[svn r13292] Fix encoding problem by using $charset inside calls to htmlentities() and htmlspecialchars

main/admin/class_list.php

@@ -1,5 +1,5 @@
 <?php
-// $Id: class_list.php 10926 2007-01-26 14:34:47Z elixir_julian $
+// $Id: class_list.php 13292 2007-09-27 01:59:07Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -83,9 +83,10 @@ function get_class_data($from, $number_of_items, $column, $direction)
  */
 function modify_filter($class_id)
 {
+	global $charset;
 	$result = '<a href="class_information.php?id='.$class_id.'"><img src="../img/synthese_view.gif" border="0" title="'.get_lang('Info').'" alt="'.get_lang('Info').'"/></a>';
 	$result .= '<a href="class_edit.php?idclass='.$class_id.'"><img src="../img/edit.gif" border="0" title="'.get_lang('Edit').'" alt="'.get_lang('Edit').'"/></a>';
-	$result .= '<a href="class_list.php?action=delete_class&amp;class_id='.$class_id.'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmYourChoice")))."'".')) return false;"><img src="../img/delete.gif" border="0" title="'.get_lang('Delete').'" alt="'.get_lang('Delete').'"/></a>';
+	$result .= '<a href="class_list.php?action=delete_class&amp;class_id='.$class_id.'" onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;"><img src="../img/delete.gif" border="0" title="'.get_lang('Delete').'" alt="'.get_lang('Delete').'"/></a>';
 	$result .= '<a href="subscribe_user2class.php?idclass='.$class_id.'"><img src="../img/add_multiple_users.gif" border="0" alt="'.get_lang('AddUsersToAClass').'" title="'.get_lang('AddUsersToAClass').'"/></a>';
 	return $result;
 }

main/admin/configure_homepage.php

@@ -1,4 +1,4 @@
-<?php // $Id: configure_homepage.php 13176 2007-09-21 14:28:33Z elixir_julian $
+<?php // $Id: configure_homepage.php 13292 2007-09-27 01:59:07Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -648,11 +648,11 @@ switch($action){
 		<tr><td colspan="2"><?php echo '<span style="font-style: italic;">'.get_lang('LetThoseFieldsEmptyToHideTheNotice').'</span>'; ?></tr>
 		<tr>
 		  <td nowrap="nowrap"><?php echo get_lang('NoticeTitle'); ?> :</td>
-		  <td><input type="text" name="notice_title" size="30" maxlength="50" value="<?php echo htmlentities($notice_title); ?>" style="width: 350px;"/></td>
+		  <td><input type="text" name="notice_title" size="30" maxlength="50" value="<?php echo htmlentities($notice_title,ENT_QUOTES,$charset); ?>" style="width: 350px;"/></td>
 		</tr>
 		<tr>
 		  <td nowrap="nowrap" valign="top"><?php echo get_lang('NoticeText'); ?> :</td>
-		  <td><textarea name="notice_text" cols="30" rows="5" wrap="virtual" style="width: 350px;"><?php echo htmlentities($notice_text); ?></textarea></td>
+		  <td><textarea name="notice_text" cols="30" rows="5" wrap="virtual" style="width: 350px;"><?php echo htmlentities($notice_text,ENT_QUOTES,$charset); ?></textarea></td>
 		</tr>
 		<tr>
 		  <td>&nbsp;</td>
@@ -681,11 +681,11 @@ switch($action){
 		?>		
 		<tr>
 		  <td nowrap="nowrap"><?php echo get_lang('LinkName'); ?> :</td>
-		  <td><input type="text" name="link_name" size="30" maxlength="50" value="<?php echo htmlentities($link_name); ?>" style="width: 350px;"/></td>
+		  <td><input type="text" name="link_name" size="30" maxlength="50" value="<?php echo htmlentities($link_name,ENT_QUOTES,$charset); ?>" style="width: 350px;"/></td>
 		</tr>
 		<tr>
 		  <td nowrap="nowrap"><?php echo get_lang('LinkURL'); ?> (<?php echo get_lang('Optional'); ?>) :</td>
-		  <td><input type="text" name="link_url" size="30" maxlength="100" value="<?php if(empty($link_url)) echo 'http://'; else echo htmlentities($link_url); ?>" style="width: 350px;"/></td>
+		  <td><input type="text" name="link_url" size="30" maxlength="100" value="<?php if(empty($link_url)) echo 'http://'; else echo htmlentities($link_url,ENT_QUOTES,$charset); ?>" style="width: 350px;"/></td>
 		</tr>
 		
