chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove Database::escape_string() without quotes to avoid SQL injections - partial - refs #7440

Browse Source
1.9.x
Yannick Warnier 11 years ago
parent f6b9a55947
commit 28baec78d2
37 changed files with 206 additions and 198 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/inc/lib/fckeditor/fcktemplates.xml.php
  2. 36
      main/inc/lib/groupmanager.lib.php
  3. 6
      main/inc/lib/legal.lib.php
  4. 6
      main/inc/lib/lp_item.lib.php
  5. 2
      main/inc/lib/main_api.lib.php
  6. 13
      main/inc/lib/message.lib.php
  7. 4
      main/inc/lib/notebook.lib.php
  8. 6
      main/inc/lib/online.inc.php
  9. 2
      main/inc/lib/search/tool_processors/document_processor.class.php
  10. 2
      main/inc/lib/search/tool_processors/learnpath_processor.class.php
  11. 2
      main/inc/lib/search/tool_processors/link_processor.class.php
  12. 14
      main/inc/lib/sessionmanager.lib.php
  13. 10
      main/inc/lib/tracking.lib.php
  14. 52
      main/inc/lib/urlmanager.lib.php
  15. 42
      main/inc/lib/usermanager.lib.php
  16. 13
      main/mySpace/myspace.lib.php
  17. 2
      main/newscorm/audiorecorder.inc.php
  18. 16
      main/newscorm/learnpath.class.php
  19. 4
      main/newscorm/scorm.class.php
  20. 1
      main/notebook/notebook_repository.class.php
  21. 8
      main/permissions/roles.php
  22. 2
      main/reservation/subscribe.php
  23. 2
      main/social/group_invitation.php
  24. 18
      main/survey/fillsurvey.php
  25. 11
      main/survey/preview.php
  26. 68
      main/survey/survey.lib.php
  27. 10
      main/survey/survey.php
  28. 10
      main/tracking/userLog.php
  29. 2
      main/user/resume_session.php
  30. 14
      main/user/subscribe_user.php
  31. 2
      main/user/user.php
  32. 8
      main/webservices/cm_webservice_user.php
  33. 2
      main/wiki/wiki.inc.php
  34. 2
      main/work/work.php
  35. 2
      plugin/buycourses/src/inscription.php
  36. 2
      plugin/ticket/src/report.php
  37. 2
      tests/main/admin/calendar.lib.test.php

2
main/inc/lib/fckeditor/fcktemplates.xml.php
Unescape View File

@ -219,7 +219,7 @@ function load_personal_templates($user_id = 0) {
$sql = "SELECT template.id, template.title, template.description, template.image, template.ref_doc, document.path
FROM ".$table_template." template, ".$table_document." document
WHERE
user_id='".Database::escape_string($user_id)."' AND
user_id='".intval($user_id)."' AND
course_code='".Database::escape_string(api_get_course_id())."' AND
document.c_id = $course_id AND
document.id = template.ref_doc";

36
main/inc/lib/groupmanager.lib.php
Unescape View File

@ -611,7 +611,7 @@ class GroupManager
max_student = '".Database::escape_string($maximum_number_of_students)."',
self_registration_allowed = '".Database::escape_string($self_registration_allowed)."',
self_unregistration_allowed = '".Database::escape_string($self_unregistration_allowed)."',
category_id = '".Database::escape_string($categoryId)."'
category_id = ".intval($categoryId)."
WHERE c_id = $course_id AND id=".$group_id;
$result = Database::query($sql);
@ -895,7 +895,7 @@ class GroupManager
groups_per_user = '".Database::escape_string($groups_per_user)."',
self_reg_allowed = '".Database::escape_string($self_registration_allowed)."',
self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."',
max_student = ".Database::escape_string($maximum_number_of_students)."
max_student = ".intval($maximum_number_of_students)."
WHERE c_id = $course_id AND id = $id";
Database::query($sql);
@ -1015,8 +1015,8 @@ class GroupManager
WHERE c_id = $courseId AND g.group_id = $group_id";
if (!empty($column) && !empty($direction)) {
$column = Database::escape_string($column);
$direction = Database::escape_string($direction);
$column = Database::escape_string($column, null, false);
$direction = ($direction == 'ASC' ? 'ASC' : 'DESC');
$sql .= " ORDER BY $column $direction";
}
@ -1306,8 +1306,8 @@ class GroupManager
{
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$table_group = Database :: get_course_table(TABLE_GROUP);
$user_id = Database::escape_string($user_id);
$cat_id = Database::escape_string($cat_id);
$user_id = intval($user_id);
$cat_id = intval($cat_id);
$course_id = api_get_course_int_id();
$cat_condition = '';
@ -1365,7 +1365,7 @@ class GroupManager
return false;
}
$table_group = Database :: get_course_table(TABLE_GROUP);
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
$course_id = api_get_course_int_id();
$db_result = Database::query(
'SELECT self_unregistration_allowed
@ -1389,8 +1389,8 @@ class GroupManager
return false;
}
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id);
$user_id = Database::escape_string($user_id);
$group_id = intval($group_id);
$user_id = intval($user_id);
$course_id = api_get_course_int_id();
$sql = 'SELECT 1 FROM '.$table_group_user.'
WHERE
@ -1499,7 +1499,7 @@ class GroupManager
$order_clause = " ORDER BY u.official_code, u.firstname, u.lastname";
}
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
$course_id = api_get_course_int_id();
$sql = "SELECT tg.id, u.user_id, u.lastname, u.firstname, u.email
@ -1538,8 +1538,8 @@ class GroupManager
if (!empty($user_ids)) {
foreach ($user_ids as $user_id) {
if (self::can_user_subscribe($user_id, $group_id)) {
$user_id = Database::escape_string($user_id);
$group_id = Database::escape_string($group_id);
$user_id = intval($user_id);
$group_id = intval($group_id);
$sql = "INSERT INTO ".$table_group_user." (c_id, user_id, group_id)
VALUES ('$course_id', '".$user_id."', '".$group_id."')";
$result &= Database::query($sql);
@ -1565,8 +1565,8 @@ class GroupManager
$table_group_tutor = Database :: get_course_table(TABLE_GROUP_TUTOR);
foreach ($user_ids as $user_id) {
$user_id = Database::escape_string($user_id);
$group_id = Database::escape_string($group_id);
$user_id = intval($user_id);
$group_id = intval($group_id);
$sql = "INSERT INTO ".$table_group_tutor." (c_id, user_id, group_id)
VALUES ('$course_id', '".$user_id."', '".$group_id."')";
$result &= Database::query($sql);
@ -1584,7 +1584,7 @@ class GroupManager
{
$user_ids = is_array($user_ids) ? $user_ids : array ($user_ids);
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
$course_id = api_get_course_int_id();
$sql = 'DELETE FROM '.$table_group_user.'
WHERE c_id = '.$course_id.' AND group_id = '.$group_id.' AND user_id IN ('.implode(',', $user_ids).')';
@ -1654,8 +1654,8 @@ class GroupManager
public static function is_tutor_of_group($user_id, $group_id)
{
$table_group_tutor = Database :: get_course_table(TABLE_GROUP_TUTOR);
$user_id = Database::escape_string($user_id);
$group_id = Database::escape_string($group_id);
$user_id = intval($user_id);
$group_id = intval($group_id);
$course_id = api_get_course_int_id();
$sql = "SELECT * FROM ".$table_group_tutor."
@ -1724,7 +1724,7 @@ class GroupManager
public static function is_tutor($user_id)
{
$course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$user_id = Database::escape_string($user_id);
$user_id = intval($user_id);
$sql = "SELECT tutor_id FROM ".$course_user_table."
WHERE user_id = '".$user_id."' AND c_id ='".api_get_course_int_id()."'"."AND tutor_id=1";

6
main/inc/lib/legal.lib.php
Unescape View File

@ -35,11 +35,11 @@ class LegalManager
$version = intval(LegalManager::get_last_condition_version($language));
$version++;
$sql = "INSERT INTO $legal_table SET
language_id = '".Database::escape_string($language)."',
language_id = '".$language."',
content = '".$content."',
changes= '".$changes."',
type = '".$type."',
version = '".Database::escape_string($version)."',
version = '".intval($version)."',
date = '".$time."'";
Database::query($sql);
@ -256,7 +256,7 @@ class LegalManager
public static function get_type_of_terms_and_conditions($legal_id,$language_id)
{
$legal_conditions_table = Database::get_main_table(TABLE_MAIN_LEGAL);
$legal_id=Database::escape_string($legal_id);
$legal_id = intval($legal_id);
$language_id = Database::escape_string($language_id);
$sql = 'SELECT type FROM '.$legal_conditions_table.' WHERE legal_id="'.$legal_id.'" AND language_id="'.$language_id.'"';
$rs = Database::query($sql);

6
main/inc/lib/lp_item.lib.php
Unescape View File

@ -39,8 +39,8 @@ class LpItem
$item_view_table = Database::get_course_table(TABLE_LP_ITEM);
$sql = "SELECT * FROM $item_view_table
WHERE
c_id=".Database::escape_string($in_c_id)." AND
id=".Database::escape_string($in_id);
c_id=".intval($in_c_id)." AND
id=".intval($in_id);
$res = Database::query($sql);
$data = Database::fetch_array($res);
@ -79,7 +79,7 @@ class LpItem
$item_view_table = Database::get_course_table(TABLE_LP_ITEM);
if ($this->c_id > 0 && $this->id > 0) {
$sql = "UPDATE $item_view_table SET
lp_id = '".Database::escape_string($this->lp_id)."' ,
lp_id = '".intval($this->lp_id)."' ,
item_type = '".Database::escape_string($this->item_type)."' ,
ref = '".Database::escape_string($this->ref)."' ,
title = '".Database::escape_string($this->title)."' ,

