Merge branch '1.10.x' of github.com:chamilo/chamilo-lms into 1.10.x

9 years ago · 2f678b06d7
parent 287baedc06 c585f57ac3
commit 2f678b06d7
18 changed files with 125 additions and 71 deletions
--- a/main/announcements/announcements.php
+++ b/main/announcements/announcements.php
@ -318,6 +318,14 @@ switch ($action) {

        $form->addElement('text', 'title', get_lang('EmailTitle'));
        $form->addElement('hidden', 'id');
+        $htmlTags = "<b>".get_lang('Tags')."</b></br></br>";
+        $tags = AnnouncementManager::get_tags();
+        
+        foreach ($tags as $tag) {
+            $htmlTags .= "<b>".$tag."</b></br>";
+        }
+        
+        $form->addHtml("<div class='form-group'><div class='col-sm-2'></div><div class='col-sm-8'><div class='alert alert-info'>".$htmlTags."</div></div></div>");
        $form->addHtmlEditor(
            'content',
            get_lang('Description'),
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -607,8 +607,8 @@ if ($form->validate()) {
                        $admin_info['user_id'],
                        $emailsubject,
                        $emailbody,
-                        null,
-                        null,
+                        [],
+                        [],
                        null,
                        null,
                        null,
--- a/main/calendar/agenda_list.php
+++ b/main/calendar/agenda_list.php
@ -33,6 +33,14 @@ if (!empty($currentCourseId) && $currentCourseId != -1) {
    $this_section = SECTION_COURSES;
 } else {
    // Agenda is out of the course tool (e.g personal agenda)
+    
+    // Little hack to sort the events by start date in personal agenda (Agenda events List view - See #8014)
+    usort($events, function($a, $b) {
+        $t1 = strtotime($a['start']);
+        $t2 = strtotime($b['start']);
+        return $t1 - $t2;
+    });
+    
    $url = false;
    if (!empty($events)) {
        foreach ($events as &$event) {
--- a/main/dropbox/dropbox_functions.inc.php
+++ b/main/dropbox/dropbox_functions.inc.php
@ -647,17 +647,18 @@ function display_add_form($dropbox_unid, $viewReceivedCategory, $viewSentCategor
            }
            $userId = $current_user['user_id'];
            $userInfo = api_get_user_info($userId);
+            if ($userInfo['status'] != 20) {
+                $groupNameListToString = '';
+                if (!empty($groups)) {
+                    $groupNameList = array_column($groups, 'name');
+                    $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
+                }
+                $groups = $userGroup->getUserGroupListByUser($userId);

-            $groupNameListToString = '';
-            if (!empty($groups)) {
-                $groupNameList = array_column($groups, 'name');
-                $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
+                $full_name = $userInfo['complete_name'].$groupNameListToString;
+                $current_user_id = $current_user['user_id'];
+                $options['user_' . $current_user_id] = $full_name;
            }
-            $groups = $userGroup->getUserGroupListByUser($userId);
-
-            $full_name = $userInfo['complete_name'].$groupNameListToString;
-            $current_user_id = $current_user['user_id'];
-            $options['user_' . $current_user_id] = $full_name;
        }
    }

@ -1045,7 +1046,7 @@ function store_add_dropbox()
    new Dropbox_SentWork(
        $_user['user_id'],
        $dropbox_title,
-        $_POST['description'],
+        isset($_POST['description']) ? $_POST['description'] : '',
        strip_tags($_POST['authors']),
        $dropbox_filename,
        $dropbox_filesize,
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@ -3925,7 +3925,7 @@ function send_mail($user_info = array(), $thread_information = array())
    $email_body .= get_lang('ThreadCanBeFoundHere')." : <br /><a href=\"".$thread_link."\">".$thread_link."</a>\n";

    if ($user_info['user_id'] <> $user_id) {
-        MessageManager::send_message($user_info['user_id'], $subject, $email_body, null, null, null, null, null, null, $user_id);
+        MessageManager::send_message($user_info['user_id'], $subject, $email_body, [], [], null, null, null, null, $user_id);
    }
 }

