From 308cd52ff4735f9065706ee5e3cccd6fe5bef040 Mon Sep 17 00:00:00 2001 From: jmontoyaa Date: Mon, 27 Mar 2017 15:58:17 +0200 Subject: [PATCH] Use api_get_origin() - Remove 'origin' parameter from url (already added by api_get_cidreq) - Remove double use of intval - Use api_get_group_id() instead of $origin == 'group' to detect were are in a group space. --- main/forum/editpost.php | 5 +-- main/forum/editthread.php | 5 +-- main/forum/forumqualify.php | 6 +--- main/forum/forumsearch.php | 5 +-- main/forum/newthread.php | 7 ++-- main/forum/reply.php | 21 +++++------- main/forum/viewforum.php | 46 +++++++++++--------------- main/forum/viewforumcategory.php | 6 +--- main/forum/viewpost.php | 11 +++--- main/forum/viewthread.php | 7 ++-- main/forum/viewthread_flat.inc.php | 15 +++------ main/forum/viewthread_nested.inc.php | 6 +--- main/forum/viewthread_threaded.inc.php | 8 ++--- main/group/group_overview.php | 5 +-- main/group/group_space.php | 8 ++--- main/work/work.lib.php | 2 +- 16 files changed, 55 insertions(+), 108 deletions(-) diff --git a/main/forum/editpost.php b/main/forum/editpost.php index 108bae9875..d4d932c540 100755 --- a/main/forum/editpost.php +++ b/main/forum/editpost.php @@ -40,10 +40,7 @@ require_once 'forumconfig.inc.php'; require_once 'forumfunction.inc.php'; // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); /* MAIN DISPLAY SECTION */ diff --git a/main/forum/editthread.php b/main/forum/editthread.php index d7b6f19f8f..fb96433165 100644 --- a/main/forum/editthread.php +++ b/main/forum/editthread.php @@ -24,10 +24,7 @@ require_once 'forumconfig.inc.php'; require_once 'forumfunction.inc.php'; // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); /* MAIN DISPLAY SECTION */ $currentForum = get_forum_information($_GET['forum']); diff --git a/main/forum/forumqualify.php b/main/forum/forumqualify.php index 7116b9020a..6f788b3385 100755 --- a/main/forum/forumqualify.php +++ b/main/forum/forumqualify.php @@ -12,13 +12,9 @@ require_once 'forumfunction.inc.php'; $nameTools = get_lang('ToolForum'); $this_section = SECTION_COURSES; - $message = ''; //are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); $currentUserId = api_get_user_id(); $userIdToQualify = isset($_GET['user_id']) ? intval($_GET['user_id']) : null; diff --git a/main/forum/forumsearch.php b/main/forum/forumsearch.php index c1b3410f75..3da7a165fb 100755 --- a/main/forum/forumsearch.php +++ b/main/forum/forumsearch.php @@ -34,10 +34,7 @@ include 'forumfunction.inc.php'; include 'forumconfig.inc.php'; // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); // Name of the tool $nameTools = get_lang('ToolForum'); diff --git a/main/forum/newthread.php b/main/forum/newthread.php index c815b25aad..5f2d14e1b3 100755 --- a/main/forum/newthread.php +++ b/main/forum/newthread.php @@ -40,10 +40,7 @@ require_once 'forumconfig.inc.php'; require_once 'forumfunction.inc.php'; // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); /* MAIN DISPLAY SECTION */ $current_forum = get_forum_information($_GET['forum']); @@ -168,7 +165,7 @@ if ($form) { $form->display(); } -if (isset($origin) && $origin == 'learnpath') { +if ($origin == 'learnpath') { Display::display_reduced_footer(); } else { Display::display_footer(); diff --git a/main/forum/reply.php b/main/forum/reply.php index 915d221563..646ebdb008 100755 --- a/main/forum/reply.php +++ b/main/forum/reply.php @@ -26,12 +26,7 @@ $this_section = SECTION_COURSES; api_protect_course_script(true); $nameTools = get_lang('ForumCategories'); - -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); - $origin_string = '&origin='.