From 2a47c02329fb8dee04a6b6425c9ee7601c6f32e2 Mon Sep 17 00:00:00 2001 From: jmontoyaa Date: Fri, 22 Jul 2016 09:56:00 +0200 Subject: [PATCH] Add intval + Security::remove_XSS --- main/admin/ldap_users_list.php | 2 +- main/coursecopy/copy_course.php | 4 ++- main/dropbox/index.php | 4 +-- main/gradebook/index.php | 23 ++++--------- main/inc/lib/course_home.lib.php | 2 +- main/mySpace/student.php | 9 ++--- main/mySpace/teachers.php | 3 +- main/mySpace/users.php | 4 +-- main/resourcelinker/resourcelinker.inc.php | 33 ------------------- main/social/profile.php | 2 +- main/survey/fillsurvey.php | 2 +- main/wiki/wiki.inc.php | 6 ++-- tests/main/exercice/freeanswer.class.test.php | 16 ++++----- 13 files changed, 37 insertions(+), 73 deletions(-) diff --git a/main/admin/ldap_users_list.php b/main/admin/ldap_users_list.php index d2e8a558c1..edd06a4645 100755 --- a/main/admin/ldap_users_list.php +++ b/main/admin/ldap_users_list.php @@ -78,7 +78,7 @@ if (isset ($_GET['action'])) } if (isset($_GET['id_session']) && ($_GET['id_session'] == strval(intval($_GET['id_session']))) && ($_GET['id_session']>0)) { ldap_add_user_to_session($UserList, $_GET['id_session']); - header('Location: resume_session.php?id_session='.$_GET['id_session']); + header('Location: resume_session.php?id_session='.intval($_GET['id_session'])); } else { Display :: display_header($tool_name); if(count($userid_match_login)>0) diff --git a/main/coursecopy/copy_course.php b/main/coursecopy/copy_course.php index ce148e8dd3..d9188fa1a2 100755 --- a/main/coursecopy/copy_course.php +++ b/main/coursecopy/copy_course.php @@ -61,7 +61,9 @@ if (Security::check_token('post') && ( $cr->set_file_option($_POST['same_file_name_option']); $cr->restore($_POST['destination_course']); Display::display_normal_message( - get_lang('CopyFinished').': '.$_POST['destination_course'].'', + get_lang('CopyFinished').': '. + Security::remove_XSS($_POST['destination_course']). + '', false ); } elseif (Security::check_token('post') && ( diff --git a/main/dropbox/index.php b/main/dropbox/index.php index 57a45631a3..d6a01d9ccb 100755 --- a/main/dropbox/index.php +++ b/main/dropbox/index.php @@ -32,7 +32,7 @@ Display::display_introduction_section(TOOL_DROPBOX); // Build URL-parameters for table-sorting $sort_params = array(); if (isset($_GET['dropbox_column'])) { - $sort_params[] = 'dropbox_column='.$_GET['dropbox_column']; + $sort_params[] = 'dropbox_column='.intval($_GET['dropbox_column']); } if (isset($_GET['dropbox_page_nr'])) { $sort_params[] = 'page_nr='.intval($_GET['page_nr']); @@ -40,7 +40,7 @@ if (isset($_GET['dropbox_page_nr'])) { if (isset($_GET['dropbox_per_page'])) { $sort_params[] = 'dropbox_per_page='.intval($_GET['dropbox_per_page']); } -if (isset($_GET['dropbox_direction'])) { +if (isset($_GET['dropbox_direction']) && in_array($_GET['dropbox_direction'], ['ASC', 'DESC'])) { $sort_params[] = 'dropbox_direction='.$_GET['dropbox_direction']; } diff --git a/main/gradebook/index.php b/main/gradebook/index.php index 40a0d6938d..ee4b3b7970 100755 --- a/main/gradebook/index.php +++ b/main/gradebook/index.php @@ -104,27 +104,18 @@ if (empty($cats)) { $_GET['selectcat'] = $cats[0]->get_id(); if (isset($_GET['isStudentView'])) { - if ( (isset($_GET['selectcat']) && $_GET['selectcat']>0) && (isset($_SESSION['studentview']) && $_SESSION['studentview']=='studentview') ) { - $interbreadcrumb[]= array ('url' => 'index.php'.'?selectcat=0&isStudentView='.$_GET['isStudentView'],'name' => get_lang('ToolGradebook')); + if ((isset($_GET['selectcat']) && $_GET['selectcat'] > 0) && (isset($_SESSION['studentview']) && $_SESSION['studentview'] == 'true')) { + $interbreadcrumb[] = array( + 'url' => 'index.php'.'