From 3eba8ceee28b79b9ef3b57b7de9edcb5a7dbb56c Mon Sep 17 00:00:00 2001 From: nosolored Date: Mon, 17 Apr 2017 12:51:42 +0200 Subject: [PATCH] Fix security and code convections --- plugin/sepe/admin.php | 2 +- plugin/sepe/config.php | 8 +- plugin/sepe/database.php | 230 +++++----- plugin/sepe/lang/english.php | 1 + plugin/sepe/lang/spanish.php | 5 +- plugin/sepe/src/configuration.php | 1 - plugin/sepe/src/formative-action-edit.php | 85 ++-- plugin/sepe/src/formative-action.php | 63 ++- plugin/sepe/src/formative-actions-list.php | 51 ++- plugin/sepe/src/function.php | 55 ++- plugin/sepe/src/identification-data-edit.php | 37 +- plugin/sepe/src/identification-data.php | 1 - plugin/sepe/src/index.sepe.php | 59 ++- plugin/sepe/src/participant-action-edit.php | 398 +++++++++--------- .../sepe/src/participant-specialty-edit.php | 178 ++++---- plugin/sepe/src/sepe-administration-menu.php | 1 - plugin/sepe/src/sepe.lib.php | 118 ++++-- plugin/sepe/src/sepe_plugin.class.php | 122 +++--- plugin/sepe/src/specialty-action-edit.php | 177 ++++---- plugin/sepe/src/specialty-classroom-edit.php | 60 ++- plugin/sepe/src/specialty-tutor-edit.php | 129 +++--- plugin/sepe/src/specialty-tutorial-edit.php | 85 ++-- plugin/sepe/view/formative-actions-list.tpl | 30 +- plugin/sepe/view/participant-action-edit.tpl | 14 +- plugin/sepe/view/sepe-administration-menu.tpl | 2 +- plugin/sepe/view/specialty-tutor-edit.tpl | 4 +- 26 files changed, 988 insertions(+), 928 deletions(-) diff --git a/plugin/sepe/admin.php b/plugin/sepe/admin.php index d92fbe8886..5eca80d26b 100644 --- a/plugin/sepe/admin.php +++ b/plugin/sepe/admin.php @@ -8,5 +8,5 @@ $pluginPath = api_get_path(WEB_PLUGIN_PATH).'sepe/src/sepe-administration-menu.p if ($enable && api_is_platform_admin()) { header('Location:'.$pluginPath); } else { - header('Location: ../../index.php'); + header('Location: ../../index.php'); } \ No newline at end of file diff --git a/plugin/sepe/config.php b/plugin/sepe/config.php index db5ae7d2ef..9e7c869a62 100644 --- a/plugin/sepe/config.php +++ b/plugin/sepe/config.php @@ -2,10 +2,10 @@ /* For licensing terms, see /license.txt */ /** * Config the plugin -* @author Jose Angel Ruiz -* @author Julio Montoya -* @package chamilo.plugin.sepe -*/ + * @author Jose Angel Ruiz + * @author Julio Montoya + * @package chamilo.plugin.sepe + */ require_once __DIR__ . '/../../main/inc/global.inc.php'; require_once api_get_path(LIBRARY_PATH).'plugin.class.php'; diff --git a/plugin/sepe/database.php b/plugin/sepe/database.php index e974659867..4570ddaa7d 100644 --- a/plugin/sepe/database.php +++ b/plugin/sepe/database.php @@ -18,12 +18,12 @@ $connection = $entityManager->getConnection(); $platform = $connection->getDatabasePlatform(); //Create tables -/* ========== PLUGIN_SEPE_CENTER ========== */ +/* ========== PLUGIN_SEPE_CENTER ========== */ $sepeCenterTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_CENTER); $sepeCenterTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeCenterTable->addColumn('center_origin', \Doctrine\DBAL\Types\Type::STRING); $sepeCenterTable->addColumn('center_code', \Doctrine\DBAL\Types\Type::STRING); @@ -34,12 +34,12 @@ $sepeCenterTable->addColumn('phone', \Doctrine\DBAL\Types\Type::STRING); $sepeCenterTable->addColumn('mail', \Doctrine\DBAL\Types\Type::STRING); $sepeCenterTable->setPrimaryKey(array('d')); -/* ========== PLUGIN_SEPE_ACTIONS ========== */ +/* ========== PLUGIN_SEPE_ACTIONS ========== */ $sepeActionsTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_ACTIONS); $sepeActionsTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeActionsTable->addColumn( 'action_origin', @@ -82,7 +82,7 @@ $sepeActionsTable->addColumn( 'full_itinerary_indicator', \Doctrine\DBAL\Types\Type::STRING, array('length' => 2) -); //enum('SI','NO') +); $sepeActionsTable->addColumn( 'financing_type', \Doctrine\DBAL\Types\Type::STRING, @@ -104,12 +104,12 @@ $sepeActionsTable->addColumn('requirements', \Doctrine\DBAL\Types\Type::TEXT); $sepeActionsTable->addColumn('contact_action', \Doctrine\DBAL\Types\Type::TEXT); $sepeActionsTable->setPrimaryKey(array('id')); -/* ========== PLUGIN_SEPE_SPECIALTY ========== */ +/* ==========PLUGIN_SEPE_SPECIALTY========== */ $sepeSpecialtyTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_SPECIALTY); $sepeSpecialtyTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeSpecialtyTable->addColumn( 'action_id', @@ -231,12 +231,12 @@ $sepeSpecialtyTable->addForeignKeyConstraint( array('onDelete' => 'CASCADE') ); -/* ========== PLUGIN_SEPE_CENTROS ========== */ +/* ========== PLUGIN_SEPE_CENTROS ========== */ $sepeCentrosTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_CENTERS); $sepeCentrosTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeCentrosTable->addColumn( 'center_origin', @@ -250,13 +250,13 @@ $sepeCentrosTable->addColumn( ); $sepeCentrosTable->setPrimaryKey(array('cod')); -/* ========== PLUGIN_SEPE_SPECIALTY_CLASSROOM ========== */ +/* ========== PLUGIN_SEPE_SPECIALTY_CLASSROOM ========== */ $sepeSpecialtyClassroomTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_SPECIALTY_CLASSROOM); $sepeSpecialtyClassroomTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) -); + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) + ); $sepeSpecialtyClassroomTable->addColumn( 'specialty_id', \Doctrine\DBAL\Types\Type::INTEGER, @@ -275,12 +275,12 @@ $sepeSpecialtyClassroomTable->addForeignKeyConstraint( array('onDelete' => 'CASCADE') ); -/* ========== PLUGIN_SEPE_TUTORS ========== */ +/* ========== PLUGIN_SEPE_TUTORS ========== */ $sepeTutorsTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_TUTORS); $sepeTutorsTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeTutorsTable->addColumn( 'platform_user_id', @@ -329,12 +329,12 @@ $sepeTutorsTable->addColumn( ); $sepeTutorsTable->setPrimaryKey(array('id')); -/* ========== PLUGIN_SEPE_SPECIALTY_TUTORS ========== */ +/* ========== PLUGIN_SEPE_SPECIALTY_TUTORS ========== */ $sepeSpecialtyTutorsTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_SPECIALTY_TUTORS); $sepeSpecialtyTutorsTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeSpecialtyTutorsTable->addColumn( 'specialty_id', @@ -379,12 +379,12 @@ $sepeSpecialtyTutorsTable->addForeignKeyConstraint( array('onDelete' => 'CASCADE') ); -/* ========== PLUGIN_SEPE_TUTORS_EMPRESA ========== */ +/* ========== PLUGIN_SEPE_TUTORS_EMPRESA ========== */ $sepeTutorsCompanyTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_TUTORS_COMPANY); $sepeTutorsCompanyTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeTutorsCompanyTable->addColumn( 'alias', @@ -415,15 +415,15 @@ $sepeTutorsCompanyTable->addColumn( 'training', \Doctrine\DBAL\Types\Type::STRING, array('length' => 2) -); -$sepeTutorsCompanyTable->setPrimaryKey(array('cod')); - -/* ========== PLUGIN_SEPE_PARTICIPANTS ========== */ +); +$sepeTutorsCompanyTable->setPrimaryKey(array('cod')); + +/* ========== PLUGIN_SEPE_PARTICIPANTS ========== */ $sepeParticipantsTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_PARTICIPANTS); $sepeParticipantsTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeParticipantsTable->addColumn( 'action_id', @@ -495,12 +495,12 @@ $sepeParticipantsTable->addForeignKeyConstraint( array('onDelete' => 'CASCADE') ); -/* ========== PLUGIN_SEPE_PARTICIPANTS_SPECIALTY ========== */ +/* ========== PLUGIN_SEPE_PARTICIPANTS_SPECIALTY ========== */ $sepeParticipantsSpecialtyTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_PARTICIPANTS_SPECIALTY); $sepeParticipantsSpecialtyTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeParticipantsSpecialtyTable->addColumn( 'participant_id', @@ -523,14 +523,14 @@ $sepeParticipantsSpecialtyTable->addColumn( array('length' => 14, 'notnull' => false) ); $sepeParticipantsSpecialtyTable->addColumn( - 'registration_date', - \Doctrine\DBAL\Types\Type::DATE, - array('notnull' => false) + 'registration_date', + \Doctrine\DBAL\Types\Type::DATE, + array('notnull' => false) ); $sepeParticipantsSpecialtyTable->addColumn( - 'leaving_date', - \Doctrine\DBAL\Types\Type::DATE, - array('notnull' => false) + 'leaving_date', + \Doctrine\DBAL\Types\Type::DATE, + array('notnull' => false) ); $sepeParticipantsSpecialtyTable->addColumn( 'center_origin', @@ -543,14 +543,14 @@ $sepeParticipantsSpecialtyTable->addColumn( array('length' => 16, 'notnull' => false) ); $sepeParticipantsSpecialtyTable->addColumn( - 'start_date', - \Doctrine\DBAL\Types\Type::DATE, - array('notnull' => false) + 'start_date', + \Doctrine\DBAL\Types\Type::DATE, + array('notnull' => false) ); $sepeParticipantsSpecialtyTable->addColumn( - 'end_date', - \Doctrine\DBAL\Types\Type::DATE, - array('notnull' => false) + 'end_date', + \Doctrine\DBAL\Types\Type::DATE, + array('notnull' => false) ); $sepeParticipantsSpecialtyTable->addColumn( 'final_result', @@ -575,12 +575,12 @@ $sepeParticipantsSpecialtyTable->addForeignKeyConstraint( array('onDelete' => 'CASCADE') ); -/* ========== PLUGIN_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS ========== */ +/* ========== PLUGIN_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS ========== */ $sepeParticipantsSpecialtyTutorialsTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS); $sepeParticipantsSpecialtyTutorialsTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeParticipantsSpecialtyTutorialsTable->addColumn( 'participant_specialty_id', @@ -607,16 +607,16 @@ $sepeParticipantsSpecialtyTutorialsTable->addForeignKeyConstraint( array('onDelete' => 'CASCADE') ); -/* ========== PLUGIN_SEPE_COURSE_ACTIONS ========== */ +/* ========== PLUGIN_SEPE_COURSE_ACTIONS ========== */ $sepeCourseActionsTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_COURSE_ACTIONS); $sepeCourseActionsTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeCourseActionsTable->addColumn( 'course_id', - \Doctrine\DBAL\Types\Type::INTEGER, + \Doctrine\DBAL\Types\Type::INTEGER, array('unsigned' => true) ); $sepeCourseActionsTable->addColumn( @@ -632,27 +632,27 @@ $sepeCourseActionsTable->addForeignKeyConstraint( array('onDelete' => 'CASCADE') ); -/* ========== PLUGIN_SEPE_COMPETENCIA_DOCENTE ========== */ -$sepeCompetenciaDocenteTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_TEACHING_COMPETENCE); -$sepeCompetenciaDocenteTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) +/* ========== PLUGIN_SEPE_TEACHING_COMPETENCE ========== */ +$sepeTeachingCompetenceTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_TEACHING_COMPETENCE); +$sepeTeachingCompetenceTable->addColumn( + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); -$sepeCompetenciaDocenteTable->addColumn( +$sepeTeachingCompetenceTable->addColumn( 'code', \Doctrine\DBAL\Types\Type::STRING, array('length' => 2) ); -$sepeCompetenciaDocenteTable->addColumn('value', \Doctrine\DBAL\Types\Type::TEXT); -$sepeCompetenciaDocenteTable->setPrimaryKey(array('id')); +$sepeTeachingCompetenceTable->addColumn('value', \Doctrine\DBAL\Types\Type::TEXT); +$sepeTeachingCompetenceTable->setPrimaryKey(array('id')); -/* ========== PLUGIN_SEPE_LOG_PARTICIPANT ========== */ +/* ========== PLUGIN_SEPE_LOG_PARTICIPANT ========== */ $sepeLogParticipantTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_LOG_PARTICIPANT); $sepeLogParticipantTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeLogParticipantTable->addColumn( 'platform_user_id', @@ -668,12 +668,12 @@ $sepeLogParticipantTable->addColumn('registration_date', \Doctrine\DBAL\Types\Ty $sepeLogParticipantTable->addColumn('leaving_date', \Doctrine\DBAL\Types\Type::DATETIME); $sepeLogParticipantTable->setPrimaryKey(array('id')); -/* ========== PLUGIN_SEPE_LOG_MOD_PARTICIPANT ========== */ +/* ========== PLUGIN_SEPE_LOG_MOD_PARTICIPANT ========== */ $sepeLogModParticipantTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_LOG_MOD_PARTICIPANT); $sepeLogModParticipantTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeLogModParticipantTable->addColumn( 'platform_user_id', @@ -688,12 +688,12 @@ $sepeLogModParticipantTable->addColumn( $sepeLogModParticipantTable->addColumn('change_date', \Doctrine\DBAL\Types\Type::DATETIME); $sepeLogModParticipantTable->setPrimaryKey(array('id')); -/* ========== PLUGIN_SEPE_LOG ========== */ +/* ==========PLUGIN_SEPE_LOG ========== */ $sepeLogTable = $pluginSchema->createTable(SepePlugin::TABLE_SEPE_LOG); $sepeLogTable->addColumn( - 'id', - \Doctrine\DBAL\Types\Type::INTEGER, - array('autoincrement' => true, 'unsigned' => true) + 'id', + \Doctrine\DBAL\Types\Type::INTEGER, + array('autoincrement' => true, 'unsigned' => true) ); $sepeLogTable->addColumn( 'ip', @@ -708,7 +708,6 @@ $sepeLogTable->addColumn( $sepeLogTable->addColumn('date', \Doctrine\DBAL\Types\Type::DATETIME); $sepeLogTable->setPrimaryKey(array('id')); - $queries = $pluginSchema->toSql($platform); foreach ($queries as $query) { @@ -718,12 +717,12 @@ foreach ($queries as $query) { //Insert data $sepeTeachingCompetenceTable = Database::get_main_table(SepePlugin::TABLE_SEPE_TEACHING_COMPETENCE); $competences = array( - array(1, '01', 'Certificado de profesionalidad de docencia de la formación profesional para el empleo regulado por Real Decreto 1697/2011, de 18 de noviembre.'), - array(2, '02', 'Certificado de profesionalidad de formador ocupacional.'), - array(3, '03', 'Certificado de Aptitud Pedagógica o título profesional de Especialización Didáctica o Certificado de Cualificación Pedagógica.'), - array(4, '04', 'Máster Universitario habilitante para el ejercicio de las Profesiones reguladas de Profesor de Educación Secundaria Obligatoria y Bachillerato, Formación Profesional y Escuelas Oficiales de Idiomas.'), - array(5, '05', 'Curso de formación equivalente a la formación pedagógica y didáctica exigida para aquellas personas que, estando en posesion de una titulación declarada equivalente a efectos de docencia, no pueden realizar los estudios de máster, establecida en la disposición adicional primera del Real Decreto 1834/2008, de 8 de noviembre.'), - array(6, '06', 'Experiencia docente contrastada de al menos 600 horas de impartición de acciones formativas de formación profesional para el empleo o del sistema educativo en modalidad presencial, en los últimos diez años.') + array(1, '01', 'Certificado de profesionalidad de docencia de la formación profesional para el empleo regulado por Real Decreto 1697/2011, de 18 de noviembre.'), + array(2, '02', 'Certificado de profesionalidad de formador ocupacional.'), + array(3, '03', 'Certificado de Aptitud Pedagógica o título profesional de Especialización Didáctica o Certificado de Cualificación Pedagógica.'), + array(4, '04', 'Máster Universitario habilitante para el ejercicio de las Profesiones reguladas de Profesor de Educación Secundaria Obligatoria y Bachillerato, Formación Profesional y Escuelas Oficiales de Idiomas.'), + array(5, '05', 'Curso de formación equivalente a la formación pedagógica y didáctica exigida para aquellas personas que, estando en posesion de una titulación declarada equivalente a efectos de docencia, no pueden realizar los estudios de máster, establecida en la disposición adicional primera del Real Decreto 1834/2008, de 8 de noviembre.'), + array(6, '06', 'Experiencia docente contrastada de al menos 600 horas de impartición de acciones formativas de formación profesional para el empleo o del sistema educativo en modalidad presencial, en los últimos diez años.') ); foreach ($competences as $competence) { @@ -738,15 +737,15 @@ foreach ($competences as $competence) { } $sepeTutorsCompanyTable = Database::get_main_table(SepePlugin::TABLE_SEPE_TUTORS_COMPANY); - Database::insert( - $sepeTutorsCompanyTable, - array( - 'cod' => 1, - 'alias' => 'Sin tutor', - 'company' => 'SI', - 'training' => 'SI' - ) - ); +Database::insert( + $sepeTutorsCompanyTable, + array( + 'cod' => 1, + 'alias' => 'Sin tutor', + 'company' => 'SI', + 'training' => 'SI' + ) +); /* Create extra fields for platform users */ $fieldlabel = 'sexo'; @@ -789,9 +788,9 @@ $provinces = 'Albacete;Alicante/Alacant;Almería;Araba/Álava;Asturias;Ávila;Ba $list_provinces = explode(';',$provinces); $i = 1; foreach ($list_provinces as $value) { - $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; - Database::query($sql); - $i++; + $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; + Database::query($sql); + $i++; } $fieldlabel = 'comunidad_residencia'; @@ -803,12 +802,11 @@ $ccaa = ';Andalucía;Aragón;Asturias, Principado de;Balears, Illes;Canarias;Can $list_ccaa = explode(';',$ccaa); $i = 1; foreach ($list_ccaa as $value) { - $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; - Database::query($sql); - $i++; + $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; + Database::query($sql); + $i++; } - $fieldlabel = 'provincia_trabajo'; $fieldtype = '4'; $fieldtitle = 'Provincia Trabajo'; @@ -817,9 +815,9 @@ $fielddefault = ''; $field_id = UserManager::create_extra_field($fieldlabel,$fieldtype,$fieldtitle,$fielddefault); $i = 1; foreach ($list_provincias as $value) { - $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; - Database::query($sql); - $i++; + $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; + Database::query($sql); + $i++; } $fieldlabel = 'comunidad_trabajo'; @@ -830,9 +828,9 @@ $fielddefault = ''; $field_id = UserManager::create_extra_field($fieldlabel,$fieldtype,$fieldtitle,$fielddefault); $i = 1; foreach ($list_ccaa as $value) { - $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; - Database::query($sql); - $i++; + $sql = "INSERT INTO extra_field_options (field_id, option_value, display_text, option_order) VALUES ('".