chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

merge

Browse Source
skala
Juan Carlos Raña 17 years ago
parent 04399b15cb 16243b9781
commit 29641074e7
6 changed files with 230 additions and 140 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. BIN
      main/img/wiki/assignment.gif
  2. BIN
      main/img/wiki/works.gif
  3. 0
      main/inc/lib/usermanager.lib.php
  4. 245
      main/wiki/index.php
  5. 119
      main/wiki/wiki.inc.php
  6. 0
      tests/all.test2.php

BIN
main/img/wiki/assignment.gif
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.0 KiB

After

Width:  |  Height:  |  Size: 13 KiB

BIN
main/img/wiki/works.gif
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.0 KiB

After

Width:  |  Height:  |  Size: 14 KiB

0
main/inc/lib/usermanager.lib.php
Unescape View File

245
main/wiki/index.php
Unescape View File

@ -51,14 +51,14 @@ $this_section=SECTION_COURSES;
// including additional library scripts // including additional library scripts
require_once (api_get_path(LIBRARY_PATH).'course.lib.php'); require_once api_get_path(LIBRARY_PATH).'course.lib.php';
require_once (api_get_path(LIBRARY_PATH).'groupmanager.lib.php'); require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
require_once (api_get_path(LIBRARY_PATH).'text.lib.php'); require_once api_get_path(LIBRARY_PATH).'text.lib.php';
require_once (api_get_path(LIBRARY_PATH).'security.lib.php'); require_once api_get_path(LIBRARY_PATH).'security.lib.php';
require_once (api_get_path(INCLUDE_PATH).'lib/mail.lib.inc.php'); require_once api_get_path(INCLUDE_PATH).'lib/mail.lib.inc.php';
require_once (api_get_path(INCLUDE_PATH).'conf/mail.conf.php'); require_once api_get_path(INCLUDE_PATH).'conf/mail.conf.php';
require_once (api_get_path(LIBRARY_PATH).'sortabletable.class.php'); require_once api_get_path(LIBRARY_PATH).'sortabletable.class.php';
require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'); require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
require_once 'wiki.inc.php'; require_once 'wiki.inc.php';
// additional style information // additional style information
@ -191,7 +191,7 @@ Display::display_introduction_section(TOOL_WIKI);
//release of blocked pages to prevent concurrent editions //release of blocked pages to prevent concurrent editions
$sql='SELECT * FROM '.$tbl_wiki.'WHERE is_editing!="0"'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE is_editing!="0"';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
while ($is_editing_block=Database::fetch_array($result)) while ($is_editing_block=Database::fetch_array($result))
{ {
$max_edit_time=1200; // 20 minutes $max_edit_time=1200; // 20 minutes
@ -211,7 +211,7 @@ while ($is_editing_block=Database::fetch_array($result))
if ($time_editing>$max_edit_time || ($is_editing_block['is_editing']==$_user['user_id'] && $_GET['action']!='edit')) if ($time_editing>$max_edit_time || ($is_editing_block['is_editing']==$_user['user_id'] && $_GET['action']!='edit'))
{ {
$sql='UPDATE '.$tbl_wiki.' SET is_editing="0", time_edit="0000-00-00 00:00:00" WHERE is_editing="'.$is_editing_block['is_editing'].'"'; $sql='UPDATE '.$tbl_wiki.' SET is_editing="0", time_edit="0000-00-00 00:00:00" WHERE is_editing="'.$is_editing_block['is_editing'].'"';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
} }
@ -276,11 +276,11 @@ if (isset($_POST['SaveWikiNew']))
if ($_GET['view']) if ($_GET['view'])
{ {
$sql='SELECT * FROM '.$tbl_wiki.'WHERE id="'.Database::escape_string($_GET['view']).'"'; //current view $sql='SELECT * FROM '.$tbl_wiki.'WHERE id="'.Database::escape_string($_GET['view']).'"'; //current view
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$current_row=Database::fetch_array($result); $current_row=Database::fetch_array($result);
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC'; //last version $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC'; //last version
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$last_row=Database::fetch_array($result); $last_row=Database::fetch_array($result);
if ($_GET['view']<$last_row['id']) if ($_GET['view']<$last_row['id'])
@ -534,43 +534,43 @@ if ($_GET['action']=='more')
//Submenu Most linked pages //Submenu Most linked pages
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mostlinked&group_id='.$_clean['group_id'].'">'.get_lang('MostLinkedPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mostlinked&group_id='.$_clean['group_id'].'">'.get_lang('MostLinkedPages').'</a></li>';//TODO:
//Submenu Dead end pages //Submenu Dead end pages
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=deadend&group_id='.$_clean['group_id'].'">'.get_lang('DeadEndPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=deadend&group_id='.$_clean['group_id'].'">'.get_lang('DeadEndPages').'</a></li>';//TODO:
//Submenu Most new pages (not versions) //Submenu Most new pages (not versions)
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mnew&group_id='.$_clean['group_id'].'">'.get_lang('MostNewPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mnew&group_id='.$_clean['group_id'].'">'.get_lang('MostNewPages').'</a></li>';//TODO:
//Submenu Most long pages //Submenu Most long pages
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mnew&group_id='.$_clean['group_id'].'">'.get_lang('MostLongPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mnew&group_id='.$_clean['group_id'].'">'.get_lang('MostLongPages').'</a></li>';//TODO:
//Submenu Protected pages //Submenu Protected pages
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=protected&group_id='.$_clean['group_id'].'">'.get_lang('ProtectedPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=protected&group_id='.$_clean['group_id'].'">'.get_lang('ProtectedPages').'</a></li>';//TODO:
//Submenu Hidden pages //Submenu Hidden pages
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=hidden&group_id='.$_clean['group_id'].'">'.get_lang('HiddenPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=hidden&group_id='.$_clean['group_id'].'">'.get_lang('HiddenPages').'</a></li>';//TODO:
//Submenu Most discuss pages //Submenu Most discuss pages
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mdiscuss&group_id='.$_clean['group_id'].'">'.get_lang('MostDiscussPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mdiscuss&group_id='.$_clean['group_id'].'">'.get_lang('MostDiscussPages').'</a></li>';//TODO:
//Submenu Best scored pages //Submenu Best scored pages
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mscored&group_id='.$_clean['group_id'].'">'.get_lang('BestScoredPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mscored&group_id='.$_clean['group_id'].'">'.get_lang('BestScoredPages').'</a></li>';//TODO:
//Submenu Pages with more progress //Submenu Pages with more progress
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mprogress&group_id='.$_clean['group_id'].'">'.get_lang('MProgressPages').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mprogress&group_id='.$_clean['group_id'].'">'.get_lang('MProgressPages').'</a></li>';//TODO:
//Submenu Most active users in discuss //Submenu Most active users in discuss
