chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r20716] FS#306 - Replacing some natural language unsafe occurrences of the function htmlentities() and other similar fixes.

Browse Source
skala
Ivan Tcholakov 17 years ago
parent d8ee5e2be6
commit 2b68b8876e
16 changed files with 38 additions and 38 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/chat/chat_chat.php
  2. 4
      main/exercice/exercice.php
  3. 4
      main/exercice/hotspot_admin.inc.php
  4. 8
      main/exercice/question_list_admin.inc.php
  5. 2
      main/forum/viewthread_flat.inc.php
  6. 2
      main/forum/viewthread_nested.inc.php
  7. 2
      main/forum/viewthread_threaded.inc.php
  8. 12
      main/link/link.php
  9. 6
      main/messages/message.class.php
  10. 4
      main/reservation/m_category.php
  11. 4
      main/reservation/m_item.php
  12. 4
      main/reservation/m_item_origineel.php
  13. 2
      main/reservation/m_reservation.php
  14. 4
      main/reservation/mysubscriptions.php
  15. 6
      main/work/work.lib.php
  16. 6
      whoisonline.php

6
main/chat/chat_chat.php
Unescape View File

@ -134,7 +134,7 @@ if (!empty($course))
echo '<div style="margin-left: 5px;">';
foreach($content as $thisLine)
{
echo strip_tags(html_entity_decode($thisLine),'<br> <span> <b> <i> <img> <font>');
echo strip_tags(api_html_entity_decode($thisLine),'<br> <span> <b> <i> <img> <font>');
}
echo '</div>';
@ -147,7 +147,7 @@ if (!empty($course))
{
$rand=mt_rand(1,1000);
echo '<div style="margin-left: 5px;">';
echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&cidReq='.$_GET['cidReq'].'#bottom" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang('ConfirmReset'),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&cidReq='.$_GET['cidReq'].'#bottom" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
echo '</div>';
}
}
@ -158,4 +158,4 @@ else
Display :: display_error_message($message);
}
include('footer_frame.inc.php');
?>
?>

4
main/exercice/exercice.php
Unescape View File

@ -1,5 +1,5 @@
<?php
// $Id: exercice.php 20648 2009-05-14 17:34:11Z cvargas1 $
// $Id: exercice.php 20716 2009-05-16 07:28:22Z ivantcholakov $
/*
==============================================================================
@ -942,7 +942,7 @@ if ($show == 'test') {
?>
<!--" /></a>-->
<a href="exercice.php?choice=delete&exerciseId=<?php echo $row['id']; ?>" onclick="javascript:if(!confirm('<?php echo addslashes(htmlentities(get_lang('AreYouSureToDelete'),ENT_QUOTES,$charset)); echo " ".$row['title']; echo "?"; ?>')) return false;"> <img src="../img/delete.gif" border="0" alt="<?php echo htmlentities(get_lang('Delete'),ENT_QUOTES,$charset); ?>" /></a>
<a href="exercice.php?choice=delete&exerciseId=<?php echo $row['id']; ?>" onclick="javascript:if(!confirm('<?php echo addslashes(api_htmlentities(get_lang('AreYouSureToDelete'),ENT_QUOTES,$charset)); echo " ".$row['title']; echo "?"; ?>')) return false;"> <img src="../img/delete.gif" border="0" alt="<?php echo api_htmlentities(get_lang('Delete'),ENT_QUOTES,$charset); ?>" /></a>
<?php
//if active

4
main/exercice/hotspot_admin.inc.php
Unescape View File

@ -271,14 +271,14 @@ if($modifyAnswers)
?>
<input type="submit" class="minus" name="lessAnswers" value="<?php echo get_lang('LessHotspots'); ?>" >
<input type="submit" class="plus" name="moreAnswers" value="<?php echo get_lang('MoreHotspots'); ?>" />
<input type="submit" class="cancel" name="cancelAnswers" value="<?php echo get_lang('Cancel'); ?>" onclick="javascript:if(!confirm('<?php echo addslashes(htmlentities(get_lang('ConfirmYourChoice'))); ?>')) return false;" >
<input type="submit" class="cancel" name="cancelAnswers" value="<?php echo get_lang('Cancel'); ?>" onclick="javascript:if(!confirm('<?php echo addslashes(api_htmlentities(get_lang('ConfirmYourChoice'))); ?>')) return false;" >
<input type="submit" class="save" name="submitAnswers" value="<?php echo get_lang('Ok'); ?>" />
<?php
} else {
?>
<button type="submit" class="minus" name="lessAnswers" value="<?php echo get_lang('LessHotspots'); ?>" ><?php echo get_lang('LessHotspots'); ?></button>
<button type="submit" class="plus" name="moreAnswers" value="<?php echo get_lang('MoreHotspots'); ?>" /><?php echo get_lang('langMoreHotspotsImage'); ?></button>
<button type="submit" class="cancel" name="cancelAnswers" value="<?php echo get_lang('Cancel'); ?>" onclick="javascript:if(!confirm('<?php echo addslashes(htmlentities(get_lang('ConfirmYourChoice'))); ?>')) return false;" ><?php echo get_lang('Cancel'); ?></button>
<button type="submit" class="cancel" name="cancelAnswers" value="<?php echo get_lang('Cancel'); ?>" onclick="javascript:if(!confirm('<?php echo addslashes(api_htmlentities(get_lang('ConfirmYourChoice'))); ?>')) return false;" ><?php echo get_lang('Cancel'); ?></button>
<button type="submit" class="save" name="submitAnswers" value="<?php echo get_lang('Ok'); ?>" /><?php echo get_lang('AddQuestionToExercise'); ?></button>
<?php
}

