chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

minor - added Security to output values inside thematic - partial BT#578

Browse Source
skala
Cristian Fasanando 16 years ago
parent b03f88b123
commit 272fd85c3a
4 changed files with 18 additions and 23 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/course_progress/thematic.php
  2. 20
      main/course_progress/thematic_controller.php
  3. 2
      main/course_progress/thematic_plan.php
  4. 11
      main/inc/lib/thematic.lib.php

8
main/course_progress/thematic.php
Unescape View File

@ -38,7 +38,7 @@ if ($action == 'thematic_list') {
// display title
if (!empty($thematic_id)) {
echo '<div><strong>'.$thematic_data[$thematic_id]['title'].': '.get_lang('Details').'</strong></div><br />';
echo '<div><strong>'.Security::remove_XSS($thematic_data[$thematic_id]['title'], STUDENT).': '.get_lang('Details').'</strong></div><br />';
} else {
echo '<div><strong>'.get_lang('ThematicDetails').'</strong></div><br />';
// display information
@ -65,7 +65,7 @@ if ($action == 'thematic_list') {
echo '<tr>';
// display thematic data
echo '<td><div><strong>'.$thematic['title'].'</strong></div><div>'.$thematic['content'].'</div></td>';
echo '<td><div><strong>'.Security::remove_XSS($thematic['title'], STUDENT).'</strong></div><div>'.Security::remove_XSS($thematic['content'], STUDENT).'</div></td>';
// display thematic plan data
echo '<td>';
@ -74,7 +74,7 @@ if ($action == 'thematic_list') {
}
if (!empty($thematic_plan_data[$thematic['id']])) {
foreach ($thematic_plan_data[$thematic['id']] as $thematic_plan) {
echo '<div><strong>'.$thematic_plan['title'].'</strong></div><div>'.$thematic_plan['description'].'</div>';
echo '<div><strong>'.Security::remove_XSS($thematic_plan['title'], STUDENT).'</strong></div><div>'.Security::remove_XSS($thematic_plan['description'], STUDENT).'</div>';
}
} else {
echo '<div><em>'.get_lang('StillDoNotHaveAThematicPlan').'</em></div>';
@ -92,7 +92,7 @@ if ($action == 'thematic_list') {
echo '<tr>';
echo '<td width="90%">';
echo '<div><strong>'.api_convert_and_format_date($thematic_advance['start_date'], DATE_TIME_FORMAT_LONG, date_default_timezone_get()).'</strong></div>';
echo '<div>'.$thematic_advance['content'].'</div>';
echo '<div>'.Security::remove_XSS($thematic_advance['content'], STUDENT).'</div>';
echo '<div>'.get_lang('DurationInHours').' : '.$thematic_advance['duration'].'</div>';
echo '</td>';
if (empty($thematic_id) && api_is_allowed_to_edit(null, true)) {

20
main/course_progress/thematic_controller.php
Unescape View File

@ -40,8 +40,8 @@ class ThematicController
// insert or update a thematic
if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
if (isset($_POST['action']) && ($_POST['action'] == 'thematic_add' || $_POST['action'] == 'thematic_edit')) {
if (!empty($_POST['title'])) {
if (isset($_POST['action']) && ($_POST['action'] == 'thematic_add' || $_POST['action'] == 'thematic_edit')) {
if (trim($_POST['title']) !== '') {
if ($_POST['thematic_token'] == $_SESSION['thematic_token']) {
$id = $_POST['thematic_id'];
$title = $_POST['title'];
@ -77,14 +77,12 @@ class ThematicController
$thematic_id = isset($_GET['thematic_id'])?intval($_GET['thematic_id']):null;
if (isset($thematic_id)) {
if (isset($thematic_id)) {
// delete a thematic
if ($action == 'thematic_delete') {
$affected_rows = $thematic->thematic_destroy($thematic_id);
$action = 'thematic_list';
}
}
// move thematic
if ($action == 'moveup') {
$thematic->move_thematic('up', $thematic_id);
@ -92,8 +90,7 @@ class ThematicController
} else if ($action == 'movedown') {
$thematic->move_thematic('down', $thematic_id);
$action = 'thematic_list';
}
}
$data['thematic_data'] = $thematic->get_thematic_list($thematic_id);
$data['thematic_id'] = $thematic_id;
}
@ -121,8 +118,7 @@ class ThematicController
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('thematic');
$this->view->render();
$this->view->render();
}
/**
@ -136,8 +132,8 @@ class ThematicController
$error = false;
if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
if (isset($_POST['action']) && ($_POST['action'] == 'thematic_plan_add' || $_POST['action'] == 'thematic_plan_edit')) {
if (!empty($_POST['title'])) {
if (isset($_POST['action']) && ($_POST['action'] == 'thematic_plan_add' || $_POST['action'] == 'thematic_plan_edit')) {
if (trim($_POST['title']) !== '') {
if ($_POST['thematic_plan_token'] == $_SESSION['thematic_plan_token']) {
$thematic_id = $_POST['thematic_id'];
$title = $_POST['title'];

2
main/course_progress/thematic_plan.php
Unescape View File

@ -41,7 +41,7 @@ if ($action == 'thematic_plan_list') {
echo '<a href="'.api_get_self().'?cidReq='.api_get_course_id().'&thematic_id='.$thematic_plan['thematic_id'].'&action=thematic_plan_edit&description_type='.$thematic_plan['description_type'].'">';
echo Display::return_icon('edit.gif', get_lang('Edit'), array('style' => 'vertical-align:middle;float:right; padding-right:4px;'));
echo '</a> ';
echo $thematic_plan['title'];
echo Security::remove_XSS($thematic_plan['title'], STUDENT);
echo '</div>';
echo '<div class="sectioncomment">';
echo text_filter($thematic_plan['description']);

11
main/inc/lib/thematic.lib.php
Unescape View File

@ -81,7 +81,7 @@ class Thematic
}
while ($thematic = Database::fetch_row($res)) {
$thematic[1] = '<a href="index.php?'.api_get_cidreq().'&action=thematic_details&thematic_id='.$thematic[0].$param_gradebook.'">'.$thematic[1].'</a>';
$thematic[1] = '<a href="index.php?'.api_get_cidreq().'&action=thematic_details&thematic_id='.$thematic[0].$param_gradebook.'">'.Security::remove_XSS($thematic[1], STUDENT).'</a>';
if (api_is_allowed_to_edit(null, true)) {
$actions = '';
$actions .= '<center><a href="index.php?'.api_get_cidreq().'&action=thematic_plan_list&thematic_id='.$thematic[0].$param_gradebook.'">'.Display::return_icon('info.gif',get_lang('ThematicPlan')).'</a>&nbsp;';
@ -280,20 +280,19 @@ class Thematic
if (!empty($affected_rows)) {
// update row item property table
api_item_property_update($_course, TOOL_COURSE_PROGRESS, $id,"delete", $user_id);
}
}
}
} else {
$thematic_id = intval($thematic_id);
$sql = "UPDATE $tbl_thematic SET active = 0 WHERE id = $thematic_id";
Database::query($sql);
$affected_rows = Database::affected_rows();
$affected_rows = Database::affected_rows();
if (!empty($affected_rows)) {
// update row item property table
api_item_property_update($_course, TOOL_COURSE_PROGRESS, $thematic_id,"delete", $user_id);
}
}
}
return $affected_rows;
return $affected_rows;
}
/**

Write Preview
Loading…
Cancel
Save