diff --git a/main/gradebook/exercise_jump.php b/main/gradebook/exercise_jump.php index 57c8e96e48..01ad541064 100755 --- a/main/gradebook/exercise_jump.php +++ b/main/gradebook/exercise_jump.php @@ -31,7 +31,7 @@ if (isset($_GET['doexercise'])) { exit; } else { if (isset($_GET['gradebook'])) { - $add_url = '&gradebook=view&exerciseId='.Security::remove_XSS((int)$_GET['exerciseId']); + $add_url = '&gradebook=view&exerciseId='.intval($_GET['exerciseId']); } header('Location: ../exercice/exercice.php?cidReq='.Security::remove_XSS($cidReq).'&show=result'.$add_url); exit; diff --git a/main/gradebook/gradebook.php b/main/gradebook/gradebook.php index 8e62f836d7..4f15f9a828 100755 --- a/main/gradebook/gradebook.php +++ b/main/gradebook/gradebook.php @@ -177,7 +177,7 @@ if (isset ($_GET['visiblecat'])) { } else { $visibility_command= 0; } - $cats= Category :: load(Security::remove_XSS($_GET['visiblecat'])); + $cats= Category :: load($_GET['visiblecat']); $cats[0]->set_visible($visibility_command); $cats[0]->save(); $cats[0]->apply_visibility_to_children(); @@ -192,7 +192,7 @@ if (isset ($_GET['visiblecat'])) { } if (isset ($_GET['deletecat'])) { block_students(); - $cats= Category :: load(Security::remove_XSS($_GET['deletecat'])); + $cats= Category :: load($_GET['deletecat']); //delete all categories,subcategories and results if ($cats[0] != null) { if ($cats[0]->get_id() != 0) { @@ -212,7 +212,7 @@ if (isset ($_GET['visibleeval'])) { $visibility_command= 0; } - $eval= Evaluation :: load(Security::remove_XSS($_GET['visibleeval'])); + $eval= Evaluation :: load($_GET['visibleeval']); $eval[0]->set_visible($visibility_command); $eval[0]->save(); unset ($eval); @@ -226,7 +226,7 @@ if (isset ($_GET['visibleeval'])) { } if (isset ($_GET['deleteeval'])) { block_students(); - $eval= Evaluation :: load(Security::remove_XSS($_GET['deleteeval'])); + $eval= Evaluation :: load($_GET['deleteeval']); if ($eval[0] != null) { $eval[0]->delete_with_results(); } @@ -241,7 +241,7 @@ if (isset ($_GET['visiblelink'])) { }else { $visibility_command= 0; } - $link= LinkFactory :: load(Security::remove_XSS($_GET['visiblelink'])); + $link= LinkFactory :: load($_GET['visiblelink']); $link[0]->set_visible($visibility_command); $link[0]->save(); unset ($link); @@ -257,9 +257,9 @@ if (isset ($_GET['deletelink'])) { block_students(); //fixing #5229 if (!empty($_GET['deletelink'])) { - $link= LinkFactory :: load(Security::remove_XSS($_GET['deletelink'])); + $link= LinkFactory :: load($_GET['deletelink']); if ($link[0] != null) { - $sql='UPDATE '.$tbl_forum_thread.' SET thread_qualify_max=0,thread_weight=0,thread_title_qualify="" WHERE thread_id=(SELECT ref_id FROM '.$tbl_grade_links.' where id='.Security::remove_XSS($_GET['deletelink']).');'; + $sql='UPDATE '.$tbl_forum_thread.' SET thread_qualify_max=0,thread_weight=0,thread_title_qualify="" WHERE thread_id=(SELECT ref_id FROM '.$tbl_grade_links.' where id='.intval($_GET['deletelink']).');'; Database::query($sql); $link[0]->delete(); } @@ -412,9 +412,9 @@ if (!isset($_GET['exportpdf']) and !isset($_GET['export_certificate'])) { } else { if ($_SESSION['gradebook_dest'] == 'index.php') { - $gradebook_dest = $_SESSION['gradebook_dest'].'?cidReq='.Security::remove_XSS($_GET['course']).'&'; + $gradebook_dest = Security::remove_XSS($_SESSION['gradebook_dest']).'?cidReq='.Security::remove_XSS($_GET['course']).'&'; } else { - $gradebook_dest = $_SESSION['gradebook_dest']; + $gradebook_dest = Security::remove_XSS($_SESSION['gradebook_dest']); } $interbreadcrumb[]= array ( @@ -552,7 +552,7 @@ if (!empty($keyword)) { if (!api_is_allowed_to_edit(true,true)) { $user_id = api_get_user_id(); } - $category = Category :: load (Security::remove_XSS($_GET['cat_id'])); + $category = Category :: load ($_GET['cat_id']); if ($category[0]->is_certificate_available($user_id)) { $user= get_user_info_from_id($user_id); $scoredisplay = ScoreDisplay :: instance(); diff --git a/main/gradebook/gradebook_add_cat.php b/main/gradebook/gradebook_add_cat.php index bb2820f20c..b03a9436cd 100755 --- a/main/gradebook/gradebook_add_cat.php +++ b/main/gradebook/gradebook_add_cat.php @@ -52,15 +52,12 @@ if ($form->validate()) { } $cat->set_visible($visible); $cat->add(); - header('Location: '.