</label>'; $html .= '<label class="col-sm-3 control-label">'.get_lang('RateThis').'</label>';
$html .= '<div class="col-sm-9">'; $html .= '<div class="col-sm-9">';
$html .= '<select class="selectpicker" name="rating" onchange="document.forms[\'frm_rating_'.$type.'_'.$post_id.'\'].submit()"><option value="">-</option><option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option value="5">5</option><option value="6">6</option><option value="7">7</option><option value="8">8</option><option value="9">9</option><option value="10">10</option></select><input type="hidden" name="action" value="view_post" /><input type="hidden" name="type" value="'.$type.'" /><input type="hidden" name="do" value="rate" /><input type="hidden" name="blog_id" value="'.$blog_id.'" /><input type="hidden" name="post_id" value="'.$post_id.'" />'; $html .= '<select
class="selectpicker"
name="rating"
onchange="document.forms[\'frm_rating_'.$type.'_'.$post_id.'\'].submit()">
<option value="">-</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select>
<input type="hidden" name="action" value="view_post" />
<input type="hidden" name="type" value="'.$type.'" />
<input type="hidden" name="do" value="rate" />
<input type="hidden" name="blog_id" value="'.$blog_id.'" />
<input type="hidden" name="post_id" value="'.$post_id.'" />';
$html .= '</div>'; $html .= '</div>';
$html .= '</div>'; $html .= '</div>';
$html .= '</form>'; $html .= '</form>';
@ -1371,13 +1411,31 @@ class Blog
AND rating_type = '$type' AND rating_type = '$type'
AND user_id = ".$_user['user_id']; AND user_id = ".$_user['user_id'];
$result = Database::query($sql); $result = Database::query($sql);
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq();
if (Database::num_rows($result) == 0) { if (Database::num_rows($result) == 0) {
$html .= '<form class="form-horizontal" method="get" action="blog.php" id="frm_rating_'.$type.'_'.$comment_id.'" name="frm_rating_'.$type.'_'.$comment_id.'">'; $html .= '<form
class="form-horizontal"
method="get"
action="'.$url.'"
id="frm_rating_'.$type.'_'.$comment_id.'" name="frm_rating_'.$type.'_'.$comment_id.'">';
$html .= '<div class="form-group">'; $html .= '<div class="form-group">';
$html .= '<label class="col-sm-3 control-label">'.get_lang('RateThis').'</label>'; $html .= '<label class="col-sm-3 control-label">'.get_lang('RateThis').'</label>';
$html .= '<div class="col-sm-9">'; $html .= '<div class="col-sm-9">';
$html .= '<select class="selectpicker" name="rating" onchange="document.forms[\'frm_rating_'.$type.'_'.$comment_id.'\'].submit()">'; $html .= '<select
$html .= '<option value="">-</option><option value="1">1</option><option value="2">2</option><option value="3">3</option><option value="4">4</option><option value="5">5</option><option value="6">6</option><option value="7">7</option><option value="8">8</option><option value="9">9</option><option value="10">10</option> class="selectpicker"
name="rating"
onchange="document.forms[\'frm_rating_'.$type.'_'.$comment_id.'\'].submit()">';
$html .= '<option value="">-</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
</select> </select>
<input type="hidden" name="action" value="view_post" /> <input type="hidden" name="action" value="view_post" />
<input type="hidden" name="type" value="'.$type.'" /> <input type="hidden" name="type" value="'.$type.'" />
@ -1657,11 +1715,12 @@ class Blog
$result = Database::query($sql); $result = Database::query($sql);
$blog_post = Database::fetch_array($result); $blog_post = Database::fetch_array($result);
// Form
$form = new FormValidator( $form = new FormValidator(
'edit_post', 'edit_post',
'post', 'post',
api_get_path(WEB_CODE_PATH).'blog/blog.php?action=edit_post&post_id='.intval($_GET['post_id']).'&blog_id='.intval($blog_id).'&article_id='.intval($_GET['article_id']).'&task_id='.intval($_GET['task_id']) api_get_path(WEB_CODE_PATH).
