chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r20343] Security improvements see FS#4120

Browse Source
skala
Julio Montoya 17 years ago
parent 53a01335b3
commit 2df6f0f68d
6 changed files with 37 additions and 16 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/auth/courses.php
  2. 19
      main/calendar/myagenda.inc.php
  3. 18
      main/calendar/myagenda.php
  4. 4
      main/course_info/infocours.php
  5. 2
      main/inc/lib/course.lib.php
  6. 6
      main/mySpace/myStudents.php

4
main/auth/courses.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: courses.php 19685 2009-04-09 13:02:29Z iflorespaz $
<?php // $Id: courses.php 20343 2009-05-05 20:31:47Z juliomontoya $
/*
==============================================================================
Dokeos - elearning and course management software
@ -467,7 +467,7 @@ function display_search_courses()
echo "<form class=\"course_list\" method=\"post\" action=\"".api_get_self()."?action=subscribe\">",
'<input type="hidden" name="sec_token" value="'.$stok.'">',
"<input type=\"hidden\" name=\"search_course\" value=\"1\" />",
"<input type=\"text\" name=\"search_term\" value=\"".(empty($_POST['search_term'])?'':$_POST['search_term'])."\" />",
"<input type=\"text\" name=\"search_term\" value=\"".(empty($_POST['search_term'])?'':Security::remove_XSS($_POST['search_term']))."\" />",
"&nbsp;<button class=\"search\" type=\"submit\">",get_lang("_search")," </button>",
"</form>";
if (isset($_POST['search_course']))

19
main/calendar/myagenda.inc.php
Unescape View File

@ -320,6 +320,11 @@ function show_new_personal_item_form($id = "")
// if an $id is passed to this function this means we are editing an item
// we are loading the information here (we do this after everything else
// to overwrite the default information)
if ($id != strval(intval($id))) {
return false; //potential SQL injection
}
if ($id <> "")
{
$sql = "SELECT * FROM ".$tbl_personal_agenda." WHERE user='".$_user['user_id']."' AND id='".$id."'";
@ -480,6 +485,15 @@ function store_personal_item($day, $month, $year, $hour, $minute, $title, $conte
global $_user;
//constructing the date
$date = $year."-".$month."-".$day." ".$hour.":".$minute.":00";
$date = Database::escape_string($date);
$title = Database::escape_string($title);
$content = Database::escape_string($content);
if ($id != strval(intval($id))) {
return false; //potential SQL injection
}
if ($id <> "")
{ // we are updating
$sql = "UPDATE ".$tbl_personal_agenda." SET user='".$_user['user_id']."', title='".$title."', text='".$content."', date='".$date."' WHERE id='".$id."'";
@ -858,6 +872,11 @@ function delete_personal_agenda($id)
{
global $tbl_personal_agenda;
global $_user;
if ($id != strval(intval($id))) {
return false; //potential SQL injection
}
if ($id <> '')
{
$sql = "SELECT * FROM ".$tbl_personal_agenda." WHERE user='".$_user['user_id']."' AND id='".$id."'";

18
main/calendar/myagenda.php
Unescape View File

@ -1,4 +1,4 @@
<?php //$Id: myagenda.php 19108 2009-03-17 17:35:50Z ndieschburg $
<?php //$Id: myagenda.php 20343 2009-05-05 20:31:47Z juliomontoya $
/*
==============================================================================
Dokeos - elearning and course management software
@ -77,13 +77,13 @@ $nameTools = get_lang('MyAgenda');
// if we come from inside a course and click on the 'My Agenda' link we show a link back to the course
// in the breadcrumbs
if(!empty($_GET['coursePath']))
{
if(!empty($_GET['coursePath'])) {
$course_path = htmlentities(strip_tags($_GET['coursePath']),ENT_QUOTES,$charset);
$course_path = str_replace(array('../','..\\'),array('',''),$course_path);
}
if (!empty ($course_path))
{
$interbreadcrumb[] = array ('url' => api_get_path(WEB_COURSE_PATH).urlencode($course_path).'/index.php', 'name' => $_GET['courseCode']);
if (!empty ($course_path)) {
$interbreadcrumb[] = array ('url' => api_get_path(WEB_COURSE_PATH).urlencode($course_path).'/index.php', 'name' => Security::remove_XSS($_GET['courseCode']));
}
// this loads the javascript that is needed for the date popup selection
$htmlHeadXtra[] = "<script src=\"tbl_change.js\" type=\"text/javascript\" language=\"javascript\"></script>";
@ -127,9 +127,9 @@ if (empty($_SESSION['view']))
$_SESSION['view'] = "month";
}
// 2. Storing it in the session. If we change the view by clicking on the links left, we change the session
if (!empty($_GET['view']))
{
$_SESSION['view'] = $_GET['view'];
if (!empty($_GET['view'])) {
$_SESSION['view'] = Security::remove_XSS($_GET['view']);
}
// 3. The views: (month, week, day, personal)
if ($_SESSION['view'])