8
main/exercice/question_list_admin.inc.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: question_list_admin.inc.php 19894 2009-04-20 16:38:00Z cvargas1 $
<?php // $Id: question_list_admin.inc.php 20716 2009-05-16 07:28:22Z ivantcholakov $
/*
==============================================================================
@ -28,7 +28,7 @@
* Code library for HotPotatoes integration.
* @package dokeos.exercise
* @author
* @version $Id: question_list_admin.inc.php 19894 2009-04-20 16:38:00Z cvargas1 $
* @version $Id: question_list_admin.inc.php 20716 2009-05-16 07:28:22Z ivantcholakov $
*/
@ -113,7 +113,7 @@ if($nbrQuestions) {
<td align="center"><?php echo $objQuestionTmp->selectLevel(); ?></td>
<!--<td align="center"><a href="<?php echo api_get_self(); ?>?action=exportqti2&questionId=<?php echo $id; ?>"><img src="../img/export.png" border="0" align="absmiddle" alt="IMS/QTI" /></a></td>-->
<td> <a href="<?php echo api_get_self(); ?>?myid=1&ed
itQuestion=<?php echo $id; ?>"><img src="../img/edit.gif" border="0" alt="<?php echo get_lang('Modify'); ?>" /></a> <a href="<?php echo api_get_self(); ?>?deleteQuestion=<?php echo $id; ?>" onclick="javascript:if(!confirm('<?php echo addslashes(htmlentities(get_lang('ConfirmYourChoice'))); ?>')) return false;"><img src="../img/delete.gif" border="0" align="absmiddle" alt="<?php echo get_lang('Delete'); ?>" /></a>
itQuestion=<?php echo $id; ?>"><img src="../img/edit.gif" border="0" alt="<?php echo get_lang('Modify'); ?>" /></a> <a href="<?php echo api_get_self(); ?>?deleteQuestion=<?php echo $id; ?>" onclick="javascript:if(!confirm('<?php echo addslashes(api_htmlentities(get_lang('ConfirmYourChoice'))); ?>')) return false;"><img src="../img/delete.gif" border="0" align="absmiddle" alt="<?php echo get_lang('Delete'); ?>" /></a>
<?php
if($i != 1) { ?>
<a href="<?php echo api_get_self(); ?>?moveUp=<?php echo $id; ?>"><img src="../img/up.gif" border="0" alt="<?php echo get_lang('MoveUp'); ?>"></a>
@ -151,4 +151,4 @@ if(!$i) {
}
?>
</table>
</div>
</div>

2
main/forum/viewthread_flat.inc.php
Unescape View File

@ -148,7 +148,7 @@ foreach ($rows as $row) {
echo ' "> '.$user_filename.' </a>';
echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span>';
if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
}
echo '</td></tr>';
}

2
main/forum/viewthread_nested.inc.php
Unescape View File

@ -148,7 +148,7 @@ foreach ($rows as $post) {
echo ' "> '.$user_filename.' </a>';
echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span>';
if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
}
echo '</td></tr>';
}

2
main/forum/viewthread_threaded.inc.php
Unescape View File

@ -343,7 +343,7 @@ if (!empty($attachment_list))
echo ' "> '.$user_filename.' </a>';
echo '<span class="forum_attach_comment" >'.$attachment_list['comment'].'</span>';
if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
}
echo '</td></tr>';
}