'blog/blog.php?action=edit_post&post_id='.intval($_GET['post_id']).'&blog_id='.intval($blog_id).
'&article_id='.intval($_GET['article_id']).'&task_id='.intval($_GET['task_id']).'&'.api_get_cidreq()
); );
$form->addHeader(get_lang('EditPost')); $form->addHeader(get_lang('EditPost'));
@ -1839,10 +1898,12 @@ class Blog
$return .= '<td>'.stripslashes($assignment['description']).'</td>'; $return .= '<td>'.stripslashes($assignment['description']).'</td>';
$return .= '<td>'.$assignment['target_date'].'</td>'; $return .= '<td>'.$assignment['target_date'].'</td>';
$return .= '<td width="50">'; $return .= '<td width="50">';
$return .= '<a href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=edit_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'">'; $return .= '<a
href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=edit_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'">';
$return .= Display::return_icon('edit.png', get_lang('EditTask')); $return .= Display::return_icon('edit.png', get_lang('EditTask'));
$return .= "</a>"; $return .= "</a>";
$return .= '<a href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=delete_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'" '; $return .= '<a
href="'.api_get_self().'?action=manage_tasks&blog_id='.$assignment['blog_id'].'&do=delete_assignment&task_id='.$assignment['task_id'].'&user_id='.$assignment['user_id'].'&'.api_get_cidreq().'" ';
$return .= 'onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)).'\')) return false;"'; $return .= 'onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)).'\')) return false;"';
$return .= Display::return_icon($delete_icon, $delete_title); $return .= Display::return_icon($delete_icon, $delete_title);
$return .= "</a>"; $return .= "</a>";
@ -1868,7 +1929,7 @@ class Blog
public static function displayTaskCreateForm($blog_id) public static function displayTaskCreateForm($blog_id)
{ {
$blog_id = intval($blog_id); $blog_id = intval($blog_id);
// Init
$colors = [ $colors = [
'FFFFFF', 'FFFFFF',
'FFFF99', 'FFFF99',
@ -1887,13 +1948,9 @@ class Blog
'000000', '000000',
]; ];
// form $url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq().'&action=manage_tasks';
$return = '<form name="add_task" method="post" action="blog.php?action=manage_tasks&blog_id='.$blog_id.'">'; $return = '<form name="add_task" method="post" action="'.$url.'&blog_id='.$blog_id.'">';
// form title
$return .= '<legend>'.get_lang('AddTask').'</legend>'; $return .= '<legend>'.get_lang('AddTask').'</legend>';
// task title
$return .= ' <div class="control-group"> $return .= ' <div class="control-group">
<label class="control-label"> <label class="control-label">
<span class="form_required">*</span>'.get_lang('Title').' <span class="form_required">*</span>'.get_lang('Title').'
@ -2008,17 +2065,23 @@ class Blog
$result = Database::query($sql); $result = Database::query($sql);
$task = Database::fetch_array($result); $task = Database::fetch_array($result);
// Display $url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq().'&action=manage_tasks';
$return = '<form name="edit_task" method="post" action="blog.php?action=manage_tasks&blog_id='.$blog_id.'"> $return = '<form name="edit_task" method="post" action="'.$url.'&blog_id='.$blog_id.'">
<legend>'.get_lang('EditTask').'</legend> <legend>'.get_lang('EditTask').'</legend>
<table width="100%" border="0" cellspacing="2"> <table width="100%" border="0" cellspacing="2">
<tr> <tr>
<td align="right">'.get_lang('Title').':&nbsp;&nbsp;</td> <td align="right">'.get_lang('Title').':&nbsp;&nbsp;</td>
<td><input name="task_name" type="text" size="70" value="'.Security::remove_XSS($task['title']).'" /></td> <td>
<input name="task_name" type="text" size="70" value="'.Security::remove_XSS($task['title']).'" />
</td>
</tr> </tr>
<tr> <tr>
<td align="right">'.get_lang('Description').':&nbsp;&nbsp;</td> <td align="right">'.get_lang('Description').':&nbsp;&nbsp;</td>
<td><textarea name="task_description" cols="45">'.Security::remove_XSS($task['description']).'</textarea></td> <td>
<textarea name="task_description" cols="45">'.