$_SESSION['gradebook_dest'].'?addcat=&selectcat=' . $cat->get_parent_id()); + header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?addcat=&selectcat=' . $cat->get_parent_id()); exit; } if ( !$_in_course ) { -$interbreadcrumb[] = array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat='.$get_select_cat, - 'name' => get_lang('Gradebook') - ); + $interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$get_select_cat,'name' => get_lang('Gradebook')); } Display :: display_header(get_lang('NewCategory')); $form->display(); diff --git a/main/gradebook/gradebook_add_eval.php b/main/gradebook/gradebook_add_eval.php index 4083f517a7..9cc773be52 100755 --- a/main/gradebook/gradebook_add_eval.php +++ b/main/gradebook/gradebook_add_eval.php @@ -13,7 +13,7 @@ $is_allowedToEdit = $is_courseAdmin; $evaladd = new Evaluation(); $evaladd->set_user_id($_user['user_id']); if (isset ($_GET['selectcat']) && (!empty ($_GET['selectcat']))) { - $evaladd->set_category_id(Database::escape_string($_GET['selectcat'])); + $evaladd->set_category_id($_GET['selectcat']); $cat = Category :: load($_GET['selectcat']); $evaladd->set_course_code($cat[0]->get_course_code()); } else { @@ -46,7 +46,7 @@ if ($form->validate()) { header('Location: gradebook_add_user.php?selecteval=' . $eval->get_id()); exit; } else { - header('Location: '.$_SESSION['gradebook_dest'].'?selectcat=' . $eval->get_category_id()); + header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat=' . $eval->get_category_id()); exit; } } else { @@ -55,14 +55,14 @@ if ($form->validate()) { header('Location: gradebook_add_result.php?selecteval=' . $eval->get_id()); exit; } else { - header('Location: '.$_SESSION['gradebook_dest'].'?selectcat=' . $eval->get_category_id()); + header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat=' . $eval->get_category_id()); exit; } } } $interbreadcrumb[] = array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat='.$select_cat, + 'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$select_cat, 'name' => get_lang('Gradebook' )); Display :: display_header(get_lang('NewEvaluation')); diff --git a/main/gradebook/gradebook_add_link.php b/main/gradebook/gradebook_add_link.php index b618a4e6ed..07a6daf35e 100755 --- a/main/gradebook/gradebook_add_link.php +++ b/main/gradebook/gradebook_add_link.php @@ -43,14 +43,14 @@ if (isset($_GET['typeselected']) && $_GET['typeselected'] != '0') { intval($_GET['typeselected']), null, 'add_link', - api_get_self() . '?selectcat=' . $_GET['selectcat'] - . '&typeselected=' . $_GET['typeselected'] . '&course_code=' . $_GET['course_code']); + api_get_self() . '?selectcat=' . Security::remove_XSS($_GET['selectcat']) + . '&typeselected=' . Security::remove_XSS($_GET['typeselected']) . '&course_code=' . Security::remove_XSS($_GET['course_code'])); if ($addform->validate()) { $addvalues = $addform->exportValues(); $link= LinkFactory :: create($_GET['typeselected']); $link->set_user_id(api_get_user_id()); if($category[0]->get_course_code() == '' && !empty($_GET['course_code'])) { - $link->set_course_code(Database::escape_string($_GET['course_code'])); + $link->set_course_code($_GET['course_code']); } else { $link->set_course_code($category[0]->get_course_code()); @@ -78,7 +78,6 @@ if (isset($_GET['typeselected']) && $_GET['typeselected'] != '0') { $work_table = Database :: get_course_table(TABLE_STUDENT_PUBLICATION); if ( isset($_GET['typeselected']) && 5==$_GET['typeselected'] && (isset($addvalues['select_link']) && $addvalues['select_link']<>"")) { - $sql1='SELECT thread_title from '.