$field_id."', '".$i."', '".$value."','".$i."');"; + Database::query($sql); + $i++; } $fieldlabel = 'medio_conocimiento'; diff --git a/plugin/sepe/lang/english.php b/plugin/sepe/lang/english.php index 3ac15b82f9..da8c23a60b 100644 --- a/plugin/sepe/lang/english.php +++ b/plugin/sepe/lang/english.php @@ -289,3 +289,4 @@ $strings['NoSaveData'] = "Unable to save selection"; $strings['NoExistsCourse'] = "The course to which the training action is associated does not exist"; $strings['FormativeActionInUse'] = "The chosen training action is being used for another course"; $strings['ProblemToken'] = "Token not valid"; +$strings['NoTutor'] = "No tutor"; diff --git a/plugin/sepe/lang/spanish.php b/plugin/sepe/lang/spanish.php index d6779ca84a..c65277610f 100644 --- a/plugin/sepe/lang/spanish.php +++ b/plugin/sepe/lang/spanish.php @@ -286,6 +286,7 @@ $strings['Situation50'] = "50-Cancelada"; $strings['ProblemGenerateApiKey'] = "Problema al generar una nueva api key"; $strings['ErrorDataIncorrect'] = "Error al recibir los datos"; $strings['NoSaveData'] = "No se ha podido guardar la selección"; -$strings['NoExistsCourse'] = "El curso al que se le asocia la acción formativa no existe"; -$strings['FormativeActionInUse'] = "La acción formativa elegida está siendo usada por otro curso"; +$strings['NoExistsCourse'] = "El curso al que se le asocia la acción formativa no existe"; +$strings['FormativeActionInUse'] = "La acción formativa elegida está siendo usada por otro curso"; $strings['ProblemToken'] = "Token incorrecto, pruebe de nuevo a guardar los cambios"; +$strings['NoTutor'] = "Sin tutor"; diff --git a/plugin/sepe/src/configuration.php b/plugin/sepe/src/configuration.php index 46445f2163..9781846f74 100644 --- a/plugin/sepe/src/configuration.php +++ b/plugin/sepe/src/configuration.php @@ -3,7 +3,6 @@ /** * This script displays setting api key user. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; diff --git a/plugin/sepe/src/formative-action-edit.php b/plugin/sepe/src/formative-action-edit.php index 57631231a1..ebaa19b865 100644 --- a/plugin/sepe/src/formative-action-edit.php +++ b/plugin/sepe/src/formative-action-edit.php @@ -3,7 +3,6 @@ /** * This script displays a formative action edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; require_once '../config.php'; @@ -15,29 +14,29 @@ $_cid = 0; if (!empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $actionOrigin = trim(Security::remove_XSS(stripslashes($_POST['action_origin']))); - $actionCode = trim(Security::remove_XSS(stripslashes($_POST['action_code']))); - $situation = trim(Security::remove_XSS(stripslashes($_POST['situation']))); - $specialtyOrigin = trim(Security::remove_XSS(stripslashes($_POST['specialty_origin']))); - $professionalArea = trim(Security::remove_XSS(stripslashes($_POST['professional_area']))); - $specialtyCode = trim(Security::remove_XSS(stripslashes($_POST['specialty_code']))); - $duration = trim(Security::remove_XSS(stripslashes($_POST['duration']))); - $dayStart = trim(Security::remove_XSS(stripslashes($_POST['day_start']))); - $monthStart = trim(Security::remove_XSS(stripslashes($_POST['month_start']))); - $yearStart = trim(Security::remove_XSS(stripslashes($_POST['year_start']))); - $dayEnd = trim(Security::remove_XSS(stripslashes($_POST['day_end']))); - $monthEnd = trim(Security::remove_XSS(stripslashes($_POST['month_end']))); - $yearEnd = trim(Security::remove_XSS(stripslashes($_POST['year_end']))); - $fullItineraryIndicator = trim(Security::remove_XSS(stripslashes($_POST['full_itinerary_indicator']))); - $financingType = trim(Security::remove_XSS(stripslashes($_POST['financing_type']))); - $attendeesCount = trim(Security::remove_XSS(stripslashes($_POST['attendees_count']))); - $actionName = trim(Security::remove_XSS(stripslashes($_POST['action_name']))); - $globalInfo = trim(Security::remove_XSS(stripslashes($_POST['global_info']))); - $schedule = trim(Security::remove_XSS(stripslashes($_POST['schedule']))); - $requirements = trim(Security::remove_XSS(stripslashes($_POST['requirements']))); - $contactAction = trim(Security::remove_XSS(stripslashes($_POST['contact_action']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $courseId = trim(Security::remove_XSS(stripslashes($_POST['course_id']))); + $actionOrigin = Database::escape_string(trim($_POST['action_origin'])); + $actionCode = Database::escape_string(trim($_POST['action_code'])); + $situation = Database::escape_string(trim($_POST['situation'])); + $specialtyOrigin = Database::escape_string(trim($_POST['specialty_origin'])); + $professionalArea = Database::escape_string(trim($_POST['professional_area'])); + $specialtyCode = Database::escape_string(trim($_POST['specialty_code'])); + $duration = Database::escape_string(trim($_POST['duration'])); + $dayStart = Database::escape_string(trim($_POST['day_start'])); + $monthStart = Database::escape_string(trim($_POST['month_start'])); + $yearStart = Database::escape_string(trim($_POST['year_start'])); + $dayEnd = Database::escape_string(trim($_POST['day_end'])); + $monthEnd = Database::escape_string(trim($_POST['month_end'])); + $yearEnd = Database::escape_string(trim($_POST['year_end'])); + $fullItineraryIndicator = Database::escape_string(trim($_POST['full_itinerary_indicator'])); + $financingType = Database::escape_string(trim($_POST['financing_type'])); + $attendeesCount = intval($_POST['attendees_count']); + $actionName = Database::escape_string(trim($_POST['action_name'])); + $globalInfo = Database::escape_string(trim($_POST['global_info'])); + $schedule = Database::escape_string(trim($_POST['schedule'])); + $requirements = Database::escape_string(trim($_POST['requirements'])); + $contactAction = Database::escape_string(trim($_POST['contact_action'])); + $actionId = intval($_POST['action_id']); + $courseId = intval($_POST['course_id']); $startDate = $yearStart."-".$monthStart."-".$dayStart; $endDate = $yearEnd."-".$monthEnd."-".$dayEnd; @@ -133,9 +132,9 @@ if (!empty($_POST)) { $token = Security::get_token(); $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken'); session_write_close(); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); + $actionId = intval($_POST['action_id']); if ($actionId == '0') { - $courseId = trim(Security::remove_XSS(stripslashes($_POST['course_id']))); + $courseId = intval($_POST['course_id']); header("Location: formative-action-edit.php?new_action=1&cid=".$courseId); } else { header("Location: formative-action-edit.php?action_id=".$actionId); @@ -146,7 +145,7 @@ if (!empty($_POST)) { } if (api_is_platform_admin()) { - if (isset($_GET['new_action']) && $_GET['new_action'] == '1') { + if (isset($_GET['new_action']) && intval($_GET['new_action']) == 1) { $info = array(); $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); @@ -155,33 +154,33 @@ if (api_is_platform_admin()) { $yearStart = $yearEnd = date("Y"); $tpl->assign('info', $info); $tpl->assign('new_action', '1'); - $tpl->assign('course_id', $_GET['cid']); + $tpl->assign('course_id', intval($_GET['cid'])); } else { - $courseId = getCourse($_GET['action_id']); + $courseId = getCourse(intval($_GET['action_id'])); $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')); - $info = getActionInfo($_GET['action_id']); + $info = getActionInfo(intval($_GET['action_id'])); $templateName = $plugin->get_lang('formativeActionEdit'); $tpl = new Template($templateName); $tpl->assign('info', $info); if ($info['start_date'] != "0000-00-00" && $info['start_date'] != NULL) { - $tpl->assign('day_start', date("j",strtotime($info['start_date']))); - $tpl->assign('month_start', date("n",strtotime($info['start_date']))); - $tpl->assign('year_start', date("Y",strtotime($info['start_date']))); - $yearStart = date("Y",strtotime($info['start_date'])); - } elseif (strpos($info['start_date'],'0000') === false) { - $yearStart = date("Y",strtotime($info['start_date'])); + $tpl->assign('day_start', date("j", strtotime($info['start_date']))); + $tpl->assign('month_start', date("n", strtotime($info['start_date']))); + $tpl->assign('year_start', date("Y", strtotime($info['start_date']))); + $yearStart = date("Y", strtotime($info['start_date'])); + } elseif (strpos($info['start_date'], '0000') === false) { + $yearStart = date("Y", strtotime($info['start_date'])); } else { $yearStart = date("Y"); } if ($info['end_date'] != "0000-00-00" && $info['end_date'] != NULL) { - $tpl->assign('day_end', date("j",strtotime($info['end_date']))); - $tpl->assign('month_end', date("n",strtotime($info['end_date']))); - $tpl->assign('year_end', date("Y",strtotime($info['end_date']))); - $yearEnd = date("Y",strtotime($info['end_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $yearEnd = date("Y",strtotime($info['end_date'])); + $tpl->assign('day_end', date("j", strtotime($info['end_date']))); + $tpl->assign('month_end', date("n", strtotime($info['end_date']))); + $tpl->assign('year_end', date("Y", strtotime($info['end_date']))); + $yearEnd = date("Y", strtotime($info['end_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $yearEnd = date("Y", strtotime($info['end_date'])); } else { $yearEnd = date("Y"); } @@ -210,7 +209,7 @@ if (api_is_platform_admin()) { $tpl->assign('message_error', $_SESSION['sepe_message_error']); unset($_SESSION['sepe_message_error']); } - $tpl->assign('sec_token',$token); + $tpl->assign('sec_token', $token); $listing_tpl = 'sepe/view/formative-action-edit.tpl'; $content = $tpl->fetch($listing_tpl); diff --git a/plugin/sepe/src/formative-action.php b/plugin/sepe/src/formative-action.php index e524320e1d..cacb2ffb2b 100644 --- a/plugin/sepe/src/formative-action.php +++ b/plugin/sepe/src/formative-action.php @@ -3,7 +3,6 @@ /** * This script displays a basic info of formative action. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -15,37 +14,37 @@ $plugin = SepePlugin::create(); $_cid = 0; if (api_is_platform_admin()) { - $actionId = getActionId($_GET['cid']); - $info = getActionInfo($actionId); - if ($info === false) { - header("Location: formative-actions-list.php"); - } - $templateName = $plugin->get_lang('FormativeActionData'); - $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); - $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); - $tpl = new Template($templateName); - - if (isset($_SESSION['sepe_message_info'])) { - $tpl->assign('message_info', $_SESSION['sepe_message_info']); - unset($_SESSION['sepe_message_info']); - } - if (isset($_SESSION['sepe_message_error'])) { - $tpl->assign('message_error', $_SESSION['sepe_message_error']); - unset($_SESSION['sepe_message_error']); - } - - $tpl->assign('info', $info); - $tpl->assign('start_date', date("d/m/Y",strtotime($info['start_date']))); - $tpl->assign('end_date', date("d/m/Y",strtotime($info['end_date']))); - $tpl->assign('action_id', $actionId); - $listSpecialty = specialtyList($actionId); - $tpl->assign('listSpecialty', $listSpecialty); - $listParticipant = participantList($actionId); - $tpl->assign('listParticipant', $listParticipant); - $listing_tpl = 'sepe/view/formative-action.tpl'; - $content = $tpl->fetch($listing_tpl); - $tpl->assign('content', $content); - $tpl->display_one_col_template(); + $actionId = getActionId(intval($_GET['cid'])); + $info = getActionInfo($actionId); + if ($info === false) { + header("Location: formative-actions-list.php"); + } + $templateName = $plugin->get_lang('FormativeActionData'); + $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); + $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); + $tpl = new Template($templateName); + + if (isset($_SESSION['sepe_message_info'])) { + $tpl->assign('message_info', $_SESSION['sepe_message_info']); + unset($_SESSION['sepe_message_info']); + } + if (isset($_SESSION['sepe_message_error'])) { + $tpl->assign('message_error', $_SESSION['sepe_message_error']); + unset($_SESSION['sepe_message_error']); + } + + $tpl->assign('info', $info); + $tpl->assign('start_date', date("d/m/Y",strtotime($info['start_date']))); + $tpl->assign('end_date', date("d/m/Y",strtotime($info['end_date']))); + $tpl->assign('action_id', $actionId); + $listSpecialty = specialtyList($actionId); + $tpl->assign('listSpecialty', $listSpecialty); + $listParticipant = participantList($actionId); + $tpl->assign('listParticipant', $listParticipant); + $listing_tpl = 'sepe/view/formative-action.tpl'; + $content = $tpl->fetch($listing_tpl); + $tpl->assign('content', $content); + $tpl->display_one_col_template(); } else { header('Location:' . api_get_path(WEB_PATH)); } diff --git a/plugin/sepe/src/formative-actions-list.php b/plugin/sepe/src/formative-actions-list.php index 966e461282..88213312f9 100644 --- a/plugin/sepe/src/formative-actions-list.php +++ b/plugin/sepe/src/formative-actions-list.php @@ -2,8 +2,7 @@ /* For licensing terms, see /license.txt */ /** - * This script displays a formatives actions list. - * @package chamilo.plugin.sepe + * This script displays a formatives actions list. */ use \ChamiloSession as Session; @@ -12,30 +11,30 @@ require_once '../config.php'; $plugin = SepePlugin::create(); if (api_is_platform_admin()) { - $templateName = $plugin->get_lang('FormativesActionsList'); - $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); - $tpl = new Template($templateName); - - if (isset($_SESSION['sepe_message_info'])) { - $tpl->assign('message_info', $_SESSION['sepe_message_info']); - unset($_SESSION['sepe_message_info']); - } - if (isset($_SESSION['sepe_message_error'])) { - $tpl->assign('message_error', $_SESSION['sepe_message_error']); - unset($_SESSION['sepe_message_error']); - } - $courseActionList = listCourseAction(); - $courseFreeList = listCourseFree(); - $actionFreeList = listActionFree(); - - $tpl->assign('course_action_list', $courseActionList); - $tpl->assign('course_free_list', $courseFreeList); - $tpl->assign('action_free_list', $actionFreeList); - - $listing_tpl = 'sepe/view/formative-actions-list.tpl'; - $content = $tpl->fetch($listing_tpl); - $tpl->assign('content', $content); - $tpl->display_one_col_template(); + $templateName = $plugin->get_lang('FormativesActionsList'); + $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); + $tpl = new Template($templateName); + + if (isset($_SESSION['sepe_message_info'])) { + $tpl->assign('message_info', $_SESSION['sepe_message_info']); + unset($_SESSION['sepe_message_info']); + } + if (isset($_SESSION['sepe_message_error'])) { + $tpl->assign('message_error', $_SESSION['sepe_message_error']); + unset($_SESSION['sepe_message_error']); + } + $courseActionList = listCourseAction(); + $courseFreeList = listCourseFree(); + $actionFreeList = listActionFree(); + + $tpl->assign('course_action_list', $courseActionList); + $tpl->assign('course_free_list', $courseFreeList); + $tpl->assign('action_free_list', $actionFreeList); + + $listing_tpl = 'sepe/view/formative-actions-list.tpl'; + $content = $tpl->fetch($listing_tpl); + $tpl->assign('content', $content); + $tpl->display_one_col_template(); } else { header('Location:' . api_get_path(WEB_PATH)); } diff --git a/plugin/sepe/src/function.php b/plugin/sepe/src/function.php index 4ee4e07a21..4dab3340c7 100644 --- a/plugin/sepe/src/function.php +++ b/plugin/sepe/src/function.php @@ -24,8 +24,8 @@ if ($_REQUEST['tab'] == 'delete_center_data') { } if ($_REQUEST['tab'] == 'delete_action') { - $id = $_REQUEST['id']; - $sql = "DELETE FROM $tableSepeActions WHERE id='".$id."';"; + $id = intval($_REQUEST['id']); + $sql = "DELETE FROM $tableSepeActions WHERE id = $id;"; $res = Database::query($sql); if (!$res) { $content = $plugin->get_lang('ProblemToDeleteInfoAction') . Database::error(); @@ -38,8 +38,8 @@ if ($_REQUEST['tab'] == 'delete_action') { } if ($_REQUEST['tab'] == 'delete_specialty') { - $id = substr($_REQUEST['id'],9); - $sql = "DELETE FROM $tableSepeSpecialty WHERE id='".$id."';"; + $id = intval(substr($_REQUEST['id'],9)); + $sql = "DELETE FROM $tableSepeSpecialty WHERE id = $id;"; $res = Database::query($sql); if (!$res) { $content = $plugin->get_lang('ProblemToDeleteInfoSpecialty') . Database::error(); @@ -51,8 +51,8 @@ if ($_REQUEST['tab'] == 'delete_specialty') { } if ($_REQUEST['tab'] == 'delete_specialty_participant') { - $id = substr($_REQUEST['id'],9); - $sql = "DELETE FROM $tableSepeParticipantsSpecialty WHERE id='".