From 2758b3c47f34056efd172c8c323e7b35ae3beee1 Mon Sep 17 00:00:00 2001 From: jmontoya Date: Tue, 8 Mar 2016 19:24:57 +0100 Subject: [PATCH] Add api_get_cidReq, replace remove_XSS function with intval --- main/forum/editpost.php | 14 ++--- main/forum/editthread.php | 21 +++---- main/forum/forumfunction.inc.php | 6 +- main/forum/forumqualify.php | 10 +-- main/forum/forumsearch.php | 2 +- main/forum/newthread.php | 13 ++-- main/forum/reply.php | 2 +- main/forum/viewforum.php | 105 ++++++++++--------------------- main/forum/viewpost.php | 6 +- main/forum/viewthread.php | 8 +-- 10 files changed, 69 insertions(+), 118 deletions(-) diff --git a/main/forum/editpost.php b/main/forum/editpost.php index 973f5e62d7..87b2c2ff22 100755 --- a/main/forum/editpost.php +++ b/main/forum/editpost.php @@ -73,23 +73,23 @@ if (!empty($gradebook) && $gradebook == 'view') { } if ($origin == 'group') { - $_clean['toolgroup'] = (int) $_SESSION['toolgroup']; + $_clean['toolgroup'] = api_get_group_id(); $group_properties = GroupManager::get_group_properties($_clean['toolgroup']); $interbreadcrumb[] = array('url' => '../group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups')); - $interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq='.$_SESSION['toolgroup'], 'name' => get_lang('GroupSpace').' '.$group_properties['name']); - $interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&gidReq='.$_SESSION['toolgroup'].'&forum='.Security::remove_XSS($_GET['forum']), 'name' => prepare4display($current_forum['forum_title'])); + $interbreadcrumb[] = array('url' => '../group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' '.$group_properties['name']); + $interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&'.api_get_cidreq().'&forum='.intval($_GET['forum']), 'name' => prepare4display($current_forum['forum_title'])); $interbreadcrumb[] = array('url' => 'javascript: void (0);', 'name' => get_lang('EditPost')); } else { $interbreadcrumb[] = array('url' => 'index.php?'.api_get_cidreq(), 'name' => $nameTools); $interbreadcrumb[] = array('url' => 'viewforumcategory.php?forumcategory='.$current_forum_category['cat_id'], 'name' => prepare4display($current_forum_category['cat_title'])); - $interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => prepare4display($current_forum['forum_title'])); - $interbreadcrumb[] = array('url' => 'viewthread.php?'.api_get_cidreq().'&origin='.$origin.'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']), 'name' => prepare4display($current_thread['thread_title'])); + $interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.intval($_GET['forum']), 'name' => prepare4display($current_forum['forum_title'])); + $interbreadcrumb[] = array('url' => 'viewthread.php?'.api_get_cidreq().'&origin='.$origin.'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']), 'name' => prepare4display($current_thread['thread_title'])); $interbreadcrumb[] = array('url' => 'javascript: void (0);', 'name' => get_lang('EditPost')); } /* Resource Linker */ -if (isset($_POST['add_resources']) AND $_POST['add_resources'] == get_lang('Resources')) { +if (isset($_POST['add_resources']) && $_POST['add_resources'] == get_lang('Resources')) { $_SESSION['formelements'] = $_POST; $_SESSION['origin'] = $_SERVER['REQUEST_URI']; $_SESSION['breadcrumbs'] = $interbreadcrumb; @@ -182,7 +182,7 @@ if ($origin != 'learnpath') { echo ''. Display::return_icon('back.png', get_lang('BackToForumOverview'), '', ICON_SIZE_MEDIUM).''; } - echo ''. + echo ''. Display::return_icon('forum.png', get_lang('BackToForum'), '', ICON_SIZE_MEDIUM).''; echo ''; } diff --git a/main/forum/editthread.php b/main/forum/editthread.php index 1dcead5a9b..7c5beaf24e 100644 --- a/main/forum/editthread.php +++ b/main/forum/editthread.php @@ -10,7 +10,6 @@ use ChamiloSession as Session; -// Including the global initialization file. require_once '../inc/global.inc.php'; // The section (tabs). @@ -19,7 +18,6 @@ $this_section = SECTION_COURSES; api_protect_course_script(true); $cidreq = api_get_cidreq(); - $nameTools = get_lang('ToolForum'); /* Including necessary files */ @@ -53,14 +51,9 @@ if (!empty($gradebook) && $gradebook == 'view') { ); } -if (!empty($_GET['gidReq'])) { - $toolgroup = intval($_GET['gidReq']); - Session::write('toolgroup',$toolgroup); -} - $threadId = isset($_GET['thread']) ? intval($_GET['thread']) : 0; $courseInfo = isset($_GET['cidReq']) ? api_get_course_info($_GET['cidReq']) : 0; -$cId = isset($courseInfo['real_id']) ? intval($courseInfo['real_id']) : 0; +$cId = isset($courseInfo['real_id']) ? intval($courseInfo['real_id']) : 0; /* Is the user allowed here? */ @@ -113,12 +106,12 @@ if (!empty($groupId)) { $groupProperties = GroupManager :: get_group_properties($groupId); $interbreadcrumb[] = array('url' => '../group/group.php?'.$cidreq, 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => '../group/group_space.php?'.$cidreq, 'name' => get_lang('GroupSpace').' '.$groupProperties['name']); - $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']); - $interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('EditThread')); + $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $currentForum['forum_title']); + $interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.intval($_GET['forum']),'name' => get_lang('EditThread')); } else { $interbreadcrumb[] = array('url' => 'index.php?'.$cidreq, 'name' => $nameTools); $interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.$cidreq.'&forumcategory='.$currentForumCategory['cat_id'], 'name' => $currentForumCategory['cat_title']); - $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']); + $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $currentForum['forum_title']); $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('EditThread')); } @@ -129,13 +122,13 @@ $tableLink = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); $htmlHeadXtra[] = << $(document).on('ready', function() { - + if ($('#thread_qualify_gradebook').is(':checked') == true) { document.getElementById('options_field').style.display = 'block'; } else { document.getElementById('options_field').style.display = 'none'; } - + $('#thread_qualify_gradebook').click(function() { if ($('#thread_qualify_gradebook').is(':checked') == true) { document.getElementById('options_field').style.display = 'block'; @@ -175,7 +168,7 @@ $values = showUpdateThreadForm( ); if (!empty($values) && isset($values['SubmitPost'])) { - + // update thread in table forum_thread. updateThread($values); } diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php index 92138280b9..3a210b7c58 100755 --- a/main/forum/forumfunction.inc.php +++ b/main/forum/forumfunction.inc.php @@ -3355,7 +3355,7 @@ function show_edit_post_form( $form = new FormValidator( 'edit_post', 'post', - api_get_self().'?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&post='.Security::remove_XSS($_GET['post']) + api_get_self().'?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&thread='.intval($_GET['thread']).'&post='.intval($_GET['post']) ); $form->addElement('header', get_lang('EditPost')); // Setting the form elements. @@ -3617,8 +3617,8 @@ function store_edit_post($values) //update_added_resources('forum_post', $values['post_id']); $message = get_lang('EditPostStored').'
'; - $message .= get_lang('ReturnTo').' '.get_lang('Forum').'
'; - $message .= get_lang('ReturnTo').' '.get_lang('Message').''; + $message .= get_lang('ReturnTo').' '.get_lang('Forum').'