Security::remove_XSS($task['description']).'
</textarea>
</td>
</tr>'; </tr>';
/* edit by Kevin Van Den Haute (kevin@develop-it.be) */ /* edit by Kevin Van Den Haute (kevin@develop-it.be) */
@ -2157,9 +2220,8 @@ class Blog
$form = new FormValidator( $form = new FormValidator(
'assign_task', 'assign_task',
'post', 'post',
api_get_path( api_get_path(WEB_CODE_PATH).
WEB_CODE_PATH 'blog/blog.php?action=manage_tasks&blog_id='.$blog_id.'&'.api_get_cidreq()
).'blog/blog.php?action=manage_tasks&blog_id='.$blog_id
); );
$form->addHeader(get_lang('AssignTask')); $form->addHeader(get_lang('AssignTask'));
@ -2362,7 +2424,8 @@ class Blog
$result = Database::query($sql); $result = Database::query($sql);
// Display // Display
$return = '<span class="blogpost_title">'.get_lang('SelectTaskArticle').' "'.stripslashes($row['title']).'"</span>'; $return = '<span class="blogpost_title">'.
get_lang('SelectTaskArticle').' "'.stripslashes($row['title']).'"</span>';
$return .= '<span style="font-style: italic;"">'.stripslashes($row['description']).'</span><br><br>'; $return .= '<span style="font-style: italic;"">'.stripslashes($row['description']).'</span><br><br>';
if (Database::num_rows($result) == 0) { if (Database::num_rows($result) == 0) {
@ -2370,10 +2433,11 @@ class Blog
return $return; return $return;
} }
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq().'&action=execute_task';
while ($blog_post = Database::fetch_array($result)) { while ($blog_post = Database::fetch_array($result)) {
$username = api_htmlentities(sprintf(get_lang('LoginX'), $blog_post['username']), ENT_QUOTES); $username = api_htmlentities(sprintf(get_lang('LoginX'), $blog_post['username']), ENT_QUOTES);
$return .= '<a href="blog.php?action=execute_task&blog_id='.$blog_id.'&task_id='.$task_id.'&post_id='.$blog_post['post_id'].'#add_comment">'.stripslashes( $return .= '<a href="'.$url.'&blog_id='.$blog_id.'&task_id='.$task_id.'&post_id='.$blog_post['post_id'].'#add_comment">'.
stripslashes(
$blog_post['title'] $blog_post['title']
).'</a>, '.get_lang('WrittenBy').' '.stripslashes( ).'</a>, '.get_lang('WrittenBy').' '.stripslashes(
Display::tag( Display::tag(
@ -2515,13 +2579,18 @@ class Blog
// Display // Display
$query_vars['action'] = 'manage_members'; $query_vars['action'] = 'manage_members';
$query_vars['blog_id'] = $blog_id; $query_vars['blog_id'] = $blog_id;
$html .= '<form class="form-inline" method="post" action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">'; $html .= '<form
class="form-inline"
method="post"
action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">';
$html .= Display::return_sortable_table($column_header, $user_data, null, null, $query_vars); $html .= Display::return_sortable_table($column_header, $user_data, null, null, $query_vars);
$link = isset($_GET['action']) ? 'action='.Security::remove_XSS($_GET['action']).'&' : ''; $link = isset($_GET['action']) ? 'action='.Security::remove_XSS($_GET['action']).'&' : '';
$link .= "blog_id=$blog_id&".api_get_cidreq(); $link .= "blog_id=$blog_id&".api_get_cidreq();
$html .= '<a class="btn btn-default" href="blog.php?'.$link.'selectall=subscribe">'.get_lang('SelectAll').'</a> - '; $html .= '<a
class="btn btn-default" href="blog.php?'.$link.'selectall=subscribe">'.