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mactiveusers&group_id='.$_clean['group_id'].'">'.get_lang('MostDiscussUsers').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mactiveusers&group_id='.$_clean['group_id'].'">'.get_lang('MostDiscussUsers').'</a></li>';//TODO:
//Submenu Individual assignments //Submenu Individual assignments
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=assignments&group_id='.$_clean['group_id'].'">'.get_lang('Assignments').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=assignments&group_id='.$_clean['group_id'].'">'.get_lang('Assignments').'</a></li>';//TODO:
//Submenu Delayed assignments //Submenu Delayed assignments
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=delayed&group_id='.$_clean['group_id'].'">'.get_lang('DelayedAssignments').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=delayed&group_id='.$_clean['group_id'].'">'.get_lang('DelayedAssignments').'</a></li>';//TODO:
//Submenu Random page //Submenu Random page
//echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mrandom&group_id='.$_clean['group_id'].'">'.get_lang('RandomPage').'</a></li>';//TODO //echo '<li><a href="index.php?cidReq='.$_course[id].'&action=mrandom&group_id='.$_clean['group_id'].'">'.get_lang('RandomPage').'</a></li>';//TODO:
} }
@ -581,7 +581,7 @@ if ($_GET['action']=='mactiveusers')
echo '<div class="actions">'.get_lang('MostActiveUsers').'</div>'; echo '<div class="actions">'.get_lang('MostActiveUsers').'</div>';
$sql='SELECT *, COUNT(*) AS NUM_EDIT FROM '.$tbl_wiki.' WHERE '.$groupfilter.' GROUP BY user_id'; $sql='SELECT *, COUNT(*) AS NUM_EDIT FROM '.$tbl_wiki.' WHERE '.$groupfilter.' GROUP BY user_id';
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
//show table //show table
if (mysql_num_rows($allpages) > 0) if (mysql_num_rows($allpages) > 0)
@ -624,7 +624,7 @@ if ($_GET['action']=='usercontrib')
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND user_id="'.Security::remove_XSS($_GET['user_id']).'" AND visibility=1'; $sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND user_id="'.Security::remove_XSS($_GET['user_id']).'" AND visibility=1';
} }
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
//show table //show table
if (mysql_num_rows($allpages) > 0) if (mysql_num_rows($allpages) > 0)
@ -711,7 +711,7 @@ if ($_GET['action']=='mostchanged')
$sql='SELECT *, MAX(version) AS MAX FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND visibility=1 GROUP BY reflink'; $sql='SELECT *, MAX(version) AS MAX FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND visibility=1 GROUP BY reflink';
} }
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
//show table //show table
if (mysql_num_rows($allpages) > 0) if (mysql_num_rows($allpages) > 0)
@ -765,7 +765,7 @@ if ($_GET['action']=='mvisited')
$sql='SELECT *, SUM(hits) AS tsum FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND visibility=1 GROUP BY reflink'; $sql='SELECT *, SUM(hits) AS tsum FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND visibility=1 GROUP BY reflink';
} }
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
//show table //show table
if (mysql_num_rows($allpages) > 0) if (mysql_num_rows($allpages) > 0)
@ -815,7 +815,7 @@ if ($_GET['action']=='wanted')
//get name pages //get name pages
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' GROUP BY reflink ORDER BY reflink ASC'; $sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' GROUP BY reflink ORDER BY reflink ASC';
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($allpages)) while ($row=Database::fetch_array($allpages))
{ {
@ -823,11 +823,14 @@ if ($_GET['action']=='wanted')
} }
//get name refs in last pages and make a unique list //get name refs in last pages and make a unique list
$sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; $sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; //old version TODO: Replace by the bottom line
$allpages=api_sql_query($sql,__FILE__,__LINE__);
//$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE visibility=1 AND '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.'.$groupfilter; // new version
$allpages=Database::query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($allpages)) while ($row=Database::fetch_array($allpages))
{ {
//$row['linksto']= str_replace("\n".$row["reflink"]."\n", "\n", $row["linksto"]); //remove self reference. TODO check //$row['linksto']= str_replace("\n".$row["reflink"]."\n", "\n", $row["linksto"]); //remove self reference. TODO: check
$rf = explode(" ", trim($row["linksto"]));//wanted pages without /n only blank " " $rf = explode(" ", trim($row["linksto"]));//wanted pages without /n only blank " "
$refs = array_merge($refs, $rf); $refs = array_merge($refs, $rf);
if ($n++ > 299) if ($n++ > 299)
@ -865,18 +868,21 @@ if ($_GET['action']=='orphaned')
//get name pages //get name pages
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' GROUP BY reflink ORDER BY reflink ASC'; $sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' GROUP BY reflink ORDER BY reflink ASC';
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($allpages)) while ($row=Database::fetch_array($allpages))
{ {
$pages[] = $row['reflink']; $pages[] = $row['reflink'];
} }
//get name refs in last pages and make a unique list //get name refs in last pages and make a unique list
$sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; $sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; //old version TODO: Replace by the bottom line
$allpages=api_sql_query($sql,__FILE__,__LINE__);
//$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.'.$groupfilter.' '; // new version
$allpages=Database::query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($allpages)) while ($row=Database::fetch_array($allpages))
{ {
//$row['linksto']= str_replace("\n".$row["reflink"]."\n", "\n", $row["linksto"]); //remove self reference. TODO check //$row['linksto']= str_replace("\n".$row["reflink"]."\n", "\n", $row["linksto"]); //remove self reference. TODO: check
$rf = explode(" ", trim($row["linksto"])); //fix replace explode("\n", trim($row["linksto"])) with explode(" ", trim($row["linksto"])) $rf = explode(" ", trim($row["linksto"])); //fix replace explode("\n", trim($row["linksto"])) with explode(" ", trim($row["linksto"]))
$refs = array_merge($refs, $rf); $refs = array_merge($refs, $rf);
@ -908,7 +914,7 @@ if ($_GET['action']=='orphaned')
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND reflink="'.$vshow.'" AND visibility=1 GROUP BY reflink'; $sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND reflink="'.$vshow.'" AND visibility=1 GROUP BY reflink';
} }
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
echo '<ul>'; echo '<ul>';
while ($row=Database::fetch_array($allpages)) while ($row=Database::fetch_array($allpages))
@ -965,13 +971,13 @@ if ($_GET['action']=='delete')
if ($_GET['delete'] == 'yes') if ($_GET['delete'] == 'yes')
{ {