 		<?php 
@@ -853,7 +853,7 @@ switch($action){
 		<table border="0" cellpadding="5" cellspacing="0" width="100%">
 		<tr>
 		  <td width="80%" colspan="2">
-			<a href="<?php echo api_get_self(); ?>?action=edit_top"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify')); ?>"/></a> <a href="<?php echo api_get_self(); ?>?action=edit_top"><?php echo get_lang('EditHomePage'); ?></a>
+			<a href="<?php echo api_get_self(); ?>?action=edit_top"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify'),ENT_QUOTES,$charset); ?>"/></a> <a href="<?php echo api_get_self(); ?>?action=edit_top"><?php echo get_lang('EditHomePage'); ?></a>
 		  </td>
 		  <td width="20%">
 			<a href="<?php echo api_get_self(); ?>?action=insert_link"><img src="../img/insert_row.png" border="0"/></a> <a href="<?php echo api_get_self(); ?>?action=insert_link"/><?php echo get_lang('InsertLink'); ?></a>
@@ -882,11 +882,11 @@ switch($action){
 			<tr>
 			  <td width="50%">
 				<br />
-				<a href="course_category.php"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify')); ?>"/></a> <a href="course_category.php"><?php echo get_lang('EditCategories'); ?></a>
+				<a href="course_category.php"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify'),ENT_QUOTES,$charset); ?>"/></a> <a href="course_category.php"><?php echo get_lang('EditCategories'); ?></a>
 			  </td>
 			  <td width="50%">
 				<br />
-				<!--<a href="<?php echo api_get_self(); ?>?action=edit_news"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify')); ?>"/></a> <a href="<?php echo api_get_self(); ?>?action=edit_news"><?php echo get_lang('EditNews'); ?></a>-->
+				<!--<a href="<?php echo api_get_self(); ?>?action=edit_news"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify'),ENT_QUOTES,$charset); ?>"/></a> <a href="<?php echo api_get_self(); ?>?action=edit_news"><?php echo get_lang('EditNews'); ?></a>-->
 			  </td>
 			</tr>
 			<tr>
@@ -972,8 +972,8 @@ switch($action){
 				
 						if(!empty($enreg))
 						{
-							$edit_link='<a href="'.api_get_self().'?action=edit_link&amp;link_index='.$key.'"><img src="../img/edit.gif" border="0" style="margin-top: 2px;" title="'.htmlentities(get_lang('Modify')).'"/></a>';
-							$delete_link='<a href="'.api_get_self().'?action=delete_link&amp;link_index='.$key.'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang('ConfirmYourChoice'))).'\')) return false;"><img src="../img/delete.gif" border="0" style="margin-top: 2px;" title="'.htmlentities(get_lang('Delete')).'"/></a>';
+							$edit_link='<a href="'.api_get_self().'?action=edit_link&amp;link_index='.$key.'"><img src="../img/edit.gif" border="0" style="margin-top: 2px;" title="'.htmlentities(get_lang('Modify'),ENT_QUOTES,$charset).'"/></a>';
+							$delete_link='<a href="'.api_get_self().'?action=delete_link&amp;link_index='.$key.'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang('ConfirmYourChoice'),ENT_QUOTES,$charset)).'\')) return false;"><img src="../img/delete.gif" border="0" style="margin-top: 2px;" title="'.htmlentities(get_lang('Delete'),ENT_QUOTES,$charset).'"/></a>';
 				
 							echo str_replace(array('href="'.api_get_path(WEB_PATH).'index.php?include=','</li>'),array('href="'.api_get_path(WEB_CODE_PATH).'admin/'.basename(api_get_self()).'?action=open_link&link=','<br />'.$edit_link.' '.$delete_link.'</li>'),$enreg);
 						}
@@ -984,7 +984,7 @@ switch($action){
 			</div>
 		
