chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add api_get_cidReq, replace remove_XSS function with intval

Browse Source
1.10.x
jmontoya 10 years ago
parent ae49b38fe2
commit 2758b3c47f
10 changed files with 69 additions and 118 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      main/forum/editpost.php
  2. 21
      main/forum/editthread.php
  3. 6
      main/forum/forumfunction.inc.php
  4. 10
      main/forum/forumqualify.php
  5. 2
      main/forum/forumsearch.php
  6. 13
      main/forum/newthread.php
  7. 2
      main/forum/reply.php
  8. 105
      main/forum/viewforum.php
  9. 6
      main/forum/viewpost.php
  10. 8
      main/forum/viewthread.php

14
main/forum/editpost.php
Unescape View File

@ -73,23 +73,23 @@ if (!empty($gradebook) && $gradebook == 'view') {
}
if ($origin == 'group') {
$_clean['toolgroup'] = (int) $_SESSION['toolgroup'];
$_clean['toolgroup'] = api_get_group_id();
$group_properties = GroupManager::get_group_properties($_clean['toolgroup']);
$interbreadcrumb[] = array('url' => '../group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq='.$_SESSION['toolgroup'], 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&gidReq='.$_SESSION['toolgroup'].'&forum='.Security::remove_XSS($_GET['forum']), 'name' => prepare4display($current_forum['forum_title']));
$interbreadcrumb[] = array('url' => '../group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&'.api_get_cidreq().'&forum='.intval($_GET['forum']), 'name' => prepare4display($current_forum['forum_title']));
$interbreadcrumb[] = array('url' => 'javascript: void (0);', 'name' => get_lang('EditPost'));
} else {
$interbreadcrumb[] = array('url' => 'index.php?'.api_get_cidreq(), 'name' => $nameTools);
$interbreadcrumb[] = array('url' => 'viewforumcategory.php?forumcategory='.$current_forum_category['cat_id'], 'name' => prepare4display($current_forum_category['cat_title']));
$interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => prepare4display($current_forum['forum_title']));
$interbreadcrumb[] = array('url' => 'viewthread.php?'.api_get_cidreq().'&origin='.$origin.'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']), 'name' => prepare4display($current_thread['thread_title']));
$interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.intval($_GET['forum']), 'name' => prepare4display($current_forum['forum_title']));
$interbreadcrumb[] = array('url' => 'viewthread.php?'.api_get_cidreq().'&origin='.$origin.'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']), 'name' => prepare4display($current_thread['thread_title']));
$interbreadcrumb[] = array('url' => 'javascript: void (0);', 'name' => get_lang('EditPost'));
}
/* Resource Linker */
if (isset($_POST['add_resources']) AND $_POST['add_resources'] == get_lang('Resources')) {
if (isset($_POST['add_resources']) && $_POST['add_resources'] == get_lang('Resources')) {
$_SESSION['formelements'] = $_POST;
$_SESSION['origin'] = $_SERVER['REQUEST_URI'];
$_SESSION['breadcrumbs'] = $interbreadcrumb;
@ -182,7 +182,7 @@ if ($origin != 'learnpath') {
echo '<a href="index.php?'.api_get_cidreq().'">'.
Display::return_icon('back.png', get_lang('BackToForumOverview'), '', ICON_SIZE_MEDIUM).'</a>';
}
echo '<a href="viewforum.php?forum='.Security::remove_XSS($_GET['forum']).'&gidReq='.Security::remove_XSS($_GET['gidReq']).'&origin='.$origin.'">'.
echo '<a href="viewforum.php?forum='.intval($_GET['forum']).'&'.api_get_cidreq().'&origin='.$origin.'">'.
Display::return_icon('forum.png', get_lang('BackToForum'), '', ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
}