$id."';"; + $id = intval(substr($_REQUEST['id'],9)); + $sql = "DELETE FROM $tableSepeParticipantsSpecialty WHERE id = $id;"; $res = Database::query($sql); if (!$res) { $content = $plugin->get_lang('ProblemToDeleteInfoSpecialty') . Database::error(); @@ -64,8 +64,8 @@ if ($_REQUEST['tab'] == 'delete_specialty_participant') { } if ($_REQUEST['tab'] == 'delete_classroom') { - $id = substr($_REQUEST['id'],9); - $sql = "DELETE FROM $tableSepeSpecialtyClassroom WHERE id='".$id."';"; + $id = intval(substr($_REQUEST['id'],9)); + $sql = "DELETE FROM $tableSepeSpecialtyClassroom WHERE id = $id;"; $res = Database::query($sql); if (!$res) { $content = $plugin->get_lang('ProblemToDeleteInfoSpecialtyClassroom') . Database::error(); @@ -77,10 +77,10 @@ if ($_REQUEST['tab'] == 'delete_classroom') { } if ($_REQUEST['tab'] == 'checkTutorEdit') { - $type = $_REQUEST['type']; - $number = $_REQUEST['number']; - $letter=$_REQUEST['letter']; - $platform_user_id = $_REQUEST['platform_user_id']; + $type = Database::escape_string(trim($_REQUEST['type'])); + $number = Database::escape_string(trim($_REQUEST['number'])); + $letter = Database::escape_string(trim($_REQUEST['letter'])); + $platform_user_id = intval($_REQUEST['platform_user_id']); $sql = "SELECT platform_user_id FROM $tableSepeTutors @@ -92,7 +92,7 @@ if ($_REQUEST['tab'] == 'checkTutorEdit') { exit; } else { $aux = Database::fetch_assoc($res); - if ($aux['platform_user_id'] == $platform_user_id || $aux['platform_user_id'] == '0') { + if ($aux['platform_user_id'] == $platform_user_id || $aux['platform_user_id'] == 0) { echo json_encode(array("status" => "true")); } else { $content = $plugin->get_lang('ModDataTeacher'); @@ -102,8 +102,8 @@ if ($_REQUEST['tab'] == 'checkTutorEdit') { } if ($_REQUEST['tab'] == 'delete_tutor') { - $id = substr($_REQUEST['id'],5); - $sql = "DELETE FROM $tableSepeSpecialtyTutors WHERE id='".$id."';"; + $id = intval(substr($_REQUEST['id'],5)); + $sql = "DELETE FROM $tableSepeSpecialtyTutors WHERE id = $id;"; $res = Database::query($sql); if (!$res) { $content = $plugin->get_lang('ProblemToDeleteInfoSpecialtyTutor') . Database::error(); @@ -115,15 +115,15 @@ if ($_REQUEST['tab'] == 'delete_tutor') { } if ($_REQUEST['tab'] == 'delete_participant') { - $id = substr($_REQUEST['id'],11); - $sql = "SELECT platform_user_id, action_id FROM $tableSepeParticipants WHERE id='".$id."';"; + $id = intval(substr($_REQUEST['id'],11)); + $sql = "SELECT platform_user_id, action_id FROM $tableSepeParticipants WHERE id = $id;"; $res = Database::query($sql); $row = Database::fetch_assoc($res); $sql = "UPDATE plugin_sepe_log_participant SET fecha_baja='".date("Y-m-d H:i:s")."' WHERE platform_user_id='".$row['platform_user_id']."' AND action_id='".$row['action_id']."';"; $res = Database::query($sql); - $sql = "DELETE FROM $tableSepeParticipants WHERE id='".$id."';"; + $sql = "DELETE FROM $tableSepeParticipants WHERE id = $id;"; $res = Database::query($sql); if (!$res) { $content = $plugin->get_lang('ProblemToDeleteInfoParticipant') . Database::error(); @@ -135,8 +135,8 @@ if ($_REQUEST['tab'] == 'delete_participant') { } if ($_REQUEST['tab'] == 'unlink_action') { - $id = substr($_REQUEST['id'],16); - $sql = "DELETE FROM $tableSepeCourseActions WHERE id='".$id."';"; + $id = intval(substr($_REQUEST['id'],16)); + $sql = "DELETE FROM $tableSepeCourseActions WHERE id = $id;"; $res = Database::query($sql); if (!$res) { $content = $plugin->get_lang('ProblemToDesvincularInfoAction') . Database::error(); @@ -148,26 +148,23 @@ if ($_REQUEST['tab'] == 'unlink_action') { } if ($_REQUEST['tab'] == 'assign_action') { - $course_id = substr($_REQUEST['course_id'],9); - $action_id = $_REQUEST['action_id']; + $course_id = intval(substr($_REQUEST['course_id'],9)); + $action_id = intval($_REQUEST['action_id']); - if (trim($action_id) != '' && trim($course_id) != '') { - $action_id = Database::escape_string($action_id); - $course_id = Database::escape_string($course_id); - $sql = "SELECT * FROM $tableSepeCourseActions WHERE action_id='".$action_id."';"; - + if ($action_id != 0 && $course_id != 0) { + $sql = "SELECT * FROM $tableSepeCourseActions WHERE action_id = $action_id;"; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { $content = $plugin->get_lang('FormativeActionInUse'); echo json_encode(array("status" => "false", "content" => $content)); } else { - $sql = "SELECT 1 FROM course WHERE id='".$course_id."';"; + $sql = "SELECT 1 FROM course WHERE id = $course_id;"; $rs = Database::query($sql); if (Database::num_rows($rs) == 0) { $content = $plugin->get_lang('NoExistsCourse'); echo json_encode(array("status" => "false", "content" => $content)); } else { - $sql = "INSERT INTO $tableSepeCourseActions (course_id, action_id) VALUES ('".$course_id."','".$action_id."');"; + $sql = "INSERT INTO $tableSepeCourseActions (course_id, action_id) VALUES ($course_id, $action_id);"; $rs = Database::query($sql); if (!$rs) { $content = $plugin->get_lang('NoSaveData'); diff --git a/plugin/sepe/src/identification-data-edit.php b/plugin/sepe/src/identification-data-edit.php index 458d899b71..29fff26e16 100644 --- a/plugin/sepe/src/identification-data-edit.php +++ b/plugin/sepe/src/identification-data-edit.php @@ -3,7 +3,6 @@ /** * This script displays a data center edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -13,25 +12,25 @@ $plugin = SepePlugin::create(); if ( !empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $centerOrigin = trim(Security::remove_XSS(stripslashes($_POST['center_origin']))); - $centerCode = trim(Security::remove_XSS(stripslashes($_POST['center_code']))); - $centerName = trim(Security::remove_XSS(stripslashes($_POST['center_name']))); - $url = trim(Security::remove_XSS(stripslashes($_POST['url']))); - $trackingUrl = trim(Security::remove_XSS(stripslashes($_POST['tracking_url']))); - $phone = trim(Security::remove_XSS(stripslashes($_POST['phone']))); - $mail = trim(Security::remove_XSS(stripslashes($_POST['mail']))); - $id = trim(Security::remove_XSS(stripslashes($_POST['id']))); + $centerOrigin = Database::escape_string(trim($_POST['center_origin'])); + $centerCode = Database::escape_string(trim($_POST['center_code'])); + $centerName = Database::escape_string(trim($_POST['center_name'])); + $url = Database::escape_string(trim($_POST['url'])); + $trackingUrl = Database::escape_string(trim($_POST['tracking_url'])); + $phone = Database::escape_string(trim($_POST['phone'])); + $mail = Database::escape_string(trim($_POST['mail'])); + $id = intval($_POST['id']); if (checkIdentificationData()) { $sql = "UPDATE $tableSepeCenter SET - center_origin='".$centerOrigin."', - center_code='".$centerCode."', - center_name='".$centerName."', - url='".$url."', - tracking_url='".$trackingUrl."', - phone='".$phone."', - mail='".$mail."' - WHERE id='".$id."'"; + center_origin = '".$centerOrigin."', + center_code = '".$centerCode."', + center_name = '".$centerName."', + url = '".$url."', + tracking_url = '".$trackingUrl."', + phone = '".$phone."', + mail = '".$mail."' + WHERE id = $id"; } else { $sql = "INSERT INTO $tableSepeCenter ( id, @@ -43,7 +42,7 @@ if ( !empty($_POST)) { phone, mail ) VALUES ( - '1', + 1, '".$centerOrigin."', '".$centerCode."', '".$centerName."', @@ -84,7 +83,7 @@ if (api_is_platform_admin()) { $tpl->assign('message_error', $_SESSION['sepe_message_error']); unset($_SESSION['sepe_message_error']); } - $tpl->assign('sec_token',$token); + $tpl->assign('sec_token', $token); $listing_tpl = 'sepe/view/identification-data-edit.tpl'; $content = $tpl->fetch($listing_tpl); $tpl->assign('content', $content); diff --git a/plugin/sepe/src/identification-data.php b/plugin/sepe/src/identification-data.php index b0381e9986..5b48769b9a 100644 --- a/plugin/sepe/src/identification-data.php +++ b/plugin/sepe/src/identification-data.php @@ -3,7 +3,6 @@ /** * This script displays a basic info about data center. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; diff --git a/plugin/sepe/src/index.sepe.php b/plugin/sepe/src/index.sepe.php index b0bfb7165d..1d2df8b6cf 100644 --- a/plugin/sepe/src/index.sepe.php +++ b/plugin/sepe/src/index.sepe.php @@ -2,7 +2,6 @@ /* For license terms, see /license.txt */ /** * Index of the Sepe plugin - * @package chamilo.plugin.sepe */ $plugin = SepePlugin::create(); @@ -10,34 +9,34 @@ $enable = $plugin->get('sepe_enable') == 'true'; $title = $plugin->get_lang('AdministratorSepe'); $pluginPath = api_get_path(WEB_PLUGIN_PATH).'sepe/src/'; if (api_is_platform_admin() && $enable) { - echo '
'; - echo ''; - echo '
'; - echo '
'; - echo ''; - echo '
'; - echo '
'; - echo '
'; + echo '
'; + echo ''; + echo '
'; + echo '
'; + echo ''; + echo '
'; + echo '
'; + echo '
'; } diff --git a/plugin/sepe/src/participant-action-edit.php b/plugin/sepe/src/participant-action-edit.php index b426cd94ff..eca9aacc60 100644 --- a/plugin/sepe/src/participant-action-edit.php +++ b/plugin/sepe/src/participant-action-edit.php @@ -3,7 +3,6 @@ /** * This script displays a participant edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -16,215 +15,226 @@ $_cid = 0; if ( !empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $companyTutorId = trim(Security::remove_XSS(stripslashes($_POST['company_tutor_id']))); - $tutorCompanyDocumentType = trim(Security::remove_XSS(stripslashes($_POST['tutor_company_document_type']))); - $tutorCompanyDocumentNumber = trim(Security::remove_XSS(stripslashes($_POST['tutor_company_document_number']))); - $tutorCompanyDocumentLetter = trim(Security::remove_XSS(stripslashes($_POST['tutor_company_document_letter']))); - $tutorCompanyAlias = trim(Security::remove_XSS(stripslashes($_POST['tutor_company_alias']))); - $trainingTutorId = trim(Security::remove_XSS(stripslashes($_POST['training_tutor_id']))); - $tutorTrainingDocumentType = trim(Security::remove_XSS(stripslashes($_POST['tutor_training_document_type']))); - $tutorTrainingDocumentNumber = trim(Security::remove_XSS(stripslashes($_POST['tutor_training_document_number']))); - $tutorTrainingDocumentLetter = trim(Security::remove_XSS(stripslashes($_POST['tutor_training_document_letter']))); - $tutorTrainingAlias = trim(Security::remove_XSS(stripslashes($_POST['tutor_training_alias']))); - $newParticipant = trim(Security::remove_XSS(stripslashes($_POST['new_participant']))); - $platformUserId = trim(Security::remove_XSS(stripslashes($_POST['platform_user_id']))); - $documentType = trim(Security::remove_XSS(stripslashes($_POST['document_type']))); - $documentNumber = trim(Security::remove_XSS(stripslashes($_POST['document_number']))); - $documentLetter = trim(Security::remove_XSS(stripslashes($_POST['document_letter']))); - $keyCompetence = trim(Security::remove_XSS(stripslashes($_POST['key_competence']))); - $contractId = trim(Security::remove_XSS(stripslashes($_POST['contract_id']))); - $companyFiscalNumber = trim(Security::remove_XSS(stripslashes($_POST['company_fiscal_number']))); - $participantId = trim(Security::remove_XSS(stripslashes($_POST['participant_id']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - - if (isset($companyTutorId) && $companyTutorId == "new_company_tutor") { - $sql = "SELECT * FROM $tableTutorCompany - WHERE document_type='".$tutorCompanyDocumentType."' AND document_number='".$tutorCompanyDocumentNumber."' AND document_letter='".$tutorCompanyDocumentLetter."';"; - $rs = Database::query($sql); - if (Database::num_rows($rs) > 0) { - $row = Database::fetch_assoc($rs); - $companyTutorId = $row['id']; - $sql = "UPDATE $tableTutorCompany SET company='1' WHERE id='".$companyTutorId."'"; - Database::query($sql); - } else { - $sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,company) - VALUES ('".$tutorCompanyAlias."','".$tutorCompanyDocumentType."','".$tutorCompanyDocumentNumber."','".$tutorCompanyDocumentLetter."','1');"; - $rs = Database::query($sql); - if (!$rs) { - echo Database::error(); - } else { - $companyTutorId = Database::insert_id(); - } - } - } - - if (isset($trainingTutorId) && $trainingTutorId == "new_training_tutor") { - $sql = "SELECT * FROM $tableTutorCompany - WHERE document_type='".$tutorTrainingDocumentType."' AND document_number='".$tutorTrainingDocumentNumber."' AND document_letter='".$tutorTrainingDocumentLetter."';"; - $rs = Database::query($sql); + $companyTutorId = (!empty($_POST['company_tutor_id']) ? intval($_POST['company_tutor_id']) : NULL); + $trainingTutorId = (!empty($_POST['training_tutor_id']) ? intval($_POST['training_tutor_id']) : NULL); + $tutorCompanyDocumentType = Database::escape_string(trim($_POST['tutor_company_document_type'])); + $tutorCompanyDocumentNumber = Database::escape_string(trim($_POST['tutor_company_document_number'])); + $tutorCompanyDocumentLetter = Database::escape_string(trim($_POST['tutor_company_document_letter'])); + $tutorCompanyAlias = Database::escape_string(trim($_POST['tutor_company_alias'])); + $tutorTrainingDocumentType = Database::escape_string(trim($_POST['tutor_training_document_type'])); + $tutorTrainingDocumentNumber = Database::escape_string(trim($_POST['tutor_training_document_number'])); + $tutorTrainingDocumentLetter = Database::escape_string(trim($_POST['tutor_training_document_letter'])); + $tutorTrainingAlias = Database::escape_string(trim($_POST['tutor_training_alias'])); + $newParticipant = intval($_POST['new_participant']); + $platformUserId = intval($_POST['platform_user_id']); + $documentType = Database::escape_string(trim($_POST['document_type'])); + $documentNumber = Database::escape_string(trim($_POST['document_number'])); + $documentLetter = Database::escape_string(trim($_POST['document_letter'])); + $keyCompetence = Database::escape_string(trim($_POST['key_competence'])); + $contractId = Database::escape_string(trim($_POST['contract_id'])); + $companyFiscalNumber = Database::escape_string(trim($_POST['company_fiscal_number'])); + $participantId = intval($_POST['participant_id']); + $actionId = intval($_POST['action_id']); + + if (isset($companyTutorId) && $companyTutorId == 0) { + $sql = "SELECT * FROM $tableTutorCompany + WHERE document_type = '".$tutorCompanyDocumentType."' + AND document_number = '".$tutorCompanyDocumentNumber."' + AND document_letter = '".$tutorCompanyDocumentLetter."';"; + $rs = Database::query($sql); + if (Database::num_rows($rs) > 0) { + $row = Database::fetch_assoc($rs); + $companyTutorId = $row['id']; + $sql = "UPDATE $tableTutorCompany SET company = 1 WHERE id = $companyTutorId"; + Database::query($sql); + } else { + $sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,company) + VALUES ('".$tutorCompanyAlias."','".$tutorCompanyDocumentType."','".$tutorCompanyDocumentNumber."','".$tutorCompanyDocumentLetter."','1');"; + $rs = Database::query($sql); + if (!$rs) { + echo Database::error(); + } else { + $companyTutorId = Database::insert_id(); + } + } + } + + if (isset($trainingTutorId) && $trainingTutorId == 0) { + $sql = "SELECT * FROM $tableTutorCompany + WHERE document_type = '".$tutorTrainingDocumentType."' AND document_number = '".$tutorTrainingDocumentNumber."' AND document_letter = '".$tutorTrainingDocumentLetter."';"; + $rs = Database::query($sql); - if (Database::num_rows($rs) > 0) { - $row = Database::fetch_assoc($rs); - $trainingTutorId = $row['id']; - $sql = "UPDATE $tableTutorCompany SET training='1' WHERE id='".$trainingTutorId."'"; - Database::query($sql); - } else { - $sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,training) - VALUES ('".$tutorTrainingAlias."','".$tutorTrainingDocumentType."','".$tutorTrainingDocumentNumber."','".$tutorTrainingDocumentLetter."','1');"; - $rs = Database::query($sql); - if (!$rs) { - echo Database::error(); - } else { - $trainingTutorId = Database::insert_id(); - } - } - } - - if (isset($newParticipant) && $newParticipant != "1") { - $sql = "UPDATE plugin_sepe_participants SET - platform_user_id='".$platformUserId."', - document_type='".$documentType."', - document_number='".$documentNumber."', - document_letter='".$documentLetter."', - key_competence='".$keyCompetence."', - contract_id='".$contractId."', - company_fiscal_number='".$companyFiscalNumber."', - company_tutor_id='".$companyTutorId."', - training_tutor_id='".$trainingTutorId."' - WHERE id='".$participantId."';"; - } else { - $sql = "INSERT INTO plugin_sepe_participants( - action_id, - platform_user_id, - document_type, - document_number, - document_letter, - key_competence, - contract_id, - company_fiscal_number, - company_tutor_id, - training_tutor_id - ) VALUES ( - '".$actionId."', - '".$platformUserId."', - '".$documentType."', - '".$documentNumber."', - '".$documentLetter."', - '".$keyCompetence."', - '".$contractId."', - '".$companyFiscalNumber."', - '".$companyTutorId."', - '".