'; + $message .= get_lang('ReturnTo').' '.get_lang('Message').''; Session::erase('formelements'); Session::erase('origin'); diff --git a/main/forum/forumqualify.php b/main/forum/forumqualify.php index 0a32b45700..d2f45ae625 100755 --- a/main/forum/forumqualify.php +++ b/main/forum/forumqualify.php @@ -84,12 +84,12 @@ if ($origin == 'learnpath') { "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')' ); $interbreadcrumb[] = array( - "url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&origin=".$origin."&search=".Security::remove_XSS(urlencode($_GET['search'])), + "url" => "viewforum.php?forum=".intval($_GET['forum'])."&origin=".$origin."&search=".Security::remove_XSS(urlencode($_GET['search'])), "name" => prepare4display($currentForum['forum_title']) ); if ($message <> 'PostDeletedSpecial') { $interbreadcrumb[]= array( - "url" => "viewthread.php?forum=".Security::remove_XSS($_GET['forum'])."&gradebook=".$gradebook."&thread=".Security::remove_XSS($_GET['thread']), + "url" => "viewthread.php?forum=".intval($_GET['forum'])."&gradebook=".$gradebook."&thread=".intval($_GET['thread']), "name" => prepare4display($currentThread['thread_title']) ); } @@ -120,14 +120,14 @@ if ($origin == 'learnpath') { if ($message <> 'PostDeletedSpecial') { if (isset($_GET['gradebook']) and $_GET['gradebook']=='view') { - $info_thread=get_thread_information(Security::remove_XSS($_GET['thread'])); + $info_thread=get_thread_information($_GET['thread']); $interbreadcrumb[] = array( - "url" => "viewthread.php?".api_get_cidreq()."&forum=".$info_thread['forum_id']."&thread=".Security::remove_XSS($_GET['thread']), + "url" => "viewthread.php?".api_get_cidreq()."&forum=".$info_thread['forum_id']."&thread=".intval($_GET['thread']), "name" => prepare4display($currentThread['thread_title']) ); } else { $interbreadcrumb[] = array( - "url" => "viewthread.php?".api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&thread=".Security::remove_XSS($_GET['thread']), + "url" => "viewthread.php?".api_get_cidreq()."&forum=".intval($_GET['forum'])."&thread=".intval($_GET['thread']), "name" => prepare4display($currentThread['thread_title']) ); } diff --git a/main/forum/forumsearch.php b/main/forum/forumsearch.php index 119c2e34b2..2c75b7b596 100755 --- a/main/forum/forumsearch.php +++ b/main/forum/forumsearch.php @@ -65,7 +65,7 @@ if ($origin == 'group') { $group_properties = GroupManager :: get_group_properties($groupId); $interbreadcrumb[] = array('url' => '../group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => '../group/group_space.php?'.api_get_cidreq(), 'name' => get_lang('GroupSpace').' ('.$group_properties['name'].')'); - $interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.Security::remove_XSS($_GET['forum']).'&'.api_get_cidreq(), 'name' => prepare4display($current_forum['forum_title'])); + $interbreadcrumb[] = array('url' => 'viewforum.php?origin='.$origin.'&forum='.intval($_GET['forum']).'&'.api_get_cidreq(), 'name' => prepare4display($current_forum['forum_title'])); $interbreadcrumb[] = array('url' => 'forumsearch.php?'.api_get_cidreq(),'name' => get_lang('ForumSearch')); } else { $interbreadcrumb[] = array('url' => 'index.php?'.api_get_cidreq(), 'name' => $nameTools); diff --git a/main/forum/newthread.php b/main/forum/newthread.php index dd9faddfc9..96e7eccd9b 100755 --- a/main/forum/newthread.php +++ b/main/forum/newthread.php @@ -65,11 +65,6 @@ if (!empty($gradebook) && $gradebook == 'view') { ); } -if (!empty($_GET['gidReq'])) { - $toolgroup = intval($_GET['gidReq']); - Session::write('toolgroup',$toolgroup); -} - /* Is the user allowed here? */ // The user is not allowed here if: @@ -121,12 +116,12 @@ if (!empty($groupId)) { $groupProperties = GroupManager :: get_group_properties($groupId); $interbreadcrumb[] = array('url' => '../group/group.php?'.$cidreq, 'name' => get_lang('Groups')); $interbreadcrumb[] = array('url' => '../group/group_space.php?'.$cidreq, 'name' => get_lang('GroupSpace').' '.$groupProperties['name']); - $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']); - $interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('NewTopic')); + $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $current_forum['forum_title']); + $interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.intval($_GET['forum']),'name' => get_lang('NewTopic')); } else { $interbreadcrumb[] = array('url' => 'index.php?'