 			<br />
-			&nbsp;&nbsp;<a href="<?php echo api_get_self(); ?>?action=edit_notice"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify')); ?>"/></a> <a href="<?php echo api_get_self(); ?>?action=edit_notice"><?php echo get_lang('EditNotice'); ?></a>
+			&nbsp;&nbsp;<a href="<?php echo api_get_self(); ?>?action=edit_notice"><img src="../img/edit.gif" border="0" title="<?php echo htmlentities(get_lang('Modify'),ENT_QUOTES,$charset); ?>"/></a> <a href="<?php echo api_get_self(); ?>?action=edit_notice"><?php echo get_lang('EditNotice'); ?></a>
 		
 			<div class="note">
 		

main/admin/course_list.php

@@ -1,5 +1,5 @@
 <?php
-// $Id: course_list.php 12869 2007-08-03 10:11:46Z elixir_julian $
+// $Id: course_list.php 13292 2007-09-27 01:59:07Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -115,12 +115,13 @@ function get_course_data($from, $number_of_items, $column, $direction)
  */
 function modify_filter($code)
 {
+	global $charset;
 	return
 		'<a href="course_information.php?code='.$code.'"><img src="../img/synthese_view.gif" border="0" style="vertical-align: middle" title="'.get_lang('Info').'" alt="'.get_lang('Info').'"/></a>&nbsp;'.
 		'<a href="../course_home/course_home.php?cidReq='.$code.'"><img src="../img/course_home.gif" border="0" style="vertical-align: middle" title="'.get_lang('CourseHomepage').'" alt="'.get_lang('CourseHomepage').'"/></a>&nbsp;'.
 		'<a href="../tracking/courseLog.php?cidReq='.$code.'"><img src="../img/statistics.gif" border="0" style="vertical-align: middle" title="'.get_lang('Tracking').'" alt="'.get_lang('Tracking').'"/></a>&nbsp;'.
 		'<a href="course_edit.php?course_code='.$code.'"><img src="../img/edit.gif" border="0" style="vertical-align: middle" title="'.get_lang('Edit').'" alt="'.get_lang('Edit').'"/></a>&nbsp;'.
-		'<a href="course_list.php?delete_course='.$code.'"  onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmYourChoice")))."'".')) return false;"><img src="../img/delete.gif" border="0" style="vertical-align: middle" title="'.get_lang('Delete').'" alt="'.get_lang('Delete').'"/></a>';	
+		'<a href="course_list.php?delete_course='.$code.'"  onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;"><img src="../img/delete.gif" border="0" style="vertical-align: middle" title="'.get_lang('Delete').'" alt="'.get_lang('Delete').'"/></a>';	
 }
 if (isset ($_POST['action']))
 {

main/admin/session_add.php

@@ -105,7 +105,7 @@ if(!empty($errorMsg))
 
 <tr>
   <td width="30%"><?php echo get_lang('SessionName') ?>&nbsp;&nbsp;</td>
-  <td width="70%"><input type="text" name="name" size="50" maxlength="50" value="<?php if($formSent) echo htmlentities($name); ?>"></td>
+  <td width="70%"><input type="text" name="name" size="50" maxlength="50" value="<?php if($formSent) echo htmlentities($name,ENT_QUOTES,$charset); ?>"></td>
 </tr>
 <tr>
   <td width="30%"><?php echo get_lang('CoachName') ?>&nbsp;&nbsp;</td>

main/admin/session_course_edit.php

@@ -35,7 +35,7 @@ if(!list($session_name,$course_title)=mysql_fetch_row($result))
 