--- a/main/group/group_space.php
+++ b/main/group/group_space.php
@ -369,7 +369,7 @@ function get_number_of_group_users()
    $table_group_user = Database :: get_course_table(TABLE_GROUP_USER);

    // Query
-    $sql = "SELECT count(id) AS number_of_users
+    $sql = "SELECT count(iid) AS number_of_users
            FROM ".$table_group_user."
            WHERE c_id = $course_id AND group_id='".Database::escape_string($current_group['id'])."'";
    $result = Database::query($sql);
--- a/main/group/member_settings.php
+++ b/main/group/member_settings.php
@ -136,23 +136,26 @@ $userGroup = new UserGroup();
 if (!empty($complete_user_list)) {
    usort($complete_user_list, 'sort_users');
    foreach ($complete_user_list as $index => $user) {
-        $officialCode = !empty($user['official_code']) ? ' - '.$user['official_code'] : null;
-
-        $groups = $userGroup->getUserGroupListByUser($user['user_id']);
-        $groupNameListToString = '';
-        if (!empty($groups)) {
-            $groupNameList = array_column($groups, 'name');
-            $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
-        }
+        //prevent invitee users add to groups - see #8091
+        if ($user['status'] != 20) {
+            $officialCode = !empty($user['official_code']) ? ' - '.$user['official_code'] : null;
+
+            $groups = $userGroup->getUserGroupListByUser($user['user_id']);
+            $groupNameListToString = '';
+            if (!empty($groups)) {
+                $groupNameList = array_column($groups, 'name');
+                $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
+            }

-        $name = api_get_person_name($user['firstname'], $user['lastname']).
-                ' ('.$user['username'].')'.$officialCode;
+            $name = api_get_person_name($user['firstname'], $user['lastname']).
+                    ' ('.$user['username'].')'.$officialCode;

-        if ($orderUserListByOfficialCode === 'true') {
-            $officialCode = !empty($user['official_code']) ? $user['official_code']." - " : '? - ';
-            $name = $officialCode." ".api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')';
+            if ($orderUserListByOfficialCode === 'true') {
+                $officialCode = !empty($user['official_code']) ? $user['official_code']." - " : '? - ';
+                $name = $officialCode." ".api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')';
+            }
+            $possible_users[$user['user_id']] = $name.$groupNameListToString;
        }
-        $possible_users[$user['user_id']] = $name.$groupNameListToString;
    }
 }

--- a/main/inc/lib/api.lib.php
+++ b/main/inc/lib/api.lib.php
@ -6775,7 +6775,7 @@ function api_get_real_ip(){
    $ip = trim($_SERVER['REMOTE_ADDR']);
    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        if (preg_match('/,/', $_SERVER['HTTP_X_FORWARDED_FOR'])) {
-            list($ip1, $ip2) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+            @list($ip1, $ip2) = @explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
        } else {
            $ip1 = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
@ -7943,8 +7943,11 @@ function api_mail_html(

    $mailView = new Template(null, false, false, false, false, false, false);
    $mailView->assign('content', $message);
-    $link = $additionalParameters['link'];
-    $mailView->assign('link', $link);
+
+    if (isset($additionalParameters['link'])) {
+        $mailView->assign('link', $additionalParameters['link']);
+    }
+
    $layout = $mailView->get_template('mail/mail.tpl');
    $mail->Body = $mailView->fetch($layout);

--- a/main/inc/lib/database.lib.php
+++ b/main/inc/lib/database.lib.php
@ -329,8 +329,9 @@ class Database
            try {
                $result = $connection->executeQuery($query);
            } catch (Exception $e) {
-                 error_log($e->getMessage());
+                error_log($e->getMessage());
                api_not_allowed(false, get_lang('GeneralError'));
+
                exit;
            }
        }
--- a/main/inc/lib/javascript/chat/video.php
+++ b/main/inc/lib/javascript/chat/video.php
@ -34,7 +34,7 @@ if ($isSender) {
 $idUserLocal = api_get_user_id();
 $userLocal = api_get_user_info($idUserLocal, true);
 $htmlHeadXtra[] = '<script type="text/javascript" src="'
-    . api_get_path(WEB_PATH) . 'web/assets/simplewebrtc/latest.js'
+    . api_get_path(WEB_PATH) . 'web/assets/SimpleWebRTC/latest.js'
    . '"></script>' . "\n";