2
main/inc/lib/main_api.lib.php
Unescape View File

@ -3650,7 +3650,7 @@ function api_get_item_property_id($course_code, $tool, $ref)
*/
function api_track_item_property_update($tool, $ref, $title, $content, $progress)
{
$tbl_stats_item_property = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ITEM_PROPERTY);
$tbl_stats_item_property = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ITEM_PROPERTY);
$course_id = api_get_real_course_id(); //numeric
$course_code = api_get_course_id(); //alphanumeric
$item_property_id = api_get_item_property_id($course_code, $tool, $ref);

13
main/inc/lib/message.lib.php
Unescape View File

@ -445,7 +445,7 @@ class MessageManager
if ($id != strval(intval($id)))
return false;
$user_receiver_id = intval($user_receiver_id);
$id = Database::escape_string($id);
$id = intval($id);
$sql = "SELECT * FROM $table_message WHERE id=".$id." AND msg_status<>4;";
$rs = Database::query($sql);
@ -763,15 +763,16 @@ class MessageManager
$table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "SELECT id FROM $table_message
WHERE
user_receiver_id=".Database::escape_string($user_id)." AND
id='".Database::escape_string($id)."'";
user_receiver_id = ".intval($user_id)." AND
id = '".intval($id)."'";
$result = Database::query($query);
$num = Database::num_rows($result);
if ($num > 0)
if ($num > 0) {
return true;
else
} else {
return false;
}
}
/**
* Gets information about messages sent
@ -973,7 +974,7 @@ class MessageManager
$query = "SELECT * FROM $table_message
WHERE
user_sender_id=".api_get_user_id()." AND
id=".intval(Database::escape_string($_GET['id_send']))." AND
id=".intval($_GET['id_send'])." AND
msg_status = 4;";
$result = Database::query($query);
$message_id = intval($_GET['id_send']);

4
main/inc/lib/notebook.lib.php
Unescape View File

@ -59,7 +59,7 @@ class NotebookManager
$course_id,
'" . api_get_user_id() . "',
'" . Database::escape_string(api_get_course_id()) . "',
'" . Database::escape_string($_SESSION['id_session']) . "',
'" . intval($_SESSION['id_session']) . "',
'" . Database::escape_string($values['note_title']) . "',
'" . Database::escape_string($values['note_comment']) . "',
'" . Database::escape_string(date('Y-m-d H:i:s')) . "',
@ -119,7 +119,7 @@ class NotebookManager
$sql = "UPDATE $t_notebook SET
user_id = '" . api_get_user_id() . "',
course = '" . Database::escape_string(api_get_course_id()) . "',
session_id = '" . Database::escape_string($_SESSION['id_session']) . "',
session_id = '" . intval($_SESSION['id_session']) . "',
title = '" . Database::escape_string($values['note_title']) . "',
description = '" . Database::escape_string($values['note_comment']) . "',
update_date = '" . Database::escape_string(date('Y-m-d H:i:s')) . "'

6
main/inc/lib/online.inc.php
Unescape View File

@ -393,7 +393,7 @@ function who_is_online_in_this_course($from, $number_of_items, $uid, $time_limit
$online_time = time() - $time_limit*60;
$current_date = api_get_utc_datetime($online_time);
$track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$course_code = Database::escape_string($course_code);
$from = intval($from);
@ -424,7 +424,7 @@ function who_is_online_in_this_course($from, $number_of_items, $uid, $time_limit
function who_is_online_in_this_course_count($uid, $time_limit, $coursecode=null) {
if(empty($coursecode)) return false;
$track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$coursecode = Database::escape_string($coursecode);
$time_limit = Database::escape_string($time_limit);
@ -451,7 +451,7 @@ function who_is_online_in_this_course_count($uid, $time_limit, $coursecode=null)
*/
function GetFullUserName($uid) {
$uid = (int) $uid;
$uid = Database::escape_string($uid);
$uid = intval($uid);
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$query = "SELECT firstname, lastname FROM ".$user_table." WHERE user_id='$uid'";
$result = @Database::query($query);

2
main/inc/lib/search/tool_processors/document_processor.class.php
Unescape View File

@ -75,7 +75,7 @@ class document_processor extends search_processor {
$item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$doc_table = Database::get_course_table(TABLE_DOCUMENT);
$doc_id = Database::escape_string($doc_id);
$doc_id = intval($doc_id);
$sql = "SELECT * FROM $doc_table
WHERE $doc_table.id = $doc_id AND c_id = $course_id
LIMIT 1";

2
main/inc/lib/search/tool_processors/learnpath_processor.class.php
Unescape View File

@ -98,7 +98,7 @@ class learnpath_processor extends search_processor {
$lp_table = Database::get_course_table(TABLE_LP_MAIN);
$doc_table = Database::get_course_table(TABLE_DOCUMENT);
$lp_id = Database::escape_string($lp_id);
$lp_id = intval($lp_id);
if ($has_document_id) {
$sql = "SELECT $lpi_table.id, $lp_table.name, $lp_table.author, $doc_table.path

2
main/inc/lib/search/tool_processors/link_processor.class.php
Unescape View File

@ -102,7 +102,7 @@ class link_processor extends search_processor {
if (!empty($course_information)) {
$item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$link_id = Database::escape_string($link_id);
$link_id = intval($link_id);
$sql = "SELECT insert_user_id FROM $item_property_table
WHERE ref = $link_id AND tool = '" . TOOL_LINK . "' AND c_id = $course_id
LIMIT 1";

14
main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -641,7 +641,7 @@ class SessionManager
$sql_query = sprintf($sql,
intval($courseId),
Database::escape_string($user['user_id']),
intval($user['user_id']),
$sessionId
);
@ -1485,7 +1485,7 @@ class SessionManager
}
if (!api_is_platform_admin() && !$from_ws) {
$sql = 'SELECT session_admin_id FROM ' . Database :: get_main_table(TABLE_MAIN_SESSION) . ' WHERE id=' . $id_checked;
$sql = 'SELECT session_admin_id FROM ' . Database :: get_main_table(TABLE_MAIN_SESSION) . ' WHERE id IN (' . $id_checked.')';
$rs = Database::query($sql);
if (Database::result($rs, 0, 0) != $userId) {
api_not_allowed(true);
@ -2056,9 +2056,9 @@ class SessionManager
// subscribe all the users from the session to this course inside the session
$nbr_users = 0;
foreach ($user_list as $enreg_user) {
$enreg_user_id = Database::escape_string($enreg_user['id_user']);
$enreg_user_id = intval($enreg_user['id_user']);
$sql = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user (id_session, course_code, id_user)
VALUES ('$sessionId','$enreg_course','$enreg_user_id')";
VALUES ($sessionId,'$enreg_course',$enreg_user_id)";
Database::query($sql);
if (Database::affected_rows()) {
$nbr_users++;
@ -2253,7 +2253,7 @@ class SessionManager
$return_value = false;
$sql = "SELECT course_code FROM $tbl_session_course
WHERE
id_session = " . Database::escape_string($session_id) . " AND
id_session = " . intval($session_id) . " AND
course_code = '" . Database::escape_string($course_id) . "'";
$result = Database::query($sql);
$num = Database::num_rows($result);
@ -5214,8 +5214,8 @@ class SessionManager
public static function isUserSusbcribedAsStudent($sessionId, $userId) {
$sessionRelUserTable = Database::get_main_table(TABLE_MAIN_SESSION_USER);
$sessionId = Database::escape_string($sessionId);
$userId = Database::escape_string($userId);
$sessionId = intval($sessionId);
$userId = intval($userId);
$sql = "SELECT COUNT(1) AS qty FROM $sessionRelUserTable "
. "WHERE id_session = $sessionId AND id_user = $userId AND relation_type = 0";

