chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Format code, adding Database::escape_string() due recent merge.

Browse Source
1.9.x
Julio Montoya 11 years ago
parent 7f7aa78051
commit 39daaec711
4 changed files with 177 additions and 182 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 196
      main/course_description/course_description_controller.php
  2. 50
      main/exercice/exercise.class.php
  3. 23
      main/inc/lib/tracking.lib.php
  4. 2
      main/inc/lib/usermanager.lib.php

196
main/course_description/course_description_controller.php
Unescape View File

@ -2,25 +2,21 @@
/* For licensing terms, see /license.txt */ /* For licensing terms, see /license.txt */
/** /**
* Class CourseDescriptionController
* This file contains class used like controller, it should be included inside a dispatcher file (e.g: index.php) * This file contains class used like controller, it should be included inside a dispatcher file (e.g: index.php)
* @author Christian Fasanando <christian1827@gmail.com> * @author Christian Fasanando <christian1827@gmail.com>
* @package chamilo.course_description * @package chamilo.course_description
*/ */
class CourseDescriptionController
/** {
* Controller script. Prepares the common background variables to give to the scripts corresponding to
* the requested action
* @package chamilo.course_description
*/
class CourseDescriptionController { // extends Controller {
private $toolname; private $toolname;
private $view; private $view;
/** /**
* Constructor * Constructor
*/ */
public function __construct() { public function __construct()
{
$this->toolname = 'course_description'; $this->toolname = 'course_description';
$this->view = new View($this->toolname); $this->view = new View($this->toolname);
} }
@ -31,31 +27,29 @@ class CourseDescriptionController { // extends Controller {
* @param boolean true for listing history (optional) * @param boolean true for listing history (optional)
* @param array message for showing by action['edit','add','destroy'] (optional) * @param array message for showing by action['edit','add','destroy'] (optional)
*/ */
public function listing($history=false, $messages=array()) { public function listing($history=false, $messages=array())
{
$course_description = new CourseDescription(); $course_description = new CourseDescription();
$session_id = api_get_session_id(); $session_id = api_get_session_id();
$course_description->set_session_id($session_id); $course_description->set_session_id($session_id);
$data = array(); $data = array();
$course_description_data = $course_description->get_description_data();
$course_description_data = $course_description->get_description_data(); $data['descriptions'] = $course_description_data['descriptions'];
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['descriptions'] = $course_description_data['descriptions']; $data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_icon'] = $course_description->get_default_description_icon();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['messages'] = $messages;
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['messages'] = $messages;
$browser = api_get_navigator(); $browser = api_get_navigator();
if (strpos($data['descriptions'], '<iframe') !== false && $browser['name'] == 'Chrome') { if (strpos($data['descriptions'], '<iframe') !== false && $browser['name'] == 'Chrome') {
header("X-XSS-Protection: 0"); header("X-XSS-Protection: 0");
} }
// render to the view // render to the view
$this->view->set_data($data); $this->view->set_data($data);
$this->view->set_layout('layout'); $this->view->set_layout('layout');
$this->view->set_template('listing'); $this->view->set_template('listing');
$this->view->render(); $this->view->render();
} }
/** /**
@ -64,99 +58,98 @@ class CourseDescriptionController { // extends Controller {
* @param int description type * @param int description type
*/ */
public function edit($id, $description_type) public function edit($id, $description_type)
{ {
$course_description = new CourseDescription(); $course_description = new CourseDescription();
$session_id = api_get_session_id(); $session_id = api_get_session_id();
$course_description->set_session_id($session_id); $course_description->set_session_id($session_id);
$data = array(); $data = array();
$data['id'] = $id; $data['id'] = $id;
if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) { if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) {
$check = Security::check_token();
$check = Security::check_token(); if ($check) {
if ($check) { $title = $_POST['title'];
$title = $_POST['title']; if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
if (api_get_setting('wcag_anysurfer_public_pages') == 'true') { $content = WCAG_Rendering::prepareXHTML();
$content = WCAG_Rendering::prepareXHTML(); } else {
} else { $content = $_POST['contentDescription'];
$content = $_POST['contentDescription'];
}
$description_type = $_POST['description_type'];
$id = $_POST['id'];
$progress = $_POST['progress'];
$course_description->set_description_type($description_type);
$course_description->set_title($title);
$course_description->set_content($content);
$course_description->set_progress($progress);