21
main/forum/editthread.php
Unescape View File

@ -10,7 +10,6 @@
use ChamiloSession as Session;
// Including the global initialization file.
require_once '../inc/global.inc.php';
// The section (tabs).
@ -19,7 +18,6 @@ $this_section = SECTION_COURSES;
api_protect_course_script(true);
$cidreq = api_get_cidreq();
$nameTools = get_lang('ToolForum');
/* Including necessary files */
@ -53,14 +51,9 @@ if (!empty($gradebook) && $gradebook == 'view') {
);
}
if (!empty($_GET['gidReq'])) {
$toolgroup = intval($_GET['gidReq']);
Session::write('toolgroup',$toolgroup);
}
$threadId = isset($_GET['thread']) ? intval($_GET['thread']) : 0;
$courseInfo = isset($_GET['cidReq']) ? api_get_course_info($_GET['cidReq']) : 0;
$cId = isset($courseInfo['real_id']) ? intval($courseInfo['real_id']) : 0;
$cId = isset($courseInfo['real_id']) ? intval($courseInfo['real_id']) : 0;
/* Is the user allowed here? */
@ -113,12 +106,12 @@ if (!empty($groupId)) {
$groupProperties = GroupManager :: get_group_properties($groupId);
$interbreadcrumb[] = array('url' => '../group/group.php?'.$cidreq, 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?'.$cidreq, 'name' => get_lang('GroupSpace').' '.$groupProperties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('EditThread'));
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $currentForum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.intval($_GET['forum']),'name' => get_lang('EditThread'));
} else {
$interbreadcrumb[] = array('url' => 'index.php?'.$cidreq, 'name' => $nameTools);
$interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.$cidreq.'&forumcategory='.$currentForumCategory['cat_id'], 'name' => $currentForumCategory['cat_title']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $currentForum['forum_title']);
$interbreadcrumb[] = array('url' => '#', 'name' => get_lang('EditThread'));
}
@ -129,13 +122,13 @@ $tableLink = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$htmlHeadXtra[] = <<<JS
<script>
$(document).on('ready', function() {
if ($('#thread_qualify_gradebook').is(':checked') == true) {
document.getElementById('options_field').style.display = 'block';
} else {
document.getElementById('options_field').style.display = 'none';
}
$('#thread_qualify_gradebook').click(function() {
if ($('#thread_qualify_gradebook').is(':checked') == true) {
document.getElementById('options_field').style.display = 'block';
@ -175,7 +168,7 @@ $values = showUpdateThreadForm(
);
if (!empty($values) && isset($values['SubmitPost'])) {
// update thread in table forum_thread.
updateThread($values);
}

6
main/forum/forumfunction.inc.php
Unescape View File

@ -3355,7 +3355,7 @@ function show_edit_post_form(
$form = new FormValidator(
'edit_post',
'post',
api_get_self().'?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&post='.Security::remove_XSS($_GET['post'])
api_get_self().'?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&post='.intval($_GET['post'])
);
$form->addElement('header', get_lang('EditPost'));
// Setting the form elements.
@ -3617,8 +3617,8 @@ function store_edit_post($values)
//update_added_resources('forum_post', $values['post_id']);
$message = get_lang('EditPostStored').'<br />';
$message .= get_lang('ReturnTo').' <a href="viewforum.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&">'.get_lang('Forum').'</a><br />';
$message .= get_lang('ReturnTo').' <a href="viewthread.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&gradebook='.$gradebook.'&thread='.$values['thread_id'].'&post='.Security::remove_XSS($_GET['post']).'">'.get_lang('Message').'</a>';
$message .= get_lang('ReturnTo').' <a href="viewforum.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&">'.get_lang('Forum').'</a><br />';
$message .= get_lang('ReturnTo').' <a href="viewthread.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&gradebook='.$gradebook.'&thread='.$values['thread_id'].'&post='.Security::remove_XSS($_GET['post']).'">'.get_lang('Message').'</a>';
Session::erase('formelements');
Session::erase('origin');