 $template = new Template();
--- a/main/inc/lib/message.lib.php
+++ b/main/inc/lib/message.lib.php
@ -196,8 +196,8 @@ class MessageManager
        $receiver_user_id,
        $subject,
        $content,
-        $file_attachments = array(),
-        $file_comments = array(),
+        array $file_attachments = [],
+        array $file_comments = [],
        $group_id = 0,
        $parent_id = 0,
        $edit_message_id = 0,
@ -293,7 +293,7 @@ class MessageManager
                    if ($file_attach['error'] == 0) {
                        self::save_message_attachment_file(
                            $file_attach,
-                            $file_comments[$i],
+                            isset($file_comments[$i]) ? $file_comments[$i] : null,
                            $inbox_last_id,
                            null,
                            $receiver_user_id,
@ -365,7 +365,7 @@ class MessageManager

                $new_user_list = array();
                foreach ($user_list as $user_data) {
-                    $new_user_list[] = $user_data['user_id'];
+                    $new_user_list[] = $user_data['id'];
                }
                $group_info = array(
                    'group_info' => $group_info,
@ -408,8 +408,8 @@ class MessageManager
            $receiver_user_id,
            $subject,
            $message,
-            null,
-            null,
+            [],
+            [],
            null,
            null,
            null,
--- a/main/inc/lib/social.lib.php
+++ b/main/inc/lib/social.lib.php
@ -1219,7 +1219,7 @@ class SocialManager extends UserManager
     * @return boolean
     * @author Yannick Warnier
     */
-    public static function sendWallMessage($userId, $friendId, $messageContent, $messageId = 0 ,$messageStatus)
+    public static function sendWallMessage($userId, $friendId, $messageContent, $messageId = 0, $messageStatus = '')
    {
        $tblMessage = Database::get_main_table(TABLE_MESSAGE);
        $userId = intval($userId);
@ -1445,7 +1445,7 @@ class SocialManager extends UserManager
            $start = '0000-00-00';
        }
        $isOwnWall = (api_get_user_id() == $userId  && $userId == $friendId);
-        $messages = self::getWallMessages($userId, MESSAGE_STATUS_WALL_POST , null, $start, $limit, $offset);
+        $messages = self::getWallMessages($userId, MESSAGE_STATUS_WALL_POST, null, $start, $limit, $offset);
        $users = array();
        $data = array();
        foreach ($messages as $key => $message) {
--- a/main/social/group_invitation.php
+++ b/main/social/group_invitation.php
@ -181,7 +181,7 @@ $members = $usergroup->get_users_by_group(

 if (is_array($members) && count($members)>0) {
    foreach ($members as &$member) {
-        $image = UserManager::getUserPicture($member['user_id']);
+        $image = UserManager::getUserPicture($member['id']);
        $member['image'] = '<img src="'.$image.'"  width="50px" height="50px"  />';
    }
    $social_right_content .= '<h3>'.get_lang('UsersAlreadyInvited').'</h3>';
--- a/main/social/group_members.php
+++ b/main/social/group_members.php
@ -136,12 +136,12 @@ foreach ($users as $user) {
                )
            )
            ) {
-                $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=delete">' .
+                $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=delete">' .
                    Display::return_icon(
                        'delete.png',
                        get_lang('DeleteFromGroup')
                    ) . '</a>' .
-                    '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=set_moderator">' .
+                    '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=set_moderator">' .
                    Display::return_icon(
                        'social_moderator_add.png',
                        get_lang('AddModerator')
@ -149,7 +149,7 @@ foreach ($users as $user) {
            }
            break;
        case GROUP_USER_PERMISSION_PENDING_INVITATION:
-            $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=add">' .
+            $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=add">' .
                Display::return_icon(
                    'pending_invitation.png',
                    get_lang('PendingInvitation')
@ -162,7 +162,7 @@ foreach ($users as $user) {
            );
            //only group admin can manage moderators
            if ($user_role == GROUP_USER_PERMISSION_ADMIN) {
-                $user['link'] .= '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=delete_moderator">'.
+                $user['link'] .= '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=delete_moderator">'.
                    Display::return_icon(
                        'social_moderator_delete.png',
                        get_lang('DeleteModerator')
@ -171,7 +171,7 @@ foreach ($users as $user) {
            break;
    }