 $interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
 $interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang("SessionList"));
-$interbreadcrumb[]=array('url' => "session_course_list.php?id_session=$id_session","name" => get_lang("CourseSessionList")." "".htmlentities($session_name).""");
+$interbreadcrumb[]=array('url' => "session_course_list.php?id_session=$id_session","name" => get_lang("CourseSessionList")." "".htmlentities($session_name,ENT_QUOTES,$charset).""");
 
 if($_POST['formSent'])
 {

main/admin/session_course_list.php

@@ -59,7 +59,7 @@ $Courses=api_store_result($result);
 
 $nbr_results=sizeof($Sessions);
 
-$tool_name = htmlentities($session_name).' : '.get_lang('CourseListInSession');
+$tool_name = htmlentities($session_name,ENT_QUOTES,$charset).' : '.get_lang('CourseListInSession');
 
 $interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
 $interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang('SessionList'));
@@ -89,10 +89,10 @@ foreach($Courses as $key=>$enreg)
 {
 	$course = array();
 	$course[] = '<input type="checkbox" name="idChecked[]" value="'.$enreg['code'].'">';
-	$course[] = htmlentities($enreg['title']);
+	$course[] = htmlentities($enreg['title'],ENT_QUOTES,$charset);
 	$course[] = '<a href="session_course_user_list.php?id_session='.$id_session.'&course_code='.$enreg['code'].'">'.$enreg['nbr_users'].' '.get_lang('Users').'</a>';
 	$course[] = '<a href="session_course_edit.php?id_session='.$id_session.'&page=session_course_list.php&course_code='.$enreg['code'].'"><img src="../img/edit.gif" border="0" align="absmiddle" title="'.get_lang('Edit').'"></a>
-				<a href="'.api_get_self().'?id_session='.$id_session.'&sort='.$sort.'&action=delete&idChecked[]='.$enreg['code'].'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"))).'\')) return false;"><img src="../img/delete.gif" border="0" align="absmiddle" title="'.get_lang('Delete').'"></a>';
+				<a href="'.api_get_self().'?id_session='.$id_session.'&sort='.$sort.'&action=delete&idChecked[]='.$enreg['code'].'" onclick="javascript:if(!confirm(\''.addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset)).'\')) return false;"><img src="../img/delete.gif" border="0" align="absmiddle" title="'.get_lang('Delete').'"></a>';
 	$tableCourses[] = $course;
 }
 echo '<form method="post" action="'.api_get_self().'">';

main/admin/session_course_user_list.php

@@ -53,11 +53,11 @@ $Users=api_store_result($result);
 
 $nbr_results=sizeof($Users);
 
-$tool_name = get_lang('ListOfUsersSubscribedToCourse').' "'.htmlentities($course_title).'" '.get_lang('ForTheSession').' "'.htmlentities($session_name).'"';
+$tool_name = get_lang('ListOfUsersSubscribedToCourse').' "'.htmlentities($course_title,ENT_QUOTES,$charset).'" '.get_lang('ForTheSession').' "'.htmlentities($session_name,ENT_QUOTES,$charset).'"';
 
 $interbredcrump[]=array("url" => "index.php","name" => get_lang('AdministrationTools'));
 $interbredcrump[]=array("url" => "session_list.php","name" => get_lang('SessionList'));
-$interbredcrump[]=array("url" => "session_course_list.php?id_session=$id_session","name" => get_lang('ListOfCoursesOfSession')." "".htmlentities($session_name).""");
+$interbredcrump[]=array("url" => "session_course_list.php?id_session=$id_session","name" => get_lang('ListOfCoursesOfSession')." "".htmlentities($session_name,ENT_QUOTES,$charset).""");
 
 Display::display_header($tool_name);
 
@@ -128,9 +128,9 @@ foreach($Users as $key=>$enreg)
 