10
main/forum/forumqualify.php
Unescape View File

@ -84,12 +84,12 @@ if ($origin == 'learnpath') {
"name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')'
);
$interbreadcrumb[] = array(
"url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&origin=".$origin."&search=".Security::remove_XSS(urlencode($_GET['search'])),
"url" => "viewforum.php?forum=".intval($_GET['forum'])."&origin=".$origin."&search=".Security::remove_XSS(urlencode($_GET['search'])),
"name" => prepare4display($currentForum['forum_title'])
);
if ($message <> 'PostDeletedSpecial') {
$interbreadcrumb[]= array(
"url" => "viewthread.php?forum=".Security::remove_XSS($_GET['forum'])."&gradebook=".$gradebook."&thread=".Security::remove_XSS($_GET['thread']),
"url" => "viewthread.php?forum=".intval($_GET['forum'])."&gradebook=".$gradebook."&thread=".intval($_GET['thread']),
"name" => prepare4display($currentThread['thread_title'])
);
}
@ -120,14 +120,14 @@ if ($origin == 'learnpath') {
if ($message <> 'PostDeletedSpecial') {
if (isset($_GET['gradebook']) and $_GET['gradebook']=='view') {
$info_thread=get_thread_information(Security::remove_XSS($_GET['thread']));
$info_thread=get_thread_information($_GET['thread']);
$interbreadcrumb[] = array(
"url" => "viewthread.php?".api_get_cidreq()."&forum=".$info_thread['forum_id']."&thread=".Security::remove_XSS($_GET['thread']),
"url" => "viewthread.php?".api_get_cidreq()."&forum=".$info_thread['forum_id']."&thread=".intval($_GET['thread']),
"name" => prepare4display($currentThread['thread_title'])
);
} else {
$interbreadcrumb[] = array(
"url" => "viewthread.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&thread=".Security::remove_XSS($_GET['thread']),
"url" => "viewthread.php?".api_get_cidreq()."&forum=".intval($_GET['forum'])."&thread=".intval($_GET['thread']),
"name" => prepare4display($currentThread['thread_title'])
);
}

2
main/forum/forumsearch.php
Unescape View File

@ -65,7 +65,7 @@ if ($origin == 'group') {
$group_properties = GroupManager :: get_group_properties($groupId);
$interbreadcrumb[] = array('url' => '../group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' ('.$group_properties['name'].')');
$interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.Security::remove_XSS($_GET['forum']).'&'.api_get_cidreq(), 'name' => prepare4display($current_forum['forum_title']));
$interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.intval($_GET['forum']).'&'.api_get_cidreq(), 'name' => prepare4display($current_forum['forum_title']));
$interbreadcrumb[] = array('url' => 'forumsearch.php?'.api_get_cidreq(),'name' => get_lang('ForumSearch'));
} else {
$interbreadcrumb[] = array('url' => 'index.php?'.api_get_cidreq(), 'name' => $nameTools);

13
main/forum/newthread.php
Unescape View File

@ -65,11 +65,6 @@ if (!empty($gradebook) && $gradebook == 'view') {
);
}
if (!empty($_GET['gidReq'])) {
$toolgroup = intval($_GET['gidReq']);
Session::write('toolgroup',$toolgroup);
}
/* Is the user allowed here? */
// The user is not allowed here if:
@ -121,12 +116,12 @@ if (!empty($groupId)) {
$groupProperties = GroupManager :: get_group_properties($groupId);
$interbreadcrumb[] = array('url' => '../group/group.php?'.$cidreq, 'name' => get_lang('Groups'));
$interbreadcrumb[] = array('url' => '../group/group_space.php?'.$cidreq, 'name' => get_lang('GroupSpace').' '.$groupProperties['name']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('NewTopic'));
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.intval($_GET['forum']),'name' => get_lang('NewTopic'));
} else {
$interbreadcrumb[] = array('url' => 'index.php?'.$cidreq, 'name' => $nameTools);
$interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.$cidreq.'&forumcategory='.$current_forum_category['cat_id'], 'name' => $current_forum_category['cat_title']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $current_forum['forum_title']);
$interbreadcrumb[] = array('url' => '#', 'name' => get_lang('NewTopic'));
}
@ -169,7 +164,7 @@ handle_forum_and_forumcategories();
// Action links
echo '<div class="actions">';
echo '<span style="float:right;">'.search_link().'</span>';
echo '<a href="viewforum.php?forum='.Security::remove_XSS($_GET['forum']).'&'.$cidreq.'">'.
echo '<a href="viewforum.php?forum='.intval($_GET['forum']).'&'.$cidreq.'">'.
Display::return_icon('back.png',get_lang('BackToForum'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';