?selectcat=0&isStudentView=true', + 'name' => get_lang('ToolGradebook'), + ); } } if ((isset($_GET['selectcat']) && $_GET['selectcat']>0) && - (isset($_SESSION['studentview']) && $_SESSION['studentview']=='studentview') + (isset($_SESSION['studentview']) && $_SESSION['studentview']=='true') ) { - /*Display :: display_header(); - //Introduction tool: student view - Display::display_introduction_section(TOOL_GRADEBOOK, array('ToolbarSet' => 'AssessmentsIntroduction')); - $category = $_GET['selectcat']; - $cats = Category :: load ($category, null, null, null, null, null, false); - $allcat = $cats[0]->get_subcategories($stud_id, $course_code, $session_id); - $alleval = $cats[0]->get_evaluations($stud_id); - $alllink = $cats[0]->get_links($stud_id); - $addparams = array(); - $gradebooktable= new GradebookTable($cats[0], $allcat, $alleval,$alllink, $addparams); - $gradebooktable->display(); - Display :: display_footer(); - exit;*/ + } else { if (!isset($_GET['selectcat']) && ($_SESSION['studentview']=='studentview') || diff --git a/main/inc/lib/course_home.lib.php b/main/inc/lib/course_home.lib.php index cb5581ce1a..3304a75b24 100755 --- a/main/inc/lib/course_home.lib.php +++ b/main/inc/lib/course_home.lib.php @@ -1184,7 +1184,7 @@ class CourseHome } if (stristr($url_item['path'], $url_current['path'])) { - if (!isset($_GET['learnpath_id']) || strpos($url_item['query'], 'learnpath_id='.$_GET['learnpath_id']) === 0) { + if (!isset($_GET['learnpath_id']) || strpos($url_item['query'], 'learnpath_id='.intval($_GET['learnpath_id'])) === 0) { $html .= ' id="here"'; } } diff --git a/main/mySpace/student.php b/main/mySpace/student.php index 51158fdecc..3325367915 100755 --- a/main/mySpace/student.php +++ b/main/mySpace/student.php @@ -56,6 +56,7 @@ function get_users($from, $limit, $column, $direction) $active = isset($_GET['active']) ? $_GET['active'] : 1; $keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null; $sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null; + $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : 0; $lastConnectionDate = null; if (!empty($sleepingDays)) { @@ -111,7 +112,7 @@ function get_users($from, $limit, $column, $direction) foreach ($students as $student_data) { $student_id = $student_data['user_id']; if (isset($_GET['id_session'])) { - $courses = Tracking :: get_course_list_in_session_from_student($student_id, $_GET['id_session']); + $courses = Tracking :: get_course_list_in_session_from_student($student_id, $sessionId); } $avg_time_spent = $avg_student_score = $avg_student_progress = $total_assignments = $total_messages = 0; @@ -121,8 +122,8 @@ function get_users($from, $limit, $column, $direction) $courseInfo = api_get_course_info($course_code); $courseId = $courseInfo['real_id']; if (CourseManager :: is_user_subscribed_in_course($student_id, $course_code, true)) { - $avg_time_spent += Tracking :: get_time_spent_on_the_course($student_id, $courseId, $_GET['id_session']); - $my_average = Tracking :: get_avg_student_score($student_id, $course_code); + $avg_time_spent += Tracking :: get_time_spent_on_the_course($student_id, $courseId, $sessionId); + $my_average = Tracking :: get_avg_student_score($student_id, $course_code); if (is_numeric($my_average)) { $avg_student_score += $my_average; } @@ -158,7 +159,7 @@ function get_users($from, $limit, $column, $direction) $row[] = $string_date; if (isset($_GET['id_coach']) && intval($_GET['id_coach']) != 0) { - $detailsLink = ' + $detailsLink = ' '.Display::return_icon('2rightarrow.png').''; } else { $detailsLink = ' diff --git a/main/mySpace/teachers.php b/main/mySpace/teachers.php index 1cda57a4bd..e5d4821d38 100755 --- a/main/mySpace/teachers.php +++ b/main/mySpace/teachers.php @@ -58,6 +58,7 @@ function get_users($from, $limit, $column, $direction) $active = isset($_GET['active']) ? $_GET['active'] : 1; $keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null; $sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null; + $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : 0; $lastConnectionDate = null; if (!empty($sleepingDays)) { @@ -159,7 +160,7 @@ function get_users($from, $limit, $column, $direction) $row[] = $string_date; if (isset($_GET['id_coach']) && intval($_GET['id_coach']) != 0) { - $detailsLink = ' + $detailsLink = ' '.Display::return_icon('2rightarrow.png', get_lang('Details')).''; } else { $detailsLink = ' diff --git a/main/mySpace/users.php b/main/mySpace/users.php index 256a41e026..bd21f2e439 100755 --- a/main/mySpace/users.php +++ b/main/mySpace/users.php @@ -57,7 +57,7 @@ function get_users($from, $limit, $column, $direction) $keyword = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null; $sleepingDays = isset($_GET['sleeping_days']) ? intval($_GET['sleeping_days']) : null; $status = isset($_GET['status']) ? Security::remove_XSS($_GET['status']) : null; - + $sessionId = isset($_GET['id_session']) ? (int) $_GET['id_session'] : 0; $lastConnectionDate = null; if (!empty($sleepingDays)) { @@ -160,7 +160,7 @@ function get_users($from, $limit, $column, $direction) $row[] = $string_date; if (isset($_GET['id_coach']) && intval($_GET['id_coach']) != 0) { - $detailsLink = ' + $detailsLink = ' '.Display::return_icon('2rightarrow.png', get_lang('Details')).''; } else { $detailsLink = ' diff --git a/main/resourcelinker/resourcelinker.inc.php b/main/resourcelinker/resourcelinker.inc.php index 204a9fc66e..d56afcca5c 100755 --- a/main/resourcelinker/resourcelinker.inc.php +++ b/main/resourcelinker/resourcelinker.inc.php @@ -1275,41 +1275,8 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path) $link .= "../phpbb/viewtopic.php?topic=".$myrow["topic_id"]."&forum=".$myrow["forum_id"]."&md5=".$myrow["md5"]; } break; - case "Post": - /* todo REVIEW THIS SECTION - NOT USING VALID TABLES ANYMORE - $tbl_posts = $_course['dbNameGlu'].'bb_posts'; - $tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text'; - $TBL_FORUMS = $_course['dbNameGlu']."bb_forums"; - $result= Database::query("SELECT * FROM $tbl_posts where post_id=$id"); - $myrow=Database::fetch_array($result); - // grabbing the title of the post - $sql_titel="SELECT * FROM $tbl_posts_text WHERE post_id=".$myrow["post_id"]; - $result_titel=Database::query($sql_titel); - $myrow_titel=Database::fetch_array($result_titel); - - $sql="select * from $tbl_learnpath_item where id=$id_in_path"; - $result=Database::query($sql); $row=Database::fetch_array($result); - if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; } - $desc=$row['description']; - $link .= str_repeat(" >",$level); - - $posternom=$myrow['nom']; $posterprenom=$myrow['prenom']; - $posttime=$myrow['post_time']; $posttext=$myrow_titel['post_text']; - $posttitle=$myrow_titel['post_title']; - $posttext = str_replace('"',"'",$posttext); - - if ($builder != 'builder') - { - $link .= api_get_self()."?action=closelesson&source_forum=".$_GET['source_forum']."&how=complete&id_in_path=$id_in_path&learnpath_id=$learnpath_id&type=Post&origin=$origin&posternom=$posternom&posterprenom=$posterprenom&posttime=$posttime&posttext=$posttext&posttitle=$posttitle#$id_in_path"; - } - else - { - $link .= "../phpbb/viewtopic.php?topic=".$myrow["topic_id"]."&forum=".$myrow["forum_id"]."&md5=".$myrow["md5"]; - } - */ break; - case "Document": $dbTable = Database::get_course_table(TABLE_DOCUMENT); $result=Database::query("SELECT * FROM $dbTable WHERE id=$id",__FILE__,__LINE); diff --git a/main/social/profile.php b/main/social/profile.php index 3b42cebabb..a6056ba13b 100755 --- a/main/social/profile.php +++ b/main/social/profile.php @@ -38,7 +38,7 @@ if (!empty($_POST['social_wall_new_msg_main']) || !empty($_FILES['picture']['tmp $messageId = 0; $messageContent = $_POST['social_wall_new_msg_main']; if (!empty($_POST['url_content'])) { - $messageContent = $_POST['social_wall_new_msg_main'].'

