diff --git a/main/gradebook/gradebook_view_result.php b/main/gradebook/gradebook_view_result.php index 32393239b1..219486cf40 100755 --- a/main/gradebook/gradebook_view_result.php +++ b/main/gradebook/gradebook_view_result.php @@ -23,7 +23,7 @@ $interbreadcrumb[] = array( )); //load the evaluation & category -$select_eval = Security::remove_XSS($_GET['selecteval']); +$select_eval = intval($_GET['selecteval']); if (empty($select_eval)) { api_not_allowed(); } @@ -53,7 +53,6 @@ if (isset($_GET['selecteval'])) { if (isset($_GET['editres'])) { $edit_res_xml = Security::remove_XSS($_GET['editres']); - $select_eval_edit = Security::remove_XSS($_GET['selecteval']); $resultedit = Result :: load($edit_res_xml); $edit_res_form = new EvalForm( EvalForm :: TYPE_RESULT_EDIT, @@ -61,7 +60,7 @@ if (isset($_GET['editres'])) { $resultedit[0], 'edit_result_form', null, - api_get_self() . '?editres=' . $resultedit[0]->get_id() . '&selecteval=' . $select_eval_edit.'&'.api_get_cidreq() + api_get_self() . '?editres=' . $resultedit[0]->get_id() . '&selecteval=' . $select_eval.'&'.api_get_cidreq() ); if ($edit_res_form->validate()) { @@ -69,31 +68,31 @@ if (isset($_GET['editres'])) { $values = $edit_res_form->exportValues(); $result = new Result(); $resultlog = new Result(); - $resultlog->add_result__log($values['hid_user_id'], $select_eval_edit); + $resultlog->add_result__log($values['hid_user_id'], $select_eval); $result->set_id($edit_res_xml); $result->set_user_id($values['hid_user_id']); - $result->set_evaluation_id($select_eval_edit); + $result->set_evaluation_id($select_eval); $row_value = isset($values['score']) ? (float) $values['score'] : 0; if (!empty($row_value) || $row_value == 0) { $result->set_score(floatval(number_format($row_value, api_get_setting('gradebook_number_decimals')))); } $result->save(); unset($result); - header('Location: gradebook_view_result.php?selecteval=' . $select_eval_edit . '&editresmessage=&'.api_get_cidreq()); + header('Location: gradebook_view_result.php?selecteval=' . $select_eval . '&editresmessage=&'.api_get_cidreq()); exit; } } $file_type = null; if (isset($_GET['import'])) { $interbreadcrumb[] = array( - 'url' => 'gradebook_view_result.php?selecteval=' . Security::remove_XSS($_GET['selecteval']).'&'.api_get_cidreq(), + 'url' => api_get_path(WEB_CODE_PATH).'gradebook/gradebook_view_result.php?selecteval=' . $select_eval.'&'.api_get_cidreq(), 'name' => get_lang('ViewResult') ); $import_result_form = new DataForm( DataForm :: TYPE_IMPORT, 'import_result_form', null, - api_get_self() . '?import=&selecteval=' . Security::remove_XSS($_GET['selecteval']), + api_get_self() . '?import=&selecteval=' . $select_eval, '_blank', '' ); @@ -122,7 +121,7 @@ if (isset($_GET['import'])) { if (($importedresult['user_id'] == $allresult->get_user_id())) { if ($importedresult['score'] != $allresult->get_score()) { if (!isset($values['overwrite'])) { - header('Location: gradebook_view_result.php?selecteval=' . Security::remove_XSS($_GET['selecteval']) . '&import_score_error=' . $importedresult['user_id']); + header('Location: '.api_get_path(WEB_CODE_PATH).'gradebook/gradebook_view_result.php?selecteval=' . $select_eval . '&import_score_error=' . $importedresult['user_id']); exit; break; } else { @@ -140,7 +139,7 @@ if (isset($_GET['import'])) { } } if ($importedresult['user_id'] == null) { - header('Location: gradebook_view_result.php?selecteval=' . Security::remove_XSS($_GET['selecteval']) . '&incorrectdata='); + header('Location: gradebook_view_result.php?selecteval=' . $select_eval . '&incorrectdata='); exit; } $userinfo = api_get_user_info($importedresult['user_id']); @@ -149,13 +148,13 @@ if (isset($_GET['import'])) { $userinfo['official_code'] != $importedresult['official_code'] ) { if (!isset($values['ignoreerrors'])) { - header('Location: gradebook_view_result.php?selecteval=' . Security::remove_XSS($_GET['selecteval']) . '&import_user_error=' . $importedresult['user_id']); + header('Location: gradebook_view_result.php?selecteval=' . $select_eval . '&import_user_error=' . $importedresult['user_id']); exit; } } if ($added != '1') { if ($importedresult['score'] > $eval[0]->get_max()) { - header('Location: gradebook_view_result.php?selecteval=' . Security::remove_XSS($_GET['selecteval']) . '&overwritemax='); + header('Location: gradebook_view_result.php?selecteval=' . $select_eval . '&overwritemax='); exit; } $result = new Result(); @@ -168,36 +167,39 @@ if (isset($_GET['import'])) { } else { $result->set_date(api_get_utc_datetime()); } - $result->set_evaluation_id($_GET['selecteval']); + $result->set_evaluation_id($select_eval); $result->add(); $nr_results_added++; } } } else { - header('Location: ' . api_get_self() . '?import=&selecteval=' . Security::remove_XSS($_GET['selecteval']) . '&importnofile='); + header('Location: ' . api_get_self() . '?import=&selecteval=' . $select_eval . '&importnofile='); exit; } if ($overwritescore != 0) { - header('Location: ' . api_get_self() . '?selecteval=' . Security::remove_XSS($_GET['selecteval']) . '&importoverwritescore=' . $overwritescore); + header('Location: ' . api_get_self() . '?selecteval=' . $select_eval. '&importoverwritescore=' . $overwritescore); exit; } if ($nr_results_added == 0) { - header('Location: ' . api_get_self() . '?selecteval=' . Security::remove_XSS($_GET['selecteval']) . '¬hingadded='); + header('Location: ' . api_get_self() . '?selecteval=' . $select_eval. '¬hingadded='); exit; } - header('Location: ' . api_get_self() . '?selecteval=' . Security::remove_XSS($_GET['selecteval']) . '&importok='); + header('Location: ' . api_get_self() . '?selecteval=' . $select_eval . '&importok='); exit; } } if (isset($_GET['export'])) { - $interbreadcrumb[] = array('url' => 'gradebook_view_result.php?selecteval=' . Security::remove_XSS($_GET['selecteval']), 'name' => get_lang('ViewResult')); + $interbreadcrumb[] = array( + 'url' => 'gradebook_view_result.php?selecteval='.$select_eval, + 'name' => get_lang('ViewResult'), + ); $locked_status = $eval[0]->get_locked(); $export_result_form = new DataForm( DataForm :: TYPE_EXPORT, 'export_result_form', null, - api_get_self() . '?export=&selecteval=' . $_GET['selecteval'], + api_get_self() . '?export=&selecteval=' . $select_eval, '_blank', $locked_status ); @@ -209,7 +211,7 @@ if (isset($_GET['export'])) { $export = $export_result_form->exportValues(); $file_type = $export['file_type']; $filename = 'export_results_' . gmdate('Y-m-d_H-i-s'); - $results = Result :: load(null, null, Security::remove_XSS($_GET['selecteval'])); + $results = Result :: load(null, null, $select_eval); $data = array(); //when file type is csv, add a header to the output file if ($file_type == 'csv') { $alldata[] = array( @@ -347,7 +349,7 @@ if (isset($_GET['export'])) { if (isset($_GET['resultdelete'])) { $result = Result :: load($_GET['resultdelete']); $result[0]->delete(); - header('Location: gradebook_view_result.php?deleteresult=&selecteval=' . Security::remove_XSS($_GET['selecteval'])); + header('Location: gradebook_view_result.php?deleteresult=&selecteval=' . $select_eval); exit; } @@ -364,7 +366,7 @@ if (isset($_POST['action'])) { $result[0]->delete(); $number_of_deleted_results++; } - header('Location: gradebook_view_result.php?massdelete=&selecteval=' . Security::remove_XSS($_GET['selecteval'])); + header('Location: gradebook_view_result.php?massdelete=&selecteval=' . $select_eval); exit; break; } @@ -403,8 +405,7 @@ if (isset($_GET['print'])) { $resulttable = new ResultTable($eval[0], $allresults, $iscourse, $addparams); } -$htmlHeadXtra[] = ''; if (isset($_GET['deleteall'])) { $eval[0]->delete_results(); - header('Location: gradebook_view_result.php?allresdeleted=&selecteval=' . Security::remove_XSS($_GET['selecteval'])); + header('Location: '.api_get_path(WEB_CODE_PATH).'gradebook/gradebook_view_result.php?allresdeleted=&selecteval=' . $select_eval.'&'.api_get_cidreq()); exit; } -if ((!isset($_GET['export'])) && (!isset($_GET['import']))) { +if (!isset($_GET['export']) && (!isset($_GET['import']))) { if (!isset($_GET['selectcat'])) { $interbreadcrumb[] = array( - 'url' => $_SESSION['gradebook_dest'] . '?selectcat=' . $currentcat[0]->get_id(), + 'url' => $_SESSION['gradebook_dest'] . '?selectcat=' . $currentcat[0]->get_id().'&'.api_get_cidreq(), 'name' => get_lang('Details') ); } - $interbreadcrumb[] = array('url' => 'gradebook_view_result.php' . '?selecteval=' . Security::remove_XSS($_GET['selecteval']), 'name' => get_lang('ViewResult')); + $interbreadcrumb[] = array( + 'url' => api_get_path(WEB_CODE_PATH).'gradebook/gradebook_view_result.php?selecteval='.$select_eval.'&'.api_get_cidreq(), + 'name' => get_lang('ViewResult'), + ); Display :: display_header(''); } if (isset($_GET['addresultnostudents'])) { @@ -483,7 +487,9 @@ if (isset($_GET['importoverwritescore'])) { } if (isset($_GET['import_user_error'])) { $userinfo = api_get_user_info($_GET['import_user_error']); - Display :: display_warning_message(get_lang('UserInfoDoesNotMatch') . ' ' . api_get_person_name($userinfo['firstname'], $userinfo['lastname'])); + Display:: display_warning_message( + get_lang('UserInfoDoesNotMatch').' '.api_get_person_name($userinfo['firstname'], $userinfo['lastname']) + ); } if (isset($_GET['allresdeleted'])) { Display :: display_confirmation_message(get_lang('AllResultDeleted')); @@ -492,7 +498,8 @@ if (isset($_GET['import_score_error'])) { $userinfo = api_get_user_info($_GET['import_score_error']); Display :: display_warning_message(get_lang('ScoreDoesNotMatch') . ' ' . api_get_person_name($userinfo['firstname'], $userinfo['lastname'])); } -if ($file_type == null) { //show the result header +if ($file_type == null) { + //show the result header if (isset($export_result_form) && !(isset($edit_res_form))) { echo $export_result_form->display(); DisplayGradebook :: display_header_result($eval[0], $currentcat[0]->get_id(), 1); diff --git a/main/gradebook/lib/fe/displaygradebook.php b/main/gradebook/lib/fe/displaygradebook.php index fe62a32787..ddfcea2550 100755 --- a/main/gradebook/lib/fe/displaygradebook.php +++ b/main/gradebook/lib/fe/displaygradebook.php @@ -20,7 +20,7 @@ class DisplayGradebook if (api_is_allowed_to_edit(null, true)) { $header = '
'; if ($page != 'statistics') { - $header .= '' . + $header .= '' . Display::return_icon(('back.png'), get_lang('FolderView'), '', ICON_SIZE_MEDIUM) . ''; if ($evalobj->get_course_code() == null) { @@ -92,7 +92,6 @@ class DisplayGradebook $evalinfo .= '

' . $evalobj->get_name() . '

'; $evalinfo .= $description; $evalinfo .= get_lang('Course') . ' : ' . $course . '
'; - //'
' . get_lang('Weight') . ' : ' . $evalobj->get_weight() . '
' . get_lang('Visible') . ' : ' . $visible . ' $evalinfo .= get_lang('QualificationNumeric') . ' : ' . $evalobj->get_max() . '
' . $average; if (!api_is_allowed_to_edit()) {