$origin; -} +$origin = api_get_origin(); /* Including necessary files */ require_once 'forumconfig.inc.php'; @@ -95,9 +90,9 @@ if (!empty($gradebook) && $gradebook == 'view') { 'name' => get_lang('ToolGradebook') ); } - -if ($origin == 'group') { - $_clean['toolgroup'] = api_get_group_id(); +$groupId = api_get_group_id(); +if (!empty($groupId)) { + $_clean['toolgroup'] = $groupId; $group_properties = GroupManager :: get_group_properties($_clean['toolgroup']); $interbreadcrumb[] = array( 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), @@ -110,11 +105,11 @@ if ($origin == 'group') { ); $interbreadcrumb[] = array( - 'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?origin='.$origin.'&forum='.$forumId.'&'.api_get_cidreq(), + 'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?forum='.$forumId.'&'.api_get_cidreq(), 'name' => $current_forum['forum_title'] ); $interbreadcrumb[] = array( - 'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?origin='.$origin.'&gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(), + 'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(), 'name' => $current_thread['thread_title'] ); @@ -132,11 +127,11 @@ if ($origin == 'group') { 'name' => $current_forum_category['cat_title'] ); $interbreadcrumb[] = array( - 'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?origin='.$origin.'&forum='.$forumId.'&'.api_get_cidreq(), + 'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?forum='.$forumId.'&'.api_get_cidreq(), 'name' => $current_forum['forum_title'] ); $interbreadcrumb[] = array( - 'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?origin='.$origin.'&gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(), + 'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?gradebook='.$gradebook.'&forum='.$forumId.'&thread='.$threadId.'&'.api_get_cidreq(), 'name' => $current_thread['thread_title'] ); $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('Reply')); diff --git a/main/forum/viewforum.php b/main/forum/viewforum.php index e76ace920d..c3cf31da14 100755 --- a/main/forum/viewforum.php +++ b/main/forum/viewforum.php @@ -36,12 +36,7 @@ $this_section = SECTION_COURSES; $nameTools = get_lang('ToolForum'); // Are we in a lp ? -$origin = ''; -$origin_string = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); - $origin_string = '&origin='.$origin; -} +$origin = api_get_origin(); /* Including necessary files */ require 'forumconfig.inc.php'; @@ -57,7 +52,7 @@ $isTutor = GroupManager::is_tutor_of_group($userId, $groupInfo['iid'], $courseId /* MAIN DISPLAY SECTION */ -$my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; +$my_forum = isset($_GET['forum']) ? (int) $_GET['forum'] : ''; // Note: This has to be validated that it is an existing forum. $current_forum = get_forum_information($my_forum); $isForumOpenByDateAccess = api_is_date_in_date_range($current_forum['start_time'], $current_forum['end_time']); @@ -131,7 +126,7 @@ if (!empty($gradebook) && $gradebook == 'view') { $forumUrl = api_get_path(WEB_CODE_PATH).'forum/'; -if ($origin == 'group') { +if (!empty($groupId)) { $interbreadcrumb[] = array( 'url' => api_get_path(WEB_CODE_PATH) . 'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups') @@ -262,21 +257,21 @@ if ( $table_list = Display::page_subheader(get_lang('ThreadUsersList') . ': ' . get_name_thread_by_id($_GET['id'])); if ($nrorow3 > 0 || $nrorow3 == -2) { - $url = api_get_cidreq() .'