chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge

Browse Source
skala
Julio Montoya 16 years ago
parent 29454c61e9 01d447793c
commit 2ced4dc643
7 changed files with 322 additions and 456 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 511
      main/forum/forumfunction.inc.php
  2. 33
      main/forum/newthread.php
  3. 45
      main/forum/reply.php
  4. 79
      main/forum/viewthread.php
  5. 27
      main/forum/viewthread_flat.inc.php
  6. 24
      main/forum/viewthread_nested.inc.php
  7. 59
      main/forum/viewthread_threaded.inc.php

511
main/forum/forumfunction.inc.php
View File

File diff suppressed because it is too large Load Diff

33
main/forum/newthread.php
Unescape View File

@ -29,6 +29,7 @@ $language_file = array('forum','document');
// including the global dokeos file // including the global dokeos file
require_once '../inc/global.inc.php'; require_once '../inc/global.inc.php';
require_once '../gradebook/lib/gradebook_functions.inc.php'; require_once '../gradebook/lib/gradebook_functions.inc.php';
// the section (tabs) // the section (tabs)
$this_section=SECTION_COURSES; $this_section=SECTION_COURSES;
@ -36,10 +37,10 @@ $this_section=SECTION_COURSES;
api_protect_course_script(true); api_protect_course_script(true);
// including additional library scripts // including additional library scripts
require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'); require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
include_once (api_get_path(LIBRARY_PATH).'groupmanager.lib.php'); require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
$nameTools=get_lang('Forum');
$nameTools = get_lang('Forum');
/* /*
----------------------------------------------------------- -----------------------------------------------------------
@ -89,28 +90,28 @@ $current_forum_category=get_forumcategory_information($current_forum['forum_cate
*/ */
if (isset($_SESSION['gradebook'])){ if (isset($_SESSION['gradebook'])){
$gradebook= $_SESSION['gradebook']; $gradebook = Security::remove_XSS($_SESSION['gradebook']);
} }
if (!empty($gradebook) && $gradebook=='view') { if (!empty($gradebook) && $gradebook=='view') {
$interbreadcrumb[]= array ( $interbreadcrumb[]= array (
'url' => '../gradebook/'.$_SESSION['gradebook_dest'], 'url' => '../gradebook/'.Security::remove_XSS($_SESSION['gradebook_dest']),
'name' => get_lang('Gradebook') 'name' => get_lang('Gradebook')
); );
} }
if (!empty($_GET['gidReq'])) { if (!empty($_GET['gidReq'])) {
$toolgroup = Database::escape_string($_GET['gidReq']); $toolgroup = intval($_GET['gidReq']);
api_session_register('toolgroup'); api_session_register('toolgroup');
} }
$session_toolgroup = 0;
if (!empty($_SESSION['toolgroup'])) { if (!empty($_SESSION['toolgroup'])) {
$session_toolgroup = intval($_SESSION['toolgroup']);
$_clean['toolgroup']=(int)$_SESSION['toolgroup']; $group_properties = GroupManager :: get_group_properties($session_toolgroup);
$group_properties = GroupManager :: get_group_properties($_clean['toolgroup']);
$interbreadcrumb[] = array ("url" => "../group/group.php", "name" => get_lang('Groups')); $interbreadcrumb[] = array ("url" => "../group/group.php", "name" => get_lang('Groups'));