'.$_POST['url_content']; + $messageContent = $_POST['social_wall_new_msg_main'].'

'.$_POST['url_content']; } $idMessage = SocialManager::sendWallMessage( api_get_user_id(), diff --git a/main/survey/fillsurvey.php b/main/survey/fillsurvey.php index 15fbe79620..cfc646dba2 100755 --- a/main/survey/fillsurvey.php +++ b/main/survey/fillsurvey.php @@ -1174,7 +1174,7 @@ $g_ic = isset($_GET['invitationcode']) ? Security::remove_XSS($_GET['invitationc $g_cr = isset($_GET['cidReq']) ? Security::remove_XSS($_GET['cidReq']) : ''; $p_l = isset($_POST['language']) ? Security::remove_XSS($_POST['language']) : ''; -$add_parameters = isset($_GET['user_id']) ? 'user_id='.$_GET['user_id'].'&' : ''; +$add_parameters = isset($_GET['user_id']) ? 'user_id='.intval($_GET['user_id']).'&' : ''; $url = api_get_self().'?'.$add_parameters.'course='.$g_c.'&invitationcode='.$g_ic.'&show='.$show.'&cidReq='.$g_cr; $form = new FormValidator('question', 'post', $url); diff --git a/main/wiki/wiki.inc.php b/main/wiki/wiki.inc.php index cf81e73a0e..b2c3b68238 100755 --- a/main/wiki/wiki.inc.php +++ b/main/wiki/wiki.inc.php @@ -2136,7 +2136,9 @@ class Wiki '.$photo.'
'.Display::tag('span', api_get_person_name($userinfo['firstname'], $userinfo['lastname']), array('title'=>$username)).' '; - $content_orig_B = '
'.get_lang('AssignmentDescription').': '.$title_orig.'

'.$_POST['content']; + $content_orig_B = '
'. + get_lang('AssignmentDescription').': '. + $title_orig.'

'.Security::remove_XSS($_POST['content']); //Second: student list (names, photo and links to their works). //Third: Create Students work pages. @@ -2180,7 +2182,7 @@ class Wiki 'span', strtoupper($o_user_to_add['lastname']).', '.$o_user_to_add['firstname'], array('title'=>$username) ). - ' [['.$_POST['title']."_uass".$assig_user_id.' | '.$photo.']] '.$status_in_group.''; + ' [['.Security::remove_XSS($_POST['title'])."_uass".$assig_user_id.' | '.$photo.']] '.$status_in_group.''; //don't change this line without guaranteeing that users will be ordered by last names in the following format (surname, name) $values['assignment']=2; } diff --git a/tests/main/exercice/freeanswer.class.test.php b/tests/main/exercice/freeanswer.class.test.php index 8b94afc0e0..6b1deb894a 100755 --- a/tests/main/exercice/freeanswer.class.test.php +++ b/tests/main/exercice/freeanswer.class.test.php @@ -1,29 +1,29 @@ assertTrue(is_null($res)); //var_dump($res); - } - + } + /** * abstract function which creates the form to create / edit the answers of the question * @param the formvalidator instance */ - + function testprocessAnswersCreation () { - $form = new FormValidator('exercise_admin', 'post', api_get_self().'?exerciseId='.$_GET['exerciseId']); + $form = new FormValidator('exercise_admin', 'post', api_get_self().'?exerciseId='.intval($_GET['exerciseId'])); $res =FreeAnswer::processAnswersCreation($form); $this->assertTrue(is_null($res)); //var_dump($res); } - + } ?>