$trainingTutorId."' - );"; - } - $res = Database::query($sql); - if (!$res) { - error_log(Database::error()); - $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); - } else { - if ($newParticipant == '1') { - $participantId = Database::insert_id(); - } - $insertLog = checkInsertNewLog($platformUserId,$actionId); - if ($insertLog) { - $sql = "INSERT INTO $tableSepeLogParticipant ( + if (Database::num_rows($rs) > 0) { + $row = Database::fetch_assoc($rs); + $trainingTutorId = $row['id']; + $sql = "UPDATE $tableTutorCompany SET training = 1 WHERE id = $trainingTutorId"; + Database::query($sql); + } else { + $sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,training) + VALUES ('".$tutorTrainingAlias."','".$tutorTrainingDocumentType."','".$tutorTrainingDocumentNumber."','".$tutorTrainingDocumentLetter."','1');"; + $rs = Database::query($sql); + if (!$rs) { + echo Database::error(); + } else { + $trainingTutorId = Database::insert_id(); + } + } + } + + if (isset($newParticipant) && $newParticipant != 1) { + $sql = "UPDATE $tableSepeParticipants SET + platform_user_id = '".$platformUserId."', + document_type = '".$documentType."', + document_number = '".$documentNumber."', + document_letter = '".$documentLetter."', + key_competence = '".$keyCompetence."', + contract_id = '".$contractId."', + company_fiscal_number = '".$companyFiscalNumber."' + WHERE id = $participantId"; + } else { + $sql = "INSERT INTO $tableSepeParticipants( + action_id, + platform_user_id, + document_type, + document_number, + document_letter, + key_competence, + contract_id, + company_fiscal_number + ) VALUES ( + '".$actionId."', + '".$platformUserId."', + '".$documentType."', + '".$documentNumber."', + '".$documentLetter."', + '".$keyCompetence."', + '".$contractId."', + '".$companyFiscalNumber."' + );"; + } + $res = Database::query($sql); + if (!$res) { + error_log(Database::error()); + $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); + } else { + if ($newParticipant == 1) { + $participantId = Database::insert_id(); + } + // Update tutors + if (is_null($companyTutorId)) { + $sql = "UPDATE $tableSepeParticipants SET company_tutor_id = NULL WHERE id = $participantId"; + } else { + $sql = "UPDATE $tableSepeParticipants SET company_tutor_id = $companyTutorId WHERE id = $participantId"; + } + Database::query($sql); + if (is_null($trainingTutorId)) { + $sql = "UPDATE $tableSepeParticipants SET training_tutor_id = NULL WHERE id = $participantId"; + } else { + $sql = "UPDATE $tableSepeParticipants SET training_tutor_id = $trainingTutorId WHERE id = $participantId"; + } + Database::query($sql); + + $insertLog = checkInsertNewLog($platformUserId,$actionId); + if ($insertLog) { + $sql = "INSERT INTO $tableSepeLogParticipant ( platform_user_id, action_id, - registration_date - ) VALUES ( - '".$platformUserId."', - '".$actionId."', - '".date("Y-m-d H:i:s")."' - );"; - } else { - $sql = "INSERT INTO $tableSepeLogChangeParticipant ( + registration_date + ) VALUES ( + '".$platformUserId."', + '".$actionId."', + '".date("Y-m-d H:i:s")."' + );"; + } else { + $sql = "INSERT INTO $tableSepeLogChangeParticipant ( platform_user_id, - action_id, - change_date - ) VALUES ( - '".$platformUserId."', - '".$actionId."', - '".date("Y-m-d H:i:s")."' - );"; - } - $res = Database::query($sql); - $_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange'); - } - session_write_close(); - header("Location: participant-action-edit.php?new_participant=0&participant_id=".$participantId."&action_id=".$actionId); + action_id, + change_date + ) VALUES ( + '".$platformUserId."', + '".$actionId."', + '".date("Y-m-d H:i:s")."' + );"; + } + $res = Database::query($sql); + $_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange'); + } + session_write_close(); + header("Location: participant-action-edit.php?new_participant=0&participant_id=".$participantId."&action_id=".$actionId); } else { - $participantId = trim(Security::remove_XSS(stripslashes($_POST['participant_id']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $newParticipant = trim(Security::remove_XSS(stripslashes($_POST['new_participant']))); + $participantId = intval($_POST['participant_id']); + $actionId = intval($_POST['action_id']); + $newParticipant = intval($_POST['new_participant']); Security::clear_token(); $token = Security::get_token(); $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken'); session_write_close(); - header("Location: participant-action-edit.php?new_participant=".$newParticipant."&participant_id=".$participantId."&action_id=".$actionId); + header("Location: participant-action-edit.php?new_participant=".$newParticipant."&participant_id=".$participantId."&action_id=".$actionId); } } else { $token = Security::get_token(); } if (api_is_platform_admin()) { - $courseId = getCourse($_GET['action_id']); - $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); - $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); - $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')); - if (isset($_GET['new_participant']) && $_GET['new_participant'] == '1') { - $templateName = $plugin->get_lang('NewParticipantAction'); - $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $info = array(); - $tpl->assign('info', $info); - $tpl->assign('new_participant', '1'); - } else { - $templateName = $plugin->get_lang('EditParticipantAction'); - $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $info = getInfoParticipantAction($_GET['participant_id']); - $tpl->assign('info', $info); - $tpl->assign('new_participant', '0'); - $tpl->assign('participant_id', $_GET['participant_id']); - - if ($info['platform_user_id'] != 0) { - $infoUserPlatform = api_get_user_info($info['platform_user_id']);//UserManager::get_user_info_by_id($info['platform_user_id']); - $tpl->assign('info_user_platform', $infoUserPlatform); - } - $listParticipantSpecialty = listParticipantSpecialty($_GET['participant_id']); - $tpl->assign('listParticipantSpecialty', $listParticipantSpecialty); - } - $courseCode = getCourseCode($_GET['action_id']); - $listStudentInfo = array(); - $listStudent = CourseManager::get_student_list_from_course_code($courseCode); - - foreach ($listStudent as $value) { - $sql = "SELECT 1 FROM $tableSepeParticipants WHERE platform_user_id='".$value['user_id']."';"; - $res = Database::query($sql); - if (Database::num_rows($res)==0) { - $listStudentInfo[] = api_get_user_info($value['user_id']); - } - } + $actionId = intval($_GET['action_id']); + $courseId = getCourse($actionId); + $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); + $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); + $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')); + if (isset($_GET['new_participant']) && intval($_GET['new_participant']) == 1) { + $templateName = $plugin->get_lang('NewParticipantAction'); + $tpl = new Template($templateName); + $tpl->assign('action_id', $actionId); + $info = array(); + $tpl->assign('info', $info); + $tpl->assign('new_participant', '1'); + } else { + $templateName = $plugin->get_lang('EditParticipantAction'); + $tpl = new Template($templateName); + $tpl->assign('action_id', $actionId); + $info = getInfoParticipantAction(intval($_GET['participant_id'])); + $tpl->assign('info', $info); + $tpl->assign('new_participant', '0'); + $tpl->assign('participant_id', intval($_GET['participant_id'])); + + if ($info['platform_user_id'] != 0) { + $infoUserPlatform = api_get_user_info($info['platform_user_id']); + $tpl->assign('info_user_platform', $infoUserPlatform); + } + $listParticipantSpecialty = listParticipantSpecialty(intval($_GET['participant_id'])); + $tpl->assign('listParticipantSpecialty', $listParticipantSpecialty); + } + $courseCode = getCourseCode($actionId); + $listStudentInfo = array(); + $listStudent = CourseManager::get_student_list_from_course_code($courseCode); + + foreach ($listStudent as $value) { + $sql = "SELECT 1 FROM $tableSepeParticipants WHERE platform_user_id = '".$value['user_id']."';"; + $res = Database::query($sql); + if (Database::num_rows($res) == 0) { + $listStudentInfo[] = api_get_user_info($value['user_id']); + } + } $tpl->assign('listStudent', $listStudentInfo); - $listTutorCompany = array(); - $listTutorCompany = listTutorType("company='1'"); - $tpl->assign('list_tutor_company', $listTutorCompany); - $listTutorTraining = array(); - $listTutorTraining= listTutorType("training='1'"); - $tpl->assign('list_tutor_training', $listTutorTraining); - if (isset($_SESSION['sepe_message_info'])) { - $tpl->assign('message_info', $_SESSION['sepe_message_info']); - unset($_SESSION['sepe_message_info']); - } - if (isset($_SESSION['sepe_message_error'])) { - $tpl->assign('message_error', $_SESSION['sepe_message_error']); - unset($_SESSION['sepe_message_error']); - } - $tpl->assign('sec_token',$token); - $listing_tpl = 'sepe/view/participant-action-edit.tpl'; - $content = $tpl->fetch($listing_tpl); - $tpl->assign('content', $content); - $tpl->display_one_col_template(); + $listTutorCompany = array(); + $listTutorCompany = listTutorType("company = '1'"); + $tpl->assign('list_tutor_company', $listTutorCompany); + $listTutorTraining = array(); + $listTutorTraining= listTutorType("training = '1'"); + $tpl->assign('list_tutor_training', $listTutorTraining); + if (isset($_SESSION['sepe_message_info'])) { + $tpl->assign('message_info', $_SESSION['sepe_message_info']); + unset($_SESSION['sepe_message_info']); + } + if (isset($_SESSION['sepe_message_error'])) { + $tpl->assign('message_error', $_SESSION['sepe_message_error']); + unset($_SESSION['sepe_message_error']); + } + $tpl->assign('sec_token', $token); + $listing_tpl = 'sepe/view/participant-action-edit.tpl'; + $content = $tpl->fetch($listing_tpl); + $tpl->assign('content', $content); + $tpl->display_one_col_template(); } else { header('Location:' . api_get_path(WEB_PATH)); } diff --git a/plugin/sepe/src/participant-specialty-edit.php b/plugin/sepe/src/participant-specialty-edit.php index c6d62b17f0..2761453381 100644 --- a/plugin/sepe/src/participant-specialty-edit.php +++ b/plugin/sepe/src/participant-specialty-edit.php @@ -3,7 +3,6 @@ /** * This script displays a participant specialty edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -16,51 +15,51 @@ $_cid = 0; if ( !empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $newSpecialty = trim(Security::remove_XSS(stripslashes($_POST['new_specialty']))); - $specialtyOrigin = trim(Security::remove_XSS(stripslashes($_POST['specialty_origin']))); - $professionalArea = trim(Security::remove_XSS(stripslashes($_POST['professional_area']))); - $specialtyCode = trim(Security::remove_XSS(stripslashes($_POST['specialty_code']))); - $centerOrigin = trim(Security::remove_XSS(stripslashes($_POST['center_origin']))); - $centerCode = trim(Security::remove_XSS(stripslashes($_POST['center_code']))); - $finalResult = trim(Security::remove_XSS(stripslashes($_POST['final_result']))); - $finalQualification = trim(Security::remove_XSS(stripslashes($_POST['final_qualification']))); - $finalScore = trim(Security::remove_XSS(stripslashes($_POST['final_score']))); - $yearRegistration = trim(Security::remove_XSS(stripslashes($_POST['year_registration']))); - $monthRegistration = trim(Security::remove_XSS(stripslashes($_POST['month_registration']))); - $dayRegistration = trim(Security::remove_XSS(stripslashes($_POST['day_registration']))); - $yearLeaving = trim(Security::remove_XSS(stripslashes($_POST['year_leaving']))); - $monthLeaving = trim(Security::remove_XSS(stripslashes($_POST['month_leaving']))); - $dayLeaving = trim(Security::remove_XSS(stripslashes($_POST['day_leaving']))); - $dayStart = trim(Security::remove_XSS(stripslashes($_POST['day_start']))); - $monthStart = trim(Security::remove_XSS(stripslashes($_POST['month_start']))); - $yearStart = trim(Security::remove_XSS(stripslashes($_POST['year_start']))); - $dayEnd = trim(Security::remove_XSS(stripslashes($_POST['day_end']))); - $monthEnd = trim(Security::remove_XSS(stripslashes($_POST['month_end']))); - $yearEnd = trim(Security::remove_XSS(stripslashes($_POST['year_end']))); - $participantId = trim(Security::remove_XSS(stripslashes($_POST['participant_id']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); + $newSpecialty = intval($_POST['new_specialty']); + $specialtyOrigin = Database::escape_string(trim($_POST['specialty_origin'])); + $professionalArea = Database::escape_string(trim($_POST['professional_area'])); + $specialtyCode = Database::escape_string(trim($_POST['specialty_code'])); + $centerOrigin = Database::escape_string(trim($_POST['center_origin'])); + $centerCode = Database::escape_string(trim($_POST['center_code'])); + $finalResult = Database::escape_string(trim($_POST['final_result'])); + $finalQualification = Database::escape_string(trim($_POST['final_qualification'])); + $finalScore = Database::escape_string(trim($_POST['final_score'])); + $yearRegistration = Database::escape_string(trim($_POST['year_registration'])); + $monthRegistration = Database::escape_string(trim($_POST['month_registration'])); + $dayRegistration = Database::escape_string(trim($_POST['day_registration'])); + $yearLeaving = Database::escape_string(trim($_POST['year_leaving'])); + $monthLeaving = Database::escape_string(trim($_POST['month_leaving'])); + $dayLeaving = Database::escape_string(trim($_POST['day_leaving'])); + $dayStart = Database::escape_string(trim($_POST['day_start'])); + $monthStart = Database::escape_string(trim($_POST['month_start'])); + $yearStart = Database::escape_string(trim($_POST['year_start'])); + $dayEnd = Database::escape_string(trim($_POST['day_end'])); + $monthEnd = Database::escape_string(trim($_POST['month_end'])); + $yearEnd = Database::escape_string(trim($_POST['year_end'])); + $participantId = intval($_POST['participant_id']); + $actionId = intval($_POST['action_id']); + $specialtyId = intval($_POST['specialty_id']); $registrationDate = $yearRegistration."-".$monthRegistration."-".$dayRegistration; $leavingDate = $yearLeaving."-".$monthLeaving."-".$dayLeaving; $startDate = $yearStart."-".$monthStart."-".$dayStart; $endDate = $yearEnd."-".$monthEnd."-".$dayEnd; - if (isset($newSpecialty) && $newSpecialty != "1") { + if (isset($newSpecialty) && $newSpecialty != 1) { $sql = "UPDATE $tableSepeParticipantsSpecialty SET - specialty_origin='".$specialtyOrigin."', - professional_area='".$professionalArea."', - specialty_code='".$specialtyCode."', - registration_date='".$registrationDate."', - leaving_date='".$leavingDate."', - center_origin='".$centerOrigin."', - center_code='".$centerCode."', - start_date='".$startDate."', - end_date='".$endDate."', - final_result='".$finalResult."', - final_qualification='".$finalQualification."', - final_score='".$finalScore."' - WHERE id='".$specialtyId."';"; + specialty_origin = '".$specialtyOrigin."', + professional_area = '".$professionalArea."', + specialty_code = '".$specialtyCode."', + registration_date = '".$registrationDate."', + leaving_date = '".$leavingDate."', + center_origin = '".$centerOrigin."', + center_code = '".$centerCode."', + start_date = '".$startDate."', + end_date = '".$endDate."', + final_result = '".$finalResult."', + final_qualification = '".$finalQualification."', + final_score = '".$finalScore."' + WHERE id = $specialtyId"; } else { $sql = "INSERT INTO $tableSepeParticipantsSpecialty ( participant_id, @@ -77,7 +76,7 @@ if ( !empty($_POST)) { final_qualification, final_score ) VALUES ( - '".$participantId."', + $participantId, '".$specialtyOrigin."', '".$professionalArea."', '".$specialtyCode."', @@ -102,8 +101,8 @@ if ( !empty($_POST)) { $specialtyId = Database::insert_id(); } - $platformUserId = etUserPlatformFromParticipant($participantId); - $insertLog = checkInsertNewLog($platformUserId,$actionId); + $platformUserId = getUserPlatformFromParticipant($participantId); + $insertLog = checkInsertNewLog($platformUserId, $actionId); if ($insertLog) { if ($finalResult == "1" || $finalResult == "2") { $leavingDateLog = date("Y-m-d H:i:s"); @@ -117,16 +116,16 @@ if ( !empty($_POST)) { leaving_date ) VALUES ( '".$platformUserId."', - '".$actionId."', - '".date("Y-m-d H:i:s")."' - '".$leavingDateLog."' - );"; + '".$actionId."', + '".date("Y-m-d H:i:s")."' + '".$leavingDateLog."' + );"; } else { if ($finalResult == "1" || $finalResult == "2") { $sql = "UPDATE $tableSepeLogParticipant - SET leaving_date='".date("Y-m-d H:i:s")."' - WHERE platform_user_id='".$platformUserId."' AND action_id='".$actionId."';"; + SET leaving_date = '".date("Y-m-d H:i:s")."' + WHERE platform_user_id = '".$platformUserId."' AND action_id = '".$actionId."';"; } else { $sql = "INSERT INTO $tableSepeLogChangeParticipant ( platform_user_id, @@ -134,9 +133,9 @@ if ( !empty($_POST)) { change_date ) VALUES ( '".$platformUserId."', - '".$actionId."', - '".date("Y-m-d H:i:s")."' - );"; + '".