&forum=' . intval($my_forum) . '&action=' + $url = api_get_cidreq() .'&forum=' . $my_forum . '&action=' . Security::remove_XSS($_GET['action']) . '&content=' . Security::remove_XSS($_GET['content'], STUDENT) . '&id=' . intval($_GET['id']); $tabs = array( array( 'content' => get_lang('AllStudents'), - 'url' => $forumUrl . 'viewforum.php?' . $url . '&origin=' . $origin . '&list=all' + 'url' => $forumUrl . 'viewforum.php?' . $url . '&list=all' ), array( 'content' => get_lang('StudentsQualified'), - 'url' => $forumUrl . 'viewforum.php?' . $url . '&origin=' . $origin . '&list=qualify' + 'url' => $forumUrl . 'viewforum.php?' . $url . '&list=qualify' ), array( 'content' => get_lang('StudentsNotQualified'), - 'url' => $forumUrl . 'viewforum.php?' . $url . '&origin=' . $origin . '&list=notqualify' + 'url' => $forumUrl . 'viewforum.php?' . $url . '&list=notqualify' ), ); $table_list .= Display::tabsOnlyLink($tabs, $active); @@ -358,7 +353,7 @@ if (!empty($message)) { echo '
'; if ($origin != 'learnpath') { - if ($origin=='group') { + if (!empty($groupId)) { echo '' . Display::return_icon('back.png', get_lang('BackTo') @@ -384,13 +379,13 @@ if ( if (!api_is_anonymous() && !api_is_invitee()) { if ($my_forum == strval(intval($my_forum))) { echo '' + . Security::remove_XSS($my_forum).'">' . Display::return_icon('new_thread.png', get_lang('NewTopic'), '', ICON_SIZE_MEDIUM) . ''; } else { $my_forum = strval(intval($my_forum)); echo '' + . '&forum='.$my_forum.'">' . Display::return_icon('new_thread.png', get_lang('NewTopic'), '', ICON_SIZE_MEDIUM) . ''; } @@ -464,8 +459,8 @@ if (is_array($threads)) { $name = api_get_person_name($row['firstname'], $row['lastname']); - $linkPostForum = '' . $row['thread_title'] . ''; $html = ''; @@ -582,7 +577,7 @@ if (is_array($threads)) { !(api_is_course_coach() && $current_forum['session_id'] != $sessionId) ) { $iconsEdit .= '' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . ''; @@ -595,9 +590,8 @@ if (is_array($threads)) { ); } else { $iconsEdit.= '" . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . ''; @@ -609,7 +603,6 @@ if (is_array($threads)) { $row['visibility'], array( 'forum' => $my_forum, - 'origin' => $origin, 'gidReq' => $groupId ) ); @@ -619,13 +612,12 @@ if (is_array($threads)) { $row['locked'], array( 'forum' => $my_forum, - 'origin' => $origin, 'gidReq' => api_get_group_id() ) ); $iconsEdit .= '' + . $my_forum + . '&action=move&thread=' . $row['thread_id'].'">' . Display::return_icon('move.png', get_lang('MoveThread'), array(), ICON_SIZE_SMALL) . ''; } @@ -643,14 +635,14 @@ if (is_array($threads)) { $icon_liststd = 'user.png'; if (!api_is_anonymous() && api_is_allowed_to_session_edit(false, true)) { $iconsEdit .= '' . Display::return_icon($iconnotify, get_lang('NotifyMe')) . ''; } if (api_is_allowed_to_edit(null, true) && $origin != 'learnpath') { $iconsEdit .