$interbreadcrumb[] = array ("url"=>"../group/group_space.php?gidReq=".$_SESSION['toolgroup'], "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')'); $interbreadcrumb[] = array ("url"=>"../group/group_space.php?gidReq=".$session_toolgroup, "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')');
$interbreadcrumb[]=array("url" => "viewforum.php?origin=".$origin."&gidReq=".$_SESSION['toolgroup']."&forum=".Security::remove_XSS($_GET['forum']),"name" => $current_forum['forum_title']); $interbreadcrumb[]=array("url" => "viewforum.php?origin=".$origin."&gidReq=".$session_toolgroup."&forum=".Security::remove_XSS($_GET['forum']),"name" => $current_forum['forum_title']);
$interbreadcrumb[]=array("url" => "newthread.php?origin=".$origin."&forum=".Security::remove_XSS($_GET['forum']),"name" => get_lang('NewTopic')); $interbreadcrumb[]=array("url" => "newthread.php?origin=".$origin."&forum=".Security::remove_XSS($_GET['forum']),"name" => get_lang('NewTopic'));
} else { } else {
$interbreadcrumb[]=array("url" => "index.php?gradebook=$gradebook","name" => $nameTools); $interbreadcrumb[]=array("url" => "index.php?gradebook=$gradebook","name" => $nameTools);
@ -124,9 +125,9 @@ if (!empty($_SESSION['toolgroup'])) {
----------------------------------------------------------- -----------------------------------------------------------
*/ */
if (isset($_POST['add_resources']) AND $_POST['add_resources']==get_lang('Resources')) { if (isset($_POST['add_resources']) AND $_POST['add_resources']==get_lang('Resources')) {
$_SESSION['formelements']=$_POST; $_SESSION['formelements'] = $_POST;
$_SESSION['origin']=$_SERVER['REQUEST_URI']; $_SESSION['origin'] = $_SERVER['REQUEST_URI'];
$_SESSION['breadcrumbs']=$interbreadcrumb; $_SESSION['breadcrumbs'] = $interbreadcrumb;
header("Location: ../resourcelinker/resourcelinker.php"); header("Location: ../resourcelinker/resourcelinker.php");
} }
@ -136,7 +137,7 @@ if (isset($_POST['add_resources']) AND $_POST['add_resources']==get_lang('Resour
----------------------------------------------------------- -----------------------------------------------------------
*/ */
if($origin=='learnpath') { if($origin=='learnpath') {
include(api_get_path(INCLUDE_PATH).'reduced_header.inc.php'); require_once api_get_path(INCLUDE_PATH).'reduced_header.inc.php';
} else { } else {
Display :: display_header(null); Display :: display_header(null);
//api_display_tool_title($nameTools); //api_display_tool_title($nameTools);
@ -191,7 +192,7 @@ handle_forum_and_forumcategories();
echo '<div class="actions">'; echo '<div class="actions">';
echo '<span style="float:right;">'.search_link().'</span>'; echo '<span style="float:right;">'.search_link().'</span>';
echo '<a href="index.php?gradebook='.$gradebook.'">'.Display::return_icon('back.png',get_lang('BackToForumOverview')).' '.get_lang('BackToForumOverview').'</a>'; echo '<a href="index.php?gradebook='.$gradebook.'">'.Display::return_icon('back.png',get_lang('BackToForumOverview')).' '.get_lang('BackToForumOverview').'</a>';
echo '<a href="viewforum.php?forum='.Security::remove_XSS($_GET['forum']).'&amp;gidReq='.$_SESSION['toolgroup'].'">'.Display::return_icon('forum.gif',get_lang('BackToForum')).' '.get_lang('BackToForum').'</a>'; echo '<a href="viewforum.php?forum='.Security::remove_XSS($_GET['forum']).'&amp;gidReq='.$session_toolgroup.'">'.Display::return_icon('forum.gif',get_lang('BackToForum')).' '.get_lang('BackToForum').'</a>';
echo '</div>'; echo '</div>';
/* /*