10
main/inc/lib/tracking.lib.php
Unescape View File

@ -5945,7 +5945,7 @@ class TrackingUserLog
$session_id = intval($session_id);
$course_id = Database::escape_string($course_id);
$track_access_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ACCESS);
$track_access_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ACCESS);
$tempView = $view;
if(substr($view,0,1) == '1') {
$new_view = substr_replace($view,'0',0,1);
@ -6031,13 +6031,13 @@ class TrackingUserLog
$sql = "SELECT ce.title, te.exe_result , te.exe_weighting, UNIX_TIMESTAMP(te.exe_date)
FROM $TABLECOURSE_EXERCICES AS ce , $TABLETRACK_EXERCICES AS te
WHERE te.exe_cours_id = '".Database::escape_string($course_id)."'
AND te.exe_user_id = '".Database::escape_string($user_id)."'
AND te.exe_user_id = '".intval($user_id)."'
AND te.exe_exo_id = ce.id
ORDER BY ce.title ASC, te.exe_date ASC";
$hpsql = "SELECT te.exe_name, te.exe_result , te.exe_weighting, UNIX_TIMESTAMP(te.exe_date)
FROM $TBL_TRACK_HOTPOTATOES AS te
WHERE te.exe_user_id = '".Database::escape_string($user_id)."' AND te.exe_cours_id = '".Database::escape_string($course_id)."'
WHERE te.exe_user_id = '".intval($user_id)."' AND te.exe_cours_id = '".Database::escape_string($course_id)."'
ORDER BY te.exe_cours_id ASC, te.exe_date ASC";
$hpresults = getManyResultsXCol($hpsql, 4);
@ -6131,7 +6131,7 @@ class TrackingUserLog
$sql = "SELECT u.upload_date, w.title, w.author,w.url
FROM $TABLETRACK_UPLOADS u , $TABLECOURSE_WORK w
WHERE u.upload_work_id = w.id
AND u.upload_user_id = '".Database::escape_string($user_id)."'
AND u.upload_user_id = '".intval($user_id)."'
AND u.upload_cours_id = '".Database::escape_string($course_id)."'
ORDER BY u.upload_date DESC";
echo "<tr><td style='padding-left : 40px;padding-right : 40px;'>";
@ -6200,7 +6200,7 @@ class TrackingUserLog
FROM $TABLETRACK_LINKS AS sl, $TABLECOURSE_LINKS AS cl
WHERE sl.links_link_id = cl.id
AND sl.links_cours_id = '".Database::escape_string($course_id)."'
AND sl.links_user_id = '".Database::escape_string($user_id)."'
AND sl.links_user_id = '".intval($user_id)."'
GROUP BY cl.title, cl.url";
echo "<tr><td style='padding-left : 40px;padding-right : 40px;'>";
$results = getManyResults2Col($sql);

52
main/inc/lib/urlmanager.lib.php
Unescape View File

@ -27,7 +27,7 @@ class UrlManager
$sql = "INSERT INTO $table_access_url
SET url = '".Database::escape_string($url)."',
description = '".Database::escape_string($description)."',
active = '".Database::escape_string($active)."',
active = '".intval($active)."',
created_by = '".api_get_user_id()."',
tms = FROM_UNIXTIME(".$tms.")";
$result = Database::query($sql);
@ -51,7 +51,7 @@ class UrlManager
$sql = "UPDATE $table_access_url
SET url = '".Database::escape_string($url)."',
description = '".Database::escape_string($description)."',
active = '".Database::escape_string($active)."',
active = '".intval($active)."',
created_by = '".api_get_user_id()."',
tms = FROM_UNIXTIME(".$tms.")
WHERE id = '$url_id'";
@ -143,7 +143,7 @@ class UrlManager
public static function get_url_data_from_id($url_id)
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id, url, description, active FROM $table_access_url WHERE id = ".Database::escape_string($url_id);
$sql = "SELECT id, url, description, active FROM $table_access_url WHERE id = ".intval($url_id);
$res = Database::query($sql);
$row = Database::fetch_array($res);
return $row;
@ -162,7 +162,7 @@ class UrlManager
$table_url_rel_user = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
if (!empty($access_url_id)) {
$where = "WHERE $table_url_rel_user.access_url_id = ".Database::escape_string($access_url_id);
$where = "WHERE $table_url_rel_user.access_url_id = ".intval($access_url_id);
}
if (empty($order_by)) {
$order_clause = api_sort_by_first_name(
@ -333,9 +333,9 @@ class UrlManager
$status_db = '1';
}
if (($status_db == '1' OR $status_db == '0') AND is_numeric($url_id)) {
$sql = "UPDATE $url_table SET active='".Database::escape_string(
$sql = "UPDATE $url_table SET active='".intval(
$status_db
)."' WHERE id='".Database::escape_string($url_id)."'";
)."' WHERE id='".intval($url_id)."'";
$result = Database::query($sql);
}
}
@ -351,7 +351,7 @@ class UrlManager
{
$table_url_rel_user= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql= "SELECT user_id FROM $table_url_rel_user
WHERE access_url_id = ".Database::escape_string($url_id)." AND user_id = ".Database::escape_string($user_id)." ";
WHERE access_url_id = ".intval($url_id)." AND user_id = ".intval($user_id)." ";
$result = Database::query($sql);
$num = Database::num_rows($result);
@ -369,7 +369,7 @@ class UrlManager
{
$table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql= "SELECT course_code FROM $table_url_rel_course
WHERE access_url_id = ".Database::escape_string($url_id)." AND
WHERE access_url_id = ".intval($url_id)." AND
course_code = '".Database::escape_string($course_id)."'";
$result = Database::query($sql);
$num = Database::num_rows($result);
@ -388,8 +388,8 @@ class UrlManager
{
$table = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USERGROUP);
$sql= "SELECT usergroup_id FROM $table
WHERE access_url_id = ".Database::escape_string($urlId)." AND
usergroup_id = ".Database::escape_string($userGroupId);
WHERE access_url_id = ".intval($urlId)." AND
usergroup_id = ".intval($userGroupId);
$result = Database::query($sql);
$num = Database::num_rows($result);
return $num;
@ -407,7 +407,7 @@ class UrlManager
$table_url_rel_session= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$session_id = intval($session_id);
$url_id = intval($url_id);
$sql= "SELECT session_id FROM $table_url_rel_session WHERE access_url_id = ".Database::escape_string($url_id)." AND session_id = ".Database::escape_string($session_id);
$sql= "SELECT session_id FROM $table_url_rel_session WHERE access_url_id = ".intval($url_id)." AND session_id = ".Database::escape_string($session_id);
$result = Database::query($sql);
$num = Database::num_rows($result);
return $num;
@ -431,7 +431,7 @@ class UrlManager
$count = UrlManager::relation_url_user_exist($user_id,$url_id);
if ($count==0) {
$sql = "INSERT INTO $table_url_rel_user
SET user_id = ".Database::escape_string($user_id).", access_url_id = ".Database::escape_string($url_id);
SET user_id = ".intval($user_id).", access_url_id = ".intval($url_id);
$result = Database::query($sql);
if ($result) {
$result_array[$url_id][$user_id] = 1;
@ -465,7 +465,7 @@ class UrlManager
$count = self::relation_url_course_exist($course_code,$url_id);
if ($count==0) {
$sql = "INSERT INTO $table_url_rel_course
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id);
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".intval($url_id);
$result = Database::query($sql);
if($result)
$result_array[$url_id][$course_code]=1;
@ -548,8 +548,8 @@ class UrlManager
{
$table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE_CATEGORY);
$sql= "SELECT course_category_id FROM $table
WHERE access_url_id = ".Database::escape_string($urlId)." AND
course_category_id = ".Database::escape_string($categoryCourseId);
WHERE access_url_id = ".intval($urlId)." AND
course_category_id = ".intval($categoryCourseId);
$result = Database::query($sql);
$num = Database::num_rows($result);
return $num;
@ -612,9 +612,9 @@ class UrlManager
if ($count == 0) {
$sql = "INSERT INTO $table_url_rel_session
SET session_id = ".Database::escape_string(
SET session_id = ".intval(
$session_id
).", access_url_id = ".Database::escape_string($url_id);
).", access_url_id = ".intval($url_id);
$result = Database::query($sql);
if ($result) {
$result_array[$url_id][$session_id] = 1;
@ -645,7 +645,7 @@ class UrlManager
$count = UrlManager::relation_url_user_exist($user_id, $url_id);
$result = true;
if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_user (user_id, access_url_id) VALUES ('".Database::escape_string($user_id)."', '".Database::escape_string($url_id)."') ";
$sql = "INSERT INTO $table_url_rel_user (user_id, access_url_id) VALUES ('".intval($user_id)."', '".intval($url_id)."') ";
$result = Database::query($sql);
}
@ -666,7 +666,7 @@ class UrlManager
$count = UrlManager::relation_url_course_exist($course_code,$url_id);
if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_course
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id);
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".intval($url_id);
$result = Database::query($sql);
}
@ -691,7 +691,7 @@ class UrlManager
if (empty($count) && !empty($session_id)) {
$url_id = intval($url_id);
$sql = "INSERT INTO $table_url_rel_session
SET session_id = ".Database::escape_string($session_id).", access_url_id = ".Database::escape_string($url_id);
SET session_id = ".intval($session_id).", access_url_id = ".intval($url_id);
$result = Database::query($sql);
}
@ -711,7 +711,7 @@ class UrlManager
$result = true;
if (!empty($user_id) && !empty($url_id)) {
$sql= "DELETE FROM $table_url_rel_user
WHERE user_id = ".Database::escape_string($user_id)." AND access_url_id = ".Database::escape_string($url_id);
WHERE user_id = ".intval($user_id)." AND access_url_id = ".intval($url_id);
$result = Database::query($sql);
}
@ -728,7 +728,7 @@ class UrlManager
public static function delete_url_rel_course($course_code, $url_id)
{
$table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql= "DELETE FROM $table_url_rel_course WHERE course_code = '".Database::escape_string($course_code)."' AND access_url_id=".Database::escape_string($url_id)." ";
$sql= "DELETE FROM $table_url_rel_course WHERE course_code = '".Database::escape_string($course_code)."' AND access_url_id=".intval($url_id)." ";
$result = Database::query($sql);
return $result;
}
@ -780,7 +780,7 @@ class UrlManager
{
$table_url_rel_session = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql= "DELETE FROM $table_url_rel_session
WHERE session_id = ".Database::escape_string($session_id)." AND access_url_id=".Database::escape_string($url_id)." ";
WHERE session_id = ".intval($session_id)." AND access_url_id=".intval($url_id)." ";
$result = Database::query($sql,'ASSOC');
return $result;
}
@ -961,7 +961,7 @@ class UrlManager
{
$table_url_rel_session = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql = "SELECT session_id FROM $table_url_rel_session WHERE access_url_id=".Database::escape_string($access_url_id);
$sql = "SELECT session_id FROM $table_url_rel_session WHERE access_url_id=".intval($access_url_id);
$result = Database::query($sql);
$existing_sessions = array();
@ -998,7 +998,7 @@ class UrlManager
$table_url = Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT url, access_url_id FROM $table_url_rel_user url_rel_user INNER JOIN $table_url u
ON (url_rel_user.access_url_id = u.id)
WHERE user_id = ".Database::escape_string($user_id);
WHERE user_id = ".intval($user_id);
$result = Database::query($sql);
$url_list = Database::store_result($result,'ASSOC');
return $url_list;
@ -1014,7 +1014,7 @@ class UrlManager
$table_url = Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT url, access_url_id FROM $table_url_rel_session url_rel_session INNER JOIN $table_url u
ON (url_rel_session.access_url_id = u.id)
WHERE session_id = ".Database::escape_string($session_id);
WHERE session_id = ".intval($session_id);
$result = Database::query($sql);
$url_list = Database::store_result($result);