$tbl_forum_thread.' where thread_id='.$addvalues['select_link'].';'; $res1=Database::query($sql1); $rowtit=Database::fetch_row($res1); @@ -101,19 +100,14 @@ if (isset($_GET['typeselected']) && $_GET['typeselected'] != '0') { header('Location: gradebook_add_result.php?selecteval=' . $link->get_ref_id()); exit; } else { - header('Location: '.$_SESSION['gradebook_dest'].'?linkadded=&selectcat=' . $_GET['selectcat']); + header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?linkadded=&selectcat=' . Security::remove_XSS($_GET['selectcat'])); exit; } - } } - -$interbreadcrumb[]= array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat=' . $_GET['selectcat'], - 'name' => get_lang('Gradebook' -)); +$interbreadcrumb[]= array ('url' => $_SESSION['gradebook_dest'].'?selectcat=' .Security::remove_XSS($_GET['selectcat']),'name' => get_lang('Gradebook')); Display :: display_header(get_lang('MakeLink')); if (isset ($typeform)) { diff --git a/main/gradebook/gradebook_add_link_select_course.php b/main/gradebook/gradebook_add_link_select_course.php index daf1c8f2f8..0020eab2a4 100755 --- a/main/gradebook/gradebook_add_link_select_course.php +++ b/main/gradebook/gradebook_add_link_select_course.php @@ -27,7 +27,7 @@ if ($form->validate()) { } $interbreadcrumb[] = array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']), + 'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']), 'name' => get_lang('Gradebook' )); Display :: display_header(get_lang('NewCategory')); diff --git a/main/gradebook/gradebook_add_result.php b/main/gradebook/gradebook_add_result.php index 81d97f6607..61837481b1 100755 --- a/main/gradebook/gradebook_add_result.php +++ b/main/gradebook/gradebook_add_result.php @@ -1,27 +1,5 @@ validate()) { header('Location: gradebook_view_result.php?addresult=&selecteval=' . Security::remove_XSS($_GET['selecteval'])); exit; } -$interbreadcrumb[] = array ( - 'url' => $_SESSION['gradebook_dest'], - 'name' => get_lang('Gradebook' -)); +$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']),'name' => get_lang('Gradebook')); Display :: display_header(get_lang('AddResult')); DisplayGradebook :: display_header_result ($evaluation[0], null, 0,0); echo '
'; diff --git a/main/gradebook/gradebook_add_user.php b/main/gradebook/gradebook_add_user.php index 7b030fd8bd..614410d539 100755 --- a/main/gradebook/gradebook_add_user.php +++ b/main/gradebook/gradebook_add_user.php @@ -58,10 +58,7 @@ if ( isset($_POST['submit_button']) ) { } } -$interbreadcrumb[]= array ( - 'url' => $_SESSION['gradebook_dest'], - 'name' => get_lang('Gradebook' -)); +$interbreadcrumb[]= array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']),'name' => get_lang('Gradebook')); $interbreadcrumb[]= array ( 'url' => 'gradebook_view_result.php?selecteval=' .Security::remove_XSS($_GET['selecteval']), 'name' => get_lang('ViewResult' diff --git a/main/gradebook/gradebook_display_certificate.php b/main/gradebook/gradebook_display_certificate.php index 5f1df52220..dd3772f6e8 100755 --- a/main/gradebook/gradebook_display_certificate.php +++ b/main/gradebook/gradebook_display_certificate.php @@ -24,7 +24,7 @@ if (!api_is_allowed_to_edit()) { api_not_allowed(true); } $interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?', 'name' => get_lang('Gradebook')); -$interbreadcrumb[] = array ('url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['cat_id']),'name' => get_lang('Details')); +$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['cat_id']),'name' => get_lang('Details')); $interbreadcrumb[] = array ('url' => 'gradebook_display_certificate.php?cat_id='.Security::remove_XSS($_GET['cat_id']),'name' => get_lang('GradebookListOfStudentsCertificates')); Display::display_header(''); diff --git a/main/gradebook/gradebook_edit_all.php b/main/gradebook/gradebook_edit_all.php index eda0e14758..bf8488d5a9 100755 --- a/main/gradebook/gradebook_edit_all.php +++ b/main/gradebook/gradebook_edit_all.php @@ -33,24 +33,14 @@ if (empty($my_selectcat)) { if (!isset($_GET['exportpdf']) and !isset($_GET['export_certificate'])) { if (isset ($_GET['studentoverview'])) { - $interbreadcrumb[]= array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat=' . Security::remove_XSS($_GET['selectcat']), - 'name' => get_lang('Gradebook') - ); + $interbreadcrumb[]= array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat=' . Security::remove_XSS($_GET['selectcat']),'name' => get_lang('Gradebook')); Display :: display_header(get_lang('FlatView')); } elseif (isset ($_GET['search'])) { - $interbreadcrumb[]= array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat=' . Security::remove_XSS($_GET['selectcat']), - 'name' => get_lang('Gradebook') - ); + $interbreadcrumb[]= array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat=' . Security::remove_XSS($_GET['selectcat']),'name' => get_lang('Gradebook')); Display :: display_header(get_lang('SearchResults')); } else { - $interbreadcrumb[] = array ('url' => $_SESSION['gradebook_dest'].'?selectcat=1', 'name' => get_lang('Gradebook')); - - - $interbreadcrumb[]= array ( - 'url' => $_SESSION['gradebook_dest'].'?&selectcat='.Security::remove_XSS($_GET['selectcat']), - 'name' => get_lang('EditAllWeights')); + $interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat=1', 'name' => get_lang('Gradebook')); + $interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?&selectcat='.Security::remove_XSS($_GET['selectcat']),'name' => get_lang('EditAllWeights')); Display :: display_header(''); diff --git a/main/gradebook/gradebook_edit_cat.php b/main/gradebook/gradebook_edit_cat.php index b3bf2369af..6a0e0542f4 100755 --- a/main/gradebook/gradebook_edit_cat.php +++ b/main/gradebook/gradebook_edit_cat.php @@ -33,12 +33,12 @@ if ($form->validate()) { } $cat->set_visible($visible); $cat->save(); - header('Location: '.$_SESSION['gradebook_dest'].'?editcat=&selectcat=' . $cat->get_parent_id()); + header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?editcat=&selectcat=' . $cat->get_parent_id()); exit; } $selectcat = isset($_GET['selectcat']) ? Security::remove_XSS($_GET['selectcat']) : ''; $interbreadcrumb[] = array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat='.$selectcat, + 'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$selectcat, 'name' => get_lang('Gradebook' )); Display :: display_header(get_lang('EditCategory')); diff --git a/main/gradebook/gradebook_showlog_link.php b/main/gradebook/gradebook_showlog_link.php index f99bd3a67f..f75bebac65 100755 --- a/main/gradebook/gradebook_showlog_link.php +++ b/main/gradebook/gradebook_showlog_link.php @@ -2,26 +2,18 @@ /* For licensing terms, see /license.txt */ $language_file = 'gradebook'; //$cidReset = true; -require_once ('../inc/global.inc.php'); -require_once ('lib/be.inc.php'); -require_once ('lib/gradebook_functions.inc.php'); -require_once ('lib/fe/evalform.class.php'); +require_once '../inc/global.inc.php'; +require_once 'lib/be.inc.php'; +require_once 'lib/gradebook_functions.inc.php'; +require_once 'lib/fe/evalform.class.php'; + api_block_anonymous_users(); block_students(); -$interbreadcrumb[] = array ( - 'url' => $_SESSION['gradebook_dest'].'?', - 'name' => get_lang('Gradebook' -)); -$interbreadcrumb[] = array ( - 'url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']), - 'name' => get_lang('Details' -)); +$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?','name' => get_lang('Gradebook')); +$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']),'name' => get_lang('Details')); +$interbreadcrumb[] = array ('url' => 'gradebook_showlog_link.php?visiblelink='.Security::remove_XSS($_GET['visiblelink']).'&selectcat='.Security::remove_XSS($_GET['selectcat']), 'name' => get_lang('GradebookQualifyLog')); -$interbreadcrumb[] = array ( - 'url' => 'gradebook_showlog_link.php?visiblelink='.Security::remove_XSS($_GET['visiblelink']).'&selectcat='.Security::remove_XSS($_GET['selectcat']), - 'name' => get_lang('GradebookQualifyLog') -); Display :: display_header(''); echo '
