Merge branch '1.10.x' of github.com:chamilo/chamilo-lms into 1.10.x

main/announcements/announcements.php

@@ -318,6 +318,14 @@ switch ($action) {
 
         $form->addElement('text', 'title', get_lang('EmailTitle'));
         $form->addElement('hidden', 'id');
+        $htmlTags = "<b>".get_lang('Tags')."</b></br></br>";
+        $tags = AnnouncementManager::get_tags();
+        
+        foreach ($tags as $tag) {
+            $htmlTags .= "<b>".$tag."</b></br>";
+        }
+        
+        $form->addHtml("<div class='form-group'><div class='col-sm-2'></div><div class='col-sm-8'><div class='alert alert-info'>".$htmlTags."</div></div></div>");
         $form->addHtmlEditor(
             'content',
             get_lang('Description'),

main/auth/inscription.php

@@ -607,8 +607,8 @@ if ($form->validate()) {
                         $admin_info['user_id'],
                         $emailsubject,
                         $emailbody,
-                        null,
+                        [],
-                        null,
+                        [],
                         null,
                         null,
                         null,

main/calendar/agenda_list.php

@@ -33,6 +33,14 @@ if (!empty($currentCourseId) && $currentCourseId != -1) {
     $this_section = SECTION_COURSES;
 } else {
     // Agenda is out of the course tool (e.g personal agenda)
+    
+    // Little hack to sort the events by start date in personal agenda (Agenda events List view - See #8014)
+    usort($events, function($a, $b) {
+        $t1 = strtotime($a['start']);
+        $t2 = strtotime($b['start']);
+        return $t1 - $t2;
+    });
+    
     $url = false;
     if (!empty($events)) {
         foreach ($events as &$event) {

main/dropbox/dropbox_functions.inc.php

@@ -647,17 +647,18 @@ function display_add_form($dropbox_unid, $viewReceivedCategory, $viewSentCategor
             }
             $userId = $current_user['user_id'];
             $userInfo = api_get_user_info($userId);
+            if ($userInfo['status'] != 20) {
+                $groupNameListToString = '';
+                if (!empty($groups)) {
+                    $groupNameList = array_column($groups, 'name');
+                    $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
+                }
+                $groups = $userGroup->getUserGroupListByUser($userId);
 
-            $groupNameListToString = '';
+                $full_name = $userInfo['complete_name'].$groupNameListToString;
-            if (!empty($groups)) {
+                $current_user_id = $current_user['user_id'];
-                $groupNameList = array_column($groups, 'name');
+                $options['user_' . $current_user_id] = $full_name;
-                $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
             }
-            $groups = $userGroup->getUserGroupListByUser($userId);
-
-            $full_name = $userInfo['complete_name'].$groupNameListToString;
-            $current_user_id = $current_user['user_id'];
-            $options['user_' . $current_user_id] = $full_name;
         }
     }
 
@@ -1045,7 +1046,7 @@ function store_add_dropbox()
     new Dropbox_SentWork(
         $_user['user_id'],
         $dropbox_title,
-        $_POST['description'],
+        isset($_POST['description']) ? $_POST['description'] : '',
         strip_tags($_POST['authors']),
         $dropbox_filename,
         $dropbox_filesize,

main/forum/forumfunction.inc.php

@@ -3925,7 +3925,7 @@ function send_mail($user_info = array(), $thread_information = array())
     $email_body .= get_lang('ThreadCanBeFoundHere')." : <br /><a href=\"".$thread_link."\">".$thread_link."</a>\n";
 
     if ($user_info['user_id'] <> $user_id) {
-        MessageManager::send_message($user_info['user_id'], $subject, $email_body, null, null, null, null, null, null, $user_id);
+        MessageManager::send_message($user_info['user_id'], $subject, $email_body, [], [], null, null, null, null, $user_id);
     }
 }
 

main/group/group_space.php

@@ -369,7 +369,7 @@ function get_number_of_group_users()
     $table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
 