= '' . Display::return_icon($icon_liststd, get_lang('StudentList'), array(), ICON_SIZE_SMALL) . ''; diff --git a/main/forum/viewforumcategory.php b/main/forum/viewforumcategory.php index a7d496ed89..24c5a88b3f 100755 --- a/main/forum/viewforumcategory.php +++ b/main/forum/viewforumcategory.php @@ -52,11 +52,7 @@ require 'forumconfig.inc.php'; require_once 'forumfunction.inc.php'; // Are we in a lp ? -$origin = ''; - -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); /* Header and Breadcrumbs */ $gradebook = null; diff --git a/main/forum/viewpost.php b/main/forum/viewpost.php index f1b00d17f7..642ad65ad7 100755 --- a/main/forum/viewpost.php +++ b/main/forum/viewpost.php @@ -27,10 +27,7 @@ $(document).ready(function(){ $(\'.hide-me\').slideUp() }); '; // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); /* MAIN DISPLAY SECTION */ @@ -119,7 +116,7 @@ if ($message != 'PostDeletedSpecial') { /* Action Links */ echo '
'; - $my_url = ''.get_lang('FlatView').' | '; echo $my_url.'&view=threaded">'.get_lang('ThreadedView').' | '; echo $my_url.'&view=nested">'.get_lang('NestedView').''; @@ -134,7 +131,7 @@ if ($message != 'PostDeletedSpecial') { // The link should only appear when the user is logged in or when anonymous posts are allowed. if ($_user['user_id'] || ($current_forum['allow_anonymous'] == 1 && !$_user['user_id'])) { // reply link - echo ''.get_lang('ReplyToThread').''; + echo ''.get_lang('ReplyToThread').''; // new thread link if (api_is_allowed_to_edit(false, true) || @@ -191,7 +188,7 @@ if ($message != 'PostDeletedSpecial') { echo ''.prepare4display($current_thread['thread_comment']).''; echo ""; - include_once('viewpost.inc.php'); + include_once 'viewpost.inc.php'; } if ($origin != 'learnpath') { diff --git a/main/forum/viewthread.php b/main/forum/viewthread.php index 5910363fd8..6adafe20dc 100755 --- a/main/forum/viewthread.php +++ b/main/forum/viewthread.php @@ -21,10 +21,7 @@ $nameTools = get_lang('Forum'); $forumUrl = api_get_path(WEB_CODE_PATH).'forum/'; // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} +$origin = api_get_origin(); $my_search = null; $gradebook = null; @@ -78,7 +75,7 @@ $(function() { '; -if ($origin == 'group') { +if (!empty($groupId)) { $interbreadcrumb[] = array( 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(), 'name' => get_lang('Groups') diff --git a/main/forum/viewthread_flat.inc.php b/main/forum/viewthread_flat.inc.php index ae9e688c33..82e8c7ccde 100755 --- a/main/forum/viewthread_flat.inc.php +++ b/main/forum/viewthread_flat.inc.php @@ -16,11 +16,7 @@ if ((isset($_GET['action']) && } // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} - +$origin = api_get_origin(); $sessionId = api_get_session_id(); $_user = api_get_user_info(); $userId = api_get_user_id(); @@ -177,8 +173,8 @@ if (isset($current_thread['thread_id'])) { if (api_is_allowed_to_session_edit(false, true)) { if ($locked == false) { $iconEdit .= "" + . "&thread=" . $clean_thread_id . "&post=" . $row['post_id'] + . "&edit=edition&id_attach=" . $id_attach . "\">" . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . ""; } } @@ -230,8 +226,7 @@ if (isset($current_thread['thread_id'])) { if ($increment > 0) { $iconEdit .= "" + . "&thread=" . $clean_thread_id . "&action=move&post=" . $row['post_id']."\">" . Display::return_icon('move.png', get_lang('MovePost'), array(), ICON_SIZE_SMALL) . ""; } @@ -257,7 +252,7 @@ if (isset($current_thread['thread_id'])) { $iconEdit .