$actionId."', + '".date("Y-m-d H:i:s")."' + );"; } } $res = Database::query($sql); @@ -144,10 +143,10 @@ if ( !empty($_POST)) { session_write_close(); header("Location: participant-specialty-edit.php?new_specialty=0&specialty_id=".$specialtyId."&participant_id=".$participantId."&action_id=".$actionId); } else { - $newSpecialty = trim(Security::remove_XSS(stripslashes($_POST['new_specialty']))); - $participantId = trim(Security::remove_XSS(stripslashes($_POST['participant_id']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); + $newSpecialty = intval($_POST['new_specialty']); + $participantId = intval($_POST['participant_id']); + $actionId = intval($_POST['action_id']); + $specialtyId = intval($_POST['specialty_id']); Security::clear_token(); $token = Security::get_token(); $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken'); @@ -159,16 +158,17 @@ if ( !empty($_POST)) { } if (api_is_platform_admin()) { - $courseId = getCourse($_GET['action_id']); + $actionId = intval($_GET['action_id']); + $courseId = getCourse($actionId); $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')); - $interbreadcrumb[] = array("url" => "participant-action-edit.php?new_participant=0&participant_id=".$_GET['participant_id']."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('FormativeActionParticipant')); - if (isset($_GET['new_specialty']) && $_GET['new_specialty'] == "1") { + $interbreadcrumb[] = array("url" => "participant-action-edit.php?new_participant=0&participant_id=".intval($_GET['participant_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('FormativeActionParticipant')); + if (isset($_GET['new_specialty']) && intval($_GET['new_specialty']) == 1) { $templateName = $plugin->get_lang('NewSpecialtyParticipant'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('participant_id', $_GET['participant_id']); + $tpl->assign('action_id', $actionId); + $tpl->assign('participant_id', intval($_GET['participant_id'])); $info = array(); $tpl->assign('info', $info); $tpl->assign('new_specialty', '1'); @@ -177,53 +177,53 @@ if (api_is_platform_admin()) { } else { $templateName = $plugin->get_lang('EditSpecialtyParticipant'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('specialty_id', $_GET['specialty_id']); - $tpl->assign('participant_id', $_GET['participant_id']); - $info = getInfoSpecialtyParticipant($_GET['specialty_id']); + $tpl->assign('action_id', $actionId); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); + $tpl->assign('participant_id', intval($_GET['participant_id'])); + $info = getInfoSpecialtyParticipant(intval($_GET['specialty_id'])); $tpl->assign('info', $info); $tpl->assign('new_specialty', '0'); if ($info['registration_date'] != '0000-00-00' && $info['registration_date'] != NULL) { - $tpl->assign('day_registration', date("j",strtotime($info['registration_date']))); - $tpl->assign('month_registration', date("n",strtotime($info['registration_date']))); - $tpl->assign('year_registration', date("Y",strtotime($info['registration_date']))); - $registrationYear = date("Y",strtotime($info['registration_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $registrationYear = date("Y",strtotime($info['registration_date'])); + $tpl->assign('day_registration', date("j", strtotime($info['registration_date']))); + $tpl->assign('month_registration', date("n", strtotime($info['registration_date']))); + $tpl->assign('year_registration', date("Y", strtotime($info['registration_date']))); + $registrationYear = date("Y", strtotime($info['registration_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $registrationYear = date("Y", strtotime($info['registration_date'])); } else { $registrationYear = date("Y"); } if ($info['leaving_date'] != '0000-00-00' && $info['leaving_date'] != NULL) { - $tpl->assign('day_leaving', date("j",strtotime($info['leaving_date']))); - $tpl->assign('month_leaving', date("n",strtotime($info['leaving_date']))); - $tpl->assign('year_leaving', date("Y",strtotime($info['leaving_date']))); - $leaveYear = date("Y",strtotime($info['leaving_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $leaveYear = date("Y",strtotime($info['leaving_date'])); + $tpl->assign('day_leaving', date("j", strtotime($info['leaving_date']))); + $tpl->assign('month_leaving', date("n", strtotime($info['leaving_date']))); + $tpl->assign('year_leaving', date("Y", strtotime($info['leaving_date']))); + $leaveYear = date("Y", strtotime($info['leaving_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $leaveYear = date("Y", strtotime($info['leaving_date'])); } else { $leaveYear = date("Y"); } if ($info['start_date'] != '0000-00-00' && $info['start_date'] != NULL) { - $tpl->assign('day_start', date("j",strtotime($info['start_date']))); - $tpl->assign('month_start', date("n",strtotime($info['start_date']))); - $tpl->assign('year_start', date("Y",strtotime($info['start_date']))); - $startYear = date("Y",strtotime($info['start_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $startYear = date("Y",strtotime($info['start_date'])); + $tpl->assign('day_start', date("j", strtotime($info['start_date']))); + $tpl->assign('month_start', date("n", strtotime($info['start_date']))); + $tpl->assign('year_start', date("Y", strtotime($info['start_date']))); + $startYear = date("Y", strtotime($info['start_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $startYear = date("Y", strtotime($info['start_date'])); } else { $startYear = date("Y"); } if ($info['end_date'] != '0000-00-00' && $info['end_date'] != NULL) { - $tpl->assign('day_end', date("j",strtotime($info['end_date']))); + $tpl->assign('day_end', date("j", strtotime($info['end_date']))); $tpl->assign('month_end', date("n",strtotime($info['end_date']))); - $tpl->assign('year_end', date("Y",strtotime($info['end_date']))); - $endYear = date("Y",strtotime($info['end_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $endYear = date("Y",strtotime($info['end_date'])); + $tpl->assign('year_end', date("Y", strtotime($info['end_date']))); + $endYear = date("Y", strtotime($info['end_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $endYear = date("Y", strtotime($info['end_date'])); } else { $endYear = date("Y"); } - $listSpecialtyTutorials = getListSpecialtyTutorial($_GET['specialty_id']); + $listSpecialtyTutorials = getListSpecialtyTutorial(intval($_GET['specialty_id'])); $tpl->assign('listSpecialtyTutorials', $listSpecialtyTutorials); } @@ -266,7 +266,7 @@ if (api_is_platform_admin()) { $tpl->assign('message_error', $_SESSION['sepe_message_error']); unset($_SESSION['sepe_message_error']); } - $tpl->assign('sec_token',$token); + $tpl->assign('sec_token', $token); $listing_tpl = 'sepe/view/participant-specialty-edit.tpl'; $content = $tpl->fetch($listing_tpl); $tpl->assign('content', $content); diff --git a/plugin/sepe/src/sepe-administration-menu.php b/plugin/sepe/src/sepe-administration-menu.php index 025a3f3447..4094222432 100644 --- a/plugin/sepe/src/sepe-administration-menu.php +++ b/plugin/sepe/src/sepe-administration-menu.php @@ -3,7 +3,6 @@ /** * This script displays a administrator menu. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; diff --git a/plugin/sepe/src/sepe.lib.php b/plugin/sepe/src/sepe.lib.php index 52554c1e02..e8954d0979 100644 --- a/plugin/sepe/src/sepe.lib.php +++ b/plugin/sepe/src/sepe.lib.php @@ -32,6 +32,13 @@ function getInfoIdentificationData() $res = Database::query($sql); if (Database::num_rows($res) > 0) { $row = Database::fetch_assoc($res); + $row['center_origin'] = Security::remove_XSS(stripslashes($row['center_origin'])); + $row['center_code'] = Security::remove_XSS(stripslashes($row['center_code'])); + $row['center_name'] = Security::remove_XSS(stripslashes($row['center_name'])); + $row['url'] = Security::remove_XSS(stripslashes($row['url'])); + $row['tracking_url'] = Security::remove_XSS(stripslashes($row['tracking_url'])); + $row['phone'] = Security::remove_XSS(stripslashes($row['phone'])); + $row['mail'] = Security::remove_XSS(stripslashes($row['mail'])); } else { $row = false; } @@ -53,7 +60,7 @@ function checkIdentificationData() function getActionId($courseId) { global $tableSepeCourseActions; - $sql = "SELECT action_id FROM $tableSepeCourseActions WHERE course_id='".$courseId."';"; + $sql = "SELECT action_id FROM $tableSepeCourseActions WHERE course_id = $courseId"; $rs = Database::query($sql); $aux = Database::fetch_assoc($rs); return $aux['action_id']; @@ -62,7 +69,7 @@ function getActionId($courseId) function getCourse($actionId) { global $tableSepeCourseActions; - $sql = "SELECT course_id FROM $tableSepeCourseActions WHERE action_id='".$actionId."';"; + $sql = "SELECT course_id FROM $tableSepeCourseActions WHERE action_id = $actionId"; $rs = Database::query($sql); $aux = Database::fetch_assoc($rs); return $aux['course_id']; @@ -71,7 +78,7 @@ function getCourseCode($actionId) { global $tableCourse; $courseId = getCourse($actionId); - $sql = "SELECT code FROM $tableCourse WHERE id='".$courseId."'"; + $sql = "SELECT code FROM $tableCourse WHERE id = $courseId"; $rs = Database::query($sql); $aux = Database::fetch_assoc($rs); return $aux['code']; @@ -80,10 +87,23 @@ function getCourseCode($actionId) function getActionInfo($id) { global $tableSepeActions; - $sql = "SELECT * FROM $tableSepeActions WHERE id='".$id."';"; + $sql = "SELECT * FROM $tableSepeActions WHERE id = $id"; $res = Database::query($sql); $aux = array(); if (Database::num_rows($res) > 0) { + $row['action_origin'] = Security::remove_XSS(stripslashes($row['action_origin'])); + $row['action_code'] = Security::remove_XSS(stripslashes($row['action_code'])); + $row['situation'] = Security::remove_XSS(stripslashes($row['situation'])); + $row['specialty_origin'] = Security::remove_XSS(stripslashes($row['specialty_origin'])); + $row['professional_area'] = Security::remove_XSS(stripslashes($row['professional_area'])); + $row['specialty_code'] = Security::remove_XSS(stripslashes($row['specialty_code'])); + $row['full_itinerary_indicator'] = Security::remove_XSS(stripslashes($row['full_itinerary_indicator'])); + $row['financing_type'] = Security::remove_XSS(stripslashes($row['financing_type'])); + $row['action_name'] = Security::remove_XSS(stripslashes($row['action_name'])); + $row['global_info'] = Security::remove_XSS(stripslashes($row['global_info'])); + $row['schedule'] = Security::remove_XSS(stripslashes($row['schedule'])); + $row['requirements'] = Security::remove_XSS(stripslashes($row['requirements'])); + $row['contact_action'] = Security::remove_XSS(stripslashes($row['contact_action'])); $row = Database::fetch_assoc($res); } else { $row = false; @@ -94,10 +114,16 @@ function getActionInfo($id) function getSpecialtActionInfo($specialtyId) { global $tableSepeSpecialty; - $sql = "SELECT * FROM $tableSepeSpecialty WHERE id='".$specialtyId."';"; + $sql = "SELECT * FROM $tableSepeSpecialty WHERE id = $specialtyId"; $res = Database::query($sql); $aux = array(); if (Database::num_rows($res) > 0) { + $row['specialty_origin'] = Security::remove_XSS(stripslashes($row['specialty_origin'])); + $row['professional_area'] = Security::remove_XSS(stripslashes($row['professional_area'])); + $row['specialty_code'] = Security::remove_XSS(stripslashes($row['specialty_code'])); + $row['center_origin'] = Security::remove_XSS(stripslashes($row['center_origin'])); + $row['center_code'] = Security::remove_XSS(stripslashes($row['center_code'])); + $row['modality_impartition'] = Security::remove_XSS(stripslashes($row['modality_impartition'])); $row = Database::fetch_assoc($res); } else { $row = false; @@ -110,11 +136,13 @@ function getInfoSpecialtyClassroom($classroomId) global $tableSepeSpecialtyClassroom; global $tableCenters; $sql = "SELECT a.*, center_origin, center_code - FROM $tableSepeSpecialtyClassroom a LEFT JOIN $tableCenters b ON a.center_id=b.id - WHERE a.id='".$classroomId."';"; + FROM $tableSepeSpecialtyClassroom a LEFT JOIN $tableCenters b ON a.center_id = b.id + WHERE a.id = $classroomId"; $res = Database::query($sql); $aux = array(); if (Database::num_rows($res) > 0) { + $row['center_origin'] = Security::remove_XSS(stripslashes($row['center_origin'])); + $row['center_code'] = Security::remove_XSS(stripslashes($row['center_code'])); $row = Database::fetch_assoc($res); } else { $row = false; @@ -125,7 +153,7 @@ function getInfoSpecialtyClassroom($classroomId) function getInfoSpecialtyTutorial($tutorialId) { global $tableSepeParticipantsSpecialtyTutorials; - $sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE id='".$tutorialId."';"; + $sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE id = $tutorialId"; $res = Database::query($sql); $aux = array(); if (Database::num_rows($res) > 0) { @@ -139,7 +167,7 @@ function getInfoSpecialtyTutorial($tutorialId) function list_tutor($specialtyId) { global $tableSepeSpecialtyTutors; - $sql = "SELECT * FROM $tableSepeSpecialtyTutors WHERE specialty_id='".$specialtyId."';"; + $sql = "SELECT * FROM $tableSepeSpecialtyTutors WHERE specialty_id = $specialtyId"; $res = Database::query($sql); if (Database::num_rows($res) > 0) { $row = Database::fetch_assoc($res); @@ -185,7 +213,7 @@ function getTutorsSpecialty($specialtyId) global $tableSepeSpecialtyTutors; global $tableSepeTutors; global $tableUser; - $sql = "SELECT tutor_id FROM $tableSepeSpecialtyTutors;"; + $sql = "SELECT tutor_id FROM $tableSepeSpecialtyTutors WHERE specialty_id = $specialtyId"; $rs = Database::query($sql); $tutorsList = array(); while ($tmp = Database::fetch_assoc($rs)) { @@ -217,10 +245,13 @@ function getInfoSpecialtyTutor($tutorId) $sql = "SELECT a.*,platform_user_id,document_type, document_number,document_letter FROM $tableSepeSpecialtyTutors a INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id - WHERE a.id='".$tutorId."';"; + WHERE a.id = $tutorId;"; $res = Database::query($sql); $aux = array(); if (Database::num_rows($res) > 0) { + $row['tutor_accreditation'] = Security::remove_XSS(stripslashes($row['tutor_accreditation'])); + $row['teaching_competence'] = Security::remove_XSS(stripslashes($row['teaching_competence'])); + $row['training_teleforming'] = Security::remove_XSS(stripslashes($row['training_teleforming'])); $row = Database::fetch_assoc($res); } else { $row = false; @@ -232,7 +263,7 @@ function freeTeacherList($teacherList,$specialtyId,$platform_user_id) { global $tableSepeSpecialtyTutors; global $tableSepeTutors; - $sql = "SELECT tutor_id FROM $tableSepeSpecialtyTutors WHERE specialty_id='".$specialtyId."';"; + $sql = "SELECT tutor_id FROM $tableSepeSpecialtyTutors WHERE specialty_id = $specialtyId"; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { while ($aux = Database::fetch_assoc($rs)) { @@ -257,21 +288,33 @@ function freeTeacherList($teacherList,$specialtyId,$platform_user_id) function getInfoParticipantAction($participantId) { global $tableSepeParticipants; - $sql = "SELECT * FROM $tableSepeParticipants WHERE id='".$participantId."';"; + $sql = "SELECT * FROM $tableSepeParticipants WHERE id = $participantId"; $res = Database::query($sql); $aux = array(); if (Database::num_rows($res) > 0) { $row = Database::fetch_assoc($res); + $result = []; + $result['id'] = $row['']; + $result['action_id'] = $row['action_id']; + $result['company_tutor_id'] = $row['company_tutor_id']; + $result['training_tutor_id'] = $row['training_tutor_id']; + $result['platform_user_id'] = $row['platform_user_id']; + $result['document_type'] = Security::remove_XSS(stripslashes($row['document_type'])); + $result['document_number'] = Security::remove_XSS(stripslashes($row['document_number'])); + $result['document_letter'] = Security::remove_XSS(stripslashes($row['document_letter'])); + $result['key_competence'] = Security::remove_XSS(stripslashes($row['key_competence'])); + $result['contract_id'] = Security::remove_XSS(stripslashes($row['contract_id'])); + $result['company_fiscal_number'] = Security::remove_XSS(stripslashes($row['company_fiscal_number'])); } else { - $row = false; + $result = false; } - return $row; + return $result; } function getParticipantId($id) { global $tableSepeParticipantsSpecialty; - $sql = "SELECT participant_id FROM $tableSepeParticipantsSpecialty WHERE id='".$id."';"; + $sql = "SELECT participant_id FROM $tableSepeParticipantsSpecialty WHERE id = $id"; $rs = Database::query($sql); $aux = Database::fetch_assoc($rs); return $aux['participant_id']; @@ -280,11 +323,19 @@ function getParticipantId($id) function getInfoSpecialtyParticipant($specialtyId) { global $tableSepeParticipantsSpecialty; - $sql = "SELECT * FROM $tableSepeParticipantsSpecialty WHERE id='".