-    $userPicture = UserManager::getUserPicture($user['user_id']);
+    $userPicture = UserManager::getUserPicture($user['id']);
    $user['image'] = '<img src="' . $userPicture . '"  width="50px" height="50px"  />';
    $new_member_list[] = $user;
 }
--- a/main/social/group_topics.php
+++ b/main/social/group_topics.php
@ -70,7 +70,7 @@ if (isset($_POST['action'])) {
            $title,
            $content,
            $_FILES,
-            '',
+            [],
            $group_id,
            $parent_id,
            $edit_message_id,
@ -86,7 +86,7 @@ if (isset($_POST['action'])) {
            $title,
            $content,
            $_FILES,
-            '',
+            [],
            $group_id,
            $parent_id,
            0,
--- a/main/social/profile.php
+++ b/main/social/profile.php
@ -81,12 +81,19 @@ if (!empty($_POST['social_wall_new_msg_main']) || !empty($_FILES['picture']['tmp
    exit;

 } else if (isset($_GET['messageId'])) {
-    $messageId = Security::remove_XSS($_GET['messageId']);
-    $status = SocialManager::deleteMessage($messageId);
-    Display::addFlash(Display::return_message(get_lang('MessageDeleted')));
-    header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php');
-    exit;
-
+    $messageId = intval($_GET['messageId']);
+    $messageInfo = MessageManager::get_message_by_id($messageId);
+    if (!empty($messageInfo)) {
+        // I can only delete messages of my own wall
+        if ($messageInfo['user_receiver_id'] == $user_id) {
+            $status = SocialManager::deleteMessage($messageId);
+
+            Display::addFlash(Display::return_message(get_lang('MessageDeleted')));
+            header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php');
+            exit;
+        }
+    }
+    api_not_allowed(true);
 } else if (isset($_GET['u'])) { //I'm your friend? I can see your profile?
    $user_id = intval($_GET['u']);
    if (api_is_anonymous($user_id, true)) {
--- a/main/survey/survey.lib.php
+++ b/main/survey/survey.lib.php
@ -3922,8 +3922,8 @@ class SurveyUtil
                $invitedUser,
                $invitation_title,
                $full_invitation_text,
-                null,
-                null,
+                [],
+                [],
                null,
                null,
                null,
--- a/main/webservices/registration.soap.php
+++ b/main/webservices/registration.soap.php
@ -17,6 +17,10 @@ define('WS_ERROR_NOT_FOUND_RESULT', 2);
 define('WS_ERROR_INVALID_INPUT', 3);
 define('WS_ERROR_SETTING', 4);

+/**
+ * @param string $code
+ * @return null|soap_fault
+ */
 function returnError($code)
 {
    $fault = null;
@ -87,7 +91,7 @@ function WSHelperVerifyKey($params)
    }

    $result = api_is_valid_secret_key($secret_key, $security_key);
-    //error_log($secret_key.'-'.$security_key);
+
    if ($debug)
        error_log('WSHelperVerifyKey result: '.intval($result));
    return $result;
@ -2420,35 +2424,41 @@ $server->register('WSEditUserPasswordCrypted',                         // method
 // Define the method WSEditUserPasswordCrypted
 function WSEditUserPasswordCrypted($params)
 {
-    global $_configuration;
+    global $_configuration, $debug;

    if (!WSHelperVerifyKey($params)) {
        return returnError(WS_ERROR_SECRET_KEY);
    }