     // Query
-    $sql = "SELECT count(id) AS number_of_users
+    $sql = "SELECT count(iid) AS number_of_users
             FROM ".$table_group_user."
             WHERE c_id = $course_id AND group_id='".Database::escape_string($current_group['id'])."'";
     $result = Database::query($sql);

main/group/member_settings.php

@@ -136,23 +136,26 @@ $userGroup = new UserGroup();
 if (!empty($complete_user_list)) {
     usort($complete_user_list, 'sort_users');
     foreach ($complete_user_list as $index => $user) {
-        $officialCode = !empty($user['official_code']) ? ' - '.$user['official_code'] : null;
+        //prevent invitee users add to groups - see #8091
-
+        if ($user['status'] != 20) {
-        $groups = $userGroup->getUserGroupListByUser($user['user_id']);
+            $officialCode = !empty($user['official_code']) ? ' - '.$user['official_code'] : null;
-        $groupNameListToString = '';
+
-        if (!empty($groups)) {
+            $groups = $userGroup->getUserGroupListByUser($user['user_id']);
-            $groupNameList = array_column($groups, 'name');
+            $groupNameListToString = '';
-            $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
+            if (!empty($groups)) {
-        }
+                $groupNameList = array_column($groups, 'name');
+                $groupNameListToString = ' - ['.implode(', ', $groupNameList).']';
+            }
 
-        $name = api_get_person_name($user['firstname'], $user['lastname']).
+            $name = api_get_person_name($user['firstname'], $user['lastname']).
-                ' ('.$user['username'].')'.$officialCode;
+                    ' ('.$user['username'].')'.$officialCode;
 
-        if ($orderUserListByOfficialCode === 'true') {
+            if ($orderUserListByOfficialCode === 'true') {
-            $officialCode = !empty($user['official_code']) ? $user['official_code']." - " : '? - ';
+                $officialCode = !empty($user['official_code']) ? $user['official_code']." - " : '? - ';
-            $name = $officialCode." ".api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')';
+                $name = $officialCode." ".api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')';
+            }
+            $possible_users[$user['user_id']] = $name.$groupNameListToString;
         }
-        $possible_users[$user['user_id']] = $name.$groupNameListToString;
     }
 }
 

main/inc/lib/api.lib.php

@@ -6775,7 +6775,7 @@ function api_get_real_ip(){
     $ip = trim($_SERVER['REMOTE_ADDR']);
     if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
         if (preg_match('/,/', $_SERVER['HTTP_X_FORWARDED_FOR'])) {
-            list($ip1, $ip2) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+            @list($ip1, $ip2) = @explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
         } else {
             $ip1 = $_SERVER['HTTP_X_FORWARDED_FOR'];
         }
@@ -7943,8 +7943,11 @@ function api_mail_html(
 
     $mailView = new Template(null, false, false, false, false, false, false);
     $mailView->assign('content', $message);
-    $link = $additionalParameters['link'];
+
-    $mailView->assign('link', $link);
+    if (isset($additionalParameters['link'])) {
+        $mailView->assign('link', $additionalParameters['link']);
+    }
+
     $layout = $mailView->get_template('mail/mail.tpl');
     $mail->Body = $mailView->fetch($layout);
 

main/inc/lib/database.lib.php

@@ -329,8 +329,9 @@ class Database
             try {
                 $result = $connection->executeQuery($query);
             } catch (Exception $e) {
-                 error_log($e->getMessage());
+                error_log($e->getMessage());
                 api_not_allowed(false, get_lang('GeneralError'));
+
                 exit;
             }
         }

main/inc/lib/javascript/chat/video.php

@@ -34,7 +34,7 @@ if ($isSender) {
 $idUserLocal = api_get_user_id();
 $userLocal = api_get_user_info($idUserLocal, true);
 $htmlHeadXtra[] = '<script type="text/javascript" src="'
-    . api_get_path(WEB_PATH) . 'web/assets/simplewebrtc/latest.js'
+    . api_get_path(WEB_PATH) . 'web/assets/SimpleWebRTC/latest.js'
     . '"></script>' . "\n";
 