$thematic_advance = $course_description->get_data_by_id($id);
if (!empty($thematic_advance)) {
$course_description->set_id($id);
$affected_rows = $course_description->update();
} else {
$affected_rows = $course_description->insert();
}
Security::clear_token();
} }
$description_type = $_POST['description_type'];
if ($affected_rows) { $id = $_POST['id'];
$message['edit'] = true; $progress = $_POST['progress'];
$course_description->set_description_type($description_type);
$course_description->set_title($title);
$course_description->set_content($content);
$course_description->set_progress($progress);
$thematic_advance = $course_description->get_data_by_id($id);
if (!empty($thematic_advance)) {
$course_description->set_id($id);
$affected_rows = $course_description->update();
} else {
$affected_rows = $course_description->insert();
} }
$this->listing(false, $message); Security::clear_token();
} else {
$data['error'] = 1;
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['question'] = $course_description->get_default_question();
$data['information'] = $course_description->get_default_information();
$data['description_title'] = $_POST['title'];
$data['description_content'] = $_POST['contentDescription'];
$data['description_type'] = $_POST['description_type'];
$data['progress'] = $_POST['progress'];
$data['descriptions'] = $course_description->get_data_by_id($_POST['id']);
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('edit');
$this->view->render();
} }
} else {
if ($affected_rows) {
$message['edit'] = true;
}
$this->listing(false, $message);
} else {
$data['error'] = 1;
$data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon(); $data['default_description_icon'] = $course_description->get_default_description_icon();
$data['question'] = $course_description->get_default_question(); $data['question'] = $course_description->get_default_question();
$data['information'] = $course_description->get_default_information(); $data['information'] = $course_description->get_default_information();
$data['description_title'] = $_POST['title'];
$data['description_type'] = $description_type; $data['description_content'] = $_POST['contentDescription'];
$data['description_type'] = $_POST['description_type'];
if (!empty($id)) { $data['progress'] = $_POST['progress'];
if (isset($_GET['id_session'])) { $data['descriptions'] = $course_description->get_data_by_id($_POST['id']);
$session_id = intval($_GET['id_session']);
}
$course_description_data = $course_description->get_data_by_id($id, null, $session_id);
$data['description_type'] = $course_description_data['description_type'];
$data['description_title'] = $course_description_data['description_title'];
$data['description_content'] = $course_description_data['description_content'];
$data['progress'] = $course_description_data['progress'];
$data['descriptions'] = $course_description->get_data_by_description_type($description_type, null, $session_id);
}
// render to the view // render to the view
$this->view->set_data($data); $this->view->set_data($data);
$this->view->set_layout('layout'); $this->view->set_layout('layout');
$this->view->set_template('edit'); $this->view->set_template('edit');
$this->view->render(); $this->view->render();
} }
} else {
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['question'] = $course_description->get_default_question();
$data['information'] = $course_description->get_default_information();
$data['description_type'] = $description_type;
if (!empty($id)) {
if (isset($_GET['id_session'])) {
$session_id = intval($_GET['id_session']);
}
$course_description_data = $course_description->get_data_by_id($id, null, $session_id);
$data['description_type'] = $course_description_data['description_type'];
$data['description_title'] = $course_description_data['description_title'];
$data['description_content'] = $course_description_data['description_content'];
$data['progress'] = $course_description_data['progress'];
$data['descriptions'] = $course_description->get_data_by_description_type($description_type, null, $session_id);
}
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('edit');
$this->view->render();
} }
}
/** /**
* It's used for adding a course description, * It's used for adding a course description,
* render to listing or add view * render to listing or add view
*/ */
public function add() { public function add()
{
$course_description = new CourseDescription(); $course_description = new CourseDescription();
$session_id = api_get_session_id(); $session_id = api_get_session_id();
$course_description->set_session_id($session_id); $course_description->set_session_id($session_id);
@ -221,7 +214,8 @@ class CourseDescriptionController { // extends Controller {
* render to listing view * render to listing view
* @param int description type * @param int description type
*/ */
public function destroy($id) { public function destroy($id)
{
$course_description = new CourseDescription(); $course_description = new CourseDescription();
$session_id = api_get_session_id(); $session_id = api_get_session_id();
$course_description->set_session_id($session_id); $course_description->set_session_id($session_id);