45
main/forum/reply.php
Unescape View File

@ -1,25 +1,5 @@
<?php <?php
/* /* For licensing terms, see /license.txt */
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2006-2008 Dokeos SPRL
Copyright (c) 2006 Ghent University (UGent)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, 108 rue du Corbeau, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/** /**
* These files are a complete rework of the forum. The database structure is * These files are a complete rework of the forum. The database structure is
@ -46,7 +26,7 @@
$language_file = array('forum','document'); $language_file = array('forum','document');
// including the global dokeos file // including the global dokeos file
require '../inc/global.inc.php'; require_once '../inc/global.inc.php';
// the section (tabs) // the section (tabs)
$this_section=SECTION_COURSES; $this_section=SECTION_COURSES;
@ -56,8 +36,8 @@ api_protect_course_script(true);
// including additional library scripts // including additional library scripts
require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'); require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
include_once (api_get_path(LIBRARY_PATH).'groupmanager.lib.php'); require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
$nameTools=get_lang('Forum'); $nameTools=get_lang('Forum');
$origin = ''; $origin = '';
@ -71,7 +51,7 @@ if(isset($_GET['origin'])) {
Including necessary files Including necessary files
----------------------------------------------------------- -----------------------------------------------------------
*/ */
require 'forumconfig.inc.php'; require_once 'forumconfig.inc.php';
require_once 'forumfunction.inc.php'; require_once 'forumfunction.inc.php';
@ -94,6 +74,7 @@ $htmlHeadXtra[] = '<script>
MAIN DISPLAY SECTION MAIN DISPLAY SECTION
============================================================================== ==============================================================================
*/ */
/* /*
----------------------------------------------------------- -----------------------------------------------------------
Retrieving forum and forum categorie information Retrieving forum and forum categorie information
@ -102,9 +83,9 @@ $htmlHeadXtra[] = '<script>
// we are getting all the information about the current forum and forum category. // we are getting all the information about the current forum and forum category.
// note pcool: I tried to use only one sql statement (and function) for this // note pcool: I tried to use only one sql statement (and function) for this
// but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table // but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table
$current_thread=get_thread_information(Security::remove_XSS($_GET['thread'])); // note: this has to be validated that it is an existing thread $current_thread = get_thread_information($_GET['thread']); // note: this has to be validated that it is an existing thread
$current_forum=get_forum_information($current_thread['forum_id']); // note: this has to be validated that it is an existing forum. $current_forum = get_forum_information($current_thread['forum_id']); // note: this has to be validated that it is an existing forum.
$current_forum_category=get_forumcategory_information(Security::remove_XSS($current_forum['forum_category'])); $current_forum_category = get_forumcategory_information(Security::remove_XSS($current_forum['forum_category']));
/* /*
----------------------------------------------------------- -----------------------------------------------------------
@ -112,12 +93,12 @@ $current_forum_category=get_forumcategory_information(Security::remove_XSS($curr
----------------------------------------------------------- -----------------------------------------------------------
*/ */
if (isset($_SESSION['gradebook'])){ if (isset($_SESSION['gradebook'])){
$gradebook= $_SESSION['gradebook']; $gradebook = Security::remove_XSS($_SESSION['gradebook']);
} }
if (!empty($gradebook) && $gradebook=='view') { if (!empty($gradebook) && $gradebook == 'view') {
$interbreadcrumb[]= array ( $interbreadcrumb[]= array (
'url' => '../gradebook/'.$_SESSION['gradebook_dest'], 'url' => '../gradebook/'.Security::remove_XSS($_SESSION['gradebook_dest']),
'name' => get_lang('Gradebook') 'name' => get_lang('Gradebook')
); );
} }
@ -229,7 +210,7 @@ echo '</table>';
// the form for the reply // the form for the reply
$my_action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : ''; $my_action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : '';
$my_post = isset($_GET['post']) ? Security::remove_XSS($_GET['post']) : ''; $my_post = isset($_GET['post']) ? Security::remove_XSS($_GET['post']) : '';
$my_elements = isset($_SESSION['formelements']) ? $_SESSION['formelements'] : ''; $my_elements = isset($_SESSION['formelements']) ? $_SESSION['formelements'] : '';
$values=show_add_post_form(Security::remove_XSS($my_action,$my_post, $my_elements)); // note: this has to be cleaned first $values=show_add_post_form(Security::remove_XSS($my_action,$my_post, $my_elements)); // note: this has to be cleaned first