 $template = new Template();

main/inc/lib/message.lib.php

@@ -196,8 +196,8 @@ class MessageManager
         $receiver_user_id,
         $subject,
         $content,
-        $file_attachments = array(),
+        array $file_attachments = [],
-        $file_comments = array(),
+        array $file_comments = [],
         $group_id = 0,
         $parent_id = 0,
         $edit_message_id = 0,
@@ -293,7 +293,7 @@ class MessageManager
                     if ($file_attach['error'] == 0) {
                         self::save_message_attachment_file(
                             $file_attach,
-                            $file_comments[$i],
+                            isset($file_comments[$i]) ? $file_comments[$i] : null,
                             $inbox_last_id,
                             null,
                             $receiver_user_id,
@@ -365,7 +365,7 @@ class MessageManager
 
                 $new_user_list = array();
                 foreach ($user_list as $user_data) {
-                    $new_user_list[] = $user_data['user_id'];
+                    $new_user_list[] = $user_data['id'];
                 }
                 $group_info = array(
                     'group_info' => $group_info,
@@ -408,8 +408,8 @@ class MessageManager
             $receiver_user_id,
             $subject,
             $message,
-            null,
+            [],
-            null,
+            [],
             null,
             null,
             null,

main/inc/lib/social.lib.php

@@ -1219,7 +1219,7 @@ class SocialManager extends UserManager
      * @return boolean
      * @author Yannick Warnier
      */
-    public static function sendWallMessage($userId, $friendId, $messageContent, $messageId = 0 ,$messageStatus)
+    public static function sendWallMessage($userId, $friendId, $messageContent, $messageId = 0, $messageStatus = '')
     {
         $tblMessage = Database::get_main_table(TABLE_MESSAGE);
         $userId = intval($userId);
@@ -1445,7 +1445,7 @@ class SocialManager extends UserManager
             $start = '0000-00-00';
         }
         $isOwnWall = (api_get_user_id() == $userId  && $userId == $friendId);
-        $messages = self::getWallMessages($userId, MESSAGE_STATUS_WALL_POST , null, $start, $limit, $offset);
+        $messages = self::getWallMessages($userId, MESSAGE_STATUS_WALL_POST, null, $start, $limit, $offset);
         $users = array();
         $data = array();
         foreach ($messages as $key => $message) {

main/social/group_invitation.php

@@ -181,7 +181,7 @@ $members = $usergroup->get_users_by_group(
 
 if (is_array($members) && count($members)>0) {
     foreach ($members as &$member) {
-        $image = UserManager::getUserPicture($member['user_id']);
+        $image = UserManager::getUserPicture($member['id']);
         $member['image'] = '<img src="'.$image.'"  width="50px" height="50px"  />';
     }
     $social_right_content .= '<h3>'.get_lang('UsersAlreadyInvited').'</h3>';

main/social/group_members.php

@@ -136,12 +136,12 @@ foreach ($users as $user) {
                 )
             )
             ) {
-                $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=delete">' .
+                $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=delete">' .
                     Display::return_icon(
                         'delete.png',
                         get_lang('DeleteFromGroup')
                     ) . '</a>' .
-                    '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=set_moderator">' .
+                    '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=set_moderator">' .
                     Display::return_icon(
                         'social_moderator_add.png',
                         get_lang('AddModerator')
@@ -149,7 +149,7 @@ foreach ($users as $user) {
             }
             break;
         case GROUP_USER_PERMISSION_PENDING_INVITATION:
-            $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=add">' .
+            $user['link'] = '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=add">' .
                 Display::return_icon(
                     'pending_invitation.png',
                     get_lang('PendingInvitation')
@@ -162,7 +162,7 @@ foreach ($users as $user) {
             );
             //only group admin can manage moderators
             if ($user_role == GROUP_USER_PERMISSION_ADMIN) {
-                $user['link'] .= '<a href="group_members.php?id=' . $group_id . '&u=' . $user['user_id'] . '&action=delete_moderator">'.
+                $user['link'] .= '<a href="group_members.php?id=' . $group_id . '&u=' . $user['id'] . '&action=delete_moderator">'.
                     Display::return_icon(
                         'social_moderator_delete.png',
                         get_lang('DeleteModerator')
@@ -171,7 +171,7 @@ foreach ($users as $user) {
             break;
     }
 