42
main/inc/lib/usermanager.lib.php
Unescape View File

@ -653,7 +653,7 @@ class UserManager
active='".Database::escape_string($active)."',
hr_dept_id=".intval($hr_dept_id);
if (!is_null($creator_id)) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
$sql .= ", creator_id='".intval($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
$return = Database::query($sql);
@ -995,6 +995,7 @@ class UserManager
* @param array $order_by a list of fields on which sort
* @return array An array with all users of the platform.
* @todo optional course code parameter, optional sorting parameters...
* @todo security filter order by
*/
public static function get_user_list($conditions = array(), $order_by = array(), $limit_from = false, $limit_to = false)
{
@ -1010,7 +1011,7 @@ class UserManager
}
}
if (count($order_by) > 0) {
$sql_query .= ' ORDER BY '.Database::escape_string(implode(',', $order_by));
$sql_query .= ' ORDER BY '.Database::escape_string(implode(',', $order_by), null, false);
}
if (is_numeric($limit_from) && is_numeric($limit_from)) {
@ -1031,6 +1032,7 @@ class UserManager
* @param array $order_by a list of fields on which sort
* @return array An array with all users of the platform.
* @todo optional course code parameter, optional sorting parameters...
* @todo security filter order_by
*/
public static function get_user_list_like($conditions = array(), $order_by = array(), $simple_like = false, $condition = 'AND')
{
@ -1054,7 +1056,7 @@ class UserManager
}
}
if (count($order_by) > 0) {
$sql_query .= ' ORDER BY '.Database::escape_string(implode(',', $order_by));
$sql_query .= ' ORDER BY '.Database::escape_string(implode(',', $order_by), null, false);
}
$sql_result = Database::query($sql_query);
while ($result = Database::fetch_array($sql_result)) {
@ -2004,7 +2006,7 @@ class UserManager
field_display_text = '".Database::escape_string($fieldtitle)."',
field_default_value = '".Database::escape_string($fielddefault)."',
tms = FROM_UNIXTIME($time)
WHERE id = '".Database::escape_string($fieldid)."'";
WHERE id = '".intval($fieldid)."'";
$result = Database::query($sql);
// we create an array with all the options (will be used later in the script)
@ -2029,24 +2031,24 @@ class UserManager
}
// Remove all the field options (and also the choices of the user) that are NOT in the new list of options
$sql = "SELECT * FROM $table_field_options WHERE option_value NOT IN ('".implode("','", $list)."') AND field_id = '".Database::escape_string($fieldid)."'";
$sql = "SELECT * FROM $table_field_options WHERE option_value NOT IN ('".implode("','", $list)."') AND field_id = '".intval($fieldid)."'";
$result = Database::query($sql);
$return['deleted_options'] = 0;
while ($row = Database::fetch_array($result)) {
// deleting the option
$sql_delete_option = "DELETE FROM $table_field_options WHERE id='".Database::escape_string($row['id'])."'";
$sql_delete_option = "DELETE FROM $table_field_options WHERE id='".intval($row['id'])."'";
Database::query($sql_delete_option);
$return['deleted_options']++;
// deleting the answer of the user who has chosen this option
$sql_delete_option_value = "DELETE FROM $table_field_options_values
WHERE field_id = '".Database::escape_string($fieldid)."' AND field_value = '".Database::escape_string($row['option_value'])."'";
WHERE field_id = '".intval($fieldid)."' AND field_value = '".Database::escape_string($row['option_value'])."'";
Database::query($sql_delete_option_value);
$return['deleted_option_values'] = $return['deleted_option_values'] + Database::affected_rows();
}
// we now try to find the field options that are newly added
$sql = "SELECT * FROM $table_field_options WHERE field_id = '".Database::escape_string($fieldid)."'";
$sql = "SELECT * FROM $table_field_options WHERE field_id = '".intval($fieldid)."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
// we remove every option that is already in the database from the $list
@ -2058,7 +2060,7 @@ class UserManager
// we store the new field options in the database
foreach ($list as $key => $option) {
$sql = "SELECT MAX(option_order) FROM $table_field_options WHERE field_id = '".Database::escape_string($fieldid)."'";
$sql = "SELECT MAX(option_order) FROM $table_field_options WHERE field_id = '".intval($fieldid)."'";
$res = Database::query($sql);
$max = 1;
if (Database::num_rows($res) > 0) {
@ -2067,7 +2069,7 @@ class UserManager
}
$time = time();
$sql = "INSERT INTO $table_field_options (field_id,option_value,option_display_text,option_order,tms)
VALUES ('".Database::escape_string($fieldid)."','".Database::escape_string($option)."','".Database::escape_string($option)."',$max,FROM_UNIXTIME($time))";
VALUES ('".intval($fieldid)."','".Database::escape_string($option)."','".Database::escape_string($option)."',$max,FROM_UNIXTIME($time))";
$result = Database::query($sql);
}
return true;
@ -2106,7 +2108,7 @@ class UserManager
$extra_data = array();
$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
$user_id = Database::escape_string($user_id);
$user_id = intval($user_id);
$sql = "SELECT f.id as id, f.field_variable as fvar, f.field_type as type FROM $t_uf f ";
$filter_cond = '';
@ -2187,7 +2189,7 @@ class UserManager
$extra_data = array();
$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
$user_id = Database::escape_string($user_id);
$user_id = intval($user_id);
$sql = "SELECT f.id as id, f.field_variable as fvar, f.field_type as type FROM $t_uf f ";
$sql .= " WHERE f.field_variable = '$field_variable' ";
@ -2246,7 +2248,7 @@ class UserManager
$return = Database::fetch_array($result);
// all the options of the field
$sql = "SELECT * FROM $table_field_options WHERE field_id='".Database::escape_string($return['id'])."' ORDER BY option_order ASC";
$sql = "SELECT * FROM $table_field_options WHERE field_id='".intval($return['id'])."' ORDER BY option_order ASC";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$return['options'][$row['id']] = $row;
@ -2284,12 +2286,12 @@ class UserManager
$table_field_options = Database::get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
// all the information of the field
$sql = "SELECT * FROM $table_field WHERE id='".Database::escape_string($field_id)."'";
$sql = "SELECT * FROM $table_field WHERE id='".intval($field_id)."'";
$result = Database::query($sql);
$return = Database::fetch_array($result);
// all the options of the field
$sql = "SELECT * FROM $table_field_options WHERE field_id='".Database::escape_string($field_id)."' ORDER BY option_order ASC";
$sql = "SELECT * FROM $table_field_options WHERE field_id='".intval($field_id)."' ORDER BY option_order ASC";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$return['options'][$row['id']] = $row;
@ -4372,8 +4374,8 @@ class UserManager
$table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
$sql = 'SELECT path_certificate FROM '.$table_certificate.'
WHERE
cat_id="'.Database::escape_string($cat_id).'" AND
user_id="'.Database::escape_string($user_id).'"';
cat_id="'.intval($cat_id).'" AND
user_id="'.intval($user_id).'"';
$rs = Database::query($sql);
$row = Database::fetch_array($rs);
if ($row['path_certificate'] == '' || is_null($row['path_certificate'])) {
@ -4408,7 +4410,7 @@ class UserManager
$sql = 'SELECT * FROM '.$tbl_grade_certificate.' WHERE cat_id = (SELECT id FROM '.$tbl_grade_category.'
WHERE
course_code = "'.Database::escape_string($course_code).'" '.$session_condition.' LIMIT 1 ) AND
user_id='.Database::escape_string($user_id);
user_id='.intval($user_id);
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
@ -4442,9 +4444,9 @@ class UserManager
$session_id = api_get_session_id();
$user_id = intval($user_id);
if ($session_id == 0 || is_null($session_id)) {
$sql_session = 'AND (session_id='.Database::escape_string($session_id).' OR isnull(session_id)) ';
$sql_session = 'AND (session_id='.intval($session_id).' OR isnull(session_id)) ';
} elseif ($session_id > 0) {
$sql_session = 'AND session_id='.Database::escape_string($session_id);
$sql_session = 'AND session_id='.intval($session_id);
} else {
$sql_session = '';
}