 <tr class="<?php echo $i?'row_odd':'row_even'; ?>">
   <td><input type="checkbox" name="idChecked[]" value="<?php echo $enreg['user_id']; ?>"></td>
-  <td><?php echo htmlentities($enreg['lastname']); ?></td>
-  <td><?php echo htmlentities($enreg['firstname']); ?></td>
-  <td><?php echo htmlentities($enreg['username']); ?></td>
+  <td><?php echo htmlentities($enreg['lastname'],ENT_QUOTES,$charset); ?></td>
+  <td><?php echo htmlentities($enreg['firstname'],ENT_QUOTES,$charset); ?></td>
+  <td><?php echo htmlentities($enreg['username'],ENT_QUOTES,$charset); ?></td>
   <td>
 	<a href="<?php echo api_get_self(); ?>?id_session=<?php echo $id_session; ?>&course_code=<?php echo urlencode($course_code); ?>&sort=<?php echo $sort; ?>&action=delete&idChecked[]=<?php echo $enreg['user_id']; ?>" onclick="javascript:if(!confirm('<?php echo get_lang('ConfirmYourChoice'); ?>')) return false;"><img src="../img/delete.gif" border="0" align="absmiddle" title="Effacer"></a>
   </td>

main/admin/session_edit.php

@@ -128,7 +128,7 @@ if(!empty($errorMsg))
 
 <tr>
   <td width="30%"><?php echo get_lang('SessionName') ?>&nbsp;&nbsp;</td>
-  <td width="70%"><input type="text" name="name" size="50" maxlength="50" value="<?php if($formSent) echo htmlentities($name); else echo htmlentities($infos['name']); ?>"></td>
+  <td width="70%"><input type="text" name="name" size="50" maxlength="50" value="<?php if($formSent) echo htmlentities($name,ENT_QUOTES,$charset); else echo htmlentities($infos['name'],ENT_QUOTES,$charset); ?>"></td>
 </tr>
 <tr>
   <td width="30%"><?php echo get_lang('CoachName') ?>&nbsp;&nbsp;</td>

main/admin/session_list.php

@@ -144,10 +144,10 @@ else
 
 	<tr class="<?php echo $i?'row_odd':'row_even'; ?>">
 	  <td><input type="checkbox" name="idChecked[]" value="<?php echo $enreg['id']; ?>"></td>
-	  <td><a href="resume_session.php?id_session=<?php echo $enreg['id']; ?>"><?php echo htmlentities($enreg['name']); ?></a></td>
+	  <td><a href="resume_session.php?id_session=<?php echo $enreg['id']; ?>"><?php echo htmlentities($enreg['name'],ENT_QUOTES,$charset); ?></a></td>
 	  <td><a href="session_course_list.php?id_session=<?php echo $enreg['id']; ?>"><?php echo $nb_courses; ?> cours</a></td>
-	  <td><?php echo htmlentities($enreg['date_start']); ?></td>
-	  <td><?php echo htmlentities($enreg['date_end']); ?></td>
+	  <td><?php echo htmlentities($enreg['date_start'],ENT_QUOTES,$charset); ?></td>
+	  <td><?php echo htmlentities($enreg['date_end'],ENT_QUOTES,$charset); ?></td>
 	  <td>
 		<a href="add_users_to_session.php?page=session_list.php&id_session=<?php echo $enreg['id']; ?>"><img src="../img/add_user_big.gif" border="0" align="absmiddle" title="<?php echo get_lang('SubscribeUsersToSession'); ?>"></a>
 		<a href="add_courses_to_session.php?page=session_list.php&id_session=<?php echo $enreg['id']; ?>"><img src="../img/synthese_view.gif" border="0" align="absmiddle" title="<?php echo get_lang('SubscribeCoursesToSession'); ?>"></a>