.$cidreq, 'name' => $nameTools); $interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.$cidreq.'&forumcategory='.$current_forum_category['cat_id'], 'name' => $current_forum_category['cat_title']); - $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $current_forum['forum_title']); + $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.intval($_GET['forum']), 'name' => $current_forum['forum_title']); $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('NewTopic')); } @@ -169,7 +164,7 @@ handle_forum_and_forumcategories(); // Action links echo '
'; echo ''.search_link().''; -echo ''. +echo ''. Display::return_icon('back.png',get_lang('BackToForum'),'',ICON_SIZE_MEDIUM).''; echo '
'; diff --git a/main/forum/reply.php b/main/forum/reply.php index 064b5820f6..0b323330e6 100755 --- a/main/forum/reply.php +++ b/main/forum/reply.php @@ -92,7 +92,7 @@ if (!empty($gradebook) && $gradebook == 'view') { } if ($origin == 'group') { - $_clean['toolgroup'] = (int)$_SESSION['toolgroup']; + $_clean['toolgroup'] = api_get_group_id(); $group_properties = GroupManager :: get_group_properties($_clean['toolgroup']); $interbreadcrumb[] = array( 'url' => '../group/group.php?'.api_get_cidreq(), diff --git a/main/forum/viewforum.php b/main/forum/viewforum.php index f3a2115b95..3792f3590f 100755 --- a/main/forum/viewforum.php +++ b/main/forum/viewforum.php @@ -48,12 +48,15 @@ if (isset($_GET['origin'])) { require 'forumconfig.inc.php'; require_once 'forumfunction.inc.php'; -$userid = api_get_user_id(); +$userId = api_get_user_id(); $sessionId = api_get_session_id(); +$groupId = api_get_group_id(); +$courseId = api_get_course_int_id(); + +$isTutor = GroupManager::is_tutor_of_group($userId, $groupId, $courseId); /* MAIN DISPLAY SECTION */ -$groupId = api_get_group_id(); $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; // Note: This has to be validated that it is an existing forum. $current_forum = get_forum_information($my_forum); @@ -69,23 +72,23 @@ if (!empty($groupId)) { //Group info & group category info $group_properties = GroupManager::get_group_properties($groupId); //User has access in the group? - $user_has_access_in_group = GroupManager::user_has_access($userid, $groupId, GroupManager::GROUP_TOOL_FORUM); + $user_has_access_in_group = GroupManager::user_has_access($userId, $groupId, GroupManager::GROUP_TOOL_FORUM); $is_group_tutor = GroupManager::is_tutor_of_group(api_get_user_id(), $groupId); - //Course + // Course if ( - !api_is_allowed_to_edit(false, true) AND //is a student - (($current_forum_category && $current_forum_category['visibility'] == 0) OR - $current_forum['visibility'] == 0 OR !$user_has_access_in_group) + !api_is_allowed_to_edit(false, true) && //is a student + (($current_forum_category && $current_forum_category['visibility'] == 0) || + $current_forum['visibility'] == 0 || !$user_has_access_in_group) ) { api_not_allowed(true); } } else { //Course if ( - !api_is_allowed_to_edit(false, true) AND //is a student + !api_is_allowed_to_edit(false, true) && //is a student ( - ($current_forum_category && $current_forum_category['visibility'] == 0) OR + ($current_forum_category && $current_forum_category['visibility'] == 0) || $current_forum['visibility'] == 0 ) //forum category or forum visibility is false ) { @@ -110,16 +113,11 @@ if (!empty($gradebook) && $gradebook == 'view') { ); } -if (!empty($_GET['gidReq'])) { - $toolgroup = Database::escape_string($_GET['gidReq']); - Session::write('toolgroup',$toolgroup); -} - $forumUrl = api_get_path(WEB_CODE_PATH).'forum/'; if ($origin == 'group') { $interbreadcrumb[] = array( - 'url' => api_get_path(WEB_CODE_PATH) . 