50
main/exercice/exercise.class.php
Unescape View File

@ -4215,36 +4215,39 @@ class Exercise
} }
/** /**
* @param int courseid * @param int $courseId
* @param int sessionid * @param int $sessionId
* @return array exercises * @return array exercises
*/ */
public function getExercisesByCouseSession($courseId, $sessionId) public function getExercisesByCouseSession($courseId, $sessionId)
{ {
$courseId = intval($courseId);
$sessionId = intval($sessionId);
$tbl_quiz = Database::get_course_table(TABLE_QUIZ_TEST); $tbl_quiz = Database::get_course_table(TABLE_QUIZ_TEST);
$sql = "SELECT * FROM $tbl_quiz cq " $sql = "SELECT * FROM $tbl_quiz cq
. "WHERE " WHERE
. "cq.c_id = %s AND " cq.c_id = %s AND
. "( cq.session_id = %s OR cq.session_id = 0 ) AND " (cq.session_id = %s OR cq.session_id = 0) AND
. "cq.active = 0 " cq.active = 0
. "ORDER BY cq.id"; ORDER BY cq.id";
$sql = sprintf($sql, $courseId, $sessionId); $sql = sprintf($sql, $courseId, $sessionId);
$result = Database::query($sql); $result = Database::query($sql);
$rows = array(); $rows = array();
while($row = Database::fetch_array($result, 'ASSOC')) { while ($row = Database::fetch_array($result, 'ASSOC')) {
$rows[] = $row; $rows[] = $row;
} }
return $rows; return $rows;
} }
/** /**
* @param int courseid *
* @param int sessionid * @param int $courseId
* @param array quizId * @param int $sessionId
* @param array $quizId
* @return array exercises * @return array exercises
*/ */
public function getExerciseAndResult($courseId, $sessionId, $quizId = array()) public function getExerciseAndResult($courseId, $sessionId, $quizId = array())
@ -4253,14 +4256,12 @@ class Exercise
return array(); return array();
} }
$ids = is_array($quizId) ? $quizId : array($quizId); $sessionId = intval($sessionId);
$ids = array_map('intval', $quizId);
$ids = implode(',', $quizId);
$tbl_quiz = Database::get_course_table(TABLE_QUIZ_TEST); $ids = is_array($quizId) ? $quizId : array($quizId);
$ids = array_map('intval', $ids);
$ids = implode(',', $ids);
$track_exercises = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES); $track_exercises = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES);
$whSession = "";
if ($sessionId != 0) { if ($sessionId != 0) {
$sql = "SELECT * FROM $track_exercises te " $sql = "SELECT * FROM $track_exercises te "
. "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id " . "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id "
@ -4272,7 +4273,6 @@ class Exercise
. "ORDER BY cq.id "; . "ORDER BY cq.id ";
$sql = sprintf($sql, $courseId, $sessionId, $ids); $sql = sprintf($sql, $courseId, $sessionId, $ids);
$whSession = "te.session_id = %s AND ";
} else { } else {
$sql = "SELECT * FROM $track_exercises te " $sql = "SELECT * FROM $track_exercises te "
. "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id " . "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id "
@ -4283,14 +4283,10 @@ class Exercise
. "ORDER BY cq.id "; . "ORDER BY cq.id ";
$sql = sprintf($sql, $courseId, $ids); $sql = sprintf($sql, $courseId, $ids);
} }
$sql = sprintf($sql, $courseId, $sessionId, $ids);
$result = Database::query($sql); $result = Database::query($sql);
$rows = array(); $rows = array();
while($row = Database::fetch_array($result, 'ASSOC')) { while ($row = Database::fetch_array($result, 'ASSOC')) {
$rows[] = $row; $rows[] = $row;
} }
return $rows; return $rows;