4
main/course_info/infocours.php
Unescape View File

@ -1,4 +1,4 @@
<?php // $Id: infocours.php 20208 2009-04-30 00:01:52Z yannoo $
<?php // $Id: infocours.php 20343 2009-05-05 20:31:47Z juliomontoya $
/*
==============================================================================
@ -154,6 +154,8 @@ $visual_code=$form->addElement('text','visual_code', get_lang('Code'));
$form->applyFilter('visual_code', 'strtoupper');
//$form->add_textfield('tutor_name', get_lang('Professors'), true, array ('size' => '60'));
$prof = &$form->addElement('select', 'tutor_name', get_lang('Professors'), $a_profs);
$form->applyFilter('tutor_name','html_filter');
$prof -> setSelected($s_selected_tutor);
$form->add_textfield('title', get_lang('Title'), true, array ('size' => '60'));
$form->applyFilter('title','html_filter');

2
main/inc/lib/course.lib.php
Unescape View File

@ -1461,7 +1461,7 @@ class CourseManager
//above was the normal course creation table update call,
//now one more thing: fill in the target_course_code field
$sql_query = "UPDATE $course_table SET target_course_code = '$real_course_code' WHERE code = '$course_sys_code' LIMIT 1 ";
$sql_query = "UPDATE $course_table SET target_course_code = '$real_course_code' WHERE code = '".Database::escape_string($course_sys_code)."' LIMIT 1 ";
api_sql_query($sql_query, __FILE__, __LINE__);
return true;

6
main/mySpace/myStudents.php
Unescape View File

@ -1,4 +1,4 @@
<?php //$Id: myStudents.php 20184 2009-04-29 16:28:20Z iflorespaz $
<?php //$Id: myStudents.php 20343 2009-05-05 20:31:47Z juliomontoya $
/* For licensing terms, see /dokeos_license.txt */
/**
* Implements the tracking of students in the Reporting pages
@ -123,7 +123,7 @@ function calculHours($seconds)
function is_teacher($course_code){
global $_user;
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql="SELECT 1 FROM $tbl_course_user WHERE user_id='".$_user["user_id"]."' AND course_code='".$course_code."' AND status='1'";
$sql="SELECT 1 FROM $tbl_course_user WHERE user_id='".$_user["user_id"]."' AND course_code='".Database::escape_string($course_code)."' AND status='1'";
$result=api_sql_query($sql,__FILE__,__LINE__);
if(Database::result($result)!=1)
{
@ -190,7 +190,7 @@ if(!empty($_GET['student']))
echo '<div class="actions">
<a href="#" onclick="window.print()"><img src="../img/printmgr.gif">&nbsp;'.get_lang('Print').'</a>
<a href="'.api_get_self().'?'.$_SERVER['QUERY_STRING'].'&export=csv"><img src="../img/excel.gif">&nbsp;'.get_lang('ExportAsCSV').'</a>
<a href="'.api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']).'&export=csv"><img src="../img/excel.gif">&nbsp;'.get_lang('ExportAsCSV').'</a>
</div>';
// is the user online ?

Write Preview
Loading…
Cancel
Save