$specialtyId."';"; + $sql = "SELECT * FROM $tableSepeParticipantsSpecialty WHERE id = $specialtyId"; $res = Database::query($sql); $aux = array(); if (Database::num_rows($res) > 0) { $row = Database::fetch_assoc($res); + $row['specialty_origin'] = Security::remove_XSS(stripslashes($row['specialty_origin'])); + $row['professional_area'] = Security::remove_XSS(stripslashes($row['professional_area'])); + $row['specialty_code'] = Security::remove_XSS(stripslashes($row['specialty_code'])); + $row['center_origin'] = Security::remove_XSS(stripslashes($row['center_origin'])); + $row['center_code'] = Security::remove_XSS(stripslashes($row['center_code'])); + $row['final_result'] = Security::remove_XSS(stripslashes($row['final_result'])); + $row['final_qualification'] = Security::remove_XSS(stripslashes($row['final_qualification'])); + $row['final_score'] = Security::remove_XSS(stripslashes($row['final_score'])); } else { $row = false; } @@ -296,7 +347,7 @@ function specialtyList($actionId) global $tableSepeSpecialty; $sql = "SELECT id, specialty_origin, professional_area, specialty_code FROM $tableSepeSpecialty - WHERE action_id='".$actionId."';"; + WHERE action_id = $actionId"; $res = Database::query($sql); $aux = array(); while ($row = Database::fetch_assoc($res)) { @@ -311,7 +362,7 @@ function participantList($actionId) global $tableUser; $sql = "SELECT $tableSepeParticipants.id AS id, document_type, document_number, document_letter, firstname, lastname FROM $tableSepeParticipants LEFT JOIN $tableUser ON $tableSepeParticipants.platform_user_id=$tableUser.user_id - WHERE action_id='".$actionId."';"; + WHERE action_id = $actionId"; $res = Database::query($sql); $aux = array(); while ($row = Database::fetch_assoc($res)) { @@ -323,10 +374,18 @@ function participantList($actionId) function listParticipantSpecialty($participantId) { global $tableSepeParticipantsSpecialty; - $sql = "SELECT * FROM $tableSepeParticipantsSpecialty WHERE participant_id='".$participantId."';"; + $sql = "SELECT * FROM $tableSepeParticipantsSpecialty WHERE participant_id = $participantId"; $res = Database::query($sql); $aux = array(); while ($row = Database::fetch_assoc($res)) { + $row['specialty_origin'] = Security::remove_XSS(stripslashes($row['specialty_origin'])); + $row['professional_area'] = Security::remove_XSS(stripslashes($row['professional_area'])); + $row['specialty_code'] = Security::remove_XSS(stripslashes($row['specialty_code'])); + $row['center_origin'] = Security::remove_XSS(stripslashes($row['center_origin'])); + $row['center_code'] = Security::remove_XSS(stripslashes($row['center_code'])); + $row['final_result'] = Security::remove_XSS(stripslashes($row['final_result'])); + $row['final_qualification'] = Security::remove_XSS(stripslashes($row['final_qualification'])); + $row['final_score'] = Security::remove_XSS(stripslashes($row['final_score'])); $aux[] = $row; } return $aux; @@ -338,7 +397,7 @@ function classroomList($specialtyId) global $tableCenters; $sql = "SELECT a.*, center_origin, center_code FROM $tableSepeSpecialtyClassroom a LEFT JOIN $tableCenters b ON a.center_id=b.id - WHERE specialty_id='".$specialtyId."';"; + WHERE specialty_id = $specialtyId"; $res = Database::query($sql); $aux = array(); while ($row = Database::fetch_assoc($res)) { @@ -356,7 +415,7 @@ function tutorsList($specialtyId) $sql = "SELECT a.*,document_type,document_number,document_letter, firstname, lastname FROM $tableSepeSpecialtyTutors a INNER JOIN $tableSepeTutors b ON a.tutor_id=b.id LEFT JOIN $tableUser c ON b.platform_user_id=c.user_id - WHERE a.specialty_id='".$specialtyId."';"; + WHERE a.specialty_id = $specialtyId"; $res = Database::query($sql); while ($row = Database::fetch_assoc($res)) { $aux[] = $row; @@ -367,10 +426,13 @@ function tutorsList($specialtyId) function getListSpecialtyTutorial($specialtyId) { global $tableSepeParticipantsSpecialtyTutorials; - $sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE participant_specialty_id='".$specialtyId."';"; + $sql = "SELECT * FROM $tableSepeParticipantsSpecialtyTutorials WHERE participant_specialty_id = $specialtyId"; $res = Database::query($sql); $aux = array(); while ($row = Database::fetch_assoc($res)) { + $row['tutor_accreditation'] = Security::remove_XSS(stripslashes($row['tutor_accreditation'])); + $row['teaching_competence'] = Security::remove_XSS(stripslashes($row['teaching_competence'])); + $row['training_teleforming'] = Security::remove_XSS(stripslashes($row['training_teleforming'])); $aux[] = $row; } return $aux; @@ -418,6 +480,8 @@ function listActionFree() $res = Database::query($sql); $aux = array(); while ($row = Database::fetch_assoc($res)) { + $row['action_origin'] = Security::remove_XSS(stripslashes($row['action_origin'])); + $row['action_code'] = Security::remove_XSS(stripslashes($row['action_code'])); $aux[] = $row; } return $aux; @@ -428,7 +492,7 @@ function getSpecialtyTutorId($specialtyId, $tutorId) global $tableSepeSpecialtyTutors; $sql = "SELECT id FROM $tableSepeSpecialtyTutors - WHERE specialty_id='".$specialtyId."' AND tutor_id='".$tutorId."';"; + WHERE specialty_id = $specialtyId AND tutor_id = $tutorId"; $res = Database::query($sql); $row = Database::fetch_assoc($res); return $row['id']; @@ -437,7 +501,7 @@ function getSpecialtyTutorId($specialtyId, $tutorId) function checkInsertNewLog($platformUserId,$actionId) { global $tableSepeLogParticipant; - $sql = "SELECT * FROM $tableSepeLogParticipant WHERE platform_user_id='".$platformUserId."' AND action_id='".$actionId."';"; + $sql = "SELECT * FROM $tableSepeLogParticipant WHERE platform_user_id = $platformUserId AND action_id = $actionId"; $res = Database::query($sql); if (Database::num_rows($res) > 0) { return false; @@ -449,10 +513,10 @@ function checkInsertNewLog($platformUserId,$actionId) function getUserPlatformFromParticipant($participantId) { global $tableSepeParticipants; - $sql = "SELECT * FROM $tableSepeParticipants WHERE id='".$participantId."';"; + $sql = "SELECT * FROM $tableSepeParticipants WHERE id = $participantId"; $res = Database::query($sql); $row = Database::fetch_assoc($res); - if ($row['platform_user_id'] == '0' || $row['platform_user_id'] == '') { + if ($row['platform_user_id'] == 0 || $row['platform_user_id'] == '') { return false; } else { return $row['platform_user_id']; diff --git a/plugin/sepe/src/sepe_plugin.class.php b/plugin/sepe/src/sepe_plugin.class.php index 9917849727..514a7be95e 100644 --- a/plugin/sepe/src/sepe_plugin.class.php +++ b/plugin/sepe/src/sepe_plugin.class.php @@ -3,30 +3,30 @@ /** * Plugin class for the SEPE plugin * @package chamilo.plugin.sepe - * @author Jose Angel Ruiz + * @author Jose Angel Ruiz * @author Julio Montoya */ class SepePlugin extends Plugin { - const TABLE_SEPE_CENTER = 'plugin_sepe_center'; - const TABLE_SEPE_ACTIONS = 'plugin_sepe_actions'; - const TABLE_SEPE_SPECIALTY = 'plugin_sepe_specialty'; - const TABLE_SEPE_SPECIALTY_CLASSROOM = 'plugin_sepe_specialty_classroom'; - const TABLE_SEPE_CENTERS = 'plugin_sepe_centers'; - const TABLE_SEPE_TUTORS = 'plugin_sepe_tutors'; - const TABLE_SEPE_SPECIALTY_TUTORS = 'plugin_sepe_specialty_tutors'; - const TABLE_SEPE_PARTICIPANTS = 'plugin_sepe_participants'; - const TABLE_SEPE_PARTICIPANTS_SPECIALTY = 'plugin_sepe_participants_specialty'; - const TABLE_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS = 'plugin_sepe_participants_specialty_tutorials'; - const TABLE_SEPE_COURSE_ACTIONS = 'plugin_sepe_course_actions'; - const TABLE_SEPE_TUTORS_COMPANY = 'plugin_sepe_tutors_company'; - const TABLE_SEPE_TEACHING_COMPETENCE = 'plugin_sepe_teaching_competence'; - const TABLE_SEPE_LOG_PARTICIPANT = 'plugin_sepe_log_participant'; - const TABLE_SEPE_LOG_MOD_PARTICIPANT = 'plugin_sepe_log_mod_participant'; - const TABLE_SEPE_LOG = 'plugin_sepe_log'; + const TABLE_SEPE_CENTER = 'plugin_sepe_center'; + const TABLE_SEPE_ACTIONS = 'plugin_sepe_actions'; + const TABLE_SEPE_SPECIALTY = 'plugin_sepe_specialty'; + const TABLE_SEPE_SPECIALTY_CLASSROOM = 'plugin_sepe_specialty_classroom'; + const TABLE_SEPE_CENTERS = 'plugin_sepe_centers'; + const TABLE_SEPE_TUTORS = 'plugin_sepe_tutors'; + const TABLE_SEPE_SPECIALTY_TUTORS = 'plugin_sepe_specialty_tutors'; + const TABLE_SEPE_PARTICIPANTS = 'plugin_sepe_participants'; + const TABLE_SEPE_PARTICIPANTS_SPECIALTY = 'plugin_sepe_participants_specialty'; + const TABLE_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS = 'plugin_sepe_participants_specialty_tutorials'; + const TABLE_SEPE_COURSE_ACTIONS = 'plugin_sepe_course_actions'; + const TABLE_SEPE_TUTORS_COMPANY = 'plugin_sepe_tutors_company'; + const TABLE_SEPE_TEACHING_COMPETENCE = 'plugin_sepe_teaching_competence'; + const TABLE_SEPE_LOG_PARTICIPANT = 'plugin_sepe_log_participant'; + const TABLE_SEPE_LOG_MOD_PARTICIPANT = 'plugin_sepe_log_mod_participant'; + const TABLE_SEPE_LOG = 'plugin_sepe_log'; - public $isAdminPlugin = true; - /** + public $isAdminPlugin = true; + /** * * @return StaticPlugin */ @@ -39,37 +39,37 @@ class SepePlugin extends Plugin protected function __construct() { parent::__construct( - '2.0', - ' - Jose Angel Ruiz - NoSoloRed (original author)
- Julio Montoya (SOAP integration) - ', - array('sepe_enable' => 'boolean') - ); + '2.0', + ' + Jose Angel Ruiz - NoSoloRed (original author)
+ Julio Montoya (SOAP integration) + ', + array('sepe_enable' => 'boolean') + ); } - - /** + + /** * This method creates the tables required to this plugin */ function install() { $tablesToBeCompared = array( - self::TABLE_SEPE_CENTER, - self::TABLE_SEPE_ACTIONS, - self::TABLE_SEPE_SPECIALTY, - self::TABLE_SEPE_SPECIALTY_CLASSROOM, - self::TABLE_SEPE_CENTERS, - self::TABLE_SEPE_TUTORS, - self::TABLE_SEPE_SPECIALTY_TUTORS, - self::TABLE_SEPE_PARTICIPANTS, - self::TABLE_SEPE_PARTICIPANTS_SPECIALTY, - self::TABLE_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS, - self::TABLE_SEPE_COURSE_ACTIONS, - self::TABLE_SEPE_TUTORS_COMPANY, - self::TABLE_SEPE_TEACHING_COMPETENCE, - self::TABLE_SEPE_LOG_PARTICIPANT, - self::TABLE_SEPE_LOG_MOD_PARTICIPANT, - self::TABLE_SEPE_LOG + self::TABLE_SEPE_CENTER, + self::TABLE_SEPE_ACTIONS, + self::TABLE_SEPE_SPECIALTY, + self::TABLE_SEPE_SPECIALTY_CLASSROOM, + self::TABLE_SEPE_CENTERS, + self::TABLE_SEPE_TUTORS, + self::TABLE_SEPE_SPECIALTY_TUTORS, + self::TABLE_SEPE_PARTICIPANTS, + self::TABLE_SEPE_PARTICIPANTS_SPECIALTY, + self::TABLE_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS, + self::TABLE_SEPE_COURSE_ACTIONS, + self::TABLE_SEPE_TUTORS_COMPANY, + self::TABLE_SEPE_TEACHING_COMPETENCE, + self::TABLE_SEPE_LOG_PARTICIPANT, + self::TABLE_SEPE_LOG_MOD_PARTICIPANT, + self::TABLE_SEPE_LOG ); $em = Database::getManager(); $cn = $em->getConnection(); @@ -82,29 +82,29 @@ class SepePlugin extends Plugin require_once api_get_path(SYS_PLUGIN_PATH) . 'sepe/database.php'; } - - /** + + /** * This method drops the plugin tables */ function uninstall() { $tablesToBeDeleted = array( self::TABLE_SEPE_CENTER, - self::TABLE_SEPE_SPECIALTY_CLASSROOM, - self::TABLE_SEPE_CENTERS, - self::TABLE_SEPE_TUTORS, - self::TABLE_SEPE_SPECIALTY_TUTORS, - self::TABLE_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS, - self::TABLE_SEPE_PARTICIPANTS_SPECIALTY, - self::TABLE_SEPE_COURSE_ACTIONS, - self::TABLE_SEPE_PARTICIPANTS, - self::TABLE_SEPE_TUTORS_COMPANY, - self::TABLE_SEPE_SPECIALTY, - self::TABLE_SEPE_ACTIONS, - self::TABLE_SEPE_TEACHING_COMPETENCE, - self::TABLE_SEPE_LOG_PARTICIPANT, - self::TABLE_SEPE_LOG_MOD_PARTICIPANT, - self::TABLE_SEPE_LOG + self::TABLE_SEPE_SPECIALTY_CLASSROOM, + self::TABLE_SEPE_CENTERS, + self::TABLE_SEPE_TUTORS, + self::TABLE_SEPE_SPECIALTY_TUTORS, + self::TABLE_SEPE_PARTICIPANTS_SPECIALTY_TUTORIALS, + self::TABLE_SEPE_PARTICIPANTS_SPECIALTY, + self::TABLE_SEPE_COURSE_ACTIONS, + self::TABLE_SEPE_PARTICIPANTS, + self::TABLE_SEPE_TUTORS_COMPANY, + self::TABLE_SEPE_SPECIALTY, + self::TABLE_SEPE_ACTIONS, + self::TABLE_SEPE_TEACHING_COMPETENCE, + self::TABLE_SEPE_LOG_PARTICIPANT, + self::TABLE_SEPE_LOG_MOD_PARTICIPANT, + self::TABLE_SEPE_LOG ); foreach ($tablesToBeDeleted as $tableToBeDeleted) { diff --git a/plugin/sepe/src/specialty-action-edit.php b/plugin/sepe/src/specialty-action-edit.php index dd28a66641..8cb9e2519b 100644 --- a/plugin/sepe/src/specialty-action-edit.php +++ b/plugin/sepe/src/specialty-action-edit.php @@ -3,7 +3,6 @@ /** * This script displays a specialty action edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -16,41 +15,41 @@ $_cid = 0; if (!empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $specialtyOrigin = trim(Security::remove_XSS(stripslashes($_POST['specialty_origin']))); - $professionalArea = trim(Security::remove_XSS(stripslashes($_POST['professional_area']))); - $specialtyCode = trim(Security::remove_XSS(stripslashes($_POST['specialty_code']))); - $centerOrigin = trim(Security::remove_XSS(stripslashes($_POST['center_origin']))); - $centerCode = trim(Security::remove_XSS(stripslashes($_POST['center_code']))); - $dayStart = trim(Security::remove_XSS(stripslashes($_POST['day_start']))); - $monthStart = trim(Security::remove_XSS(stripslashes($_POST['month_start']))); - $yearStart = trim(Security::remove_XSS(stripslashes($_POST['year_start']))); - $dayEnd = trim(Security::remove_XSS(stripslashes($_POST['day_end']))); - $monthEnd = trim(Security::remove_XSS(stripslashes($_POST['month_end']))); - $yearEnd = trim(Security::remove_XSS(stripslashes($_POST['year_end']))); - $modality_impartition = trim(Security::remove_XSS(stripslashes($_POST['modality_impartition']))); - $classroomHours = trim(Security::remove_XSS(stripslashes($_POST['classroom_hours']))); - $distanceHours = trim(Security::remove_XSS(stripslashes($_POST['distance_hours']))); - $morningsParticipantsNumber = trim(Security::remove_XSS(stripslashes($_POST['mornings_participants_number']))); - $morningsAccessNumber = trim(Security::remove_XSS(stripslashes($_POST['mornings_access_number']))); - $morningTotalDuration = trim(Security::remove_XSS(stripslashes($_POST['morning_total_duration']))); - $afternoonParticipantsNumber = trim(Security::remove_XSS(stripslashes($_POST['afternoon_participants_number']))); - $afternoonAccessNumber = trim(Security::remove_XSS(stripslashes($_POST['afternoon_access_number']))); - $afternoonTotalDuration = trim(Security::remove_XSS(stripslashes($_POST['afternoon_total_duration']))); - $nightParticipantsNumber = trim(Security::remove_XSS(stripslashes($_POST['night_participants_number']))); - $nightAccessNumber = trim(Security::remove_XSS(stripslashes($_POST['night_access_number']))); - $nightTotalDuration = trim(Security::remove_XSS(stripslashes($_POST['night_total_duration']))); - $attendeesCount = trim(Security::remove_XSS(stripslashes($_POST['attendees_count']))); - $learningActivityCount = trim(Security::remove_XSS(stripslashes($_POST['learning_activity_count']))); - $attemptCount = trim(Security::remove_XSS(stripslashes($_POST['attempt_count']))); - $evaluationActivityCount = trim(Security::remove_XSS(stripslashes($_POST['evaluation_activity_count']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); - $newSpecialty = trim(Security::remove_XSS(stripslashes($_POST['new_specialty']))); + $specialtyOrigin = Database::escape_string(trim($_POST['specialty_origin'])); + $professionalArea = Database::escape_string(trim($_POST['professional_area'])); + $specialtyCode = Database::escape_string(trim($_POST['specialty_code'])); + $centerOrigin = Database::escape_string(trim($_POST['center_origin'])); + $centerCode = Database::escape_string(trim($_POST['center_code'])); + $dayStart = Database::escape_string(trim($_POST['day_start'])); + $monthStart = Database::escape_string(trim($_POST['month_start'])); + $yearStart = Database::escape_string(trim($_POST['year_start'])); + $dayEnd = Database::escape_string(trim($_POST['day_end'])); + $monthEnd = Database::escape_string(trim($_POST['month_end'])); + $yearEnd = Database::escape_string(trim($_POST['year_end'])); + $modality_impartition = Database::escape_string(trim($_POST['modality_impartition'])); + $classroomHours = Database::escape_string(trim($_POST['classroom_hours'])); + $distanceHours = intval($_POST['distance_hours']); + $morningsParticipantsNumber = intval($_POST['mornings_participants_number']); + $morningsAccessNumber = intval($_POST['mornings_access_number']); + $morningTotalDuration = intval($_POST['morning_total_duration']); + $afternoonParticipantsNumber = intval($_POST['afternoon_participants_number']); + $afternoonAccessNumber = intval($_POST['afternoon_access_number']); + $afternoonTotalDuration = intval($_POST['afternoon_total_duration']); + $nightParticipantsNumber = intval($_POST['night_participants_number']); + $nightAccessNumber = intval($_POST['night_access_number']); + $nightTotalDuration = intval($_POST['night_total_duration']); + $attendeesCount = intval($_POST['attendees_count']); + $learningActivityCount = intval($_POST['learning_activity_count']); + $attemptCount = intval($_POST['attempt_count']); + $evaluationActivityCount = intval($_POST['evaluation_activity_count']); + $actionId = intval($_POST['action_id']); + $specialtyId = intval($_POST['specialty_id']); + $newSpecialty = intval($_POST['new_specialty']); $startDate = $yearStart."