12
main/link/link.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: link.php 20497 2009-05-11 21:07:26Z juliomontoya $
<?php // $Id: link.php 20716 2009-05-16 07:28:22Z ivantcholakov $
/*
==============================================================================
Dokeos - elearning and course management software
@ -341,7 +341,7 @@ if (is_allowed_to_edit() and isset($_GET['action'])) {
<span class="form_required">*</span> '.get_lang('CategoryName').'
</div>
<div class="formw">
<input type="text" name="category_title" size="50" value="'.htmlentities($category_title,ENT_QUOTES,$charset).'" />
<input type="text" name="category_title" size="50" value="'.api_htmlentities($category_title,ENT_QUOTES,$charset).'" />
</div>
</div>';
@ -350,7 +350,7 @@ if (is_allowed_to_edit() and isset($_GET['action'])) {
'.get_lang('Description').'
</div>
<div class="formw">
<textarea rows="3" cols="50" name="description">'.htmlentities($description,ENT_QUOTES,$charset).'</textarea>
<textarea rows="3" cols="50" name="description">'.api_htmlentities($description,ENT_QUOTES,$charset).'</textarea>
</div>
</div>';
@ -407,13 +407,13 @@ if (empty($_GET['action']) || ($_GET['action']!='editlink' && $_GET['action']!='
for($j = 1; $j <= $aantalcategories; $j++) {
echo "0";
}
echo "\">$shownone</a>";
echo "\">".get_lang('shownone')."</a>";
echo Display::return_icon('add.gif', $showall)." <a href=\"".api_get_self()."?".api_get_cidreq()."&urlview=";
for($j = 1; $j <= $aantalcategories; $j++)
{
echo "1";
}
echo "\">$showall</a>";
echo "\">".get_lang('showall')."</a>";
}
echo '</div>';
@ -463,7 +463,7 @@ if (empty($_GET['action']) || ($_GET['action']!='editlink' && $_GET['action']!='
echo '<tr>';
echo '<th width="81%" style="font-weight: bold; text-align:left;padding-left: 5px;">';
echo '<a href="'.api_get_self()."?".api_get_cidreq()."&urlview=".Security::remove_XSS($newurlview)."\">";
echo "<img src=../img/remove.gif>&nbsp;&nbsp;".htmlentities($myrow["category_title"],ENT_QUOTES,$charset)."</a><br/>&nbsp;&nbsp;&nbsp;".$myrow["description"];
echo "<img src=../img/remove.gif>&nbsp;&nbsp;".api_htmlentities($myrow["category_title"],ENT_QUOTES,$charset)."</a><br/>&nbsp;&nbsp;&nbsp;".$myrow["description"];
if (is_allowed_to_edit())
{

6
main/messages/message.class.php
Unescape View File

@ -181,8 +181,8 @@ class MessageManager {
public static function send_message ($receiver_user_id, $title, $content) {
global $charset;
$table_message = Database::get_main_table(TABLE_MESSAGE);
$title = mb_convert_encoding($title,$charset,'UTF-8');
$content = mb_convert_encoding($content,$charset,'UTF-8');
$title = api_convert_encoding($title,$charset,'UTF-8');
$content = api_convert_encoding($content,$charset,'UTF-8');
//message in inbox
$sql = "SELECT COUNT(*) as count FROM $table_message WHERE user_sender_id = ".api_get_user_id()." AND user_receiver_id='".Database::escape_string($receiver_user_id)."' AND title = '".Database::escape_string($title)."' AND content ='".Database::escape_string($content)."' ";
$res_exist = api_sql_query($sql,__FILE__,__LINE__);
@ -300,7 +300,7 @@ class MessageManager {
$message[2] = '<a onclick="show_sent_message ('.$result[0].')" href="#../messages/view_message.php?id_send='.$result[0].'">'.GetFullUserName($result[4]).'</a>';
$message[3] = '<a onclick="show_sent_message ('.$result[0].')" href="#../messages/view_message.php?id_send='.$result[0].'">'.$result[2].'</a>';
$message[5] = '<a href="new_message.php?re_id='.$result[0].'">'.Display::return_icon('message_reply.png',get_lang('ReplyToMessage')).'</a>'.
'&nbsp;&nbsp;<a href="outbox.php?action=deleteone&id='.$result[0].'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang('ConfirmDeleteMessage')))."'".')) return false;">'.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).'</a>';
'&nbsp;&nbsp;<a href="outbox.php?action=deleteone&id='.$result[0].'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmDeleteMessage')))."'".')) return false;">'.Display::return_icon('message_delete.png',get_lang('DeleteMessage')).'</a>';
}
$message[4] = $result[3]; //date stays the same
foreach($message as $key => $value) {