79
main/forum/viewthread.php
Unescape View File

@ -1,28 +1,5 @@
<?php <?php
/* For licensing terms, see /license.txt */
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2004-2008 Dokeos SPRL
Copyright (c) 2003 Ghent University (UGent)
Copyright (c) 2001 Universite catholique de Louvain (UCL)
Copyright (c) various contributors
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/** /**
* @Author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @Author Patrick Cool <patrick.cool@UGent.be>, Ghent University
@ -32,13 +9,10 @@
* @package dokeos.forum * @package dokeos.forum
*/ */
// name of the language file that needs to be included // name of the language file that needs to be included
$language_file = array ( $language_file = array ('forum','group');
'forum',
'group'
);
// including the global dokeos file // including the global dokeos file
require '../inc/global.inc.php'; require_once '../inc/global.inc.php';
// the section (tabs) // the section (tabs)
$this_section=SECTION_COURSES; $this_section=SECTION_COURSES;
@ -47,20 +21,15 @@ $this_section=SECTION_COURSES;
api_protect_course_script(true); api_protect_course_script(true);
// including additional library scripts // including additional library scripts
require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'); require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
require_once (api_get_path(LIBRARY_PATH).'groupmanager.lib.php'); require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
//require_once (api_get_path(LIBRARY_PATH).'resourcelinker.lib.php');
$nameTools=get_lang('Forum');
/* require_once 'forumconfig.inc.php';
-----------------------------------------------------------
Including necessary files
-----------------------------------------------------------
*/
require 'forumconfig.inc.php';
require_once 'forumfunction.inc.php'; require_once 'forumfunction.inc.php';
$nameTools=get_lang('Forum');
//are we in a lp ? //are we in a lp ?
$origin = ''; $origin = '';
if (isset($_GET['origin'])) { if (isset($_GET['origin'])) {
@ -81,11 +50,11 @@ if (isset($_GET['origin'])) {
// we are getting all the information about the current forum and forum category. // we are getting all the information about the current forum and forum category.
// note pcool: I tried to use only one sql statement (and function) for this // note pcool: I tried to use only one sql statement (and function) for this
// but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table // but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table
$current_thread=get_thread_information($_GET['thread']); // note: this has to be validated that it is an existing thread $current_thread = get_thread_information($_GET['thread']); // note: this has to be validated that it is an existing thread
$current_forum=get_forum_information($current_thread['forum_id']); // note: this has to be validated that it is an existing forum. $current_forum = get_forum_information($current_thread['forum_id']); // note: this has to be validated that it is an existing forum.
$current_forum_category=get_forumcategory_information($current_forum['forum_category']); $current_forum_category = get_forumcategory_information($current_forum['forum_category']);
$whatsnew_post_info=$_SESSION['whatsnew_post_info']; $whatsnew_post_info = $_SESSION['whatsnew_post_info']; //this variable should be deprecated?
/* /*
----------------------------------------------------------- -----------------------------------------------------------
@ -98,10 +67,7 @@ $whatsnew_post_info=$_SESSION['whatsnew_post_info'];
if (!empty($_GET['gradebook']) && $_GET['gradebook']=='view' ) { if (!empty($_GET['gradebook']) && $_GET['gradebook']=='view' ) {
$_SESSION['gradebook']=Security::remove_XSS($_GET['gradebook']); $_SESSION['gradebook']=Security::remove_XSS($_GET['gradebook']);
$gradebook= $_SESSION['gradebook']; $gradebook= $_SESSION['gradebook'];
} /*elseif (empty($_GET['gradebook'])) { }
unset($_SESSION['gradebook']);
$gradebook= '';
} */
if (!empty($gradebook) && $gradebook=='view') { if (!empty($gradebook) && $gradebook=='view') {
$interbreadcrumb[] = array ( $interbreadcrumb[] = array (
@ -111,13 +77,12 @@ if (!empty($gradebook) && $gradebook=='view') {
} }
if (!empty($_SESSION['toolgroup'])) { if (!empty($_SESSION['toolgroup'])) {
$session_toolgroup = intval($_SESSION['toolgroup']);
$_clean['toolgroup']=(int)$_SESSION['toolgroup']; $group_properties = GroupManager :: get_group_properties($session_toolgroup);