-    $userPicture = UserManager::getUserPicture($user['user_id']);
+    $userPicture = UserManager::getUserPicture($user['id']);
     $user['image'] = '<img src="' . $userPicture . '"  width="50px" height="50px"  />';
     $new_member_list[] = $user;
 }

main/social/group_topics.php

@@ -70,7 +70,7 @@ if (isset($_POST['action'])) {
             $title,
             $content,
             $_FILES,
-            '',
+            [],
             $group_id,
             $parent_id,
             $edit_message_id,
@@ -86,7 +86,7 @@ if (isset($_POST['action'])) {
             $title,
             $content,
             $_FILES,
-            '',
+            [],
             $group_id,
             $parent_id,
             0,

main/social/profile.php

@@ -81,12 +81,19 @@ if (!empty($_POST['social_wall_new_msg_main']) || !empty($_FILES['picture']['tmp
     exit;
 
 } else if (isset($_GET['messageId'])) {
-    $messageId = Security::remove_XSS($_GET['messageId']);
+    $messageId = intval($_GET['messageId']);
-    $status = SocialManager::deleteMessage($messageId);
+    $messageInfo = MessageManager::get_message_by_id($messageId);
-    Display::addFlash(Display::return_message(get_lang('MessageDeleted')));
+    if (!empty($messageInfo)) {
-    header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php');
+        // I can only delete messages of my own wall
-    exit;
+        if ($messageInfo['user_receiver_id'] == $user_id) {
-
+            $status = SocialManager::deleteMessage($messageId);
+
+            Display::addFlash(Display::return_message(get_lang('MessageDeleted')));
+            header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php');
+            exit;
+        }
+    }
+    api_not_allowed(true);
 } else if (isset($_GET['u'])) { //I'm your friend? I can see your profile?
     $user_id = intval($_GET['u']);
     if (api_is_anonymous($user_id, true)) {

main/survey/survey.lib.php

@@ -3922,8 +3922,8 @@ class SurveyUtil
                 $invitedUser,
                 $invitation_title,
                 $full_invitation_text,
-                null,
+                [],
-                null,
+                [],
                 null,
                 null,
                 null,

main/webservices/registration.soap.php

@@ -17,6 +17,10 @@ define('WS_ERROR_NOT_FOUND_RESULT', 2);
 define('WS_ERROR_INVALID_INPUT', 3);
 define('WS_ERROR_SETTING', 4);
 
+/**
+ * @param string $code
+ * @return null|soap_fault
+ */
 function returnError($code)
 {
     $fault = null;
@@ -87,7 +91,7 @@ function WSHelperVerifyKey($params)
     }
 
     $result = api_is_valid_secret_key($secret_key, $security_key);
-    //error_log($secret_key.'-'.$security_key);
+
     if ($debug)
         error_log('WSHelperVerifyKey result: '.intval($result));
     return $result;
@@ -2420,35 +2424,41 @@ $server->register('WSEditUserPasswordCrypted',                         // method
 // Define the method WSEditUserPasswordCrypted
 function WSEditUserPasswordCrypted($params)
 {
-    global $_configuration;
+    global $_configuration, $debug;
 
     if (!WSHelperVerifyKey($params)) {
         return returnError(WS_ERROR_SECRET_KEY);
     }
 