$sql='DELETE '.$tbl_wiki_discuss.' FROM '.$tbl_wiki.', '.$tbl_wiki_discuss.' WHERE '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' AND '.$tbl_wiki_discuss.'.publication_id='.$tbl_wiki.'.id'; $sql='DELETE '.$tbl_wiki_discuss.' FROM '.$tbl_wiki.', '.$tbl_wiki_discuss.' WHERE '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' AND '.$tbl_wiki_discuss.'.publication_id='.$tbl_wiki.'.id';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$sql='DELETE '.$tbl_wiki_mailcue.' FROM '.$tbl_wiki.', '.$tbl_wiki_mailcue.' WHERE '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' AND '.$tbl_wiki_mailcue.'.id='.$tbl_wiki.'.id'; $sql='DELETE '.$tbl_wiki_mailcue.' FROM '.$tbl_wiki.', '.$tbl_wiki_mailcue.' WHERE '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' AND '.$tbl_wiki_mailcue.'.id='.$tbl_wiki.'.id';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$sql='DELETE FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.''; $sql='DELETE FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.'';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
check_emailcue(0, 'E'); check_emailcue(0, 'E');
@ -1060,7 +1066,7 @@ if ($_GET['action']=='links')
{ {
$sql='SELECT * FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.''; $sql='SELECT * FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.'';
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
//get type assignment icon //get type assignment icon
@ -1099,14 +1105,20 @@ if ($_GET['action']=='links')
if(api_is_allowed_to_edit() || api_is_platform_admin()) //only by professors if page is hidden if(api_is_allowed_to_edit() || api_is_platform_admin()) //only by professors if page is hidden
{ {
$sql="SELECT * FROM ".$tbl_wiki." s1 WHERE linksto LIKE '%".html_entity_decode(Database::escape_string(stripslashes(urldecode($page))))." %' AND id=(SELECT MAX(s2.id) FROM ".$tbl_wiki." s2 WHERE s1.reflink = s2.reflink AND ".$groupfilter.")"; //add blank space after like '%" " %' to identify each word. $sql="SELECT * FROM ".$tbl_wiki." s1 WHERE linksto LIKE '%".html_entity_decode(Database::escape_string(stripslashes(urldecode($page))))." %' AND id=(SELECT MAX(s2.id) FROM ".$tbl_wiki." s2 WHERE s1.reflink = s2.reflink AND ".$groupfilter.")"; //add blank space after like '%" " %' to identify each word. //Old version TODO: Replace by the bottom line
//$sql="SELECT * FROM ".$tbl_wiki.", ".$tbl_wiki_conf." WHERE linksto LIKE '%".html_entity_decode(Database::escape_string(stripslashes(urldecode($page))))." %' AND ".$tbl_wiki_conf.".page_id=".$tbl_wiki.".page_id AND ".$tbl_wiki.".".$groupfilter.""; //add blank space after like '%" " %' to identify each word. // new version
} }
else else
{ {
$sql="SELECT * FROM ".$tbl_wiki." s1 WHERE visibility=1 AND linksto LIKE '%".html_entity_decode(Database::escape_string(stripslashes(urldecode($page))))." %' AND id=(SELECT MAX(s2.id) FROM ".$tbl_wiki." s2 WHERE s1.reflink = s2.reflink AND ".$groupfilter.")"; //add blank space after like '%" " %' to identify each word $sql="SELECT * FROM ".$tbl_wiki." s1 WHERE visibility=1 AND linksto LIKE '%".html_entity_decode(Database::escape_string(stripslashes(urldecode($page))))." %' AND id=(SELECT MAX(s2.id) FROM ".$tbl_wiki." s2 WHERE s1.reflink = s2.reflink AND ".$groupfilter.")"; //add blank space after like '%" " %' to identify each word //old version TODO: Replace by the bottom line
//$sql="SELECT * FROM ".$tbl_wiki.", ".$tbl_wiki_conf." WHERE visibility=1 AND linksto LIKE '%".html_entity_decode(Database::escape_string(stripslashes(urldecode($page))))." %' AND ".$tbl_wiki_conf.".page_id=".$tbl_wiki.".page_id AND ".$tbl_wiki.".".$groupfilter.""; //add blank space after like '%" " %' to identify each word // new version
} }
$allpages=api_sql_query($sql,__LINE__,__FILE__); $allpages=Database::query($sql,__LINE__,__FILE__);
//show table //show table
if (mysql_num_rows($allpages) > 0) if (mysql_num_rows($allpages) > 0)
@ -1230,7 +1242,7 @@ if ($_GET['action']=='edit')
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' ORDER BY id DESC'; $sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' ORDER BY id DESC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version $row=Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
@ -1362,14 +1374,60 @@ if ($_GET['action']=='edit')
//// ////
if (!empty($row['task'])) if (!empty($row['task']))
{ {
//previous change 0 by text
if ($row['startdate_assig']=='0000-00-00 00:00:00')
{
$message_task_startdate=get_lang('No');
}
else
{
$message_task_startdate=$row['startdate_assig'];
}
if ($row['enddate_assig']=='0000-00-00 00:00:00')
{
$message_task_enddate=get_lang('No');
}
else
{
$message_task_endate=$row['enddate_assig'];
}
if ($row['delayedsubmit']==0)
{
$message_task_delayedsubmit=get_lang('No');
}
else
{
$message_task_delayedsubmit=get_lang('Yes');
}
if ($row['max_version']==0)
{
$message_task_max_version=get_lang('No');
}
else
{
$message_task_max_version=$row['max_version'];
}
if ($row['max_text']==0)
{
$message_task_max_text=get_lang('No');
}
else
{
$message_task_max_text=$row['max_text'];
}
//comp message
$message_task='<b>'.get_lang('DescriptionOfTheTask').'</b><p>'.$row['task'].'</p><hr>'; $message_task='<b>'.get_lang('DescriptionOfTheTask').'</b><p>'.$row['task'].'</p><hr>';
$message_task.='<p>'.get_lang('StartDate').': '.$row['startdate_assig'].'</p>'; $message_task.='<p>'.get_lang('StartDate').': '.$message_task_startdate.'</p>';
$message_task.='<p>'.get_lang('EndDate').': '.$row['enddate_assig']; $message_task.='<p>'.get_lang('EndDate').': '.$message_task_enddate;
$message_task.=' ('.get_lang('AllowLaterSends').') '.$row['delayedsubmit'].'</p>'; $message_task.=' ('.get_lang('AllowLaterSends').') '.$message_task_delayedsubmit.'</p>';
$message_task.='<p>'.get_lang('OtherRequirements').': '.get_lang('NMaxVersion').': '.$row['max_version']; $message_task.='<p>'.get_lang('OtherRequirements').': '.get_lang('NMaxVersion').': '.$message_task_max_version;
$message_task.=' '.get_lang('NMaxWords').': '.$row['max_text']; $message_task.=' '.get_lang('NMaxWords').': '.$message_task_max_text;
Display::display_normal_message($message_task); //display message
echo '<div class="normal-message">'.$message_task.'</div>';
} }
if($row['progress']==$row['fprogress1'] && !empty($row['fprogress1'])) if($row['progress']==$row['fprogress1'] && !empty($row['fprogress1']))
@ -1395,7 +1453,7 @@ if ($_GET['action']=='edit')
$time_edit = date("Y-m-d H:i:s"); $time_edit = date("Y-m-d H:i:s");
$sql='UPDATE '.$tbl_wiki.' SET is_editing="'.$_user['user_id'].'", time_edit="'.$time_edit.'" WHERE id="'.$row['id'].'"'; $sql='UPDATE '.$tbl_wiki.' SET is_editing="'.$_user['user_id'].'", time_edit="'.$time_edit.'" WHERE id="'.$row['id'].'"';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
elseif($row['is_editing']!=$_user['user_id']) elseif($row['is_editing']!=$_user['user_id'])
{ {
@ -1416,7 +1474,7 @@ if ($_GET['action']=='edit')
echo $icon_assignment.'&nbsp;&nbsp;&nbsp;'.$title; echo $icon_assignment.'&nbsp;&nbsp;&nbsp;'.$title;
// //
if((api_is_allowed_to_edit() || api_is_platform_admin()) && $_SESSION['_gid']!=0) if((api_is_allowed_to_edit() || api_is_platform_admin()) && $row['reflink']!='index')
{ {