13
main/mySpace/myspace.lib.php
Unescape View File

@ -84,16 +84,15 @@ class MySpace
static function get_connections_from_course_list($user_id, $course_list, $session_id = 0) {
// Database table definitions
$tbl_track_course = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
$tbl_track_course = Database :: get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
if (empty($course_list)) {
return false;
}
// protect data
$user_id = intval($user_id);
$course_code = Database::escape_string($course_code);
$session_id = intval($session_id);
$new_course_list = array();;
$new_course_list = array();
foreach ($course_list as $course_item) {
$new_course_list[] = '"'.Database::escape_string($course_item['code']).'"';
}
@ -180,7 +179,7 @@ class MySpace
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
// getting all the courses of the user
$sql = "SELECT * FROM $tbl_course_user WHERE user_id = '".Database::escape_string($user_id)."' AND relation_type<>".COURSE_RELATION_TYPE_RRHH." ";
$sql = "SELECT * FROM $tbl_course_user WHERE user_id = '".intval($user_id)."' AND relation_type<>".COURSE_RELATION_TYPE_RRHH." ";
$result = Database::query($sql);
while ($row = Database::fetch_row($result)) {
$return .= '<tr>';
@ -1630,9 +1629,9 @@ class MySpace
function exercises_results($user_id, $course_code, $session_id = false) {
$questions_answered = 0;
$sql = 'SELECT exe_result , exe_weighting
FROM '.Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES)."
FROM '.Database :: get_main_table(TABLE_STATISTIC_TRACK_E_EXERCICES)."
WHERE exe_cours_id = '".Database::escape_string($course_code)."'
AND exe_user_id = '".Database::escape_string($user_id)."'";
AND exe_user_id = '".intval($user_id)."'";
if($session_id !== false) {
$sql .= " AND session_id = '".$session_id."' ";
}
@ -1733,7 +1732,7 @@ class MySpace
// the other lines (the data)
foreach ($user_data as $key => $user) {
// getting all the courses of the user
$sql = "SELECT * FROM $tbl_course_user WHERE user_id = '".Database::escape_string($user[4])."' AND relation_type<>".COURSE_RELATION_TYPE_RRHH." ";
$sql = "SELECT * FROM $tbl_course_user WHERE user_id = '".intval($user[4])."' AND relation_type<>".COURSE_RELATION_TYPE_RRHH." ";
$result = Database::query($sql);
while ($row = Database::fetch_row($result)) {
$csv_row = array();

2
main/newscorm/audiorecorder.inc.php
Unescape View File

@ -43,7 +43,7 @@ if ($audio_recorder_studentview == 'false') {
$cp = api_get_course_path();
$docs = Database::get_course_table(TABLE_DOCUMENT);
$select = "SELECT * FROM $docs " .
" WHERE c_id = $course_id AND path like BINARY '/audio/lpi".Database::escape_string($audio_recorder_item_id)."-%' AND filetype='file' " .
" WHERE c_id = $course_id AND path like BINARY '/audio/lpi".intval($audio_recorder_item_id)."-%' AND filetype='file' " .
" ORDER BY path DESC";
$res = Database::query($select);
if (Database::num_rows($res) > 0) {

16
main/newscorm/learnpath.class.php
Unescape View File

@ -512,7 +512,7 @@ class learnpath
$display_order = 0;
}
$id = Database::escape_string($id);
$id = intval($id);
$typeCleaned = Database::escape_string($type);
if ($type == 'quiz') {
$sql = 'SELECT SUM(ponderation)
@ -660,7 +660,7 @@ class learnpath
// Store the mp3 file in the lp_item table.
$sql = "UPDATE $tbl_lp_item SET
audio = '" . Database::escape_string($file) . "'
WHERE id = '" . Database::escape_string($new_item_id) . "'";
WHERE id = '" . intval($new_item_id) . "'";
Database::query($sql);
}
}
@ -1455,7 +1455,7 @@ class learnpath
return false;
}
$prerequisite_id = Database::escape_string($prerequisite_id);
$prerequisite_id = intval($prerequisite_id);
$tbl_lp_item = Database :: get_course_table(TABLE_LP_ITEM);
if (!is_numeric($mastery_score) || $mastery_score < 0) {
@ -6075,7 +6075,7 @@ class learnpath
case TOOL_DOCUMENT:
$tbl_doc = Database :: get_course_table(TABLE_DOCUMENT);
$sql_doc = "SELECT path FROM " . $tbl_doc . "
WHERE c_id = ".$course_id." AND id = " . Database::escape_string($row['path']);
WHERE c_id = ".$course_id." AND id = " . intval($row['path']);
$result = Database::query($sql_doc);
$path_file = Database::result($result, 0, 0);
$path_parts = pathinfo($path_file);
@ -7292,7 +7292,7 @@ class learnpath
if ($action == "add") {
if (is_numeric($extra_info)) {
$sql_doc = "SELECT path FROM " . $tbl_doc . "
WHERE c_id = ".$course_id." AND id = " . Database::escape_string($extra_info);
WHERE c_id = ".$course_id." AND id = " . intval($extra_info);
$result = Database::query($sql_doc);
$path_file = Database :: result($result, 0, 0);
$path_parts = pathinfo($path_file);
@ -7313,7 +7313,7 @@ class learnpath
$sql_doc = "SELECT path, title FROM " . $tbl_doc . "
WHERE
c_id = ".$course_id." AND
id = " . Database::escape_string($extra_info);
id = " . intval($extra_info);
$result = Database::query($sql_doc);
$row = Database::fetch_array($result);
@ -7596,7 +7596,7 @@ class learnpath
$item_description = stripslashes($extra_info['description']);
$item_url = stripslashes($extra_info['url']);
} elseif (is_numeric($extra_info)) {
$extra_info = Database::escape_string($extra_info);
$extra_info = intval($extra_info);
$sql_link = "SELECT title, description, url FROM " . $tbl_link . "
WHERE c_id = ".$course_id." AND id = " . $extra_info;
$result = Database::query($sql_link);
@ -7789,7 +7789,7 @@ class learnpath
$item_title = stripslashes($extra_info['title']);
$item_description = stripslashes($extra_info['description']);
} elseif (is_numeric($extra_info)) {
$extra_info = Database::escape_string($extra_info);
$extra_info = intval($extra_info);
$sql_publication = "SELECT title, description FROM " . $tbl_publication . "
WHERE c_id = ".$course_id." AND id = " . $extra_info;

4
main/newscorm/scorm.class.php
Unescape View File

@ -378,12 +378,12 @@ class scorm extends learnpath
$title = Database::escape_string($item['title']);
$title = api_utf8_decode($title);
$max_score = Database::escape_string($item['max_score']);
$max_score = intval($item['max_score']);
if ($max_score == 0 || is_null($max_score) || $max_score == '') {
// If max score is not set The use_max_score parameter is check in order to use 100 (chamilo style) or '' (strict scorm)
if ($use_max_score) {
$max_score = "'100'";
$max_score = 100;
} else {
$max_score = "NULL";
}

1
main/notebook/notebook_repository.class.php
Unescape View File

@ -158,7 +158,6 @@ class NotebookRepository
public function find_one_by_course_and_title($c_id, $title)
{
$c_id = is_object($c_id) ? $c_id->get_id() : (int) $c_id;
$name = Database::escape_string($name);
return $this->find_one("n.c_id = $c_id AND n.title = '$title'");
}

8
main/permissions/roles.php
Unescape View File

@ -45,22 +45,22 @@ if (isset($_GET['action']) AND isset($_GET['permission']) AND isset($_GET['tool'
if (isset($_GET['action']) AND isset($_GET['role_id']) AND $_GET['action']=='delete') {
//deleting the assignments fo this role: users
$table=Database::get_course_table(TABLE_ROLE_USER);
$sql="DELETE FROM $table WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$sql="DELETE FROM $table WHERE role_id='".intval($_GET['role_id'])."'";
$result=Database::query($sql);
// deleting the assignments of this role: groups
$table=Database::get_course_table(TABLE_ROLE_GROUP);
$sql="DELETE FROM $table WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$sql="DELETE FROM $table WHERE role_id='".intval($_GET['role_id'])."'";
$result=Database::query($sql);
// deleting the permissions of this role
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
$sql="DELETE FROM $table WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$sql="DELETE FROM $table WHERE role_id='".intval($_GET['role_id'])."'";
$result=Database::query($sql);
// deleting the role
$table_role=Database::get_course_table(TABLE_ROLE);
$sql="DELETE FROM $table_role WHERE role_id='".Database::escape_string($_GET['role_id'])."'";
$sql="DELETE FROM $table_role WHERE role_id='".intval($_GET['role_id'])."'";
$result=Database::query($sql);
$result_message=get_lang('RoleDeleted');
}

2
main/reservation/subscribe.php
Unescape View File

@ -20,7 +20,7 @@ $tool_name = get_lang('BookIt');
Display :: display_header($tool_name);
api_display_tool_title($tool_name);
$reservationid = Database::escape_string($_GET['rid']);
$reservationid = intval($_GET['rid']);
$reservation = Rsys :: get_reservation($reservationid);
$item = Rsys :: get_item($reservation[0][2]);
if ($reservation[0][9] < $reservation[0][4]) {