'; echo '
'; diff --git a/main/gradebook/lib/fe/displaygradebook.php b/main/gradebook/lib/fe/displaygradebook.php index 94b259f7c2..549e64385c 100755 --- a/main/gradebook/lib/fe/displaygradebook.php +++ b/main/gradebook/lib/fe/displaygradebook.php @@ -13,7 +13,7 @@ class DisplayGradebook $status=CourseManager::get_user_in_course_status(api_get_user_id(), api_get_course_id()); if ($shownavbar == '1' && $status==1) { $header = '
'; - $header .= ''. Display::return_icon(('back.png'),get_lang('FolderView')) . get_lang('FolderView') . ''; + $header .= ''. Display::return_icon(('back.png'),get_lang('FolderView')) . get_lang('FolderView') . ''; if ($evalobj->get_course_code() == null) { $header .= '' . get_lang('AddStudent') . ' ' . get_lang('AddStudent') . ''; } @@ -71,7 +71,7 @@ class DisplayGradebook */ function display_header_flatview($catobj, $showeval, $showlink,$simple_search_form) { $header= ''; - $header .= ''; + $header .= ''; $header .= '
' . Display::return_icon('gradebook.gif') . get_lang('Gradebook') . '' . Display::return_icon('gradebook.gif') . get_lang('Gradebook') . '' . get_lang('FilterCategory') . '
 . get_lang( ' . get_lang('ExportPDF') . ''; // this MUST be a GET variable not a POST @@ -298,7 +298,7 @@ class DisplayGradebook if ($message_resource===false ) { $myname=$catobj->shows_all_information_an_category($catobj->get_id()); - $header .= ''.Display::return_icon('statistics.gif', get_lang('EditAllWeights')).' ' . get_lang('EditAllWeights') . ''; + $header .= ''.Display::return_icon('statistics.gif', get_lang('EditAllWeights')).' ' . get_lang('EditAllWeights') . ''; $my_course_id=api_get_course_id(); $my_file= substr($_SESSION['gradebook_dest'],0,5); if (($my_file!='index' || $status_user==1) || api_is_platform_admin()) { diff --git a/main/gradebook/lib/fe/gradebooktable.class.php b/main/gradebook/lib/fe/gradebooktable.class.php index 30f60746a5..71bc5c7d6e 100755 --- a/main/gradebook/lib/fe/gradebooktable.class.php +++ b/main/gradebook/lib/fe/gradebooktable.class.php @@ -345,7 +345,7 @@ private function build_id_column ($item) { $cat=new Category(); $show_message=$cat->show_message_resource_delete($item->get_course_code()); - return ' ' + return ' ' . $item->get_name() . '' . ($item->is_course() ? '  [' . $item->get_course_code() . ']'.$show_message : ''); diff --git a/main/gradebook/lib/gradebook_data_generator.class.php b/main/gradebook/lib/gradebook_data_generator.class.php index 8a300b136d..b849b22ea0 100755 --- a/main/gradebook/lib/gradebook_data_generator.class.php +++ b/main/gradebook/lib/gradebook_data_generator.class.php @@ -114,7 +114,7 @@ class GradebookDataGenerator function get_certificate_link($item) { if(is_a($item, 'Category')) { if($item->is_certificate_available(api_get_user_id())) { - $link = ''.get_lang('Certificate').''; + $link = ''.get_lang('Certificate').''; return $link; } } diff --git a/main/gradebook/user_info.php b/main/gradebook/user_info.php index 8f209cfa25..b618ad7da5 100755 --- a/main/gradebook/user_info.php +++ b/main/gradebook/user_info.php @@ -24,7 +24,7 @@ require_once ('lib/gradebook_functions.inc.php'); require_once ('lib/fe/userform.class.php'); block_students(); -$form = new UserForm(UserForm :: TYPE_USER_INFO, $user, 'user_info_form', null, api_get_self() . '?userid=' . $user_id . '&selectcat=' . $_GET['selectcat']); +$form = new UserForm(UserForm :: TYPE_USER_INFO, $user, 'user_info_form', null, api_get_self() . '?userid=' . $user_id . '&selectcat=' . Security::remove_XSS($_GET['selectcat'])); if ($form->validate()) { header('Location: user_stats.php?selectcat=' . Security::remove_XSS($_GET['selectcat']).'&userid=' .$user_id); exit;