echo'<a href="javascript://" onclick="advanced_parameters()" ><span id="plus_minus" style="float:right">&nbsp;'.Display::return_icon('div_show.gif',get_lang('Show')).'&nbsp;'.get_lang('AdvancedParameters').'</span></a>'; echo'<a href="javascript://" onclick="advanced_parameters()" ><span id="plus_minus" style="float:right">&nbsp;'.Display::return_icon('div_show.gif',get_lang('Show')).'&nbsp;'.get_lang('AdvancedParameters').'</span></a>';
@ -1428,12 +1486,12 @@ if ($_GET['action']=='edit')
echo '&nbsp;&nbsp;&nbsp;<span id="msg_error4" style="display:none;color:red"></span>'; echo '&nbsp;&nbsp;&nbsp;<span id="msg_error4" style="display:none;color:red"></span>';
echo '<div id="option4" style="padding:4px; margin:5px; border:1px dotted; display:none;">'; echo '<div id="option4" style="padding:4px; margin:5px; border:1px dotted; display:none;">';
echo '<table border="0" style="font-weight:normal" align="center">'; echo '<table border="0" style="font-weight:normal">';
echo '<tr>'; echo '<tr>';
echo '<td>'.get_lang('DescriptionOfTheTask').'</td>'; echo '<td>'.get_lang('DescriptionOfTheTask').'</td>';
echo '</tr>'; echo '</tr>';
echo '<tr>'; echo '<tr>';
echo '<td><textarea name="task" cols="60" rows="4" >'.stripslashes($row['task']).'</textarea></td>'; echo '<td>'.api_disp_html_area('task', stripslashes($row['task']), '', '', null, array('ToolbarSet' => 'project_comment', 'Width' => '600', 'Height' => '200')).'</td>'; //TODO: create a new tolbarset
echo '</tr>'; echo '</tr>';
echo '</table>'; echo '</table>';
echo '</div>'; echo '</div>';
@ -1621,7 +1679,7 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference
//First, see the property visibility that is at the last register and therefore we should select descending order. But to give ownership to each record, this is no longer necessary except for the title. TODO: check this //First, see the property visibility that is at the last register and therefore we should select descending order. But to give ownership to each record, this is no longer necessary except for the title. TODO: check this
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
while ($row=Database::fetch_array($result)) while ($row=Database::fetch_array($result))
{ {
@ -1651,7 +1709,7 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference
{ {
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$title = Security::remove_XSS($_GET['title']); $title = Security::remove_XSS($_GET['title']);
$group_id = Security::remove_XSS($_GET['group_id']); $group_id = Security::remove_XSS($_GET['group_id']);
@ -1733,12 +1791,12 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference
else else
{ {
$sql_old="SELECT * FROM $tbl_wiki WHERE id='".Database::escape_string($_POST['old'])."'"; $sql_old="SELECT * FROM $tbl_wiki WHERE id='".Database::escape_string($_POST['old'])."'";
$result_old=api_sql_query($sql_old,__LINE__,__FILE__); $result_old=Database::query($sql_old,__LINE__,__FILE__);
$version_old=Database::fetch_array($result_old); $version_old=Database::fetch_array($result_old);
$sql_new="SELECT * FROM $tbl_wiki WHERE id='".Database::escape_string($_POST['new'])."'"; $sql_new="SELECT * FROM $tbl_wiki WHERE id='".Database::escape_string($_POST['new'])."'";
$result_new=api_sql_query($sql_new,__LINE__,__FILE__); $result_new=Database::query($sql_new,__LINE__,__FILE__);
$version_new=Database::fetch_array($result_new); $version_new=Database::fetch_array($result_new);
if(isset($_POST['HistoryDifferences'])) if(isset($_POST['HistoryDifferences']))
@ -1813,7 +1871,7 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference
/////////////////////// recent changes /////////////////////// /////////////////////// recent changes ///////////////////////
// //
//rss feed. TODO //rss feed. TODO:
// //
if ($_GET['action']=='recentchanges') if ($_GET['action']=='recentchanges')
@ -1835,14 +1893,19 @@ if ($_GET['action']=='recentchanges')
if(api_is_allowed_to_edit() || api_is_platform_admin()) //only by professors if page is hidden if(api_is_allowed_to_edit() || api_is_platform_admin()) //only by professors if page is hidden
{ {
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' ORDER BY dtime DESC'; $sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' ORDER BY dtime DESC'; // old version TODO: Replace by the bottom line
//$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.'.$groupfilter.' ORDER BY dtime DESC'; // new version
} }
else else
{ {
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND visibility=1 ORDER BY dtime DESC'; $sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' AND visibility=1 ORDER BY dtime DESC'; // old version TODO: Replace by the bottom line
//$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND visibility=1 AND '.$tbl_wiki.'.'.$groupfilter.' ORDER BY dtime DESC'; // new version
} }
$allpages=api_sql_query($sql,__LINE__,__FILE__); $allpages=Database::query($sql,__LINE__,__FILE__);
//show table //show table
if (mysql_num_rows($allpages) > 0) if (mysql_num_rows($allpages) > 0)
@ -1875,9 +1938,20 @@ if ($_GET['action']=='recentchanges')
$ShowAssignment='<img src="../img/wiki/trans.gif" />'; $ShowAssignment='<img src="../img/wiki/trans.gif" />';
} }
//get icon task
if (!empty($obj->task))
{
$icon_task='<img src="../img/wiki/task.gif" title="'.get_lang('TaskExtra').'" alt="'.get_lang('TaskExtra').'" />';
}
else
{
$icon_task='<img src="../img/wiki/trans.gif" />';
}
$row = array (); $row = array ();
$row[] = $year.'-'.$month.'-'.$day.' '.$hours.':'.$minutes.":".$seconds; $row[] = $year.'-'.$month.'-'.$day.' '.$hours.':'.$minutes.":".$seconds;
$row[] = $ShowAssignment; $row[] = $ShowAssignment.$icon_task;
$row[] = '<a href="'.api_get_self().'?cidReq='.$_course[id].'&action=showpage&title='.urlencode($obj->reflink).'&amp;view='.$obj->id.'&group_id='.Security::remove_XSS($_GET['group_id']).'">'.$obj->title.'</a>'; $row[] = '<a href="'.api_get_self().'?cidReq='.$_course[id].'&action=showpage&title='.urlencode($obj->reflink).'&amp;view='.$obj->id.'&group_id='.Security::remove_XSS($_GET['group_id']).'">'.$obj->title.'</a>';
$row[] = $obj->version>1 ? get_lang('EditedBy') : get_lang('AddedBy'); $row[] = $obj->version>1 ? get_lang('EditedBy') : get_lang('AddedBy');
$row[] = $obj->user_id <>0 ? '<a href="../user/userInfo.php?uInfo='.$userinfo['user_id'].'">'.$userinfo['lastname'].', '.$userinfo['firstname'].'</a>' : get_lang('Anonymous').' ('.$obj->user_ip.')'; $row[] = $obj->user_id <>0 ? '<a href="../user/userInfo.php?uInfo='.$userinfo['user_id'].'">'.$userinfo['lastname'].', '.$userinfo['firstname'].'</a>' : get_lang('Anonymous').' ('.$obj->user_ip.')';
@ -1909,14 +1983,19 @@ if ($_GET['action']=='allpages')
if(api_is_allowed_to_edit() || api_is_platform_admin()) //only by professors if page is hidden if(api_is_allowed_to_edit() || api_is_platform_admin()) //only by professors if page is hidden
{ {
$sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; // warning don't use group by reflink because don't return the last version $sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; // warning don't use group by reflink because don't return the last version// old version TODO: Replace by the bottom line
