Adding intval function to querys see DT#4389

main/coursecopy/copy_course_session.php

@@ -145,7 +145,7 @@ function search_courses($id_session,$type) {
 			$sql = "SELECT c.code, c.visual_code, c.title, src.id_session
 					FROM $tbl_course c, $tbl_session_rel_course src
 					WHERE src.course_code = c.code
-					AND src.id_session = '".intval($id_session)."'";
+					AND src.id_session = '".$id_session."'";
 			$rs = Database::query($sql, __FILE__, __LINE__);
 
 			$course_list = array();

main/inc/course_document.inc.php

@@ -19,7 +19,7 @@ if(!api_is_platform_admin()){
 
 //session
 if(isset($_GET['id_session']))
-	$_SESSION['id_session'] = $_GET['id_session'];
+	$_SESSION['id_session'] = intval($_GET['id_session']);
 
 $htmlHeadXtra[] =
 "<script type=\"text/javascript\">

main/inc/local.inc.php

@@ -818,7 +818,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
 
 				if (!empty($_GET['id_session'])) {
 					$_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
-					$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"';
+					$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.intval($_SESSION['id_session']) . '"';
 					$rs = Database::query($sql,__FILE__,__LINE__);
 					list($_SESSION['session_name']) = Database::fetch_array($rs);
 				} else {
@@ -848,7 +848,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
 		if (!empty($_GET['id_session'])) {
 			$tbl_session 				= Database::get_main_table(TABLE_MAIN_SESSION);
 			$_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
-			$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"';
+			$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.intval($_SESSION['id_session']). '"';
 			$rs = Database::query($sql,__FILE__,__LINE__);
 			list($_SESSION['session_name']) = Database::fetch_array($rs);
 		}