-".$monthStart."-".$dayStart; $endDate = $yearEnd."-".$monthEnd."-".$dayEnd; - if (isset($newSpecialty) && $newSpecialty != "1") { + if (isset($newSpecialty) && $newSpecialty != 1) { $sql = "UPDATE plugin_sepe_specialty SET specialty_origin='".$specialtyOrigin."', professional_area='".$professionalArea."', @@ -60,22 +59,22 @@ if (!empty($_POST)) { start_date='".$startDate."', end_date='".$endDate."', modality_impartition='".$modalityImpartition."', - classroom_hours='".$classroomHours."', - distance_hours='".$distanceHours."', - mornings_participants_number='".$morningsParticipantsNumber."', - mornings_access_number='".$morningsAccessNumber."', - morning_total_duration='".$morningTotalDuration."', - afternoon_participants_number='".$afternoonParticipantsNumber."', - afternoon_access_number='".$afternoonAccessNumber."', - afternoon_total_duration='".$afternoonTotalDuration."', - night_participants_number='".$nightParticipantsNumber."', - night_access_number='".$nightAccessNumber."', - night_total_duration='".$nightTotalDuration."', - attendees_count='".$attendeesCount."', - learning_activity_count='".$learningActivityCount."', - attempt_count='".$attemptCount."', - evaluation_activity_count='".$evaluationActivityCount."' - WHERE id='".$specialtyId."';"; + classroom_hours = $classroomHours, + distance_hours = $distanceHours, + mornings_participants_number = $morningsParticipantsNumber, + mornings_access_number = $morningsAccessNumber, + morning_total_duration = $morningTotalDuration, + afternoon_participants_number = $afternoonParticipantsNumber, + afternoon_access_number = $afternoonAccessNumber, + afternoon_total_duration = $afternoonTotalDuration, + night_participants_number = $nightParticipantsNumber, + night_access_number = $nightAccessNumber, + night_total_duration = $nightTotalDuration, + attendees_count = $attendeesCount, + learning_activity_count = $learningActivityCount, + attempt_count = $attemptCount, + evaluation_activity_count = $evaluationActivityCount + WHERE id = $specialtyId;"; } else { $sql = "INSERT INTO plugin_sepe_specialty ( action_id, @@ -103,7 +102,7 @@ if (!empty($_POST)) { attempt_count, evaluation_activity_count ) VALUES ( - '".$actionId."', + $actionId, '".$specialtyOrigin."', '".$professionalArea."', '".$specialtyCode."', @@ -112,21 +111,21 @@ if (!empty($_POST)) { '".$startDate."', '".$endDate."', '".$modalityImpartition."', - '".$classroomHours."', - '".$distanceHours."', - '".$morningsParticipantsNumber."', - '".$morningsAccessNumber."', - '".$morningTotalDuration."', - '".$afternoonParticipantsNumber."', - '".$afternoonAccessNumber."', - '".$afternoonTotalDuration."', - '".$nightParticipantsNumber."', - '".$nightAccessNumber."', - '".$nightTotalDuration."', - '".$attendeesCount."', - '".$learningActivityCount."', - '".$attemptCount."', - '".$evaluationActivityCount."' + $classroomHours, + $distanceHours, + $morningsParticipantsNumber, + $morningsAccessNumber, + $morningTotalDuration, + $afternoonParticipantsNumber, + $afternoonAccessNumber, + $afternoonTotalDuration, + $nightParticipantsNumber, + $nightAccessNumber, + $nightTotalDuration, + $attendeesCount, + $learningActivityCount, + $attemptCount, + $evaluationActivityCount );"; } $res = Database::query($sql); @@ -134,7 +133,7 @@ if (!empty($_POST)) { echo Database::error(); $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); } else { - if ($newSpecialty == "1") { + if ($newSpecialty == 1) { $specialtyId = Database::insert_id(); $_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange'); } @@ -142,9 +141,9 @@ if (!empty($_POST)) { session_write_close(); header("Location: specialty-action-edit.php?new_specialty=0&specialty_id=".$specialtyId."&action_id=".$actionId); } else { - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); - $newSpecialty = trim(Security::remove_XSS(stripslashes($_POST['new_specialty']))); + $actionId = intval($_POST['action_id']); + $specialtyId = intval($_POST['specialty_id']); + $newSpecialty = intval($_POST['new_specialty']); Security::clear_token(); $token = Security::get_token(); $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken'); @@ -156,14 +155,14 @@ if (!empty($_POST)) { } if (api_is_platform_admin()) { - $id_course = getCourse($_GET['action_id']); + $id_course = getCourse(intval($_GET['action_id'])); $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$id_course, "name" => $plugin->get_lang('FormativeAction')); - if (isset($_GET['new_specialty']) && $_GET['new_specialty'] == "1") { + if (isset($_GET['new_specialty']) && intval($_GET['new_specialty']) == 1) { $templateName = $plugin->get_lang('NewSpecialtyAccion'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); $info = array(); $tpl->assign('info', $info); $tpl->assign('new_action', '1'); @@ -171,35 +170,35 @@ if (api_is_platform_admin()) { } else { $templateName = $plugin->get_lang('EditSpecialtyAccion'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $info = getSpecialtActionInfo($_GET['specialty_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); + $info = getSpecialtActionInfo(intval($_GET['specialty_id'])); $tpl->assign('info', $info); if ($info['start_date'] != '0000-00-00' && $info['start_date'] != NULL) { - $tpl->assign('day_start', date("j",strtotime($info['start_date']))); - $tpl->assign('month_start', date("n",strtotime($info['start_date']))); - $tpl->assign('year_start', date("Y",strtotime($info['start_date']))); - $yearStart = date("Y",strtotime($info['start_date'])); - } elseif (strpos($info['start_date'],'0000') === false) { - $yearStart = date("Y",strtotime($info['start_date'])); + $tpl->assign('day_start', date("j", strtotime($info['start_date']))); + $tpl->assign('month_start', date("n", strtotime($info['start_date']))); + $tpl->assign('year_start', date("Y", strtotime($info['start_date']))); + $yearStart = date("Y", strtotime($info['start_date'])); + } elseif (strpos($info['start_date'], '0000') === false) { + $yearStart = date("Y", strtotime($info['start_date'])); } else { $yearStart = date("Y"); } if ($info['end_date'] != '0000-00-00' && $info['end_date'] != NULL) { - $tpl->assign('day_end', date("j",strtotime($info['end_date']))); - $tpl->assign('month_end', date("n",strtotime($info['end_date']))); - $tpl->assign('year_end', date("Y",strtotime($info['end_date']))); - $yearEnd = date("Y",strtotime($info['end_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $yearEnd = date("Y",strtotime($info['end_date'])); + $tpl->assign('day_end', date("j", strtotime($info['end_date']))); + $tpl->assign('month_end', date("n", strtotime($info['end_date']))); + $tpl->assign('year_end', date("Y", strtotime($info['end_date']))); + $yearEnd = date("Y", strtotime($info['end_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $yearEnd = date("Y", strtotime($info['end_date'])); } else { $yearEnd = date("Y"); } $tpl->assign('new_action', '0'); - $tpl->assign('specialty_id', $_GET['specialty_id']); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); - $listClassroom = classroomList($_GET['specialty_id']); + $listClassroom = classroomList(intval($_GET['specialty_id'])); $tpl->assign('listClassroom', $listClassroom); - $listTutors = tutorsList($_GET['specialty_id']); + $listTutors = tutorsList(intval($_GET['specialty_id'])); $tpl->assign('listTutors', $listTutors); } @@ -225,7 +224,7 @@ if (api_is_platform_admin()) { $tpl->assign('message_error', $_SESSION['sepe_message_error']); unset($_SESSION['sepe_message_error']); } - $tpl->assign('sec_token',$token); + $tpl->assign('sec_token', $token); $listing_tpl = 'sepe/view/specialty-action-edit.tpl'; $content = $tpl->fetch($listing_tpl); $tpl->assign('content', $content); diff --git a/plugin/sepe/src/specialty-classroom-edit.php b/plugin/sepe/src/specialty-classroom-edit.php index fd859bad23..bf6b4fe961 100644 --- a/plugin/sepe/src/specialty-classroom-edit.php +++ b/plugin/sepe/src/specialty-classroom-edit.php @@ -3,7 +3,6 @@ /** * This script displays a specialty classroom edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -16,24 +15,24 @@ $_cid = 0; if (!empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $sltCentersExists = trim(Security::remove_XSS(stripslashes($_POST['slt_centers_exists']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); - $existsCenterId = trim(Security::remove_XSS(stripslashes($_POST['exists_center_id']))); - $centerOrigin = trim(Security::remove_XSS(stripslashes($_POST['center_origin']))); - $centerCode = trim(Security::remove_XSS(stripslashes($_POST['center_code']))); - $newClassroom = trim(Security::remove_XSS(stripslashes($_POST['new_classroom']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $classroomId = trim(Security::remove_XSS(stripslashes($_POST['classroom_id']))); + $sltCentersExists = intval($_POST['slt_centers_exists']); + $specialtyId = intval($_POST['specialty_id']); + $existsCenterId = intval($_POST['exists_center_id']); + $centerOrigin = Database::escape_string(trim($_POST['center_origin'])); + $centerCode = Database::escape_string(trim($_POST['center_code'])); + $newClassroom = intval($_POST['new_classroom']); + $actionId = intval($_POST['action_id']); + $classroomId = intval($_POST['classroom_id']); - if ($sltCentersExists == '1') { + if ($sltCentersExists == 1) { $sql = "INSERT INTO $tableSepeSpecialtyClassroom (specialty_id, center_id) - VALUES ('".$specialtyId."','".$existsCenterId."');"; + VALUES ($specialtyId, $existsCenterId);"; $res = Database::query($sql); if (!$res) { echo Database::error(); $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); } else { - if ($newClassroom == "1") { + if ($newClassroom == 1) { $classroomId = Database::insert_id(); } $_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange'); @@ -54,17 +53,17 @@ if (!empty($_POST)) { $centerId = Database::insert($tableCenters, $params); } - if (isset($newClassroom) && $newClassroom != '1') { - $sql = "UPDATE $tableSepeSpecialtyClassroom SET center_id='".$centerId."' WHERE id='".$classroomId."';"; + if (isset($newClassroom) && $newClassroom != 1) { + $sql = "UPDATE $tableSepeSpecialtyClassroom SET center_id = $centerId WHERE id = $classroomId;"; } else { - $sql = "INSERT INTO $tableSepeSpecialtyClassroom (specialty_id, center_id) VALUES ('".$specialtyId."','".$centerId."');"; + $sql = "INSERT INTO $tableSepeSpecialtyClassroom (specialty_id, center_id) VALUES ($specialtyId, $centerId);"; } $res = Database::query($sql); if (!$res) { echo Database::error(); $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); } else { - if ($newClassroom == '1') { + if ($newClassroom == 1) { $classroomId = Database::insert_id(); } $_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange'); @@ -73,10 +72,10 @@ if (!empty($_POST)) { session_write_close(); header("Location: specialty-action-edit.php?new_specialty=0&specialty_id=".$specialtyId."&action_id=".$actionId); } else { - $newClassroom = trim(Security::remove_XSS(stripslashes($_POST['new_classroom']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $classroomId = trim(Security::remove_XSS(stripslashes($_POST['classroom_id']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); + $newClassroom = intval($_POST['new_classroom']); + $actionId = intval($_POST['action_id']); + $classroomId = intval($_POST['classroom_id']); + $specialtyId = intval($_POST['specialty_id']); Security::clear_token(); $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken'); $token = Security::get_token(); @@ -88,26 +87,26 @@ if (!empty($_POST)) { } if (api_is_platform_admin()) { - $courseId = getCourse($_GET['action_id']); + $courseId = getCourse(intval($_GET['action_id'])); $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')); - $interbreadcrumb[] = array("url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".$_GET['specialty_id']."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('SpecialtyFormativeAction')); - if (isset($_GET['new_classroom']) && $_GET['new_classroom'] == "1") { + $interbreadcrumb[] = array("url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".intval($_GET['specialty_id'])."&action_id=".intval($_GET['action_id']), "name" => $plugin->get_lang('SpecialtyFormativeAction')); + if (isset($_GET['new_classroom']) && intval($_GET['new_classroom']) == 1) { $templateName = $plugin->get_lang('NewSpecialtyClassroom'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('specialty_id', $_GET['specialty_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); $info = array(); $tpl->assign('info', $info); $tpl->assign('new_classroom', '1'); } else { $templateName = $plugin->get_lang('EditSpecialtyClassroom'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('specialty_id', $_GET['specialty_id']); - $tpl->assign('classroom_id', $_GET['classroom_id']); - $info = getInfoSpecialtyClassroom($_GET['classroom_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); + $tpl->assign('classroom_id', intval($_GET['classroom_id'])); + $info = getInfoSpecialtyClassroom(intval($_GET['classroom_id'])); $tpl->assign('info', $info); $tpl->assign('new_classroom', '0'); @@ -123,13 +122,12 @@ if (api_is_platform_admin()) { $tpl->assign('message_error', $_SESSION['sepe_message_error']); unset($_SESSION['sepe_message_error']); } - $tpl->assign('sec_token',$token); + $tpl->assign('sec_token', $token); $listing_tpl = 'sepe/view/specialty-classroom-edit.tpl'; $content = $tpl->fetch($listing_tpl); $tpl->assign('content', $content); $tpl->display_one_col_template(); - } else { header('Location:' . api_get_path(WEB_PATH)); } diff --git a/plugin/sepe/src/specialty-tutor-edit.php b/plugin/sepe/src/specialty-tutor-edit.php index b8a1312439..ded409143a 100644 --- a/plugin/sepe/src/specialty-tutor-edit.php +++ b/plugin/sepe/src/specialty-tutor-edit.php @@ -3,7 +3,6 @@ /** * This script displays a specialty tutors edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -16,24 +15,24 @@ $_cid = 0; if ( !empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $sltUserExists = trim(Security::remove_XSS(stripslashes($_POST['slt_user_exists']))); - $existingTutor = trim(Security::remove_XSS(stripslashes($_POST['existingTutor']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); - $tutorAccreditation = trim(Security::remove_XSS(stripslashes($_POST['tutor_accreditation']))); - $professionalExperience = trim(Security::remove_XSS(stripslashes($_POST['professional_experience']))); - $teachingCompetence = trim(Security::remove_XSS(stripslashes($_POST['teaching_competence']))); - $experienceTeleforming = trim(Security::remove_XSS(stripslashes($_POST['experience_teleforming']))); - $trainingTeleforming = trim(Security::remove_XSS(stripslashes($_POST['training_teleforming']))); - $specialtyTutorId = trim(Security::remove_XSS(stripslashes($_POST['specialtyTutorId']))); - $documentType = trim(Security::remove_XSS(stripslashes($_POST['document_type']))); - $documentNumber = trim(Security::remove_XSS(stripslashes($_POST['document_number']))); - $documentLetter = trim(Security::remove_XSS(stripslashes($_POST['document_letter']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $newTutor = trim(Security::remove_XSS(stripslashes($_POST['new_tutor']))); - $platformUserId = trim(Security::remove_XSS(stripslashes($_POST['platform_user_id']))); + $sltUserExists = intval($_POST['slt_user_exists']); + $existingTutor = intval($_POST['existingTutor']); + $specialtyId = intval($_POST['specialty_id']); + $tutorAccreditation = Database::escape_string(trim($_POST['tutor_accreditation'])); + $professionalExperience = intval($_POST['professional_experience']); + $teachingCompetence = Database::escape_string(trim($_POST['teaching_competence'])); + $experienceTeleforming = intval($_POST['experience_teleforming']); + $trainingTeleforming = Database::escape_string(trim($_POST['training_teleforming'])); + $specialtyTutorId = intval($_POST['specialtyTutorId']); + $documentType = Database::escape_string(trim($_POST['document_type'])); + $documentNumber = Database::escape_string(trim($_POST['document_number'])); + $documentLetter = Database::escape_string(trim($_POST['document_letter'])); + $actionId = intval($_POST['action_id']); + $newTutor = intval($_POST['new_tutor']); + $platformUserId = intval($_POST['platform_user_id']); - if ($sltUserExists == "1") { - $sql = "SELECT * FROM plugin_sepe_tutors WHERE cod='".$existingTutor."';"; + if ($sltUserExists == 1) { + $sql = "SELECT * FROM $tableSepeTutors WHERE id = $existingTutor;"; $rs = Database::query($sql); $tmp = Database::fetch_assoc($rs); @@ -46,8 +45,8 @@ if ( !empty($_POST)) { experience_teleforming , training_teleforming ) VALUES ( - '".$specialtyId."', - '".$existingTutor."', + $specialtyId, + $existingTutor, '".$tmp['tutor_accreditation']."', '".