//$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.'.$groupfilter.' GROUP BY '.$tbl_wiki.'.page_id'; // new version
} }
else else
{ {
$sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE visibility=1 AND id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; // warning don't use group by reflink because don't return the last version $sql='SELECT * FROM '.$tbl_wiki.' s1 WHERE visibility=1 AND id=(SELECT MAX(s2.id) FROM '.$tbl_wiki.' s2 WHERE s1.reflink = s2.reflink AND '.$groupfilter.')'; // warning don't use group by reflink because don't return the last version // old version TODO: Replace by the bottom line
//$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE visibility=1 AND '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.'.$groupfilter.' GROUP BY '.$tbl_wiki.'.page_id'; // new version
} }
$allpages=api_sql_query($sql,__LINE__,__FILE__); $allpages=Database::query($sql,__LINE__,__FILE__);
//show table //show table
if (mysql_num_rows($allpages) > 0) if (mysql_num_rows($allpages) > 0)
@ -1949,8 +2028,18 @@ if ($_GET['action']=='allpages')
$ShowAssignment='<img src="../img/wiki/trans.gif" />'; $ShowAssignment='<img src="../img/wiki/trans.gif" />';
} }
//get icon task
if (!empty($obj->task))
{
$icon_task='<img src="../img/wiki/task.gif" title="'.get_lang('TaskExtra').'" alt="'.get_lang('TaskExtra').'" />';
}
else
{
$icon_task='<img src="../img/wiki/trans.gif" />';
}
$row = array (); $row = array ();
$row[] =$ShowAssignment; $row[] =$ShowAssignment.$icon_task;
$row[] = '<a href="'.api_get_self().'?cidReq='.$_course[id].'&action=showpage&title='.urlencode(Security::remove_XSS($obj->reflink)).'&group_id='.Security::remove_XSS($_GET['group_id']).'">'.Security::remove_XSS($obj->title).'</a>'; $row[] = '<a href="'.api_get_self().'?cidReq='.$_course[id].'&action=showpage&title='.urlencode(Security::remove_XSS($obj->reflink)).'&group_id='.Security::remove_XSS($_GET['group_id']).'">'.Security::remove_XSS($obj->title).'</a>';
$row[] = $obj->user_id <>0 ? '<a href="../user/userInfo.php?uInfo='.$userinfo['user_id'].'">'.$userinfo['lastname'].', '.$userinfo['firstname'].'</a>' : get_lang('Anonymous').' ('.$obj->user_ip.')'; $row[] = $obj->user_id <>0 ? '<a href="../user/userInfo.php?uInfo='.$userinfo['user_id'].'">'.$userinfo['lastname'].', '.$userinfo['firstname'].'</a>' : get_lang('Anonymous').' ('.$obj->user_ip.')';
$row[] = $year.'-'.$month.'-'.$day.' '.$hours.":".$minutes.":".$seconds; $row[] = $year.'-'.$month.'-'.$day.' '.$hours.":".$minutes.":".$seconds;
@ -1988,14 +2077,14 @@ if ($_GET['action']=='discuss')
//first extract the date of last version //first extract the date of last version
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id DESC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$lastversiondate=$row['dtime']; $lastversiondate=$row['dtime'];
$lastuserinfo=Database::get_user_info_from_id($row['user_id']); $lastuserinfo=Database::get_user_info_from_id($row['user_id']);
//select page to discuss //select page to discuss
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$id=$row['id']; $id=$row['id'];
$firstuserid=$row['user_id']; $firstuserid=$row['user_id'];
@ -2159,7 +2248,7 @@ if ($_GET['action']=='discuss')
$message_author=api_get_user_id(); $message_author=api_get_user_id();
$sql="INSERT INTO $tbl_wiki_discuss (publication_id, userc_id, comment, p_score, dtime) VALUES ('".$id."','".$message_author."','".$_POST['comment']."','".$_POST['rating']."','".$dtime."')"; $sql="INSERT INTO $tbl_wiki_discuss (publication_id, userc_id, comment, p_score, dtime) VALUES ('".$id."','".$message_author."','".$_POST['comment']."','".$_POST['rating']."','".$dtime."')";
$result=api_sql_query($sql,__FILE__,__LINE__) or die(mysql_error()); $result=Database::query($sql,__FILE__,__LINE__) or die(mysql_error());
check_emailcue($id, 'D', $dtime, $message_author); check_emailcue($id, 'D', $dtime, $message_author);
@ -2170,17 +2259,17 @@ if ($_GET['action']=='discuss')
$user_table = Database :: get_main_table(TABLE_MAIN_USER); $user_table = Database :: get_main_table(TABLE_MAIN_USER);
$sql="SELECT * FROM $tbl_wiki_discuss reviews, $user_table user WHERE reviews.publication_id='".$id."' AND user.user_id='".$firstuserid."' ORDER BY id DESC"; $sql="SELECT * FROM $tbl_wiki_discuss reviews, $user_table user WHERE reviews.publication_id='".$id."' AND user.user_id='".$firstuserid."' ORDER BY id DESC";
$result=api_sql_query($sql,__FILE__,__LINE__) or die(mysql_error()); $result=Database::query($sql,__FILE__,__LINE__) or die(mysql_error());
$countWPost = Database::num_rows($result); $countWPost = Database::num_rows($result);
echo get_lang('NumComments').": ".$countWPost; //comment's numbers echo get_lang('NumComments').": ".$countWPost; //comment's numbers
$sql="SELECT SUM(p_score) as sumWPost FROM $tbl_wiki_discuss WHERE publication_id='".$id."' AND NOT p_score='-' ORDER BY id DESC"; $sql="SELECT SUM(p_score) as sumWPost FROM $tbl_wiki_discuss WHERE publication_id='".$id."' AND NOT p_score='-' ORDER BY id DESC";
$result2=api_sql_query($sql,__FILE__,__LINE__) or die(mysql_error()); $result2=Database::query($sql,__FILE__,__LINE__) or die(mysql_error());
$row2=Database::fetch_array($result2); $row2=Database::fetch_array($result2);
$sql="SELECT * FROM $tbl_wiki_discuss WHERE publication_id='".$id."' AND NOT p_score='-'"; $sql="SELECT * FROM $tbl_wiki_discuss WHERE publication_id='".$id."' AND NOT p_score='-'";
$result3=api_sql_query($sql,__FILE__,__LINE__) or die(mysql_error()); $result3=Database::query($sql,__FILE__,__LINE__) or die(mysql_error());
$countWPost_score= Database::num_rows($result3); $countWPost_score= Database::num_rows($result3);
echo ' - '.get_lang('NumCommentsScore').': '.$countWPost_score;// echo ' - '.get_lang('NumCommentsScore').': '.$countWPost_score;//
@ -2196,8 +2285,8 @@ if ($_GET['action']=='discuss')
echo ' - '.get_lang('RatingMedia').': '.$avg_WPost_score; // average rating echo ' - '.get_lang('RatingMedia').': '.$avg_WPost_score; // average rating
$sql='UPDATE '.$tbl_wiki.' SET score="'.Database::escape_string($avg_WPost_score).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; // check if work ok. TODO $sql='UPDATE '.$tbl_wiki.' SET score="'.Database::escape_string($avg_WPost_score).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; // check if work ok. TODO:
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
echo '<hr noshade size="1">'; echo '<hr noshade size="1">';
//echo '<div style="overflow:auto; height:170px;">'; //echo '<div style="overflow:auto; height:170px;">';
@ -2214,7 +2303,7 @@ if ($_GET['action']=='discuss')
$author_status=get_lang('Teacher'); $author_status=get_lang('Teacher');
} }
require_once(api_get_path(INCLUDE_PATH).'/lib/usermanager.lib.php'); require_once api_get_path(INCLUDE_PATH).'/lib/usermanager.lib.php';
$user_id=$row['userc_id']; $user_id=$row['userc_id'];
$name=$userinfo['lastname']." ".$userinfo['firstname']; $name=$userinfo['lastname']." ".$userinfo['firstname'];
$attrb=array(); $attrb=array();

