diff --git a/main/announcements/announcements.php b/main/announcements/announcements.php index d287b4ed87..ca03ee6e25 100644 --- a/main/announcements/announcements.php +++ b/main/announcements/announcements.php @@ -109,7 +109,7 @@ if (!empty($_POST['To']) and ($select_groupusers_status=="show")) { $_SESSION['select_groupusers'] = "hide"; } -$origin = empty($_GET['origin']) ? '' : Security::remove_XSS($_GET['origin']); +$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null; /* Action handling */ @@ -1063,4 +1063,4 @@ if (isset($_GET['action']) && $_GET['action'] == 'view') { if (empty($_GET['origin']) or $_GET['origin'] !== 'learnpath') { //we are not in learnpath tool Display::display_footer(); -} \ No newline at end of file +} diff --git a/main/user/subscribe_user.php b/main/user/subscribe_user.php index 4ffabe0d86..b3399366fa 100644 --- a/main/user/subscribe_user.php +++ b/main/user/subscribe_user.php @@ -31,14 +31,13 @@ if (!api_is_allowed_to_edit()) { } $tool_name = get_lang("SubscribeUserToCourse"); -if ($_REQUEST['type']=='teacher') { +if (isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') { $tool_name = get_lang("SubscribeUserToCourseAsTeacher"); } - //extra entries in breadcrumb $interbreadcrumb[] = array ("url" => "user.php", "name" => get_lang("ToolUser")); -if ($_GET['keyword']) { +if (isset($_REQUEST['keyword']) && $_GET['keyword']) { $interbreadcrumb[] = array ("url" => "subscribe_user.php?type=".Security::remove_XSS($_GET['type']), "name" => $tool_name); $tool_name = get_lang('SearchResults'); } @@ -348,15 +347,15 @@ function get_number_of_users() { $users_of_course[] = $course_user['user_id']; } } - $sql .=" AND u.status <> ".ANONYMOUS." "; + $sql .=" AND u.status <> ".ANONYMOUS." "; $res = Database::query($sql); $count_user = 0; - - if ($res) { + + if ($res) { $row = Database::fetch_row($res); - $count_user = $row[0]; + $count_user = $row[0]; } - + /* @todo seems not to be used // we add 1 for every additional user (a user where the keyword matches one of the additional profile fields) // that is not yet in the course and not yet in the search result @@ -368,7 +367,7 @@ function get_number_of_users() { } } */ - + return $count_user; } /** @@ -376,7 +375,7 @@ function get_number_of_users() { */ function get_user_data($from, $number_of_items, $column, $direction) { global $_course, $_configuration; - + $url_access_id = api_get_current_access_url_id(); $course_code = api_get_course_id(); $session_id = api_get_session_id(); @@ -386,14 +385,14 @@ function get_user_data($from, $number_of_items, $column, $direction) { $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); $tbl_session_rel_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); $table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES); - + $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); - + // adding teachers $is_western_name_order = api_is_western_name_order(); - + if (api_get_setting('show_email_addresses') == 'true') { - + $select_fields = "u.user_id AS col0, u.official_code AS col1, ".($is_western_name_order @@ -411,18 +410,18 @@ function get_user_data($from, $number_of_items, $column, $direction) { ? "u.firstname AS col2, u.lastname AS col3," : "u.lastname AS col2, - u.firstname AS col3,")." + u.firstname AS col3,")." u.active AS col4, u.user_id AS col5"; } - + if (isset($_REQUEST['type']) && $_REQUEST['type'] == 'teacher') { // adding a teacher through a session if (!empty($session_id)) { - $sql = "SELECT $select_fields + $sql = "SELECT $select_fields FROM $user_table u - LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user AND course_code='".$course_code."' AND id_session ='".$session_id."' + LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user AND course_code='".$course_code."' AND id_session ='".$session_id."' INNER JOIN $tbl_url_rel_user as url_rel_user ON (url_rel_user.user_id = u.user_id) "; // applying the filter of the additional user profile fields @@ -437,9 +436,9 @@ function get_user_data($from, $number_of_items, $column, $direction) { } else { $sql .