2
main/forum/reply.php
Unescape View File

@ -92,7 +92,7 @@ if (!empty($gradebook) && $gradebook == 'view') {
}
if ($origin == 'group') {
$_clean['toolgroup'] = (int)$_SESSION['toolgroup'];
$_clean['toolgroup'] = api_get_group_id();
$group_properties = GroupManager :: get_group_properties($_clean['toolgroup']);
$interbreadcrumb[] = array(
'url' => '../group/group.php?'.api_get_cidreq(),

105
main/forum/viewforum.php
Unescape View File

@ -48,12 +48,15 @@ if (isset($_GET['origin'])) {
require 'forumconfig.inc.php';
require_once 'forumfunction.inc.php';
$userid = api_get_user_id();
$userId = api_get_user_id();
$sessionId = api_get_session_id();
$groupId = api_get_group_id();
$courseId = api_get_course_int_id();
$isTutor = GroupManager::is_tutor_of_group($userId, $groupId, $courseId);
/* MAIN DISPLAY SECTION */
$groupId = api_get_group_id();
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
// Note: This has to be validated that it is an existing forum.
$current_forum = get_forum_information($my_forum);
@ -69,23 +72,23 @@ if (!empty($groupId)) {
//Group info & group category info
$group_properties = GroupManager::get_group_properties($groupId);
//User has access in the group?
$user_has_access_in_group = GroupManager::user_has_access($userid, $groupId, GroupManager::GROUP_TOOL_FORUM);
$user_has_access_in_group = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_FORUM);
$is_group_tutor = GroupManager::is_tutor_of_group(api_get_user_id(), $groupId);
//Course
// Course
if (
!api_is_allowed_to_edit(false, true) AND //is a student
(($current_forum_category && $current_forum_category['visibility'] == 0) OR
$current_forum['visibility'] == 0 OR !$user_has_access_in_group)
!api_is_allowed_to_edit(false, true) && //is a student
(($current_forum_category && $current_forum_category['visibility'] == 0) ||
$current_forum['visibility'] == 0 || !$user_has_access_in_group)
) {
api_not_allowed(true);
}
} else {
//Course
if (
!api_is_allowed_to_edit(false, true) AND //is a student
!api_is_allowed_to_edit(false, true) && //is a student
(
($current_forum_category && $current_forum_category['visibility'] == 0) OR
($current_forum_category && $current_forum_category['visibility'] == 0) ||
$current_forum['visibility'] == 0
) //forum category or forum visibility is false
) {
@ -110,16 +113,11 @@ if (!empty($gradebook) && $gradebook == 'view') {
);
}
if (!empty($_GET['gidReq'])) {
$toolgroup = Database::escape_string($_GET['gidReq']);
Session::write('toolgroup',$toolgroup);
}
$forumUrl = api_get_path(WEB_CODE_PATH).'forum/';
if ($origin == 'group') {
$interbreadcrumb[] = array(
'url' => api_get_path(WEB_CODE_PATH) . 'group/group.php',
'url' => api_get_path(WEB_CODE_PATH) . 'group/group.php?'.api_get_cidreq(),
'name' => get_lang('Groups')
);
$interbreadcrumb[] = array(
@ -156,9 +154,9 @@ if ($origin == 'learnpath') {
/* Actions */
// Change visibility of a forum or a forum category.
if (
($my_action == 'invisible' OR $my_action == 'visible') AND
isset($_GET['content']) AND
isset($_GET['id']) AND
($my_action == 'invisible' || $my_action == 'visible') &&
isset($_GET['content']) &&
isset($_GET['id']) &&
api_is_allowed_to_edit(false, true) &&
api_is_allowed_to_session_edit(false, true)
) {
@ -166,8 +164,8 @@ if (
}
// Locking and unlocking.
if (
($my_action == 'lock' OR $my_action == 'unlock') AND
isset($_GET['content']) AND isset($_GET['id']) AND