2
main/social/group_invitation.php
Unescape View File

@ -83,7 +83,7 @@ function search_users($needle, $type)
) ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
$cond_user_id = '';
if (!empty($id_session)) {
$group_id = Database::escape_string($group_id);
$group_id = intval($group_id);
// check id_user from session_rel_user table
$sql = 'SELECT id_user FROM ' . $tbl_group_rel_user . ' WHERE group_id ="' . (int)$group_id . '"';
$res = Database::query($sql);

18
main/survey/fillsurvey.php
Unescape View File

@ -190,7 +190,7 @@ if (count($_POST) > 0) {
$sql = "SELECT * FROM $table_survey_question
WHERE
c_id = $course_id AND
survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'";
survey_id = '".intval($survey_invitation['survey_id'])."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -241,7 +241,7 @@ if (count($_POST) > 0) {
$sql = "SELECT * FROM $table_survey_question_option
WHERE
c_id = $course_id AND
question_option_id='".Database::escape_string($value)."'";
question_option_id='".intval($value)."'";
$result = Database::query($sql);
$row = Database::fetch_array($result, 'ASSOC');
$option_value = $row['option_text'];
@ -269,7 +269,7 @@ if (count($_POST) > 0) {
$sql = "SELECT * FROM $table_survey_question
WHERE
c_id = $course_id AND
survey_id = '".Database::escape_string($survey_invitation['survey_id'])."' AND
survey_id = '".intval($survey_invitation['survey_id'])."' AND
survey_group_pri = '0' $shuffle";
$result = Database::query($sql);
// There is only one question type for conditional surveys
@ -285,7 +285,7 @@ if (count($_POST) > 0) {
$survey_question_id = str_replace('question', '', $key);
// We select the correct answer and the puntuacion
$sql = "SELECT value FROM $table_survey_question_option
WHERE c_id = $course_id AND question_option_id='".Database::escape_string($value)."'";
WHERE c_id = $course_id AND question_option_id='".intval($value)."'";
$result = Database::query($sql);
$row = Database::fetch_array($result, 'ASSOC');
$option_value = $row['value'];
@ -546,7 +546,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
if ($survey_data['survey_type'] === '0') {
if (empty($_SESSION['paged_questions'])) {
$sql = "SELECT * FROM $table_survey_question
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
WHERE c_id = $course_id AND survey_id = '".intval($survey_invitation['survey_id'])."'
ORDER BY sort ASC";
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -619,7 +619,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE
survey_question.survey_id = '".Database::escape_string($survey_invitation['survey_id'])."' AND
survey_question.survey_id = '".intval($survey_invitation['survey_id'])."' AND
survey_question.question_id IN (".implode(',', $paged_questions[$_GET['show']]).") AND
survey_question.c_id = $course_id
ORDER BY survey_question.sort, survey_question_option.sort ASC";
@ -650,7 +650,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
}
}
} elseif ($survey_data['survey_type'] === '1') {
$my_survey_id = Database::escape_string($survey_invitation['survey_id']);
$my_survey_id = intval($survey_invitation['survey_id']);
$current_user = Database::escape_string($survey_invitation['user']);
if (isset($_POST['personality'])) {
@ -978,7 +978,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
$sql = "SELECT * FROM $table_survey_question
WHERE
c_id = $course_id AND
survey_id = '".Database::escape_string($survey_invitation['survey_id'])."' AND
survey_id = '".intval($survey_invitation['survey_id'])."' AND
survey_group_sec1='0' AND
survey_group_sec2='0'
ORDER ".$order_sql." ";
@ -1086,7 +1086,7 @@ $sql = "SELECT * FROM $table_survey_question
WHERE
c_id = $course_id AND
type='".Database::escape_string('pagebreak')."' AND
survey_id='".Database::escape_string($survey_invitation['survey_id'])."'";
survey_id='".intval($survey_invitation['survey_id'])."'";
$result = Database::query($sql);
$numberofpages = Database::num_rows($result) + 1;

11
main/survey/preview.php
Unescape View File

@ -9,6 +9,7 @@
* @version $Id: survey_list.php 10680 2007-01-11 21:26:23Z pcool $
*
* @todo use quickforms for the forms
* @todo security filter options better (Database::escape_string)
*/
// Language file that needs to be included
@ -30,7 +31,7 @@ $table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVI
$course_id = api_get_course_int_id();
$userId = api_get_user_id();
$surveyId = Database::escape_string($_GET['survey_id']);
$surveyId = intval($_GET['survey_id']);
$userInvited = 0;
$userAnonymous = 0;
@ -128,7 +129,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView'] ==
$paged_questions = array();
$counter = 0;
$sql = "SELECT * FROM $table_survey_question
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($survey_id)."'
WHERE c_id = $course_id AND survey_id = '".intval($survey_id)."'
ORDER BY sort ASC";
$result = Database::query($sql);
$questions_exists = true;
@ -160,8 +161,8 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView'] ==
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE
survey_question.survey_id = '".Database::escape_string($survey_id)."' AND
survey_question.question_id IN (".Database::escape_string(implode(',',$paged_questions[$_GET['show']])).") AND
survey_question.survey_id = '".intval($survey_id)."' AND
survey_question.question_id IN (".Database::escape_string(implode(',',$paged_questions[$_GET['show']]), null, false).") AND
survey_question.c_id = $course_id
ORDER BY survey_question.sort, survey_question_option.sort ASC";
@ -193,7 +194,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView'] ==
WHERE
c_id = $course_id AND
type='".Database::escape_string('pagebreak')."' AND
survey_id='".Database::escape_string($survey_id)."'";
survey_id='".intval($survey_id)."'";
$result = Database::query($sql);
$numberofpages = Database::num_rows($result) + 1;
// Displaying the form with the questions