$group_properties = GroupManager :: get_group_properties($_clean['toolgroup']); $interbreadcrumb[] = array("url"=>"../group/group.php", "name" => get_lang('Groups'));
$interbreadcrumb[] = array("url"=>"../group/group.php", "name" => get_lang('Groups')); $interbreadcrumb[] = array("url"=>"../group/group_space.php?gidReq=".$session_toolgroup, "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')');
$interbreadcrumb[] = array("url"=>"../group/group_space.php?gidReq=".$_SESSION['toolgroup'], "name"=> get_lang('GroupSpace').' ('.$group_properties['name'].')'); $interbreadcrumb[] = array("url"=>"viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&amp;gidReq=".$session_toolgroup."&amp;origin=".$origin."&amp;search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum['forum_title']));
$interbreadcrumb[] = array("url"=>"viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&amp;gidReq=".$_SESSION['toolgroup']."&amp;origin=".$origin."&amp;search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum['forum_title'])); $interbreadcrumb[] = array("url"=>"viewthread.php?forum=".Security::remove_XSS($_GET['forum'])."&gradebook=".$gradebook."&amp;thread=".Security::remove_XSS($_GET['thread']),"name" => prepare4display($current_thread['thread_title']));
$interbreadcrumb[] = array("url"=>"viewthread.php?forum=".Security::remove_XSS($_GET['forum'])."&gradebook=".$gradebook."&amp;thread=".Security::remove_XSS($_GET['thread']),"name" => prepare4display($current_thread['thread_title']));
Display :: display_header(''); Display :: display_header('');
api_display_tool_title($nameTools); api_display_tool_title($nameTools);
@ -126,11 +91,9 @@ if (!empty($_SESSION['toolgroup'])) {
$my_search=isset($_GET['search']) ? $_GET['search'] : ''; $my_search=isset($_GET['search']) ? $_GET['search'] : '';
if ($origin=='learnpath') { if ($origin=='learnpath') {
include(api_get_path(INCLUDE_PATH).'reduced_header.inc.php'); require_once api_get_path(INCLUDE_PATH).'reduced_header.inc.php';
} else { } else {
$interbreadcrumb[]=array("url" => "index.php?gradebook=$gradebook&search=".Security::remove_XSS(urlencode($my_search)),"name" => $nameTools); $interbreadcrumb[]=array("url" => "index.php?gradebook=$gradebook&search=".Security::remove_XSS(urlencode($my_search)),"name" => $nameTools);
$interbreadcrumb[]=array("url" => "viewforumcategory.php?forumcategory=".$current_forum_category['cat_id']."&amp;origin=".$origin."&amp;search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum_category['cat_title'])); $interbreadcrumb[]=array("url" => "viewforumcategory.php?forumcategory=".$current_forum_category['cat_id']."&amp;origin=".$origin."&amp;search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum_category['cat_title']));
$interbreadcrumb[]=array("url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&amp;origin=".$origin."&amp;search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum['forum_title'])); $interbreadcrumb[]=array("url" => "viewforum.php?forum=".Security::remove_XSS($_GET['forum'])."&amp;origin=".$origin."&amp;search=".Security::remove_XSS(urlencode($my_search)),"name" => prepare4display($current_forum['forum_title']));
@ -196,7 +159,7 @@ if ($my_message<>'PostDeletedSpecial') {
echo '<span style="float:right;">'.search_link().'</span>'; echo '<span style="float:right;">'.search_link().'</span>';
if ($origin != 'learnpath') { if ($origin != 'learnpath') {
echo '<a href="index.php?gradebook='.$gradebook.'">'.Display::return_icon('back.png',get_lang('BackToForumOverview')).' '.get_lang('BackToForumOverview').'</a>'; echo '<a href="index.php?gradebook='.$gradebook.'">'.Display::return_icon('back.png',get_lang('BackToForumOverview')).' '.get_lang('BackToForumOverview').'</a>';
echo '<a href="viewforum.php?&forum='.Security::remove_XSS($_GET['forum']).'&amp;gidReq='.$_SESSION['toolgroup'].'">'.Display::return_icon('forum.gif',get_lang('BackToForum')).' '.get_lang('BackToForum').'</a>'; echo '<a href="viewforum.php?&forum='.Security::remove_XSS($_GET['forum']).'&amp;gidReq='.$session_toolgroup.'">'.Display::return_icon('forum.gif',get_lang('BackToForum')).' '.get_lang('BackToForum').'</a>';
} }
// the reply to thread link should only appear when the forum_category is not locked AND the forum is not locked AND the thread is not locked. // the reply to thread link should only appear when the forum_category is not locked AND the forum is not locked AND the thread is not locked.
// if one of the three levels is locked then the link should not be displayed // if one of the three levels is locked then the link should not be displayed