4
main/reservation/m_category.php
Unescape View File

@ -51,7 +51,7 @@ $interbreadcrumb[] = array ("url" => "../admin/index.php", "name" => get_lang('P
* @param - int $id The ResourceType-id
*/
function modify_filter($id) {
return '<a href="m_category.php?action=edit&amp;id='.$id.'" title="'.get_lang("EditResourceType").'"><img alt="" src="../img/edit.gif" /></a>'.' <a href="m_category.php?action=delete&amp;id='.$id.'" title="'.get_lang("DeleteResourceType").'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmDeleteResourceType")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
return '<a href="m_category.php?action=edit&amp;id='.$id.'" title="'.get_lang("EditResourceType").'"><img alt="" src="../img/edit.gif" /></a>'.' <a href="m_category.php?action=delete&amp;id='.$id.'" title="'.get_lang("DeleteResourceType").'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmDeleteResourceType")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
}
/**
@ -146,4 +146,4 @@ switch ($_GET['action']) {
*/
Display :: display_footer();
?>
?>

4
main/reservation/m_item.php
Unescape View File

@ -59,7 +59,7 @@ function modify_filter($id) {
$str.='<a href="m_item.php?action=edit&amp;id='.$id.'" title="'.get_lang("EditItem2").'"><img alt="" src="../img/edit.gif" /></a>';
}
//if(Rsys::item_allow($id,'m_rights')) $str.=' &nbsp;<a href="m_item.php?action=m_rights&amp;item_id='.$id.'" title="'.get_lang("MRights").'"><img alt="" src="../img/info_small.gif" /></a>';
if(Rsys::item_allow($id,'delete')) $str.=' <a href="m_item.php?action=delete&amp;id='.$id.'" title="'.get_lang('DeleteResource').'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmDeleteResource")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
if(Rsys::item_allow($id,'delete')) $str.=' <a href="m_item.php?action=delete&amp;id='.$id.'" title="'.get_lang('DeleteResource').'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmDeleteResource")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
return $str;
}
@ -70,7 +70,7 @@ function modify_filter($id) {
* @param - int $id The item-rights-id's
*/
function modify_rights_filter($id) {
return ' <a href="m_item.php?action=m_rights&amp;subaction=delete&amp;item_id='.substr($id, 0, strpos($id, '-')).'&amp;class_id='.substr($id, strrpos($id, '-') + 1).'" title="'.get_lang("RemoveClassRights").'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmDeleteResource")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
return ' <a href="m_item.php?action=m_rights&amp;subaction=delete&amp;item_id='.substr($id, 0, strpos($id, '-')).'&amp;class_id='.substr($id, strrpos($id, '-') + 1).'" title="'.get_lang("RemoveClassRights").'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmDeleteResource")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
}
/**

4
main/reservation/m_item_origineel.php
Unescape View File

@ -50,7 +50,7 @@ function modify_filter($id) {
$str.='<a href="m_item.php?action=edit&amp;id='.$id.'" title="'.get_lang("EditItem2").'"><img alt="" src="../img/edit.gif" /></a>';
}
if(Rsys::item_allow($id,'m_rights')) $str.=' &nbsp;<a href="m_item.php?action=m_rights&amp;item_id='.$id.'" title="'.get_lang("MRights").'"><img alt="" src="../img/info_small.gif" /></a>';
if(Rsys::item_allow($id,'delete')) $str.=' <a href="m_item.php?action=delete&amp;id='.$id.'" title="'.get_lang("DeleteItem").'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmDeleteItem")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
if(Rsys::item_allow($id,'delete')) $str.=' <a href="m_item.php?action=delete&amp;id='.$id.'" title="'.get_lang("DeleteItem").'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmDeleteItem")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
if(Rsys::item_allow($id,'edit')){
$number = Rsys :: get_item($id);
$str.= ' <a href="m_item.php?action=blackout&amp;id='.$id.'" title="'.get_lang("Blackout").'"><img alt="" src="../img/blackout'.$number[5].'.gif" /></a>';
@ -430,4 +430,4 @@ switch ($_GET['action']) {
*/
Display :: display_footer();
?>
?>