'group/group.php', + 'url' => api_get_path(WEB_CODE_PATH) . 'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups') ); $interbreadcrumb[] = array( @@ -156,9 +154,9 @@ if ($origin == 'learnpath') { /* Actions */ // Change visibility of a forum or a forum category. if ( - ($my_action == 'invisible' OR $my_action == 'visible') AND - isset($_GET['content']) AND - isset($_GET['id']) AND + ($my_action == 'invisible' || $my_action == 'visible') && + isset($_GET['content']) && + isset($_GET['id']) && api_is_allowed_to_edit(false, true) && api_is_allowed_to_session_edit(false, true) ) { @@ -166,8 +164,8 @@ if ( } // Locking and unlocking. if ( - ($my_action == 'lock' OR $my_action == 'unlock') AND - isset($_GET['content']) AND isset($_GET['id']) AND + ($my_action == 'lock' || $my_action == 'unlock') && + isset($_GET['content']) && isset($_GET['id']) && api_is_allowed_to_edit(false, true) && api_is_allowed_to_session_edit(false, true) ) { @@ -175,9 +173,9 @@ if ( } // Deleting. if ( - $my_action == 'delete' AND - isset($_GET['content']) AND - isset($_GET['id']) AND + $my_action == 'delete' && + isset($_GET['content']) && + isset($_GET['id']) && api_is_allowed_to_edit(false, true) && api_is_allowed_to_session_edit(false, true) ) { @@ -200,7 +198,7 @@ if ( } // Moving. if ($my_action == 'move' && isset($_GET['thread']) && - api_is_allowed_to_edit(false, true ) && + api_is_allowed_to_edit(false, true) && api_is_allowed_to_session_edit(false, true) ) { $message = move_thread_form(); @@ -281,7 +279,7 @@ if ( $table_list .= '' . get_lang('Qualify') . ''; } $table_list .= ''; - $max_qualify = showQualify('2', $userid, $_GET['id']); + $max_qualify = showQualify('2', $userId, $_GET['id']); $counter_stdlist = 0; if (Database::num_rows($student_list) > 0) { @@ -363,9 +361,9 @@ if ($origin != 'learnpath') { // 2. the course member is here and new threads are allowed // 3. a visitor is here and new threads AND allowed AND anonymous posts are allowed if ( - api_is_allowed_to_edit(false, true) OR - ($current_forum['allow_new_threads'] == 1 AND isset($_user['user_id'])) OR - ($current_forum['allow_new_threads'] == 1 AND !isset($_user['user_id']) AND $current_forum['allow_anonymous'] == 1) + api_is_allowed_to_edit(false, true) || + ($current_forum['allow_new_threads'] == 1 && isset($_user['user_id'])) || + ($current_forum['allow_new_threads'] == 1 && !isset($_user['user_id']) && $current_forum['allow_anonymous'] == 1) ) { if ($current_forum['locked'] <> 1 AND $current_forum['locked'] <> 1) { if (!api_is_anonymous() && !api_is_invitee()) { @@ -437,9 +435,8 @@ if (is_array($threads)) { foreach ($threads as $row) { // Thread who have no replies yet and the only post is invisible should not be displayed to students. if (api_is_allowed_to_edit(false, true) || - !($row['thread_replies'] == '0' AND $row['visibility'] == '0') + !($row['thread_replies'] == '0' && $row['visibility'] == '0') ) { - $my_whatsnew_post_info = null; if (isset($whatsnew_post_info[$my_forum][$row['thread_id']])) { @@ -477,8 +474,7 @@ if (is_array($threads)) { if ($origin != 'learnpath') { $authorName = display_user_link( $row['user_id'], - api_get_person_name($row['firstname'], - $row['lastname']), + api_get_person_name($row['firstname'], $row['lastname']), '', $poster_username ); @@ -547,39 +543,9 @@ if (is_array($threads)) { . Display::return_icon('post-item.png', null, null, ICON_SIZE_TINY) . ' ' . $last_post; $html .= ''; - - /* - if ($row['last_poster_user_id'] == '0') { - $name = $row['poster_name']; - $last_poster_username = ""; - } else { - $name = api_get_person_name($row['last_poster_firstname'], $row['last_poster_lastname']); - $tab_last_poster_info = api_get_user_info($row['last_poster_user_id']); - $last_poster_username = sprintf(get_lang('LoginX'), $tab_last_poster_info['username']); - } - // If the last post is invisible and it is not the teacher who is looking then we have to find the last visible post of the thread. - if (($row['visible'] == '1' OR api_is_allowed_to_edit(false, true)) && $origin != 'learnpath') { - $last_post = $post_date.' '.get_lang('By').' '.display_user_link($row['last_poster_user_id'], $name, '', $last_poster_username); - } elseif ($origin != 'learnpath') { - $last_post_sql = "SELECT post.*, user.firstname, user.lastname, user.username FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' AND post.c_id=".api_get_course_int_id()." ORDER BY post_id DESC"; - $last_post_result = Database::query($last_post_sql); - $last_post_row = Database::fetch_array($last_post_result); - $name = api_get_person_name($last_post_row['firstname'], $last_post_row['lastname']); - $last_post_info_username = sprintf(get_lang('LoginX'), $last_post_row['username']); - $last_post = api_convert_and_format_date($last_post_row['post_date']).' '.get_lang('By').' '.display_user_link($last_post_row['poster_id'], $name, '', $last_post_info_username); - } else { - $last_post_sql = "SELECT post.