main/admin/system_announcements.php

@@ -1,5 +1,5 @@
 <?php
-// $Id: system_announcements.php 10976 2007-01-29 21:55:28Z pvandermaesen $
+// $Id: system_announcements.php 13292 2007-09-27 01:59:07Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -268,7 +268,7 @@ if ($show_announcement_list)
 		$row[] = "<a href=\"?id=".$announcement->id."&amp;person=".VISIBLE_GUEST."&amp;action=". ($announcement->visible_guest ? 'make_invisible' : 'make_visible')."\"><img src=\"../img/". ($announcement->visible_guest  ? 'visible.gif' : 'invisible.gif')."\" border=\"0\"></a>";
 		$row[] = $announcement->title;
 		$row[] = $announcement->lang;
-		$row[] = "<a href=\"?action=edit&id=".$announcement->id."\"><img src=\"../img/edit.gif\" border=\"0\"/></a> <a href=\"?action=delete&id=".$announcement->id."\"  onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("ConfirmYourChoice")))."')) return false;\"><img src=\"../img/delete.gif\" border=\"0\"/></a>";
+		$row[] = "<a href=\"?action=edit&id=".$announcement->id."\"><img src=\"../img/edit.gif\" border=\"0\"/></a> <a href=\"?action=delete&id=".$announcement->id."\"  onclick=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."')) return false;\"><img src=\"../img/delete.gif\" border=\"0\"/></a>";
 		$announcement_data[] = $row;
 	}
 	$table = new SortableTableFromArray($announcement_data);

main/admin/user_list.php

@@ -1,6 +1,6 @@
 <?php
 
-// $Id: user_list.php 12707 2007-07-05 16:39:50Z elixir_inter $
+// $Id: user_list.php 13292 2007-09-27 01:59:07Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -287,6 +287,7 @@ function email_filter($email)
  */
 function modify_filter($user_id,$url_params)
 {
+	global $charset;
 	$result .= '<a href="user_information.php?user_id='.$user_id.'"><img src="../img/synthese_view.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Info').'" alt="'.get_lang('Info').'"/></a>&nbsp;';
 	$result .= '<a href="user_list.php?action=login_as&amp;user_id='.$user_id.'&amp;sec_token='.$_SESSION['sec_token'].'"><img src="../img/login_as.gif" border="0" style="vertical-align: middle;" alt="'.get_lang('LoginAs').'" title="'.get_lang('LoginAs').'"/></a>&nbsp;';
 
@@ -302,7 +303,7 @@ function modify_filter($user_id,$url_params)
 	}
 
 	$result .= '<a href="user_edit.php?user_id='.$user_id.'"><img src="../img/edit.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Edit').'" alt="'.get_lang('Edit').'"/></a>&nbsp;';
-	$result .= '<a href="user_list.php?action=delete_user&amp;user_id='.$user_id.'&amp;'.$url_params.'&amp;sec_token='.$_SESSION['sec_token'].'"  onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmYourChoice")))."'".')) return false;"><img src="../img/delete.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Delete').'" alt="'.get_lang('Delete').'"/></a>';
+	$result .= '<a href="user_list.php?action=delete_user&amp;user_id='.$user_id.'&amp;'.$url_params.'&amp;sec_token='.$_SESSION['sec_token'].'"  onclick="javascript:if(!confirm('."'".addslashes(htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;"><img src="../img/delete.gif" border="0" style="vertical-align: middle;" title="'.get_lang('Delete').'" alt="'.get_lang('Delete').'"/></a>';
 	return $result;
 }
 

main/auth/courses.php

@@ -1,4 +1,4 @@
-<?php // $Id: courses.php 12472 2007-05-25 22:29:07Z yannoo $
+<?php // $Id: courses.php 13292 2007-09-27 01:59:07Z yannoo $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -396,7 +396,7 @@ function browse_courses_in_category()
 */
 function display_search_courses()
 {
-	global $_user;
+	global $_user,$charset;
 	echo "<p><b>".get_lang("SearchCourse")."</b><br />";
 	echo "<form class=\"course_list\" method=\"post\" action=\"".api_get_self()."?action=subscribe\">",
 					"<input type=\"hidden\" name=\"search_course\" value=\"1\" />",
@@ -405,7 +405,7 @@ function display_search_courses()
 					"</form>";
 	if (isset($_POST['search_course']))
 	{
-		echo "<p><b>".get_lang("SearchResultsFor")." ".htmlentities($_POST['search_term'])."</b><br />";
+		echo "<p><b>".get_lang("SearchResultsFor")." ".htmlentities($_POST['search_term'],ENT_QUOTES,$charset)."</b><br />";
 		$result_search_courses_array=search_courses($_POST['search_term']);
 		display_subscribe_to_courses($result_search_courses_array);
 	}
@@ -527,7 +527,7 @@ function delete_course_category($id)
 */
 function store_course_category()
 {
-	global $_user, $_configuration;
+	global $_user, $_configuration, $charset;
 