119
main/wiki/wiki.inc.php
Unescape View File

@ -68,7 +68,7 @@ function checktitle($paramwk)
global $groupfilter; global $groupfilter;
$sql='SELECT * FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($paramwk)))).'" AND '.$groupfilter.''; // TODO: check if need entity $sql='SELECT * FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($paramwk)))).'" AND '.$groupfilter.''; // TODO: check if need entity
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$numberofresults=Database::num_rows($result); $numberofresults=Database::num_rows($result);
if ($numberofresults==0) // the value has not been found and is this available if ($numberofresults==0) // the value has not been found and is this available
@ -317,7 +317,7 @@ function save_wiki() {
if(!empty($_POST['task'])) if(!empty($_POST['task']))
{ {
$_clean['task']=Database::escape_string(Security::remove_XSS($_POST['task'])); $_clean['task']= Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['task'])),COURSEMANAGERLOWSECURITY));
} }
if(!empty($_POST['feedback1']) || !empty($_POST['feedback2']) || !empty($_POST['feedback3'])) if(!empty($_POST['feedback1']) || !empty($_POST['feedback2']) || !empty($_POST['feedback3']))
{ {
@ -357,13 +357,13 @@ function save_wiki() {
$sql="INSERT INTO ".$tbl_wiki." (page_id, reflink, title, content, user_id, group_id, dtime, assignment, comment, progress, version, linksto, user_ip) VALUES ('".$_clean['page_id']."','".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$_clean['group_id']."','".$dtime."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."')"; $sql="INSERT INTO ".$tbl_wiki." (page_id, reflink, title, content, user_id, group_id, dtime, assignment, comment, progress, version, linksto, user_ip) VALUES ('".$_clean['page_id']."','".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$_clean['group_id']."','".$dtime."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."')";
$result=api_sql_query($sql); $result=Database::query($sql);
$Id = Database::insert_id(); $Id = Database::insert_id();
if ($_clean['page_id'] ==0) if ($_clean['page_id'] ==0)
{ {
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE id="'.$Id.'"'; $sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE id="'.$Id.'"';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
//update wiki config //update wiki config
@ -376,7 +376,7 @@ function save_wiki() {
{ {
$sql='UPDATE'.$tbl_wiki_conf.' SET task="'.$_clean['task'].'", feedback1="'.$_clean['feedback1'].'", feedback2="'.$_clean['feedback2'].'", feedback3="'.$_clean['feedback3'].'", fprogress1="'.$_clean['fprogress1'].'", fprogress2="'.$_clean['fprogress2'].'", fprogress3="'.$_clean['fprogress3'].'", max_text="'.$_clean['max_text'].'", max_version="'.$_clean['max_version'].'", startdate_assig="'.$_clean['startdate_assig'].'", enddate_assig="'.$_clean['enddate_assig'].'", delayedsubmit="'.$_clean['delayedsubmit'].'" WHERE page_id="'.$_clean['page_id'].'"'; $sql='UPDATE'.$tbl_wiki_conf.' SET task="'.$_clean['task'].'", feedback1="'.$_clean['feedback1'].'", feedback2="'.$_clean['feedback2'].'", feedback3="'.$_clean['feedback3'].'", fprogress1="'.$_clean['fprogress1'].'", fprogress2="'.$_clean['fprogress2'].'", fprogress3="'.$_clean['fprogress3'].'", max_text="'.$_clean['max_text'].'", max_version="'.$_clean['max_version'].'", startdate_assig="'.$_clean['startdate_assig'].'", enddate_assig="'.$_clean['enddate_assig'].'", delayedsubmit="'.$_clean['delayedsubmit'].'" WHERE page_id="'.$_clean['page_id'].'"';
} }
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']); api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']);
@ -401,7 +401,7 @@ function restore_wikipage($r_page_id, $r_reflink, $r_title, $r_content, $r_group
$sql="INSERT INTO ".$tbl_wiki." (page_id, reflink, title, content, user_id, group_id, dtime, assignment, comment, progress, version, linksto, user_ip) VALUES ('".$r_page_id."','".$r_reflink."','".$r_title."','".$r_content."','".$r_user_id."','".$r_group_id."','".$r_dtime."','".$r_assignment."','".$r_comment."','".$r_progress."','".$r_version."','".$r_linksto."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."')"; $sql="INSERT INTO ".$tbl_wiki." (page_id, reflink, title, content, user_id, group_id, dtime, assignment, comment, progress, version, linksto, user_ip) VALUES ('".$r_page_id."','".$r_reflink."','".$r_title."','".$r_content."','".$r_user_id."','".$r_group_id."','".$r_dtime."','".$r_assignment."','".$r_comment."','".$r_progress."','".$r_version."','".$r_linksto."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."')";
$result=api_sql_query($sql); $result=Database::query($sql);
$Id = Database::insert_id(); $Id = Database::insert_id();
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $r_group_id); api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $r_group_id);
@ -421,18 +421,18 @@ function delete_wiki()
global $tbl_wiki, $tbl_wiki_conf, $tbl_wiki_discuss, $tbl_wiki_mailcue, $groupfilter; global $tbl_wiki, $tbl_wiki_conf, $tbl_wiki_discuss, $tbl_wiki_mailcue, $groupfilter;
//identify the first id by group = identify wiki //identify the first id by group = identify wiki
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' ORDER BY id DESC'; $sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' ORDER BY id DESC';
$allpages=api_sql_query($sql,__FILE__,__LINE__); $allpages=Database::query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($allpages)) { while ($row=Database::fetch_array($allpages)) {
$id = $row['id']; $id = $row['id'];
$group_id = $row['group_id']; $group_id = $row['group_id'];
$page_id = $row['page_id']; $page_id = $row['page_id'];
api_sql_query('DELETE FROM '.$tbl_wiki_conf.' WHERE page_id="'.$id.'"' ,__FILE__,__LINE__); Database::query('DELETE FROM '.$tbl_wiki_conf.' WHERE page_id="'.$id.'"' ,__FILE__,__LINE__);
api_sql_query('DELETE FROM '.$tbl_wiki_discuss.' WHERE publication_id="'.$id.'"' ,__FILE__,__LINE__); Database::query('DELETE FROM '.$tbl_wiki_discuss.' WHERE publication_id="'.$id.'"' ,__FILE__,__LINE__);
} }
api_sql_query('DELETE FROM '.$tbl_wiki_mailcue.' WHERE group_id="'.$group_id.'"' ,__FILE__,__LINE__); Database::query('DELETE FROM '.$tbl_wiki_mailcue.' WHERE group_id="'.$group_id.'"' ,__FILE__,__LINE__);
api_sql_query('DELETE FROM '.$tbl_wiki.' WHERE '.$groupfilter.'',__FILE__,__LINE__); Database::query('DELETE FROM '.$tbl_wiki.' WHERE '.$groupfilter.'',__FILE__,__LINE__);
return get_lang('WikiDeleted'); return get_lang('WikiDeleted');
} }
@ -493,7 +493,7 @@ function save_new_wiki() {
$_clean['linksto'] = links_to($_clean['content']); //check wikilinks $_clean['linksto'] = links_to($_clean['content']); //check wikilinks
//cleaning config variables //cleaning config variables
$_clean['task']=Database::escape_string(Security::remove_XSS($_POST['task'])); $_clean['task']= Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['task'])),COURSEMANAGERLOWSECURITY));
$_clean['feedback1']=Database::escape_string(Security::remove_XSS($_POST['feedback1'])); $_clean['feedback1']=Database::escape_string(Security::remove_XSS($_POST['feedback1']));
$_clean['feedback2']=Database::escape_string(Security::remove_XSS($_POST['feedback2'])); $_clean['feedback2']=Database::escape_string(Security::remove_XSS($_POST['feedback2']));
$_clean['feedback3']=Database::escape_string(Security::remove_XSS($_POST['feedback3'])); $_clean['feedback3']=Database::escape_string(Security::remove_XSS($_POST['feedback3']));
@ -537,15 +537,15 @@ function save_new_wiki() {
} else { } else {
$dtime = date( "Y-m-d H:i:s" ); $dtime = date( "Y-m-d H:i:s" );
$sql="INSERT INTO ".$tbl_wiki." (reflink, title, content, user_id, group_id, dtime, visibility, visibility_disc, ratinglock_disc, assignment, comment, progress, version, linksto, user_ip) VALUES ('".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$_clean['group_id']."','".$dtime."','".$_clean['visibility']."','".$_clean['visibility_disc']."','".$_clean['ratinglock_disc']."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."')"; $sql="INSERT INTO ".$tbl_wiki." (reflink, title, content, user_id, group_id, dtime, visibility, visibility_disc, ratinglock_disc, assignment, comment, progress, version, linksto, user_ip) VALUES ('".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$_clean['group_id']."','".$dtime."','".$_clean['visibility']."','".$_clean['visibility_disc']."','".$_clean['ratinglock_disc']."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."')";