23
main/inc/lib/tracking.lib.php
Unescape View File

@ -3980,13 +3980,16 @@ class Tracking
INNER JOIN $ttrack_attempt ta ON ta.exe_id = te.exe_id INNER JOIN $ttrack_attempt ta ON ta.exe_id = te.exe_id
INNER JOIN $tquiz q ON q.id = te.exe_exo_id INNER JOIN $tquiz q ON q.id = te.exe_exo_id
INNER JOIN $tquiz_rel_question rq ON rq.exercice_id = q.id AND rq.c_id = q.c_id INNER JOIN $tquiz_rel_question rq ON rq.exercice_id = q.id AND rq.c_id = q.c_id
INNER JOIN $tquiz_question qq ON qq.id = rq.question_id INNER JOIN $tquiz_question qq
AND qq.c_id = rq.c_id ON
AND qq.position = rq.question_order qq.id = rq.question_id AND
AND ta.question_id = rq.question_id qq.c_id = rq.c_id AND
WHERE te.exe_cours_id = '$whereCourseCode' ".(empty($whereSessionParams)?'':"AND te.session_id IN ($whereSessionParams)")." qq.position = rq.question_order AND
AND q.c_id = $courseIdx ta.question_id = rq.question_id
$where $order $limit"; WHERE
te.exe_cours_id = '$whereCourseCode' ".(empty($whereSessionParams)?'':"AND te.session_id IN ($whereSessionParams)")."
AND q.c_id = $courseIdx
$where $order $limit";
$sql_query = vsprintf($sql, $whereParams); $sql_query = vsprintf($sql, $whereParams);
// Now browse through the results and get the data // Now browse through the results and get the data
@ -4030,7 +4033,9 @@ class Tracking
} }
// Now fill users data // Now fill users data
$sqlUsers = "SELECT user_id, username, lastname, firstname FROM $tuser WHERE user_id IN (".implode(',',$userIds).")"; $sqlUsers = "SELECT user_id, username, lastname, firstname
FROM $tuser
WHERE user_id IN (".implode(',',$userIds).")";
$resUsers = Database::query($sqlUsers); $resUsers = Database::query($sqlUsers);
while ($rowUser = Database::fetch_assoc($resUsers)) { while ($rowUser = Database::fetch_assoc($resUsers)) {
$users[$rowUser['user_id']] = $rowUser; $users[$rowUser['user_id']] = $rowUser;
@ -4064,8 +4069,6 @@ class Tracking
question, question,
answer, answer,
*/ */
} }
return $data; return $data;
} }

2
main/inc/lib/usermanager.lib.php
Unescape View File

@ -956,10 +956,12 @@ class UserManager
} }
if (!is_null($order)) { if (!is_null($order)) {
$order = Database::escape_string($order);
$sql .= ' ORDER BY ' . $order; $sql .= ' ORDER BY ' . $order;
} }
if (!is_null($limit)) { if (!is_null($limit)) {
$limit = Database::escape_string($limit);
$sql .= ' LIMIT ' . $limit; $sql .= ' LIMIT ' . $limit;
} }

Write Preview
Loading…
Cancel
Save