+    if ($debug) {
+        error_log('WSEditUserPasswordCrypted');
+    }
+
     $table_user = Database::get_main_table(TABLE_MAIN_USER);
 
     $original_user_id_value = $params['original_user_id_value'];
     $original_user_id_name = $params['original_user_id_name'];
-    $firstname = $params['firstname'];
+
-    $lastname = $params['lastname'];
+    $firstname = isset($params['firstname']) ? $params['firstname'] : '';
-    $username = $params['username'];
+    $lastname = isset($params['lastname']) ? $params['lastname'] : '';
+    $username = isset($params['username']) ? $params['username'] : '';
     $password = null;
     $auth_source = null;
-    $email = $params['email'];
+    $email = isset($params['email']) ? $params['email'] : '';
-    $status = $params['status'];
+    $status = isset($params['status']) ? $params['status'] : '';
     $official_code = '';
-    $phone = $params['phone'];
+    $phone = isset($params['phone']) ? $params['phone'] : '';
     $picture_uri = '';
-    $expiration_date = $params['expiration_date'];
+    $expiration_date = isset($params['expiration_date']) ? $params['expiration_date'] : '';
     $active = 1;
     $creator_id = null;
     $hr_dept_id = 0;
     $extra = null;
-    $extra_list = $params['extra'];
+    $extra_list = isset($params['extra']) ? $params['extra'] : '';
+    $params['password'] = isset($params['password']) ? $params['password'] : '';
+    $params['encrypt_method'] = isset($params['encrypt_method']) ? $params['encrypt_method'] : '';
 
     if (!empty($params['password']) && !empty($params['encrypt_method'])) {
-
         $password = $params['password'];
         $encrypt_method = $params['encrypt_method'];
         if ($_configuration['password_encryption'] === $encrypt_method ) {
@@ -2465,9 +2475,11 @@ function WSEditUserPasswordCrypted($params)
         }
     } elseif (!empty($params['password']) && empty($params['encrypt_method'])) {
         $msg = "If password is not empty the encrypt_method param is required ";
+
         return $msg;
     } elseif (empty($params['password']) && !empty($params['encrypt_method'])) {
         $msg = "If encrypt_method is not empty the password param is required ";
+
         return $msg;
     }
 
@@ -2476,6 +2488,10 @@ function WSEditUserPasswordCrypted($params)
         $original_user_id_name
     );
 
+    if ($debug) {
+        error_log("user: $user_id");
+    }
+
     if ($user_id == 0) {
         return 0;
     } else {
@@ -2506,10 +2522,12 @@ function WSEditUserPasswordCrypted($params)
         $sql .= " firstname='".Database::escape_string($firstname)."', ";
     }
     $sql .= " username='".Database::escape_string($username)."',";
-    if (!is_null($password)) {
+
+    if (!empty($password)) {
         $sql .= " password='".Database::escape_string($password)."',";
     }
-    if (!is_null($auth_source)) {
+
+    if (!empty($auth_source)) {
         $sql .= " auth_source='".Database::escape_string($auth_source)."',";
     }
 
@@ -2540,15 +2558,20 @@ function WSEditUserPasswordCrypted($params)
     if (!is_null($creator_id)) {
         $sql .= ", creator_id='".Database::escape_string($creator_id)."'";
     }
+
     $sql .= " WHERE user_id='$user_id'";
     $return = @Database::query($sql);
 
+    if ($debug) {
+        error_log("SQL: $sql");
+    }
+
     if (is_array($extra_list) && count($extra_list) > 0) {
         foreach ($extra_list as $extra) {
             $extra_field_name = $extra['field_name'];
             $extra_field_value = $extra['field_value'];
             // save the external system's id into user_field_value table'
-            $res = UserManager::update_extra_field_value(
+            UserManager::update_extra_field_value(
                 $user_id,
                 $extra_field_name,
                 $extra_field_value