68
main/survey/survey.lib.php
Unescape View File

@ -142,11 +142,11 @@ class survey_manager
if ($shared != 0) {
$table_survey = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION);
$sql = "SELECT * FROM $table_survey
WHERE survey_id='".Database::escape_string($survey_id)."' ";
WHERE survey_id='".intval($survey_id)."' ";
} else {
$sql = "SELECT * FROM $table_survey
WHERE
survey_id='".Database::escape_string($survey_id)."' AND
survey_id='".intval($survey_id)."' AND
c_id = ".$my_course_info['real_id'];
}
@ -274,7 +274,7 @@ class survey_manager
FROM '.$table_survey.'
WHERE
c_id = '.$course_id.' AND
parent_id = '.Database::escape_string($values['parent_id']).'
parent_id = '.intval($values['parent_id']).'
ORDER BY survey_version DESC
LIMIT 1';
$rs = Database::query($sql);
@ -282,7 +282,7 @@ class survey_manager
$sql = 'SELECT survey_version FROM '.$table_survey.'
WHERE
c_id = '.$course_id.' AND
survey_id = '.Database::escape_string($values['parent_id']);
survey_id = '.intval($values['parent_id']);
$rs = Database::query($sql);
$getversion = Database::fetch_array($rs, 'ASSOC');
if (empty($getversion['survey_version'])) {
@ -317,7 +317,7 @@ class survey_manager
'".Database::escape_string(strtolower(generate_course_code(api_substr($values['survey_code'],0))))."',
'".Database::escape_string($values['survey_title'])."',
'".Database::escape_string($values['survey_subtitle'])."',
'".Database::escape_string($_user['user_id'])."',
'".intval($_user['user_id'])."',
'".Database::escape_string($values['survey_language'])."',
'".Database::escape_string($values['start_date'])."',
'".Database::escape_string($values['end_date'])."',
@ -409,7 +409,7 @@ class survey_manager
intro = '".Database::escape_string($values['survey_introduction'])."',
surveythanks = '".Database::escape_string($values['survey_thanks'])."',
anonymous = '".Database::escape_string($values['anonymous'])."'".$additionalsets."
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($values['survey_id'])."'";
WHERE c_id = $course_id AND survey_id = '".intval($values['survey_id'])."'";
Database::query($sql);
// Update into item_property (update)
@ -447,7 +447,7 @@ class survey_manager
'".Database::escape_string($values['survey_code'])."',
'".Database::escape_string($values['survey_title'])."',
'".Database::escape_string($values['survey_subtitle'])."',
'".Database::escape_string($_user['user_id'])."',
'".intval($_user['user_id'])."',
'".Database::escape_string($values['survey_language'])."',
'".Database::escape_string('template')."',
'".Database::escape_string($values['survey_introduction'])."',
@ -461,7 +461,7 @@ class survey_manager
code = '".Database::escape_string($values['survey_code'])."',
title = '".Database::escape_string($values['survey_title'])."',
subtitle = '".Database::escape_string($values['survey_subtitle'])."',
author = '".Database::escape_string($_user['user_id'])."',
author = '".intval($_user['user_id'])."',
lang = '".Database::escape_string($values['survey_language'])."',
template = '".Database::escape_string('template')."',
intro = '".Database::escape_string($values['survey_introduction'])."',
@ -538,7 +538,7 @@ class survey_manager
$table_survey_question_group = Database::get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_options = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$survey_id = Database::escape_string($survey_id);
$survey_id = intval($survey_id);
// Get groups
$survey_data = self::get_survey($survey_id, 0, null, true);
@ -688,7 +688,7 @@ class survey_manager
SET answered = $number
WHERE
c_id = $course_id AND
survey_id = ".Database::escape_string($survey_id);
survey_id = ".intval($survey_id);
Database::query($sql);
// Storing that the user has finished the survey.
@ -777,11 +777,11 @@ class survey_manager
$course_id = api_get_course_int_id();
$sql = "SELECT * FROM $tbl_survey_question
WHERE c_id = $course_id AND question_id='".Database::escape_string($question_id)."'
WHERE c_id = $course_id AND question_id='".intval($question_id)."'
ORDER BY `sort` ";
$sqlOption = " SELECT * FROM $table_survey_question_option
WHERE c_id = $course_id AND question_id='".Database::escape_string($question_id)."'
WHERE c_id = $course_id AND question_id='".intval($question_id)."'
ORDER BY `sort` ";
if ($shared) {
@ -789,10 +789,10 @@ class survey_manager
$table_survey_question_option = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION);
$sql = "SELECT * FROM $tbl_survey_question
WHERE question_id='".Database::escape_string($question_id)."'
WHERE question_id='".intval($question_id)."'
ORDER BY `sort` ";
$sqlOption = "SELECT * FROM $table_survey_question_option
WHERE question_id='".Database::escape_string($question_id)."'
WHERE question_id='".intval($question_id)."'
ORDER BY `sort` ";
}
@ -856,7 +856,7 @@ class survey_manager
// Getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question
WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
WHERE c_id = $course_id AND survey_id='".intval($survey_id)."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
$return[$row['question_id']]['survey_id'] = $row['survey_id'];
@ -870,7 +870,7 @@ class survey_manager
// Getting the information of the question options
$sql = "SELECT * FROM $table_survey_question_option
WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
WHERE c_id = $course_id AND survey_id='".intval($survey_id)."'";
$result = Database::query($sql);
$return = array();
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -943,7 +943,7 @@ class survey_manager
// Finding the max sort order of the questions in the given survey
$sql = "SELECT max(sort) AS max_sort
FROM $tbl_survey_question
WHERE c_id = $course_id AND survey_id='".Database::escape_string($form_content['survey_id'])."'";
WHERE c_id = $course_id AND survey_id='".intval($form_content['survey_id'])."'";
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
$max_sort = $row['max_sort'];
@ -1002,7 +1002,7 @@ class survey_manager
display = '".Database::escape_string($form_content['horizontalvertical'])."',
max_value = '".Database::escape_string($form_content['maximum_score'])."'" .
$additionalsets."
WHERE c_id = $course_id AND question_id = '".Database::escape_string($form_content['question_id'])."'";
WHERE c_id = $course_id AND question_id = '".intval($form_content['question_id'])."'";
Database::query($sql);
$return_message = 'QuestionUpdated';
}
@ -1051,7 +1051,7 @@ class survey_manager
if ($form_content['shared_question_id'] == '' || !is_numeric($form_content['shared_question_id'])) {
// Finding the max sort order of the questions in the given survey
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question
WHERE survey_id='".Database::escape_string($survey_data['survey_share'])."'
WHERE survey_id='".intval($survey_data['survey_share'])."'
AND code='".Database::escape_string($_course['id'])."'";
$result = Database::query($sql);
$row = Database::fetch_array($result,'ASSOC');
@ -1076,7 +1076,7 @@ class survey_manager
survey_question_comment = '".Database::escape_string($form_content['question_comment'])."',
display = '".Database::escape_string($form_content['horizontalvertical'])."'
WHERE
question_id = '".Database::escape_string($form_content['shared_question_id'])."' AND
question_id = '".intval($form_content['shared_question_id'])."' AND
code = '".Database::escape_string($_course['id'])."'";
Database::query($sql);
$shared_question_id = $form_content['shared_question_id'];
@ -1128,10 +1128,10 @@ class survey_manager
}
$sql1 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_two)."'
WHERE c_id = $course_id AND question_id='".Database::escape_string($question_id_one)."'";
WHERE c_id = $course_id AND question_id='".intval($question_id_one)."'";
Database::query($sql1);
$sql2 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_one)."'
WHERE c_id = $course_id AND question_id='".Database::escape_string($question_id_two)."'";
WHERE c_id = $course_id AND question_id='".intval($question_id_two)."'";
Database::query($sql2);
}
@ -1158,7 +1158,7 @@ class survey_manager
}
$sql = "DELETE FROM $table_survey_question
WHERE $course_condition survey_id='".Database::escape_string($survey_id)."'";
WHERE $course_condition survey_id='".intval($survey_id)."'";
// Deleting the survey questions
@ -1196,8 +1196,8 @@ class survey_manager
$sql = "DELETE FROM $table_survey_question
WHERE
c_id = $course_id AND
survey_id='".Database::escape_string($survey_id)."' AND
question_id='".Database::escape_string($question_id)."'";
survey_id='".intval($survey_id)."' AND
question_id='".intval($question_id)."'";
Database::query($sql);
// Deleting the options of the question of the survey
@ -1226,12 +1226,12 @@ class survey_manager
// Deleting the survey questions
$sql = "DELETE FROM $table_survey_question
WHERE question_id='".Database::escape_string($question_data['shared_question_id'])."'";
WHERE question_id='".intval($question_data['shared_question_id'])."'";
Database::query($sql);
// Deleting the options of the question of the survey question
$sql = "DELETE FROM $table_survey_question_option
WHERE question_id='".Database::escape_string($question_data['shared_question_id'])."'";
WHERE question_id='".intval($question_data['shared_question_id'])."'";
Database::query($sql);
}
@ -1264,7 +1264,7 @@ class survey_manager
// We are editing a question so we first have to remove all the existing options from the database
if (is_numeric($form_content['question_id'])) {
$sql = "DELETE FROM $table_survey_question_option
WHERE c_id = $course_id AND question_id = '".Database::escape_string($form_content['question_id'])."'";
WHERE c_id = $course_id AND question_id = '".intval($form_content['question_id'])."'";
Database::query($sql);
}
@ -1274,8 +1274,8 @@ class survey_manager
for ($i = 0; $i < count($form_content['answers']); $i++) {
$sql = "INSERT INTO $table_survey_question_option (c_id, question_id, survey_id, option_text, value,sort) VALUES (
$course_id,
'".Database::escape_string($form_content['question_id'])."',
'".Database::escape_string($form_content['survey_id'])."',
'".intval($form_content['question_id'])."',
'".intval($form_content['survey_id'])."',
'".Database::escape_string($form_content['answers'][$i])."',
'".Database::escape_string($form_content['values'][$i])."',
'".Database::escape_string($counter)."')";
@ -2890,7 +2890,7 @@ class SurveyUtil
if (!isset($_GET['question'])) {
$offset = 0;
} else {
$offset = Database::escape_string($_GET['question']);
$offset = intval($_GET['question']);
}
$currentQuestion = isset($_GET['question']) ? $_GET['question'] : 0;
@ -4927,7 +4927,7 @@ class SurveyUtil
FROM '.$table_survey_answer.'
WHERE
c_id = '.$course_id.' AND
question_id='.Database::escape_string($all_question_id[$i]['question_id']).' AND
question_id='.intval($all_question_id[$i]['question_id']).' AND
user = '.$user_id;
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -4948,7 +4948,7 @@ class SurveyUtil
echo '</tr>';
$sql = "SELECT * FROM $table_survey survey, $table_survey_invitation survey_invitation
WHERE
survey_invitation.user = '".Database::escape_string($user_id)."' AND
survey_invitation.user = $user_id AND
survey.code = survey_invitation.survey_code AND
survey.avail_from <= '".date('Y-m-d H:i:s')."' AND
survey.avail_till >= '".date('Y-m-d H:i:s')."' AND
@ -5159,7 +5159,7 @@ class SurveyUtil
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$survey_code = Database::escape_string($survey_code);
$user_id = Database::escape_string($user_id);
$user_id = intval($user_id);
$user_answer = Database::escape_string($user_answer);
$course_id = api_get_course_int_id();