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$Id = Database::insert_id(); $Id = Database::insert_id();
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE id="'.$Id.'"'; $sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE id="'.$Id.'"';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
//insert wiki config //insert wiki config
$sql="INSERT INTO ".$tbl_wiki_conf." (page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit) VALUES ('".$Id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')"; $sql="INSERT INTO ".$tbl_wiki_conf." (page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit) VALUES ('".$Id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
api_sql_query($sql,__LINE__,__FILE__); Database::query($sql,__LINE__,__FILE__);
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']); api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']);
@ -596,12 +596,13 @@ return true;
echo '&nbsp;&nbsp;&nbsp;<span id="msg_error4" style="display:none;color:red"></span>'; echo '&nbsp;&nbsp;&nbsp;<span id="msg_error4" style="display:none;color:red"></span>';
echo '<div id="option4" style="padding:4px; margin:5px; border:1px dotted; display:none;">'; echo '<div id="option4" style="padding:4px; margin:5px; border:1px dotted; display:none;">';
echo '<table border="0" style="font-weight:normal" align="center">'; echo '<table border="0" style="font-weight:normal">';
echo '<tr>'; echo '<tr>';
echo '<td>'.get_lang('DescriptionOfTheTask').'</td>'; echo '<td>'.get_lang('DescriptionOfTheTask').'</td>';
echo '</tr>'; echo '</tr>';
echo '<tr>'; echo '<tr>';
echo '<td><textarea name="task" cols="60" rows="4" >'.stripslashes($row['task']).'</textarea></td>'; //echo '<td><textarea name="task" cols="60" rows="4" >'.stripslashes($row['task']).'</textarea></td>'; // TODO: ¿delete?
echo '<td>'.api_disp_html_area('task', stripslashes($row['task']), '', '', null, array('ToolbarSet' => 'project_comment', 'Width' => '600', 'Height' => '200')).'</td>'; //TODO: create a new tolbarset
echo '</tr>'; echo '</tr>';
echo '</table>'; echo '</table>';
echo '</div>'; echo '</div>';
@ -760,13 +761,13 @@ function display_wiki_entry()
//first, check page visibility in the first page version //first, check page visibility in the first page version
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$KeyVisibility=$row['visibility']; $KeyVisibility=$row['visibility'];
// second, show the last version // second, show the last version
$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' '.$filter.' ORDER BY id DESC'; $sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' '.$filter.' ORDER BY id DESC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version $row=Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
@ -774,7 +775,7 @@ function display_wiki_entry()
if($row['id']) if($row['id'])
{ {
$sql='UPDATE '.$tbl_wiki.' SET hits=(hits+1) WHERE id='.$row['id'].''; $sql='UPDATE '.$tbl_wiki.' SET hits=(hits+1) WHERE id='.$row['id'].'';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
@ -996,7 +997,7 @@ function wiki_exist($title)
global $tbl_wiki; global $tbl_wiki;
global $groupfilter; global $groupfilter;
$sql='SELECT id FROM '.$tbl_wiki.'WHERE title="'.Database::escape_string($title).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT id FROM '.$tbl_wiki.'WHERE title="'.Database::escape_string($title).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$cant=Database::num_rows($result); $cant=Database::num_rows($result);
if ($cant>0) if ($cant>0)
return true; return true;
@ -1043,7 +1044,7 @@ function check_addnewpagelock()
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$status_addlock=$row['addlock']; $status_addlock=$row['addlock'];
@ -1060,10 +1061,10 @@ function check_addnewpagelock()
$status_addlock=1; $status_addlock=1;
} }
api_sql_query('UPDATE '.$tbl_wiki.' SET addlock="'.Database::escape_string($status_addlock).'" WHERE '.$groupfilter.'',__LINE__,__FILE__); Database::query('UPDATE '.$tbl_wiki.' SET addlock="'.Database::escape_string($status_addlock).'" WHERE '.$groupfilter.'',__LINE__,__FILE__);
$sql='SELECT * FROM '.$tbl_wiki.'WHERE '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
} }
@ -1094,7 +1095,7 @@ function check_protect_page()
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$status_editlock=$row['editlock']; $status_editlock=$row['editlock'];
@ -1113,11 +1114,11 @@ function check_protect_page()
} }
$sql='UPDATE '.$tbl_wiki.' SET editlock="'.Database::escape_string($status_editlock).'" WHERE id="'.$id.'"'; $sql='UPDATE '.$tbl_wiki.' SET editlock="'.Database::escape_string($status_editlock).'" WHERE id="'.$id.'"';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
} }
@ -1149,7 +1150,7 @@ function check_visibility_page()
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$status_visibility=$row['visibility']; $status_visibility=$row['visibility'];
@ -1168,11 +1169,11 @@ function check_visibility_page()
} }
$sql='UPDATE '.$tbl_wiki.' SET visibility="'.Database::escape_string($status_visibility).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; $sql='UPDATE '.$tbl_wiki.' SET visibility="'.Database::escape_string($status_visibility).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter;
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page //Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
} }
@ -1204,7 +1205,7 @@ function check_visibility_discuss()
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$status_visibility_disc=$row['visibility_disc']; $status_visibility_disc=$row['visibility_disc'];
@ -1223,11 +1224,11 @@ function check_visibility_discuss()
} }
$sql='UPDATE '.$tbl_wiki.' SET visibility_disc="'.Database::escape_string($status_visibility_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; $sql='UPDATE '.$tbl_wiki.' SET visibility_disc="'.Database::escape_string($status_visibility_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter;
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page //Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
} }
@ -1259,7 +1260,7 @@ function check_addlock_discuss()
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$status_addlock_disc=$row['addlock_disc']; $status_addlock_disc=$row['addlock_disc'];
@ -1278,11 +1279,11 @@ function check_addlock_discuss()
} }
$sql='UPDATE '.$tbl_wiki.' SET addlock_disc="'.Database::escape_string($status_addlock_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; $sql='UPDATE '.$tbl_wiki.' SET addlock_disc="'.Database::escape_string($status_addlock_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter;
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page //Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
} }
@ -1315,7 +1316,7 @@ function check_ratinglock_discuss()
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$status_ratinglock_disc=$row['ratinglock_disc']; $status_ratinglock_disc=$row['ratinglock_disc'];
@ -1334,11 +1335,11 @@ function check_ratinglock_discuss()
} }
$sql='UPDATE '.$tbl_wiki.' SET ratinglock_disc="'.Database::escape_string($status_ratinglock_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; //Visibility. Value to all,not only for the first $sql='UPDATE '.$tbl_wiki.' SET ratinglock_disc="'.Database::escape_string($status_ratinglock_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; //Visibility. Value to all,not only for the first
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page //Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
} }
@ -1369,13 +1370,13 @@ function check_notify_page($reflink)
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$reflink.'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$reflink.'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$id=$row['id']; $id=$row['id'];