= "WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) "; } - + $sql .= " AND access_url_id= $url_access_id"; - + } else { // adding a teacher NOT through a session $sql = "SELECT $select_fields @@ -460,8 +459,8 @@ function get_user_data($from, $number_of_items, $column, $direction) { } // adding a teacher NOT trough a session on a portal with multiple URLs - if ($_configuration['multiple_access_urls']) { - if ($url_access_id !=-1) { + if ($_configuration['multiple_access_urls']) { + if ($url_access_id !=-1) { $sql = "SELECT $select_fields FROM $user_table u LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and course_code='".$course_code."' @@ -488,11 +487,11 @@ function get_user_data($from, $number_of_items, $column, $direction) { $sql = "SELECT $select_fields FROM $user_table u LEFT JOIN $tbl_session_rel_course_user cu ON u.user_id = cu.id_user AND course_code='".$course_code."' AND id_session ='".$session_id."' "; - + if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) { - $sql .= " INNER JOIN $tbl_url_rel_user as url_rel_user ON (url_rel_user.user_id = u.user_id) "; + $sql .= " INNER JOIN $tbl_url_rel_user as url_rel_user ON (url_rel_user.user_id = u.user_id) "; } - + // applying the filter of the additional user profile fields if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value'])){ $field_identification = explode('*',$_GET['subscribe_user_filter_value']); @@ -505,11 +504,11 @@ function get_user_data($from, $number_of_items, $column, $direction) { } else { $sql .= "WHERE cu.id_user IS NULL AND u.status<>".DRH." AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) "; } - + if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) { $sql .= "AND access_url_id = $url_access_id"; - } - + } + } else { $sql = "SELECT $select_fields FROM $user_table u @@ -527,11 +526,11 @@ function get_user_data($from, $number_of_items, $column, $direction) { } else { $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." "; } - + //showing only the courses of the current Chamilo access_url_id - + if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) { - + if ($url_access_id !=-1) { $sql = "SELECT $select_fields @@ -553,7 +552,7 @@ function get_user_data($from, $number_of_items, $column, $direction) { } else { $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id "; } - } + } } } } @@ -578,8 +577,8 @@ function get_user_data($from, $number_of_items, $column, $direction) { $users_of_course[] = $course_user['user_id']; } } - - $sql .=" AND u.status != ".ANONYMOUS." "; + + $sql .=" AND u.status != ".ANONYMOUS." "; // Sorting and pagination (used by the sortable table) $sql .= " ORDER BY col$column $direction "; @@ -587,7 +586,7 @@ function get_user_data($from, $number_of_items, $column, $direction) { $res = Database::query($sql); $users = array (); - while ($user = Database::fetch_row($res)) { + while ($user = Database::fetch_row($res)) { $users[] = $user; $_SESSION['session_user_id'][] = $user[0]; if ($is_western_name_order) { diff --git a/main/work/work_list.php b/main/work/work_list.php index d3c72cd42c..3ed7688beb 100644 --- a/main/work/work_list.php +++ b/main/work/work_list.php @@ -15,6 +15,7 @@ require_once 'work.lib.php'; $this_section = SECTION_COURSES; $workId = isset($_GET['id']) ? intval($_GET['id']) : null; +$origin = isset($origin) ? Security::remove_XSS($origin) : null; if (empty($workId)) { api_not_allowed(true); @@ -62,9 +63,9 @@ $documentsAddedInWork = getAllDocumentsFromWorkToString($workId, $courseInfo); Display :: display_header(null); echo '
'; -echo ''.Display::return_icon('back.png', get_lang('BackToWorksList'),'',ICON_SIZE_MEDIUM).''; +echo ''.Display::return_icon('back.png', get_lang('BackToWorksList'),'',ICON_SIZE_MEDIUM).''; if (api_is_allowed_to_session_edit(false, true) && !empty($workId)) { - echo ''; + echo ''; echo Display::return_icon('upload_file.png', get_lang('UploadADocument'), '', ICON_SIZE_MEDIUM).''; } echo '
';