get_lang('SelectAll').'</a> - ';
$html .= '<a class="btn btn-default" href="blog.php?'.$link.'">'.get_lang('UnSelectAll').'</a> '; $html .= '<a class="btn btn-default" href="blog.php?'.$link.'">'.get_lang('UnSelectAll').'</a> ';
$html .= '<div class="form-group">'; $html .= '<div class="form-group">';
$html .= '<label>'; $html .= '<label>';
@ -2590,7 +2659,10 @@ class Blog
$user_data = []; $user_data = [];
while ($myrow = Database::fetch_array($sql_result)) { while ($myrow = Database::fetch_array($sql_result)) {
$row = []; $row = [];
$row[] = '<input type="checkbox" name="user[]" value="'.$myrow['user_id'].'" '.((isset($_GET['selectall']) && $_GET['selectall'] == "unsubscribe") ? ' checked="checked" ' : '').'/>'; $row[] = '<input
type="checkbox"
name="user[]"
value="'.$myrow['user_id'].'" '.((isset($_GET['selectall']) && $_GET['selectall'] == "unsubscribe") ? ' checked="checked" ' : '').'/>';
$username = api_htmlentities(sprintf(get_lang('LoginX'), $myrow["username"]), ENT_QUOTES); $username = api_htmlentities(sprintf(get_lang('LoginX'), $myrow["username"]), ENT_QUOTES);
if ($is_western_name_order) { if ($is_western_name_order) {
$row[] = $myrow["firstname"]; $row[] = $myrow["firstname"];
@ -2618,13 +2690,10 @@ class Blog
btu.blog_id = $blog_id AND btu.blog_id = $blog_id AND
btu.user_id = ".$myrow['user_id']; btu.user_id = ".$myrow['user_id'];
$sql_res = Database::query($sql); $sql_res = Database::query($sql);
$task = ''; $task = '';
while ($r = Database::fetch_array($sql_res)) { while ($r = Database::fetch_array($sql_res)) {
$task .= stripslashes($r['task']).', '; $task .= stripslashes($r['task']).', ';
} }
//echo $task;
$task = (api_strlen(trim($task)) != 0) ? api_substr($task, 0, api_strlen($task) - 2) : get_lang('Reader'); $task = (api_strlen(trim($task)) != 0) ? api_substr($task, 0, api_strlen($task) - 2) : get_lang('Reader');
$row[] = $task; $row[] = $task;
//Link to register users //Link to register users
@ -2643,7 +2712,10 @@ class Blog
$query_vars['action'] = 'manage_members'; $query_vars['action'] = 'manage_members';
$query_vars['blog_id'] = $blog_id; $query_vars['blog_id'] = $blog_id;
$html .= '<form class="form-inline" method="post" action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">'; $html .= '<form
class="form-inline"
method="post"
action="blog.php?action=manage_members&blog_id='.$blog_id.'&'.api_get_cidreq().'">';
$html .= Display::return_sortable_table($column_header, $user_data, null, null, $query_vars); $html .= Display::return_sortable_table($column_header, $user_data, null, null, $query_vars);
$link = isset($_GET['action']) ? 'action='.Security::remove_XSS($_GET['action']).'&' : ''; $link = isset($_GET['action']) ? 'action='.Security::remove_XSS($_GET['action']).'&' : '';
@ -2702,7 +2774,6 @@ class Blog
*/ */
public static function displayMiniMonthCalendar($month, $year, $blog_id) public static function displayMiniMonthCalendar($month, $year, $blog_id)
{ {
// Init
$_user = api_get_user_info(); $_user = api_get_user_info();
global $DaysShort; global $DaysShort;
global $MonthsLong; global $MonthsLong;
@ -2732,15 +2803,13 @@ class Blog
//Get the first day of the month //Get the first day of the month
$dayone = getdate(mktime(0, 0, 0, $month, 1, $year)); $dayone = getdate(mktime(0, 0, 0, $month, 1, $year));
$monthName = $MonthsLong[$month - 1]; $monthName = $MonthsLong[$month - 1];
$url = api_get_path(WEB_CODE_PATH).'blog/blog.php?'.api_get_cidreq();