10
main/survey/survey.php
Unescape View File

@ -96,7 +96,7 @@ if ($is_survey_type_1 && ($action == 'addgroup' || $action == 'deletegroup')) {
}
if ($action == 'deletegroup') {
Database::query('DELETE FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND id = '.Database::escape_string($_GET['gid']).' and survey_id = '.Database::escape_string($survey_id));
Database::query('DELETE FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND id = '.intval($_GET['gid']).' and survey_id = '.intval($survey_id));
$sendmsg = 'GroupDeletedSuccessfully';
}
header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey_id.'&sendmsg='.$sendmsg);
@ -187,7 +187,7 @@ echo ' </tr>';
// Displaying the table contents with all the questions
$question_counter = 1;
$sql = "SELECT * FROM $table_survey_question_group
WHERE c_id = '.$course_id.' AND survey_id = '".Database::escape_string($survey_id)."' ORDER BY id";
WHERE c_id = '.$course_id.' AND survey_id = ".intval($survey_id)." ORDER BY id";
$result = Database::query($sql);
$groups = array();
while ($row = Database::fetch_array($result)) {
@ -198,7 +198,7 @@ $sql = "SELECT survey_question.*, count(survey_question_option.question_option_i
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE
survey_question.survey_id = '".Database::escape_string($survey_id)."' AND
survey_question.survey_id = ".intval($survey_id)." AND
survey_question.c_id = $course_id
GROUP BY survey_question.question_id
ORDER BY survey_question.sort ASC";
@ -264,7 +264,7 @@ if ($is_survey_type_1) {
echo '<table border="0"><tr><td width="100">'.get_lang('Name').'</td><td>'.get_lang('Description').'</td></tr></table>';
echo '<form action="'.api_get_path(WEB_CODE_PATH).'survey/survey.php?action=addgroup&survey_id='.$survey_id.'" method="post">';
if ($_GET['action'] == 'editgroup') {
$sql = 'SELECT name,description FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' AND survey_id = '.Database::escape_string($survey_id).' limit 1';
$sql = 'SELECT name,description FROM '.$table_survey_question_group.' WHERE id = '.intval($_GET['gid']).' AND survey_id = '.intval($survey_id).' limit 1';
$rs = Database::query($sql);
$editedrow = Database::fetch_array($rs,'ASSOC');
echo '<input type="text" maxlength="20" name="name" value="'.$editedrow['name'].'" size="10" disabled>';
@ -285,7 +285,7 @@ if ($is_survey_type_1) {
echo ' <th width="100">'.get_lang('Modify').'</th>';
echo ' </tr>';
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND survey_id = '.Database::escape_string($survey_id).' ORDER BY name';
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND survey_id = '.intval($survey_id).' ORDER BY name';
$rs = Database::query($sql);
while($row = Database::fetch_array($rs,ASSOC)){

10
main/tracking/userLog.php
Unescape View File

@ -135,7 +135,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse )) {
// if user can only track one group : list users of this group
$sql = "SELECT count(user)
FROM $TABLECOURSE_GROUPSUSER
WHERE group_id = '".Database::escape_string($_gid)."'";
WHERE group_id = '".intval($_gid)."'";
}
$userGroupNb = getOneResult($sql);
$step = 25; // number of student per page
@ -183,7 +183,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse )) {
$sql = "SELECT u.user_id, u.firstname,u.lastname
FROM $TABLECOURSE_GROUPSUSER gu , $TABLEUSER u
WHERE gu.user_id = u.user_id
AND gu.group_id = '".Database::escape_string($_gid)."'
AND gu.group_id = '".intval($_gid)."'
LIMIT $offset,$step";
}
$list_users = getManyResults3Col($sql);
@ -219,8 +219,8 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse )) {
$sql = "SELECT u.firstname,u.lastname, u.email
FROM $TABLECOURSE_GROUPSUSER gu , $TABLEUSER u
WHERE gu.user_id = u.user_id
AND gu.group_id = '".Database::escape_string($_gid)."'
AND u.user_id = '".Database::escape_string($uInfo)."'";
AND gu.group_id = '".intval($_gid)."'
AND u.user_id = '".intval($uInfo)."'";
$query = Database::query($sql);
$tracked_user_info = @Database::fetch_assoc($query);
if(is_array($tracked_user_info)) $tracking_is_accepted = true;
@ -304,7 +304,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse )) {
"FROM $tbl_learnpath_item i " .
"INNER JOIN $tbl_learnpath_item_view iv ON i.id=iv.lp_item_id " .
"INNER JOIN $tbl_learnpath_view v ON iv.lp_view_id=v.id " .
"WHERE (v.user_id=".Database::escape_string($uInfo)." and v.lp_id=$contentId)
"WHERE (v.user_id=".intval($uInfo)." and v.lp_id=$contentId)
ORDER BY v.id, i.id";
$result3=Database::query($sql3);
$ar3=Database::fetch_array($result3);

2
main/user/resume_session.php
Unescape View File

@ -84,7 +84,7 @@ if($_configuration['allow_tutors_to_assign_students_to_session'] == 'true') {
}
if (!empty($_GET['class'])){
Database::query("DELETE FROM $tbl_session_rel_class WHERE session_id='$id_session' AND class_id=".Database::escape_string($_GET['class']));
Database::query("DELETE FROM $tbl_session_rel_class WHERE session_id='$id_session' AND class_id=".intval($_GET['class']));
$nbr_affected_rows=Database::affected_rows();
Database::query("UPDATE $tbl_session SET nbr_classes=nbr_classes-$nbr_affected_rows WHERE id='$id_session'");
}

14
main/user/subscribe_user.php
Unescape View File

@ -306,7 +306,7 @@ function get_number_of_users()
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL AND u.status<>".DRH."
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".intval($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
@ -421,7 +421,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL)
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".intval($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
@ -442,7 +442,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL AND u.status<>".DRH."
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".intval($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
@ -463,7 +463,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL AND u.status<>".DRH."
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".intval($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
@ -489,7 +489,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.id_user IS NULL AND u.status<>".DRH." AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL)
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".intval($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.id_user IS NULL AND u.status<>".DRH." AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
@ -511,7 +511,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL AND u.status<>".DRH."
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".intval($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
@ -537,7 +537,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL AND u.status<>".DRH."
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".intval($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."' AND access_url_id= $url_access_id ";
} else {
$sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";

2
main/user/user.php
Unescape View File

@ -390,7 +390,7 @@ if (api_is_allowed_to_edit(null, true)) {
if (isset($_GET['user_id']) && is_numeric($_GET['user_id']) &&
($_GET['user_id'] != $_user['user_id'] || api_is_platform_admin())
) {
$user_id = Database::escape_string($_GET['user_id']);
$user_id = intval($_GET['user_id']);
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);

8
main/webservices/cm_webservice_user.php
Unescape View File

@ -139,6 +139,7 @@ class WSCMUser extends WSCM {
* @return array An array with all users of the platform.
* @todo optional course code parameter, optional sorting parameters...
*@todo Use the UserManager class
* @todo security filter order by
*/
private static function get_user_list_like_start($conditions = array(), $order_by = array()) {
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
@ -152,8 +153,13 @@ class WSCMUser extends WSCM {
$sql_query .= $field.' LIKE \''.$value.'%\'';
}
}
$order = '';
foreach ($order_by as $orderByItem) {
$order .= Database::escape_string($orderByItem, null, false).', ';
}
$order = substr($order, 0, -2);
if (count($order_by) > 0) {
$sql_query .= ' ORDER BY '.Database::escape_string(implode(',', $order_by));
$sql_query .= ' ORDER BY '.$order;
}
$sql_result = Database::query($sql_query);

2
main/wiki/wiki.inc.php
Unescape View File

@ -505,7 +505,7 @@ class Wiki
if ($_clean['assignment']==2) {//config by default for individual assignment (students)
//Identifies the user as a creator, not the teacher who created
$_clean['user_id']=(int)Database::escape_string($assig_user_id);
$_clean['user_id']=intval($assig_user_id);
$_clean['visibility']=0;
$_clean['visibility_disc']=0;
$_clean['ratinglock_disc']=0;

2
main/work/work.php
Unescape View File

@ -45,7 +45,7 @@ $session_id = api_get_session_id();
$group_id = api_get_group_id();
$item_id = isset($_REQUEST['item_id']) ? intval($_REQUEST['item_id']) : null;
$parent_id = isset($_REQUEST['parent_id']) ? Database::escape_string($_REQUEST['parent_id']) : '';
$parent_id = isset($_REQUEST['parent_id']) ? intval($_REQUEST['parent_id']) : '';
$origin = isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';
$submitGroupWorkUrl = isset($_REQUEST['submitGroupWorkUrl']) ? Security::remove_XSS($_REQUEST['submitGroupWorkUrl']) : '';
$title = isset($_REQUEST['title']) ? $_REQUEST['title'] : '';

2
plugin/buycourses/src/inscription.php
Unescape View File

@ -284,7 +284,7 @@ if ($form->validate()) {
}
if ($store_extended) {
$sql .= implode(',', $sql_set);
$sql .= " WHERE user_id = '" . Database::escape_string($user_id) . "'";
$sql .= " WHERE user_id = '" . intval($user_id) . "'";
Database::query($sql);
}

2
plugin/ticket/src/report.php
Unescape View File

@ -278,7 +278,7 @@ if (isset($_POST['report'])) {
u.username , CONCAT(u.lastname, ' ', u.firstname) AS fullname,
DATE_SUB(access.access_date,INTERVAL 5 HOUR) AS access_date,
c.title AS course, access_tool AS tool
FROM " . Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ACCESS) . " access
FROM " . Database::get_main_table(TABLE_STATISTIC_TRACK_E_ACCESS) . " access
LEFT JOIN " . Database::get_main_table(TABLE_MAIN_USER) . " u ON access.access_user_id = u.user_id
LEFT JOIN " . Database::get_main_table(TABLE_MAIN_COURSE) . " c ON access.access_cours_code = c.CODE
WHERE access.access_cours_code = '" . $course_info['code'] . "' AND u.user_id = '$user_id' ";

2
tests/main/admin/calendar.lib.test.php
Unescape View File

@ -144,7 +144,7 @@ class TestCalendar extends UnitTestCase {
}
public function testSaveEditAgendaItem(){
$id=Database::escape_string($id);
$id=intval($id);
$title=Database::escape_string($title);
$content=Database::escape_string($content);
$start_date=Database::escape_string($start_date);

Write Preview
Loading…
Cancel
Save