 	$DATABASE_USER_TOOLS = $_configuration['user_personal_database'];
 	$TABLE_USER_COURSE_CATEGORY = $DATABASE_USER_TOOLS."`.`user_course_category";
@@ -543,7 +543,7 @@ function store_course_category()
 	$result=api_sql_query($sql,__FILE__,__LINE__);
 	if (Database::num_rows($result) == 0)
 	{
-		$sql_insert="INSERT INTO `$TABLE_USER_COURSE_CATEGORY` (user_id, title,sort) VALUES ('".$_user['user_id']."', '".htmlentities($_POST['title_course_category'])."', '".$nextsort."')";
+		$sql_insert="INSERT INTO `$TABLE_USER_COURSE_CATEGORY` (user_id, title,sort) VALUES ('".$_user['user_id']."', '".htmlentities($_POST['title_course_category'],ENT_QUOTES,$charset)."', '".$nextsort."')";
 		api_sql_query($sql_insert,__FILE__,__LINE__);
 		Display::display_confirmation_message(get_lang("CourseCategoryStored"));
 	}
@@ -888,7 +888,7 @@ function display_subscribe_icon($current_course, $user_coursecodes)
 function display_course_icons($key, $number_of_courses, $course, $user_courses)
 {
 	//print_r($course);
-	global $safe;
+	global $safe,$charset;
 	echo "<table><tr><td>";
 	// the up icon
 	if ($key>0 AND $user_courses[$key-1]['user_course_category']==$course['user_course_category'])
@@ -914,7 +914,7 @@ function display_course_icons($key, $number_of_courses, $course, $user_courses)
 	{
 		if ($course['unsubscr'] == 1)
 			{	// changed link to submit to avoid action by the search tool indexer
-				echo	"<form action=\"".api_get_self()."\" method=\"post\" onsubmit=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("ConfirmUnsubscribeFromCourse")))."')) return false;\">";
+				echo	"<form action=\"".api_get_self()."\" method=\"post\" onsubmit=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("ConfirmUnsubscribeFromCourse"),ENT_QUOTES,$charset))."')) return false;\">";
 				echo 	"<input type=\"hidden\" name=\"unsubscribe\" value=\"".$course['code']."\" />";
 				echo 	"<input type=\"image\" name=\"unsub\" src=\"../img/delete.gif\" alt=\"".get_lang("_unsubscribe")."\" /></form>";
 			}
@@ -946,7 +946,7 @@ function display_course_icons($key, $number_of_courses, $course, $user_courses)
 */
 function display_category_icons($current_category, $all_user_categories)
 {
-	global $safe;
+	global $safe,$charset;
 	$max_category_key=count($all_user_categories);
 