27
main/forum/viewthread_flat.inc.php
Unescape View File

@ -1,25 +1,5 @@
<?php <?php
/* /* For licensing terms, see /license.txt */
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2008 Dokeos SPRL
Copyright (c) 2006 Ghent University (UGent)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/** /**
* @package dokeos.forum * @package dokeos.forum
*/ */
@ -133,9 +113,8 @@ foreach ($rows as $row) {
// The post message // The post message
//var_dump($messageclass); //we can see now the html tags
$row['post_text']= Security::remove_XSS($row['post_text'], STUDENT);
$row['post_text']= Security::remove_XSS($row['post_text']);
echo "\t<tr>\n"; echo "\t<tr>\n";
echo "\t\t<td class=\"$messageclass\">".prepare4display($row['post_text'])."</td>\n"; echo "\t\t<td class=\"$messageclass\">".prepare4display($row['post_text'])."</td>\n";

24
main/forum/viewthread_nested.inc.php
Unescape View File

@ -1,25 +1,5 @@
<?php <?php
/* /* For licensing terms, see /license.txt */
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2006 Dokeos SPRL
Copyright (c) 2006 Ghent University (UGent)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, 44 rue des palais, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/** /**
* @Author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @Author Patrick Cool <patrick.cool@UGent.be>, Ghent University
@ -130,7 +110,7 @@ foreach ($rows as $post) {
// The post message // The post message
$post['post_text']= Security::remove_XSS($post['post_text']); $post['post_text']= Security::remove_XSS($post['post_text'], STUDENT);
echo "\t<tr>\n"; echo "\t<tr>\n";
echo "\t\t<td class=\"$messageclass\">".prepare4display($post['post_text'])."</td>\n"; echo "\t\t<td class=\"$messageclass\">".prepare4display($post['post_text'])."</td>\n";