//Start the week on monday //Start the week on monday
$startdayofweek = $dayone['wday'] != 0 ? ($dayone['wday'] - 1) : 6; $startdayofweek = $dayone['wday'] != 0 ? ($dayone['wday'] - 1) : 6;
$blogId = isset($_GET['blog_id']) ? intval($_GET['blog_id']) : null; $blogId = isset($_GET['blog_id']) ? intval($_GET['blog_id']) : null;
$filter = isset($_GET['filter']) ? Security::remove_XSS($_GET['filter']) : null; $filter = isset($_GET['filter']) ? Security::remove_XSS($_GET['filter']) : null;
$backwardsURL = api_get_self( $backwardsURL = $url."&blog_id=".$blogId."&filter=".$filter."&month=".($month == 1 ? 12 : $month - 1)."&year=".($month == 1 ? $year - 1 : $year);
)."?blog_id=".$blogId."&filter=".$filter."&month=".($month == 1 ? 12 : $month - 1)."&year=".($month == 1 ? $year - 1 : $year); $forewardsURL = $url."&blog_id=".$blogId."&filter=".$filter."&month=".($month == 12 ? 1 : $month + 1)."&year=".($month == 12 ? $year + 1 : $year);
$forewardsURL = api_get_self(
)."?blog_id=".$blogId."&filter=".$filter."&month=".($month == 12 ? 1 : $month + 1)."&year=".($month == 12 ? $year + 1 : $year);
// Get posts for this month // Get posts for this month
$sql = "SELECT post.*, DAYOFMONTH(date_creation) as post_day, user.lastname, user.firstname $sql = "SELECT post.*, DAYOFMONTH(date_creation) as post_day, user.lastname, user.firstname
@ -2754,7 +2823,6 @@ class Blog
YEAR(date_creation) = '$year' YEAR(date_creation) = '$year'
ORDER BY date_creation"; ORDER BY date_creation";
$result = Database::query($sql); $result = Database::query($sql);
// We will create an array of days on which there are posts. // We will create an array of days on which there are posts.
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
while ($blog_post = Database::fetch_array($result)) { while ($blog_post = Database::fetch_array($result)) {
@ -2786,7 +2854,6 @@ class Blog
YEAR(target_date) = '$year' YEAR(target_date) = '$year'
ORDER BY target_date ASC"; ORDER BY target_date ASC";
$result = Database::query($sql); $result = Database::query($sql);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
while ($mytask = Database::fetch_array($result)) { while ($mytask = Database::fetch_array($result)) {
$tasks[$mytask['task_day']][$mytask['task_id']]['task_id'] = $mytask['task_id']; $tasks[$mytask['task_day']][$mytask['task_id']]['task_id'] = $mytask['task_id'];
@ -2805,13 +2872,10 @@ class Blog
<th width="10%" align="right"><a href="'.$forewardsURL.'">&raquo;</a></th></tr>'; <th width="10%" align="right"><a href="'.$forewardsURL.'">&raquo;</a></th></tr>';
$html .= '<tr>'; $html .= '<tr>';
for ($ii = 1; $ii < 8; $ii++) { for ($ii = 1; $ii < 8; $ii++) {
$html .= '<td class="weekdays">'.$DaysShort[$ii % 7].'</td>'; $html .= '<td class="weekdays">'.$DaysShort[$ii % 7].'</td>';
} }
$html .= '</tr>'; $html .= '</tr>';
$curday = -1; $curday = -1;
$today = getdate(); $today = getdate();
@ -2832,12 +2896,11 @@ class Blog
} }
$html .= '<td '.$class.'>'; $html .= '<td '.$class.'>';
// If there are posts on this day, create a filter link. // If there are posts on this day, create a filter link.
if (in_array($curday, $posts)) { if (in_array($curday, $posts)) {
$html .= '<a href="blog.php?blog_id='.$blog_id.'&filter='.$year.'-'.$month.'-'.$curday.'&month='.$month.'&year='.$year.'" title="'.get_lang( $html .= '<a
'ViewPostsOfThisDay' href="'.$url.'&blog_id='.$blog_id.'&filter='.$year.'-'.$month.'-'.$curday.'&month='.$month.'&year='.$year.'"