($my_action == 'lock' || $my_action == 'unlock') &&
isset($_GET['content']) && isset($_GET['id']) &&
api_is_allowed_to_edit(false, true) &&
api_is_allowed_to_session_edit(false, true)
) {
@ -175,9 +173,9 @@ if (
}
// Deleting.
if (
$my_action == 'delete' AND
isset($_GET['content']) AND
isset($_GET['id']) AND
$my_action == 'delete' &&
isset($_GET['content']) &&
isset($_GET['id']) &&
api_is_allowed_to_edit(false, true) &&
api_is_allowed_to_session_edit(false, true)
) {
@ -200,7 +198,7 @@ if (
}
// Moving.
if ($my_action == 'move' && isset($_GET['thread']) &&
api_is_allowed_to_edit(false, true ) &&
api_is_allowed_to_edit(false, true) &&
api_is_allowed_to_session_edit(false, true)
) {
$message = move_thread_form();
@ -281,7 +279,7 @@ if (
$table_list .= '<th>' . get_lang('Qualify') . '</th>';
}
$table_list .= '</tr>';
$max_qualify = showQualify('2', $userid, $_GET['id']);
$max_qualify = showQualify('2', $userId, $_GET['id']);
$counter_stdlist = 0;
if (Database::num_rows($student_list) > 0) {
@ -363,9 +361,9 @@ if ($origin != 'learnpath') {
// 2. the course member is here and new threads are allowed
// 3. a visitor is here and new threads AND allowed AND anonymous posts are allowed
if (
api_is_allowed_to_edit(false, true) OR
($current_forum['allow_new_threads'] == 1 AND isset($_user['user_id'])) OR
($current_forum['allow_new_threads'] == 1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous'] == 1)
api_is_allowed_to_edit(false, true) ||
($current_forum['allow_new_threads'] == 1 && isset($_user['user_id'])) ||
($current_forum['allow_new_threads'] == 1 && !isset($_user['user_id']) && $current_forum['allow_anonymous'] == 1)
) {
if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1) {
if (!api_is_anonymous() && !api_is_invitee()) {
@ -437,9 +435,8 @@ if (is_array($threads)) {
foreach ($threads as $row) {
// Thread who have no replies yet and the only post is invisible should not be displayed to students.
if (api_is_allowed_to_edit(false, true) ||
!($row['thread_replies'] == '0' AND $row['visibility'] == '0')
!($row['thread_replies'] == '0' && $row['visibility'] == '0')
) {
$my_whatsnew_post_info = null;
if (isset($whatsnew_post_info[$my_forum][$row['thread_id']])) {
@ -477,8 +474,7 @@ if (is_array($threads)) {
if ($origin != 'learnpath') {
$authorName = display_user_link(
$row['user_id'],
api_get_person_name($row['firstname'],
$row['lastname']),
api_get_person_name($row['firstname'], $row['lastname']),
'',
$poster_username
);
@ -547,39 +543,9 @@ if (is_array($threads)) {
. Display::return_icon('post-item.png', null, null, ICON_SIZE_TINY)
. ' ' . $last_post;
$html .= '</div>';
/*
if ($row['last_poster_user_id'] == '0') {
$name = $row['poster_name'];
$last_poster_username = "";
} else {
$name = api_get_person_name($row['last_poster_firstname'], $row['last_poster_lastname']);
$tab_last_poster_info = api_get_user_info($row['last_poster_user_id']);
$last_poster_username = sprintf(get_lang('LoginX'), $tab_last_poster_info['username']);
}
// If the last post is invisible and it is not the teacher who is looking then we have to find the last visible post of the thread.
if (($row['visible'] == '1' OR api_is_allowed_to_edit(false, true)) && $origin != 'learnpath') {
$last_post = $post_date.' '.get_lang('By').' '.display_user_link($row['last_poster_user_id'], $name, '', $last_poster_username);
} elseif ($origin != 'learnpath') {