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="P"'; $sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="P"';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$idm=$row['id']; $idm=$row['id'];
@ -1397,14 +1398,14 @@ function check_notify_page($reflink)
{ {
$sql="INSERT INTO ".$tbl_wiki_mailcue." (id, user_id, type, group_id) VALUES ('".$id."','".api_get_user_id()."','P','".$_clean['group_id']."')"; $sql="INSERT INTO ".$tbl_wiki_mailcue." (id, user_id, type, group_id) VALUES ('".$id."','".api_get_user_id()."','P','".$_clean['group_id']."')";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$status_notify=1; $status_notify=1;
} }
else else
{ {
$sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="P"'; //$_clean['group_id'] not necessary $sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="P"'; //$_clean['group_id'] not necessary
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$status_notify=0; $status_notify=0;
} }
@ -1434,13 +1435,13 @@ function check_notify_discuss($reflink)
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$reflink.'" AND '.$groupfilter.' ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$reflink.'" AND '.$groupfilter.' ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$id=$row['id']; $id=$row['id'];
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="D"'; $sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="D"';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$idm=$row['id']; $idm=$row['id'];
@ -1466,7 +1467,7 @@ function check_notify_discuss($reflink)
{ {
$sql="INSERT INTO ".$tbl_wiki_mailcue." (id, user_id, type, group_id) VALUES ('".$id."','".api_get_user_id()."','D','".$_clean['group_id']."')"; $sql="INSERT INTO ".$tbl_wiki_mailcue." (id, user_id, type, group_id) VALUES ('".$id."','".api_get_user_id()."','D','".$_clean['group_id']."')";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$status_notify_disc=1; $status_notify_disc=1;
} }
@ -1480,7 +1481,7 @@ function check_notify_discuss($reflink)
if (!$_POST['Submit']) if (!$_POST['Submit'])
{ {
$sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="D"'; //$_clean['group_id'] not necessary $sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="D"'; //$_clean['group_id'] not necessary
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$status_notify_disc=0; $status_notify_disc=0;
} }
@ -1516,7 +1517,7 @@ function check_notify_all()
$_clean['group_id']=(int)$_SESSION['_gid']; $_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE user_id="'.api_get_user_id().'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; $sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE user_id="'.api_get_user_id().'" AND type="F" AND group_id="'.$_clean['group_id'].'"';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$idm=$row['user_id']; $idm=$row['user_id'];
@ -1537,14 +1538,14 @@ function check_notify_all()
if ($status_notify_all==0) if ($status_notify_all==0)
{ {
$sql="INSERT INTO ".$tbl_wiki_mailcue." (user_id, type, group_id) VALUES ('".api_get_user_id()."','F','".$_clean['group_id']."')"; $sql="INSERT INTO ".$tbl_wiki_mailcue." (user_id, type, group_id) VALUES ('".api_get_user_id()."','F','".$_clean['group_id']."')";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$status_notify_all=1; $status_notify_all=1;
} }
else else
{ {
$sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE user_id="'.api_get_user_id().'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; $sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE user_id="'.api_get_user_id().'" AND type="F" AND group_id="'.$_clean['group_id'].'"';
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$status_notify_all=0; $status_notify_all=0;
} }
@ -1602,7 +1603,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
//second, extract data from first reg //second, extract data from first reg
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$id_or_ref.'" AND '.$groupfilter.' ORDER BY id ASC'; //id_or_ref is reflink from tblwiki $sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$id_or_ref.'" AND '.$groupfilter.' ORDER BY id ASC'; //id_or_ref is reflink from tblwiki
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$id=$row['id']; $id=$row['id'];
@ -1614,7 +1615,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$allow_send_mail=true; //if visibility off - notify off $allow_send_mail=true; //if visibility off - notify off
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="'.$type.'" OR type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full. $sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="'.$type.'" OR type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full.
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$emailtext=get_lang('EmailWikipageModified').' <strong>'.$email_page_name.'</strong> '.get_lang('Wiki'); $emailtext=get_lang('EmailWikipageModified').' <strong>'.$email_page_name.'</strong> '.get_lang('Wiki');
} }
@ -1644,7 +1645,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$sql='SELECT * FROM '.$tbl_wiki.'WHERE id="'.$id.'" ORDER BY id ASC'; $sql='SELECT * FROM '.$tbl_wiki.'WHERE id="'.$id.'" ORDER BY id ASC';
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$email_page_name=$row['title']; $email_page_name=$row['title'];
@ -1655,7 +1656,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$allow_send_mail=true; //if visibility off - notify off $allow_send_mail=true; //if visibility off - notify off
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="'.$type.'" OR type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full $sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="'.$type.'" OR type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$emailtext=get_lang('EmailWikiPageDiscAdded').' <strong>'.$email_page_name.'</strong> '.get_lang('Wiki'); $emailtext=get_lang('EmailWikiPageDiscAdded').' <strong>'.$email_page_name.'</strong> '.get_lang('Wiki');
} }
@ -1667,7 +1668,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$sql='SELECT * FROM '.$tbl_wiki.' ORDER BY id DESC'; //the added is always the last $sql='SELECT * FROM '.$tbl_wiki.' ORDER BY id DESC'; //the added is always the last
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$email_page_name=$row['title']; $email_page_name=$row['title'];
@ -1701,7 +1702,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
} }
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full $sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$emailtext=get_lang('EmailWikiPageAdded').' <strong>'.$email_page_name.'</strong> '.get_lang('In').' '. get_lang('Wiki'); $emailtext=get_lang('EmailWikiPageAdded').' <strong>'.$email_page_name.'</strong> '.get_lang('In').' '. get_lang('Wiki');
} }
@ -1721,7 +1722,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$email_date_changes=$today; $email_date_changes=$today;
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=wiki $sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=wiki
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
$emailtext=get_lang('EmailWikipageDedeleted'); $emailtext=get_lang('EmailWikipageDedeleted');
} }
@ -1856,7 +1857,7 @@ function auto_add_page_users($assignment_type)
//data about teacher //data about teacher
$userinfo=Database::get_user_info_from_id(api_get_user_id()); $userinfo=Database::get_user_info_from_id(api_get_user_id());
require_once(api_get_path(INCLUDE_PATH).'/lib/usermanager.lib.php'); require_once api_get_path(INCLUDE_PATH).'/lib/usermanager.lib.php';
if (api_get_user_id()<>0) if (api_get_user_id()<>0)
{ {
$image_path = UserManager::get_user_picture_path_by_id(api_get_user_id(),'web',false, true); $image_path = UserManager::get_user_picture_path_by_id(api_get_user_id(),'web',false, true);
@ -1990,7 +1991,7 @@ function display_wiki_search_results($search_term, $search_content=0)
} }
} }
$result=api_sql_query($sql,__LINE__,__FILE__); $result=Database::query($sql,__LINE__,__FILE__);
//show table //show table
if (mysql_num_rows($result) > 0) if (mysql_num_rows($result) > 0)

0
tests/all.test2.php
Unescape View File

Write Preview
Loading…
Cancel
Save