= "" + . "&idtextqualify=" . $current_qualify_thread . "\" >" . Display::return_icon('quiz.png', get_lang('Qualify')) . " "; } diff --git a/main/forum/viewthread_nested.inc.php b/main/forum/viewthread_nested.inc.php index 7e11857279..e9cc3d714a 100755 --- a/main/forum/viewthread_nested.inc.php +++ b/main/forum/viewthread_nested.inc.php @@ -11,11 +11,7 @@ use Chamilo\CourseBundle\Entity\CForumPost; */ // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} - +$origin = api_get_origin(); //delete attachment file if (isset($_GET['action']) && $_GET['action'] == 'delete_attach' && diff --git a/main/forum/viewthread_threaded.inc.php b/main/forum/viewthread_threaded.inc.php index 120cf9bd63..e3dd721c68 100755 --- a/main/forum/viewthread_threaded.inc.php +++ b/main/forum/viewthread_threaded.inc.php @@ -40,11 +40,7 @@ if (isset($_GET['post']) && $_GET['post']) { } // Are we in a lp ? -$origin = ''; -if (isset($_GET['origin'])) { - $origin = Security::remove_XSS($_GET['origin']); -} - +$origin = api_get_origin(); // Delete attachment file. if ( isset($_GET['action']) && @@ -347,7 +343,7 @@ if ($userCanQualify) { "&forum=" . $forumId . "&thread=" . $threadId . "&action=list&post=" . $rows[$display_post_id]['post_id'] . "&user=" . $rows[$display_post_id]['user_id'] . "&user_id=" . - $rows[$display_post_id]['user_id'] . "&origin=" . $origin . + $rows[$display_post_id]['user_id']. "&idtextqualify=" . $current_qualify_thread . "\" >" . Display::return_icon( 'quiz.png', diff --git a/main/group/group_overview.php b/main/group/group_overview.php index 898f4562ba..c63533d0ae 100755 --- a/main/group/group_overview.php +++ b/main/group/group_overview.php @@ -65,7 +65,8 @@ if (isset($_GET['action'])) { /* Header */ $interbreadcrumb[] = array('url' => 'group.php?'.api_get_cidreq(), 'name' => get_lang('Groups')); -if (!isset ($_GET['origin']) || $_GET['origin'] != 'learnpath') { +$origin = api_get_origin(); +if ($origin != 'learnpath') { // So we are not in learnpath tool if (!api_is_allowed_in_course()) { api_not_allowed(true); @@ -126,6 +127,6 @@ echo '
'; echo GroupManager::getOverview($courseId, $keyword); -if (!isset ($_GET['origin']) || $_GET['origin'] != 'learnpath') { +if ($origin != 'learnpath') { Display::display_footer(); } diff --git a/main/group/group_space.php b/main/group/group_space.php index bd2c411553..d5867ceca8 100755 --- a/main/group/group_space.php +++ b/main/group/group_space.php @@ -339,10 +339,10 @@ $table = new SortableTable( 'get_group_user_data', (api_is_western_name_order() xor api_sort_by_first_name()) ? 2 : 1 ); +$origin = api_get_origin(); $my_cidreq = isset($_GET['cidReq']) ? Security::remove_XSS($_GET['cidReq']) : ''; -$my_origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : ''; $my_gidreq = isset($_GET['gidReq']) ? Security::remove_XSS($_GET['gidReq']) : ''; -$parameters = array('cidReq' => $my_cidreq, 'origin'=> $my_origin, 'gidReq' => $my_gidreq); +$parameters = array('cidReq' => $my_cidreq, 'origin'=> $origin, 'gidReq' => $my_gidreq); $table->set_additional_parameters($parameters); $table->set_header(0, ''); @@ -532,8 +532,6 @@ function user_name_filter($name, $url_params, $row) return UserManager::getUserProfileLink($userInfo); } -// Footer -$orig = isset($origin) ? $origin : ''; -if ($orig != 'learnpath') { +if ($origin != 'learnpath') { Display::display_footer(); } diff --git a/main/work/work.lib.php b/main/work/work.lib.php index 7092d0ff0c..7f817e54c9 100755 --- a/main/work/work.lib.php +++ b/main/work/work.lib.php @@ -32,7 +32,7 @@ function display_action_links($id, $cur_dir_path, $action) } $display_output = ''; - $origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : ''; + $origin = api_get_origin(); if (!empty($id)) { $display_output .= ''.