$last_post_sql = "SELECT post.*, user.firstname, user.lastname, user.username FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' AND post.c_id=".api_get_course_int_id()." ORDER BY post_id DESC";
$last_post_result = Database::query($last_post_sql);
$last_post_row = Database::fetch_array($last_post_result);
$name = api_get_person_name($last_post_row['firstname'], $last_post_row['lastname']);
$last_post_info_username = sprintf(get_lang('LoginX'), $last_post_row['username']);
$last_post = api_convert_and_format_date($last_post_row['post_date']).' '.get_lang('By').' '.display_user_link($last_post_row['poster_id'], $name, '', $last_post_info_username);
} else {
$last_post_sql = "SELECT post.*, user.firstname, user.lastname, user.username FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' AND post.c_id=".api_get_course_int_id()." ORDER BY post_id DESC";
$last_post_result = Database::query($last_post_sql);
$last_post_row = Database::fetch_array($last_post_result);
$last_post_info_username = sprintf(get_lang('LoginX'), $last_post_row['username']);
$name = api_get_person_name($last_post_row['firstname'], $last_post_row['lastname']);
$last_post = api_convert_and_format_date($last_post_row['post_date']).' '.get_lang('By').' '.Display::tag('span', $name, array("title"=>api_htmlentities($last_post_info_username, ENT_QUOTES)));
}*/
$html .= '<div class="col-md-3">';
$cidreq = api_get_cidreq();
// Get attachment id.
if (isset($row['post_id'])) {
$attachment_list = get_attachment($row['post_id']);
@ -591,11 +557,10 @@ if (is_array($threads)) {
!(api_is_course_coach() && $current_forum['session_id'] != $sessionId)
) {
$iconsEdit .= '<a href="' . $forumUrl . 'editthread.php?' . $cidreq
. '&forum=' . Security::remove_XSS($my_forum) . '&thread='
. Security::remove_XSS($row['thread_id'])
. '&forum=' . intval($my_forum) . '&thread='
. intval($row['thread_id'])
. '&id_attach=' . $id_attach . '">'
. Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a>';
if (api_resource_is_locked_by_gradebook($row['thread_id'], LINK_FORUM_THREAD)) {
$iconsEdit .= Display::return_icon(
'delete_na.png',
@ -605,7 +570,7 @@ if (is_array($threads)) {
);
} else {
$iconsEdit.= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. Security::remove_XSS($my_forum) . '&action=delete&content=thread&id='
. intval($my_forum) . '&action=delete&content=thread&id='
. $row['thread_id'] . $origin_string
. "\" onclick=\"javascript:if(!confirm('"
. addslashes(api_htmlentities(get_lang('DeleteCompleteThread'), ENT_QUOTES))
@ -634,7 +599,7 @@ if (is_array($threads)) {
)
);
$iconsEdit .= '<a href="viewforum.php?' . $cidreq . '&forum='
. Security::remove_XSS($my_forum)
. intval($my_forum)
. '&action=move&thread=' . $row['thread_id'] . $origin_string . '">'
. Display::return_icon('move.png', get_lang('MoveThread'), array(), ICON_SIZE_SMALL)
. '</a>';
@ -658,7 +623,7 @@ if (is_array($threads)) {
. '">' . Display::return_icon($iconnotify, get_lang('NotifyMe')) . '</a>';
}
if (api_is_allowed_to_edit(null,true) && $origin != 'learnpath') {
if (api_is_allowed_to_edit(null, true) && $origin != 'learnpath') {
$iconsEdit .= '<a href="' . api_get_self() . '?' . $cidreq . '&forum='
. Security::remove_XSS($my_forum)
. "&origin=$origin&action=liststd&content=thread&id={$row['thread_id']}"
@ -683,8 +648,6 @@ if (is_array($threads)) {
echo '</div>';
echo isset($table_list) ? $table_list : '';
/* FOOTER */
if ($origin != 'learnpath') {
Display::display_footer();
}