*, user.firstname, user.lastname, user.username FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' AND post.c_id=".api_get_course_int_id()." ORDER BY post_id DESC"; - $last_post_result = Database::query($last_post_sql); - $last_post_row = Database::fetch_array($last_post_result); - $last_post_info_username = sprintf(get_lang('LoginX'), $last_post_row['username']); - $name = api_get_person_name($last_post_row['firstname'], $last_post_row['lastname']); - $last_post = api_convert_and_format_date($last_post_row['post_date']).' '.get_lang('By').' '.Display::tag('span', $name, array("title"=>api_htmlentities($last_post_info_username, ENT_QUOTES))); - }*/ - - $html .= '
'; $cidreq = api_get_cidreq(); - + // Get attachment id. if (isset($row['post_id'])) { $attachment_list = get_attachment($row['post_id']); @@ -591,11 +557,10 @@ if (is_array($threads)) { !(api_is_course_coach() && $current_forum['session_id'] != $sessionId) ) { $iconsEdit .= '' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . ''; - if (api_resource_is_locked_by_gradebook($row['thread_id'], LINK_FORUM_THREAD)) { $iconsEdit .= Display::return_icon( 'delete_na.png', @@ -605,7 +570,7 @@ if (is_array($threads)) { ); } else { $iconsEdit.= '' . Display::return_icon('move.png', get_lang('MoveThread'), array(), ICON_SIZE_SMALL) . ''; @@ -658,7 +623,7 @@ if (is_array($threads)) { . '">' . Display::return_icon($iconnotify, get_lang('NotifyMe')) . ''; } - if (api_is_allowed_to_edit(null,true) && $origin != 'learnpath') { + if (api_is_allowed_to_edit(null, true) && $origin != 'learnpath') { $iconsEdit .= ''; echo isset($table_list) ? $table_list : ''; -/* FOOTER */ - if ($origin != 'learnpath') { Display::display_footer(); } diff --git a/main/forum/viewpost.php b/main/forum/viewpost.php index a06483d4da..a1c568d23a 100755 --- a/main/forum/viewpost.php +++ b/main/forum/viewpost.php @@ -68,7 +68,7 @@ if ($origin == 'learnpath') { 'name' => prepare4display($current_forum_category['cat_title']), ); $interbreadcrumb[] = array( - 'url' => 'viewforum.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&origin='.$origin.'&search='.Security::remove_XSS(urlencode($_GET['search'])), + 'url' => 'viewforum.php?'.api_get_cidreq().'&forum='.intval($_GET['forum']).'&origin='.$origin.'&search='.Security::remove_XSS(urlencode($_GET['search'])), 'name' => prepare4display($current_forum['forum_title']), ); @@ -121,7 +121,7 @@ if ($message != 'PostDeletedSpecial') { /* Action Links */ echo '
'; - $my_url = ''.get_lang('FlatView').' | '; echo $my_url.'&view=threaded&origin='.$origin.'">'.get_lang('ThreadedView').' | '; echo $my_url.'&view=nested&origin='.$origin.'">'.get_lang('NestedView').''; @@ -136,7 +136,7 @@ if ($message != 'PostDeletedSpecial') { // The link should only appear when the user is logged in or when anonymous posts are allowed. if ($_user['user_id'] || ($current_forum['allow_anonymous'] == 1 && !$_user['user_id'])) { // reply link - echo ''.get_lang('ReplyToThread').''; + echo ''.get_lang('ReplyToThread').''; // new thread link if (api_is_allowed_to_edit(false, true) || diff --git a/main/forum/viewthread.php b/main/forum/viewthread.php index 6353ed07f7..1f8e89818e 100755 --- a/main/forum/viewthread.php +++ b/main/forum/viewthread.php @@ -172,7 +172,7 @@ if ($my_message != 'PostDeletedSpecial') { echo ''.search_link().''; if ($origin != 'learnpath') { echo '' + . intval($_GET['forum']) . '&' . api_get_cidreq() . '">' . Display::return_icon('back.png', get_lang('BackToForum'), '', ICON_SIZE_MEDIUM) . ''; } // The reply to thread link should only appear when the forum_category is @@ -190,8 +190,8 @@ if ($my_message != 'PostDeletedSpecial') { // reply link if (!api_is_anonymous() && api_is_allowed_to_session_edit(false, true)) { echo '' + . intval($_GET['forum']) . '&thread=' + . intval($_GET['thread']) . '&action=replythread">' . Display::return_icon('reply_thread.png', get_lang('ReplyToThread'), '', ICON_SIZE_MEDIUM) . ''; } @@ -216,7 +216,7 @@ if ($my_message != 'PostDeletedSpecial') { // The different views of the thread. if ($origin != 'learnpath') { $my_url = '' . Display::return_icon('forum_listview.png', get_lang('FlatView'), null, ICON_SIZE_MEDIUM)