 	if ($safe['action']<>'unsubscribe') // we are in the unsubscribe section then we do not show the icons.
@@ -957,7 +957,7 @@ function display_category_icons($current_category, $all_user_categories)
 		if ($current_category<>$all_user_categories[0])
 		{
 			echo "<a href=\"courses.php?action=".$safe['action']."&amp;move=up&amp;category=".$current_category."\">";
-			echo "<img src=\"../img/up.gif\" alt=\"".htmlentities(get_lang("Up"))."\"></a>";
+			echo "<img src=\"../img/up.gif\" alt=\"".htmlentities(get_lang("Up"),ENT_QUOTES,$charset)."\"></a>";
 		}
 		echo "</td>";
    		echo " <td rowspan=\"2\">";
@@ -967,7 +967,7 @@ function display_category_icons($current_category, $all_user_categories)
    		echo "</td>";
 		echo "<td rowspan=\"2\">";
 		echo " <a href=\"courses.php?action=deletecoursecategory&amp;id=".$current_category."\">";
-		Display::display_icon('delete.gif',get_lang('Edit'),array('onclick'=>"javascript:if(!confirm('".addslashes(htmlentities(get_lang("CourseCategoryAbout2bedeleted")))."')) return false;"));
+		Display::display_icon('delete.gif',get_lang('Edit'),array('onclick'=>"javascript:if(!confirm('".addslashes(htmlentities(get_lang("CourseCategoryAbout2bedeleted"),ENT_QUOTES,$charset))."')) return false;"));
 		echo "</a>";
 		echo "</td>";
  		echo "</tr>";
@@ -976,7 +976,7 @@ function display_category_icons($current_category, $all_user_categories)
 		if ($current_category<>$all_user_categories[$max_category_key-1])
 		{
 			echo "<a href=\"courses.php?action=".$safe['action']."&amp;move=down&amp;category=".$current_category."\">";
-			echo "<img src=\"../img/down.gif\" alt=\"".htmlentities(get_lang("Down"))."\"></a>";
+			echo "<img src=\"../img/down.gif\" alt=\"".htmlentities(get_lang("Down"),ENT_QUOTES,$charset)."\"></a>";
 		}
 		echo "</td>";
  		echo " </tr>";
@@ -1028,11 +1028,12 @@ function display_change_course_category_form($edit_course)
 */
 function display_unsubscribe_icons($course)
 {
+	global $charset;
 	if ($course['status'] != 1)
 	{
 		if ($course['unsubscribe'] == 1)
 			{	// changed link to submit to avoid action by the search tool indexer
-				echo	"<form action=\"".api_get_self()."\" method=\"post\" onsubmit=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("ConfirmUnsubscribeFromCourse")))."')) return false;\">";
+				echo	"<form action=\"".api_get_self()."\" method=\"post\" onsubmit=\"javascript:if(!confirm('".addslashes(htmlentities(get_lang("ConfirmUnsubscribeFromCourse"),ENT_QUOTES,$charset))."')) return false;\">";
 				echo 	"<input type=\"hidden\" name=\"unsubscribe\" value=\"".$course['code']."\" />";
 				echo 	"<input type=\"image\" name=\"unsub\" src=\"../img/delete.gif\" alt=\"".get_lang("_unsubscribe")."\" /></form>";
 			}
@@ -1150,12 +1151,12 @@ function display_edit_course_category_form($edit_course_category)
 */
 function store_edit_course_category()
 {
-	global $_user, $_configuration;
+	global $_user, $_configuration, $charset;
 
 	$DATABASE_USER_TOOLS = $_configuration['user_personal_database'];
 	$TABLE_USER_COURSE_CATEGORY = $DATABASE_USER_TOOLS."`.`user_course_category";
 
-	$sql_update="UPDATE `$TABLE_USER_COURSE_CATEGORY` SET title='".htmlentities($_POST['title_course_category'])."' WHERE id='".(int)$_POST['edit_course_category']."'";
+	$sql_update="UPDATE `$TABLE_USER_COURSE_CATEGORY` SET title='".htmlentities($_POST['title_course_category'],ENT_QUOTES,$charset)."' WHERE id='".(int)$_POST['edit_course_category']."'";
 	api_sql_query($sql_update,__FILE__,__LINE__);
 	//api_sql_query(sql_update);
 	return get_lang("CourseCategoryEditStored");

main/auth/my_progress.php

@@ -120,7 +120,7 @@ foreach($Courses as $enreg)
 
 <tr class='<?php echo $i?'row_odd':'row_even'; ?>'>
   	<td>
-		<?php echo htmlentities($enreg['title']); ?>
+		<?php echo htmlentities($enreg['title'],ENT_QUOTES,$charset); ?>
   	</td>
 
   	<td align='center'>