59
main/forum/viewthread_threaded.inc.php
Unescape View File

@ -1,25 +1,5 @@
<?php <?php
/* /* For licensing terms, see /license.txt */
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2006-2008 Dokeos SPRL
Copyright (c) 2006 Ghent University (UGent)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, 108 rue du Corbeau, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/** /**
* These files are a complete rework of the forum. The database structure is * These files are a complete rework of the forum. The database structure is
@ -56,12 +36,9 @@
$rows=get_posts($_GET['thread']); // note: this has to be cleaned first $rows=get_posts($_GET['thread']); // note: this has to be cleaned first
$rows=calculate_children($rows); $rows=calculate_children($rows);
if ($_GET['post']) if ($_GET['post']) {
{ $display_post_id = intval($_GET['post']); // note: this has to be cleaned first
$display_post_id=Security::remove_XSS($_GET['post']); // note: this has to be cleaned first } else {
}
else
{
// we need to display the first post // we need to display the first post
reset($rows); reset($rows);
$current=current($rows); $current=current($rows);
@ -70,8 +47,7 @@ else
//are we in a lp ? //are we in a lp ?
$origin = ''; $origin = '';
if(isset($_GET['origin'])) if(isset($_GET['origin'])) {
{
$origin = Security::remove_XSS($_GET['origin']); $origin = Security::remove_XSS($_GET['origin']);
} }
@ -206,14 +182,12 @@ unset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id
echo "<table width=\"100%\" class=\"post\" cellspacing=\"5\" border=\"0\">\n"; echo "<table width=\"100%\" class=\"post\" cellspacing=\"5\" border=\"0\">\n";
echo "\t<tr>\n"; echo "\t<tr>\n";
echo "\t\t<td rowspan=\"3\" class=\"$leftclass\">"; echo "\t\t<td rowspan=\"3\" class=\"$leftclass\">";
if ($rows[$display_post_id]['user_id']=='0') if ($rows[$display_post_id]['user_id']=='0') {
{
$name=prepare4display($rows[$display_post_id]['poster_name']); $name=prepare4display($rows[$display_post_id]['poster_name']);
} } else {
else
{
$name=api_get_person_name($rows[$display_post_id]['firstname'], $rows[$display_post_id]['lastname']); $name=api_get_person_name($rows[$display_post_id]['firstname'], $rows[$display_post_id]['lastname']);
} }
if (api_get_course_setting('allow_user_image_forum')) {echo '<br />'.display_user_image($rows[$display_post_id]['user_id'],$name, $origin).'<br />'; } if (api_get_course_setting('allow_user_image_forum')) {echo '<br />'.display_user_image($rows[$display_post_id]['user_id'],$name, $origin).'<br />'; }
echo display_user_link($rows[$display_post_id]['user_id'], $name, $origin).'<br />'; echo display_user_link($rows[$display_post_id]['user_id'], $name, $origin).'<br />';
echo api_get_local_time($rows[$display_post_id]['post_date'], null, null, date_default_timezone_get()).'<br /><br />'; echo api_get_local_time($rows[$display_post_id]['post_date'], null, null, date_default_timezone_get()).'<br /><br />';
@ -308,17 +282,14 @@ echo "\t</tr>\n";
// The post message // The post message
$rows[$display_post_id]['post_text']= Security::remove_XSS($rows[$display_post_id]['post_text']);
echo "\t<tr>\n"; echo "\t<tr>\n";
echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text']))."</td>\n"; echo "\t\t<td class=\"$messageclass\">".prepare4display(Security::remove_XSS($rows[$display_post_id]['post_text']), STUDENT)."</td>\n";
echo "\t</tr>\n"; echo "\t</tr>\n";
// The check if there is an attachment // The check if there is an attachment
$attachment_list=get_attachment($display_post_id); $attachment_list = get_attachment($display_post_id);
if (!empty($attachment_list)) if (!empty($attachment_list)) {
{
echo '<tr><td height="50%">'; echo '<tr><td height="50%">';
$realname=$attachment_list['path']; $realname=$attachment_list['path'];
$user_filename=$attachment_list['filename']; $user_filename=$attachment_list['filename'];
@ -327,7 +298,7 @@ if (!empty($attachment_list))
echo '<a href="download.php?file='; echo '<a href="download.php?file=';
echo $realname; echo $realname;
echo ' "> '.$user_filename.' </a>'; echo ' "> '.$user_filename.' </a>';
echo '<span class="forum_attach_comment" >'.Security::remove_XSS($attachment_list['comment'],STUDENT).'</span>'; echo '<span class="forum_attach_comment" >'.Security::remove_XSS($attachment_list['comment'], STUDENT).'</span>';
if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) {
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />'; echo '&nbsp;&nbsp;<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;origin='.Security::remove_XSS($_GET['origin']).'&amp;action=delete_attach&amp;id_attach='.$attachment_list['id'].'&amp;forum='.Security::remove_XSS($_GET['forum']).'&amp;thread='.Security::remove_XSS($_GET['thread']).'" onclick="javascript:if(!confirm(\''.addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;">'.Display::return_icon('delete.gif',get_lang('Delete')).'</a><br />';
} }
@ -354,8 +325,7 @@ echo $thread_structure;
* @return an array containing all the information on the posts of a thread * @return an array containing all the information on the posts of a thread
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
*/ */
function calculate_children($rows) function calculate_children($rows) {
{
foreach($rows as $row) foreach($rows as $row)
{ {
$rows_with_children[$row["post_id"]]=$row; $rows_with_children[$row["post_id"]]=$row;
@ -368,8 +338,7 @@ function calculate_children($rows)
return $sorted_rows; return $sorted_rows;
} }
function _phorum_recursive_sort($rows, &$threads, $seed=0, $indent=0) function _phorum_recursive_sort($rows, &$threads, $seed=0, $indent=0) {
{
if($seed>0) if($seed>0)
{ {
$threads[$rows[$seed]["post_id"]]=$rows[$seed]; $threads[$rows[$seed]["post_id"]]=$rows[$seed];

Write Preview
Loading…
Cancel
Save