2
main/reservation/m_reservation.php
Unescape View File

@ -45,7 +45,7 @@ $tool_name = get_lang('BookingPeriodList');
function modify_filter($id) {
$out = ' <a href="m_reservation.php?action=accept&amp;rid='.$id.'" alt="'.get_lang('AutoAccept').'"><img title="'.get_lang('AutoAccept').'" alt="'.get_lang('AutoAccept').'" src="../img/students.gif" /></a>';
$out .= '<a href="m_reservation.php?action=edit&amp;id='.$id.'" alt="'.get_lang('EditBookingPeriod').'"><img title="'.get_lang('EditBookingPeriod').'" alt="'.get_lang('EditBookingPeriod').'" src="../img/edit.gif" /></a>';
$out .= ' <a href="m_reservation.php?action=delete&amp;id='.$id.'" alt="'.get_lang('DeleteBookingPeriod').'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmDeleteBookingPeriod")))."'".')) return false;"><img title="'.get_lang('DeleteBookingPeriod').'" alt="'.get_lang('DeleteBookingPeriod').'" src="../img/delete.gif" /></a>';
$out .= ' <a href="m_reservation.php?action=delete&amp;id='.$id.'" alt="'.get_lang('DeleteBookingPeriod').'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmDeleteBookingPeriod")))."'".')) return false;"><img title="'.get_lang('DeleteBookingPeriod').'" alt="'.get_lang('DeleteBookingPeriod').'" src="../img/delete.gif" /></a>';
return $out;
}

4
main/reservation/mysubscriptions.php
Unescape View File

@ -44,7 +44,7 @@ $tool_name = get_lang('Booking');
* Filter to display the modify-buttons
*/
function modify_filter($id){
return ' <a href="mysubscriptions.php?action=delete&amp;reservation_id='.substr($id,0,strpos($id,'-')).'&amp;dummy='.substr($id,strrpos($id,'-')+1).'" title="'.get_lang("DeleteSubscription").'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmDeleteSubscription")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
return ' <a href="mysubscriptions.php?action=delete&amp;reservation_id='.substr($id,0,strpos($id,'-')).'&amp;dummy='.substr($id,strrpos($id,'-')+1).'" title="'.get_lang("DeleteSubscription").'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmDeleteSubscription")))."'".')) return false;"><img alt="" src="../img/delete.gif" /></a>';
}
/**
@ -105,4 +105,4 @@ switch ($_GET['action']) {
*/
Display :: display_footer();
?>
?>

6
main/work/work.lib.php
Unescape View File

@ -1,4 +1,4 @@
<?php //$Id: work.lib.php 20709 2009-05-15 19:12:37Z ivantcholakov $
<?php //$Id: work.lib.php 20716 2009-05-16 07:28:22Z ivantcholakov $
/* For licensing terms, see /dokeos_license.txt */
/**
* @package dokeos.work
@ -6,7 +6,7 @@
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University - ability for course admins to specify wether uploaded documents are visible or invisible by default.
* @author Roan Embrechts, code refactoring and virtual course support
* @author Frederic Vauthier, directories management
* @version $Id: work.lib.php 20709 2009-05-15 19:12:37Z ivantcholakov $
* @version $Id: work.lib.php 20716 2009-05-16 07:28:22Z ivantcholakov $
*/
/**
* Displays action links (for admins, authorized groups members and authorized students)
@ -52,7 +52,7 @@ function display_action_links($cur_dir_path, $always_show_tool_options, $always_
{
// delete all files
$display_output .= "<a href=\"".api_get_self()."?".api_get_cidreq()."&amp;curdirpath=".$cur_dir_path."&amp;origin=$origin&amp;gradebook=$gradebook&amp;delete=all\" ".
"onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset))."')) return false;\">".
"onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset))."')) return false;\">".
Display::return_icon('delete.gif', get_lang('Delete')).' '.get_lang('DeleteAllFiles')."</a>";
// make all files visible or invisible

6
whoisonline.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: whoisonline.php 20561 2009-05-12 19:35:39Z juliomontoya $
<?php // $Id: whoisonline.php 20716 2009-05-16 07:28:22Z ivantcholakov $
/*
==============================================================================
Dokeos - elearning and course management software
@ -382,7 +382,7 @@ else
Display::display_header(get_lang('UsersOnLineList'));
Display::display_error_message(get_lang('AccessNotAllowed'));
}
$referer = empty($_GET['referer'])?'index.php':htmlentities(strip_tags($_GET['referer']),ENT_QUOTES,$charset);
$referer = empty($_GET['referer'])?'index.php':api_htmlentities(strip_tags($_GET['referer']),ENT_QUOTES,$charset);
echo '<div class="actions">';
if (isset($_GET['id'])) {
echo '<a href="whoisonline.php" class="fake_button_back">'.get_lang('Back').'</a>';
@ -397,4 +397,4 @@ echo '</div>';
*/
/*echo '<div align="center"><a href="http://main.svndokeos.net/main/upload/users/4/4_49aeb3bb8bba5.jpg" class="thickbox">hola</a></div>';*/
Display::display_footer();
?>
?>

Write Preview
Loading…
Cancel
Save