$tmp['professional_experience']."', '".$tmp['teaching_competence']."', @@ -59,28 +58,28 @@ if ( !empty($_POST)) { $sql = "SELECT id FROM $tableSepeTutors WHERE - document_type='".$documentType."' - AND document_number='".$documentNumber."' - AND document_letter='".$documentLetter."';"; + document_type = '".$documentType."' + AND document_number = '".$documentNumber."' + AND document_letter = '".$documentLetter."';"; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { $aux = Database::fetch_assoc($rs); $sql = "UPDATE $tableSepeTutors SET - platform_user_id='".$platformUserId."', - tutor_accreditation='".$tutorAccreditation."', - professional_experience='".$professionalExperience."', - teaching_competence='".$teachingCompetence."', - experience_teleforming='".$experienceTeleforming."', - training_teleforming='".$trainingTeleforming."' - WHERE id='".$aux['id']."';"; + platform_user_id = $platformUserId, + tutor_accreditation = '".$tutorAccreditation."', + professional_experience = $professionalExperience, + teaching_competence = '".$teachingCompetence."', + experience_teleforming = $experienceTeleforming, + training_teleforming = '".$trainingTeleforming."' + WHERE id = '".$aux['id']."';"; $res = Database::query($sql); if (!$res) { error_log(Database::error()); $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); } $newTutor = 0; //Reset variable, no create new tutor, exists tutor - $tutor_id = $aux['id']; - $specialtyTutorId = getSpecialtyTutorId($specialtyId, $tutor_id); + $tutorId = $aux['id']; + $specialtyTutorId = getSpecialtyTutorId($specialtyId, $tutorId); } else { $sql = "UPDATE $tableSepeTutors SET platform_user_id='' @@ -97,14 +96,14 @@ if ( !empty($_POST)) { experience_teleforming, training_teleforming ) VALUES ( - '".$platformUserId."', + $platformUserId, '".$documentType."', '".$documentNumber."', '".$documentLetter."', '".$tutorAccreditation."', - '".$professionalExperience."', + $professionalExperience, '".$teachingCompetence."', - '".$experienceTeleforming."', + $experienceTeleforming, '".$trainingTeleforming."' );"; $res = Database::query($sql); @@ -112,19 +111,19 @@ if ( !empty($_POST)) { error_log(Database::error()); $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); } else { - $tutor_id = Database::insert_id(); + $tutorId = Database::insert_id(); } } - if (isset($newTutor) && $newTutor != "1") { + if (isset($newTutor) && $newTutor != 1) { $sql = "UPDATE $tableSepeSpecialtyTutors SET - tutor_id='".$tutor_id."', - tutor_accreditation='".$tutorAccreditation."', - professional_experience='".$professionalExperience."', - teaching_competence='".$teachingCompetence."', - experience_teleforming='".$experienceTeleforming."', + tutor_id = $tutorId, + tutor_accreditation = '".$tutorAccreditation."', + professional_experience = $professionalExperience, + teaching_competence = '".$teachingCompetence."', + experience_teleforming = $experienceTeleforming, training_teleforming='".$trainingTeleforming."' - WHERE id='".$specialtyTutorId."';"; + WHERE id = $specialtyTutorId;"; } else { $sql = "INSERT INTO $tableSepeSpecialtyTutors ( specialty_id, @@ -135,12 +134,12 @@ if ( !empty($_POST)) { experience_teleforming, training_teleforming ) VALUES ( - '".$specialtyId."', - '".$tutor_id."', + $specialtyId, + $tutorId, '".$tutorAccreditation."', - '".$professionalExperience."', + $professionalExperience, '".$teachingCompetence."', - '".$experienceTeleforming."', + $experienceTeleforming, '".$trainingTeleforming."' );"; } @@ -149,8 +148,8 @@ if ( !empty($_POST)) { error_log(Database::error()); $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange'); } else { - if ($newTutor == "1") { - $tutor_id = Database::insert_id(); + if ($newTutor == 1) { + $tutorId = Database::insert_id(); } $_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange'); } @@ -158,10 +157,10 @@ if ( !empty($_POST)) { session_write_close(); header("Location: specialty-action-edit.php?new_specialty=0&specialty_id=".$specialtyId."&action_id=".$actionId); } else { - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $newTutor = trim(Security::remove_XSS(stripslashes($_POST['new_tutor']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); - $specialtyTutorId = trim(Security::remove_XSS(stripslashes($_POST['specialtyTutorId']))); + $actionId = intval($_POST['action_id']); + $newTutor = intval($_POST['new_tutor']); + $specialtyId = intval($_POST['specialty_id']); + $specialtyTutorId = intval($_POST['specialtyTutorId']); Security::clear_token(); $token = Security::get_token(); $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken'); @@ -173,16 +172,16 @@ if ( !empty($_POST)) { } if (api_is_platform_admin()) { - $courseId = getCourse($_GET['action_id']); + $courseId = getCourse(intval($_GET['action_id'])); $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')); - $interbreadcrumb[] = array("url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".$_GET['specialty_id']."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('SpecialtyFormativeAction')); - if (isset($_GET['new_tutor']) && $_GET['new_tutor'] == "1") { + $interbreadcrumb[] = array("url" => "specialty-action-edit.php?new_specialty=0&specialty_id=".intval($_GET['specialty_id'])."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('SpecialtyFormativeAction')); + if (isset($_GET['new_tutor']) && intval($_GET['new_tutor']) == 1) { $templateName = $plugin->get_lang('NewSpecialtyTutor'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('specialty_id', $_GET['specialty_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); $info = array(); $tpl->assign('info', $info); $tpl->assign('new_tutor', '1'); @@ -190,20 +189,20 @@ if (api_is_platform_admin()) { } else { $templateName = $plugin->get_lang('EditSpecialtyTutor'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('specialty_id', $_GET['specialty_id']); - $tpl->assign('tutor_id', $_GET['tutor_id']); - $info = getInfoSpecialtyTutor($_GET['tutor_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); + $tpl->assign('tutor_id', intval($_GET['tutor_id'])); + $info = getInfoSpecialtyTutor(intval($_GET['tutor_id'])); $tpl->assign('info', $info); $tpl->assign('new_tutor', '0'); $platformUserId = $info['platform_user_id']; } - $tutorsList = getTutorsSpecialty($_GET['specialty_id']); + $tutorsList = getTutorsSpecialty(intval($_GET['specialty_id'])); $tpl->assign('ExistingTutorsList', $tutorsList); $listTeachers = CourseManager::getTeachersFromCourse($courseId); - $listTeachers = freeTeacherList($listTeachers,$_GET['specialty_id'],$platformUserId); + $listTeachers = freeTeacherList($listTeachers, intval($_GET['specialty_id']), $platformUserId); $tpl->assign('listTeachers', $listTeachers); if (isset($_SESSION['sepe_message_info'])) { $tpl->assign('message_info', $_SESSION['sepe_message_info']); @@ -213,7 +212,7 @@ if (api_is_platform_admin()) { $tpl->assign('message_error', $_SESSION['sepe_message_error']); unset($_SESSION['sepe_message_error']); } - $tpl->assign('sec_token',$token); + $tpl->assign('sec_token', $token); $listing_tpl = 'sepe/view/specialty-tutor-edit.tpl'; $content = $tpl->fetch($listing_tpl); diff --git a/plugin/sepe/src/specialty-tutorial-edit.php b/plugin/sepe/src/specialty-tutorial-edit.php index fee68e5452..8eed2368e8 100644 --- a/plugin/sepe/src/specialty-tutorial-edit.php +++ b/plugin/sepe/src/specialty-tutorial-edit.php @@ -3,7 +3,6 @@ /** * This script displays a specialty tutorial edit form. - * @package chamilo.plugin.sepe */ use \ChamiloSession as Session; @@ -16,28 +15,28 @@ $_cid = 0; if ( !empty($_POST)) { $check = Security::check_token('post'); if ($check) { - $centerOrigin = trim(Security::remove_XSS(stripslashes($_POST['center_origin']))); - $centerCode = trim(Security::remove_XSS(stripslashes($_POST['center_code']))); - $dayStart = trim(Security::remove_XSS(stripslashes($_POST['day_start']))); - $monthStart = trim(Security::remove_XSS(stripslashes($_POST['month_start']))); - $yearStart = trim(Security::remove_XSS(stripslashes($_POST['year_start']))); - $dayEnd = trim(Security::remove_XSS(stripslashes($_POST['day_end']))); - $monthEnd = trim(Security::remove_XSS(stripslashes($_POST['month_end']))); - $yearEnd = trim(Security::remove_XSS(stripslashes($_POST['year_end']))); - $tutorialId = trim(Security::remove_XSS(stripslashes($_POST['tutorial_id']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); - $newTutorial = trim(Security::remove_XSS(stripslashes($_POST['new_tutorial']))); + $centerOrigin = Database::escape_string(trim($_POST['center_origin'])); + $centerCode = Database::escape_string(trim($_POST['center_code'])); + $dayStart = Database::escape_string(trim($_POST['day_start'])); + $monthStart = Database::escape_string(trim($_POST['month_start'])); + $yearStart = Database::escape_string(trim($_POST['year_start'])); + $dayEnd = Database::escape_string(trim($_POST['day_end'])); + $monthEnd = Database::escape_string(trim($_POST['month_end'])); + $yearEnd = Database::escape_string(trim($_POST['year_end'])); + $tutorialId = intval($_POST['tutorial_id']); + $actionId = intval($_POST['action_id']); + $specialtyId = intval($_POST['specialty_id']); + $newTutorial = intval($_POST['new_tutorial']); $starDate = $yearStart."-".$monthStart."-".$dayStart; $endDate = $yearEnd."-".$monthEnd."-".$dayEnd; - if (isset($newTutorial) && $newTutorial != "1") { + if (isset($newTutorial) && $newTutorial != 1) { $sql = "UPDATE $tableSepeParticipantsSpecialtyTutorials SET center_origin='".$centerOrigin."', center_code='".$centerCode."', start_date='".$starDate."', end_date='".$endDate."' - WHERE id='".$tutorialId."';"; + WHERE id = $tutorialId;"; } else { $sql = "INSERT INTO $tableSepeParticipantsSpecialtyTutorials ( participant_specialty_id, @@ -46,7 +45,7 @@ if ( !empty($_POST)) { start_date, end_date ) VALUES ( - '".$specialtyId."', + $specialtyId, '".$centerOrigin."', '".$centerCode."', '".$starDate."', @@ -65,10 +64,10 @@ if ( !empty($_POST)) { $participantId = getParticipantId($specialtyId); header("Location: participant-specialty-edit.php?new_specialty=0&participant_id=".$participantId."&specialty_id=".$specialtyId."&action_id=".$actionId); } else { - $tutorialId = trim(Security::remove_XSS(stripslashes($_POST['tutorial_id']))); - $actionId = trim(Security::remove_XSS(stripslashes($_POST['action_id']))); - $specialtyId = trim(Security::remove_XSS(stripslashes($_POST['specialty_id']))); - $newTutorial = trim(Security::remove_XSS(stripslashes($_POST['new_tutorial']))); + $tutorialId = intval($_POST['tutorial_id']); + $actionId = intval($_POST['action_id']); + $specialtyId = intval($_POST['specialty_id']); + $newTutorial = intval($_POST['new_tutorial']); Security::clear_token(); $token = Security::get_token(); $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken'); @@ -80,17 +79,17 @@ if ( !empty($_POST)) { } if (api_is_platform_admin()) { - $courseId = getCourse($_GET['action_id']); - $participantId = getParticipantId($_GET['specialty_id']); + $courseId = getCourse(intval($_GET['action_id'])); + $participantId = getParticipantId(intval($_GET['specialty_id'])); $interbreadcrumb[] = array("url" => "/plugin/sepe/src/sepe-administration-menu.php", "name" => $plugin->get_lang('MenuSepe')); $interbreadcrumb[] = array("url" => "formative-actions-list.php", "name" => $plugin->get_lang('FormativesActionsList')); $interbreadcrumb[] = array("url" => "formative-action.php?cid=".$courseId, "name" => $plugin->get_lang('FormativeAction')); - $interbreadcrumb[] = array("url" => "participant-specialty-edit.php?new_specialty=0&participant_id=".$participantId."&specialty_id=".$_GET['specialty_id']."&action_id=".$_GET['action_id'], "name" => $plugin->get_lang('SpecialtyFormativeParcipant')); - if (isset($_GET['new_tutorial']) && $_GET['new_tutorial'] == "1") { + $interbreadcrumb[] = array("url" => "participant-specialty-edit.php?new_specialty=0&participant_id=".$participantId."&specialty_id=".intval($_GET['specialty_id'])."&action_id=".intval($_GET['action_id']), "name" => $plugin->get_lang('SpecialtyFormativeParcipant')); + if (isset($_GET['new_tutorial']) && intval($_GET['new_tutorial']) == 1) { $templateName = $plugin->get_lang('new_tutorial'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('specialty_id', $_GET['specialty_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); $info = array(); $tpl->assign('info', $info); $tpl->assign('new_tutorial', '1'); @@ -98,29 +97,29 @@ if (api_is_platform_admin()) { } else { $templateName = $plugin->get_lang('edit_tutorial'); $tpl = new Template($templateName); - $tpl->assign('action_id', $_GET['action_id']); - $tpl->assign('specialty_id', $_GET['specialty_id']); - $tpl->assign('tutorial_id', $_GET['tutorial_id']); - $info = getInfoSpecialtyTutorial($_GET['tutorial_id']); + $tpl->assign('action_id', intval($_GET['action_id'])); + $tpl->assign('specialty_id', intval($_GET['specialty_id'])); + $tpl->assign('tutorial_id', intval($_GET['tutorial_id'])); + $info = getInfoSpecialtyTutorial(intval($_GET['tutorial_id'])); $tpl->assign('info', $info); $tpl->assign('new_tutorial', '0'); if ($info['start_date'] != '0000-00-00' && $info['start_date'] != NULL) { - $tpl->assign('day_start', date("j",strtotime($info['start_date']))); - $tpl->assign('month_start', date("n",strtotime($info['start_date']))); - $tpl->assign('year_start', date("Y",strtotime($info['start_date']))); - $startYear = date("Y",strtotime($info['start_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $startYear = date("Y",strtotime($info['start_date'])); + $tpl->assign('day_start', date("j", strtotime($info['start_date']))); + $tpl->assign('month_start', date("n", strtotime($info['start_date']))); + $tpl->assign('year_start', date("Y", strtotime($info['start_date']))); + $startYear = date("Y", strtotime($info['start_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $startYear = date("Y", strtotime($info['start_date'])); } else { $startYear = date("Y"); } if ($info['end_date'] != '0000-00-00' && $info['end_date'] != NULL) { - $tpl->assign('day_end', date("j",strtotime($info['end_date']))); - $tpl->assign('month_end', date("n",strtotime($info['end_date']))); - $tpl->assign('year_end', date("Y",strtotime($info['end_date']))); - $endYear = date("Y",strtotime($info['end_date'])); - } elseif (strpos($info['end_date'],'0000') === false) { - $endYear = date("Y",strtotime($info['end_date'])); + $tpl->assign('day_end', date("j", strtotime($info['end_date']))); + $tpl->assign('month_end', date("n", strtotime($info['end_date']))); + $tpl->assign('year_end', date("Y", strtotime($info['end_date']))); + $endYear = date("Y", strtotime($info['end_date'])); + } elseif (strpos($info['end_date'], '0000') === false) { + $endYear = date("Y", strtotime($info['end_date'])); } else { $endYear = date("Y"); } @@ -148,7 +147,7 @@ if (api_is_platform_admin()) { $tpl->assign('message_error', $_SESSION['sepe_message_error']); unset($_SESSION['sepe_message_error']); } - $tpl->assign('sec_token',$token); + $tpl->assign('sec_token', $token); $listing_tpl = 'sepe/view/specialty-tutorial-edit.tpl'; $content = $tpl->fetch($listing_tpl); diff --git a/plugin/sepe/view/formative-actions-list.tpl b/plugin/sepe/view/formative-actions-list.tpl index 28ca21c7df..5e90a2be41 100644 --- a/plugin/sepe/view/formative-actions-list.tpl +++ b/plugin/sepe/view/formative-actions-list.tpl @@ -14,46 +14,46 @@ {% endif %}
-

{{ 'FormativesActionsList' | get_plugin_lang('SepePlugin') }}

+

{{ 'FormativesActionsList' | get_plugin_lang('SepePlugin') }}

- {% if course_action_list|length > 0 %} - + {% if course_action_list|length > 0 %} + - {% for course in course_action_list %} - + {% for course in course_action_list %} + - + {% endfor %}
{{ 'Course' | get_lang }}: {{ course.title }} -> {{ 'ActionId' | get_plugin_lang('SepePlugin') | upper }}: {{ course.action_origin }} {{ course.action_code }} {{ 'Delete' | get_plugin_lang('SepePlugin') }} {{ 'Unlink' | get_plugin_lang('SepePlugin') }} {{ 'SeeOrEdit' | get_plugin_lang('SepePlugin') }}
{% else %} -
+
{{ 'NoFormativeActionToCourse' | get_plugin_lang('SepePlugin') }}
{% endif %}
-

{{ 'CourseFreeOfFormativeAction' | get_plugin_lang('SepePlugin') }}

+

{{ 'CourseFreeOfFormativeAction' | get_plugin_lang('SepePlugin') }}

- - {% for course in course_free_list %} - +
+ {% for course in course_free_list %} + - + {% endfor %}
{{ 'Course' | get_lang }}: {{ course.title }} - + {% for action in action_free_list %} - {% endfor %} @@ -63,7 +63,7 @@ {{ 'AssignAction' | get_plugin_lang('SepePlugin') }} {{ 'CreateAction' | get_plugin_lang('SepePlugin') }}
diff --git a/plugin/sepe/view/participant-action-edit.tpl b/plugin/sepe/view/participant-action-edit.tpl index 9301945302..1d86c44cb4 100644 --- a/plugin/sepe/view/participant-action-edit.tpl +++ b/plugin/sepe/view/participant-action-edit.tpl @@ -2,7 +2,7 @@