6
main/forum/viewpost.php
Unescape View File

@ -68,7 +68,7 @@ if ($origin == 'learnpath') {
'name' => prepare4display($current_forum_category['cat_title']),
);
$interbreadcrumb[] = array(
'url' => 'viewforum.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&origin='.$origin.'&search='.Security::remove_XSS(urlencode($_GET['search'])),
'url' => 'viewforum.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&origin='.$origin.'&search='.Security::remove_XSS(urlencode($_GET['search'])),
'name' => prepare4display($current_forum['forum_title']),
);
@ -121,7 +121,7 @@ if ($message != 'PostDeletedSpecial') {
/* Action Links */
echo '<div style="float:right;">';
$my_url = '<a href="viewthread.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&origin='.$origin.'&gradebook='.$gradebook.'&search='.Security::remove_XSS(urlencode($_GET['search']));
$my_url = '<a href="viewthread.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&origin='.$origin.'&gradebook='.$gradebook.'&search='.Security::remove_XSS(urlencode($_GET['search']));
echo $my_url.'&view=flat&origin='.$origin.'">'.get_lang('FlatView').'</a> | ';
echo $my_url.'&view=threaded&origin='.$origin.'">'.get_lang('ThreadedView').'</a> | ';
echo $my_url.'&view=nested&origin='.$origin.'">'.get_lang('NestedView').'</a>';
@ -136,7 +136,7 @@ if ($message != 'PostDeletedSpecial') {
// The link should only appear when the user is logged in or when anonymous posts are allowed.
if ($_user['user_id'] || ($current_forum['allow_anonymous'] == 1 && !$_user['user_id'])) {
// reply link
echo '<a href="reply.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&action=replythread&origin='.$origin.'">'.get_lang('ReplyToThread').'</a>';
echo '<a href="reply.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&action=replythread&origin='.$origin.'">'.get_lang('ReplyToThread').'</a>';
// new thread link
if (api_is_allowed_to_edit(false, true) ||

8
main/forum/viewthread.php
Unescape View File

@ -172,7 +172,7 @@ if ($my_message != 'PostDeletedSpecial') {
echo '<span style="float:right;">'.search_link().'</span>';
if ($origin != 'learnpath') {
echo '<a href="' . $forumUrl . 'viewforum.php?forum='
. Security::remove_XSS($_GET['forum']) . '&' . api_get_cidreq() . '">'
. intval($_GET['forum']) . '&' . api_get_cidreq() . '">'
. Display::return_icon('back.png', get_lang('BackToForum'), '', ICON_SIZE_MEDIUM) . '</a>';
}
// The reply to thread link should only appear when the forum_category is
@ -190,8 +190,8 @@ if ($my_message != 'PostDeletedSpecial') {
// reply link
if (!api_is_anonymous() && api_is_allowed_to_session_edit(false, true)) {
echo '<a href="' . $forumUrl . 'reply.php?' . api_get_cidreq() . '&forum='
. Security::remove_XSS($_GET['forum']) . '&thread='
. Security::remove_XSS($_GET['thread']) . '&action=replythread">'
. intval($_GET['forum']) . '&thread='
. intval($_GET['thread']) . '&action=replythread">'
. Display::return_icon('reply_thread.png', get_lang('ReplyToThread'), '', ICON_SIZE_MEDIUM)
. '</a>';
}
@ -216,7 +216,7 @@ if ($my_message != 'PostDeletedSpecial') {
// The different views of the thread.
if ($origin != 'learnpath') {
$my_url = '<a href="' . $forumUrl . 'viewthread.php?' . api_get_cidreq() . '&' . api_get_cidreq()
. '&forum=' . Security::remove_XSS($_GET['forum']) . '&thread=' . Security::remove_XSS($_GET['thread'])
. '&forum=' . intval($_GET['forum']) . '&thread=' . intval($_GET['thread'])
. '&search=' . Security::remove_XSS(urlencode($my_search));
echo $my_url . '&view=flat">'
. Display::return_icon('forum_listview.png', get_lang('FlatView'), null, ICON_SIZE_MEDIUM)

Write Preview
Loading…
Cancel
Save