+    if ($debug) {
+        error_log('WSEditUserPasswordCrypted');
+    }
+
    $table_user = Database::get_main_table(TABLE_MAIN_USER);

    $original_user_id_value = $params['original_user_id_value'];
    $original_user_id_name = $params['original_user_id_name'];
-    $firstname = $params['firstname'];
-    $lastname = $params['lastname'];
-    $username = $params['username'];
+
+    $firstname = isset($params['firstname']) ? $params['firstname'] : '';
+    $lastname = isset($params['lastname']) ? $params['lastname'] : '';
+    $username = isset($params['username']) ? $params['username'] : '';
    $password = null;
    $auth_source = null;
-    $email = $params['email'];
-    $status = $params['status'];
+    $email = isset($params['email']) ? $params['email'] : '';
+    $status = isset($params['status']) ? $params['status'] : '';
    $official_code = '';
-    $phone = $params['phone'];
+    $phone = isset($params['phone']) ? $params['phone'] : '';
    $picture_uri = '';
-    $expiration_date = $params['expiration_date'];
+    $expiration_date = isset($params['expiration_date']) ? $params['expiration_date'] : '';
    $active = 1;
    $creator_id = null;
    $hr_dept_id = 0;
    $extra = null;
-    $extra_list = $params['extra'];
+    $extra_list = isset($params['extra']) ? $params['extra'] : '';
+    $params['password'] = isset($params['password']) ? $params['password'] : '';
+    $params['encrypt_method'] = isset($params['encrypt_method']) ? $params['encrypt_method'] : '';

    if (!empty($params['password']) && !empty($params['encrypt_method'])) {
-
        $password = $params['password'];
        $encrypt_method = $params['encrypt_method'];
        if ($_configuration['password_encryption'] === $encrypt_method ) {
@ -2465,9 +2475,11 @@ function WSEditUserPasswordCrypted($params)
        }
    } elseif (!empty($params['password']) && empty($params['encrypt_method'])) {
        $msg = "If password is not empty the encrypt_method param is required ";
+
        return $msg;
    } elseif (empty($params['password']) && !empty($params['encrypt_method'])) {
        $msg = "If encrypt_method is not empty the password param is required ";
+
        return $msg;
    }

@ -2476,6 +2488,10 @@ function WSEditUserPasswordCrypted($params)
        $original_user_id_name
    );

+    if ($debug) {
+        error_log("user: $user_id");
+    }
+
    if ($user_id == 0) {
        return 0;
    } else {
@ -2506,10 +2522,12 @@ function WSEditUserPasswordCrypted($params)
        $sql .= " firstname='".Database::escape_string($firstname)."', ";
    }
    $sql .= " username='".Database::escape_string($username)."',";
-    if (!is_null($password)) {
+
+    if (!empty($password)) {
        $sql .= " password='".Database::escape_string($password)."',";
    }
-    if (!is_null($auth_source)) {
+
+    if (!empty($auth_source)) {
        $sql .= " auth_source='".Database::escape_string($auth_source)."',";
    }

@ -2540,15 +2558,20 @@ function WSEditUserPasswordCrypted($params)
    if (!is_null($creator_id)) {
        $sql .= ", creator_id='".Database::escape_string($creator_id)."'";
    }
+
    $sql .= " WHERE user_id='$user_id'";
    $return = @Database::query($sql);

+    if ($debug) {
+        error_log("SQL: $sql");
+    }
+
    if (is_array($extra_list) && count($extra_list) > 0) {
        foreach ($extra_list as $extra) {
            $extra_field_name = $extra['field_name'];
            $extra_field_value = $extra['field_value'];
            // save the external system's id into user_field_value table'
-            $res = UserManager::update_extra_field_value(
+            UserManager::update_extra_field_value(
                $user_id,
                $extra_field_name,
                $extra_field_value