).'">'.$curday.'</a>'; title="'.get_lang('ViewPostsOfThisDay').'">'.$curday.'</a>';
} else { } else {
$html .= $dayheader; $html .= $dayheader;
} }
@ -2846,7 +2909,8 @@ class Blog
if (isset($tasks[$curday]) && is_array($tasks[$curday])) { if (isset($tasks[$curday]) && is_array($tasks[$curday])) {
// Add tasks to calendar // Add tasks to calendar
foreach ($tasks[$curday] as $task) { foreach ($tasks[$curday] as $task) {
$html .= '<a href="blog.php?action=execute_task&blog_id='.$task['blog_id'].'&task_id='.stripslashes($task['task_id']).'" title="'.$task['title'].' : '.get_lang('InBlog').' : '.$task['blog_name'].' - '.get_lang('ExecuteThisTask').'">'; $html .= '<a
href="blog.php?action=execute_task&blog_id='.$task['blog_id'].'&task_id='.stripslashes($task['task_id']).'" title="'.$task['title'].' : '.get_lang('InBlog').' : '.$task['blog_name'].' - '.get_lang('ExecuteThisTask').'">';
$html .= Display::return_icon('blog_task.gif', get_lang('ExecuteThisTask')); $html .= Display::return_icon('blog_task.gif', get_lang('ExecuteThisTask'));
$html .= '</a>'; $html .= '</a>';
} }
@ -2874,7 +2938,7 @@ class Blog
$form = new FormValidator( $form = new FormValidator(
'add_blog', 'add_blog',
'post', 'post',
'blog_admin.php?action=add' 'blog_admin.php?action=add&'.api_get_cidreq()
); );
$form->addElement('header', get_lang('AddBlog')); $form->addElement('header', get_lang('AddBlog'));
$form->addElement('text', 'blog_name', get_lang('Title')); $form->addElement('text', 'blog_name', get_lang('Title'));
@ -3150,7 +3214,9 @@ class Blog
'blog_article.png', 'blog_article.png',
get_lang('BlogPosts') get_lang('BlogPosts')
).' '. ).' '.
$row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<div style="float:right;margin-top:-18px"><a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.$courseCode.' " >'. $row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<div style="float:right;margin-top:-18px">
<a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.$courseCode.' " >'.
get_lang('SeeBlog').'</a></div></div>'; get_lang('SeeBlog').'</a></div></div>';
$return_data .= '<br / >'; $return_data .= '<br / >';
$return_data .= $row['full_text']; $return_data .= $row['full_text'];
@ -3193,7 +3259,9 @@ class Blog
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
$return_data .= '<div class="clear"></div><br />'; $return_data .= '<div class="clear"></div><br />';
$return_data .= '<div class="actions" style="margin-left:5px;margin-right:5px;">'. $return_data .= '<div class="actions" style="margin-left:5px;margin-right:5px;">'.
$row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<div style="float:right;margin-top:-18px"><a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.Security::remove_XSS($courseCode).' " >'. $row['title'].'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<div style="float:right;margin-top:-18px">
<a href="../blog/blog.php?blog_id='.$row['blog_id'].'&gidReq=&cidReq='.Security::remove_XSS($courseCode).' " >'.
get_lang('SeeBlog').'</a></div></div>'; get_lang('SeeBlog').'</a></div></div>';
$return_data .= '<br / >'; $return_data .= '<br / >';
$return_data .= $row['comment']; $return_data .= $row['comment'];

Write Preview
Loading…
Cancel
Save