From 4ade5c51bfae2fe31717098c4bfb303e87a801f3 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 27 Apr 2009 19:09:24 +0200 Subject: [PATCH] [svn r20126] Adding html filter to course fields see FS#4116 --- main/admin/course_add.php | 17 +++++++++++++---- main/admin/course_edit.php | 15 +++++++++++++-- main/course_info/infocours.php | 22 ++++++++++++++-------- 3 files changed, 40 insertions(+), 14 deletions(-) diff --git a/main/admin/course_add.php b/main/admin/course_add.php index 433cad93c9..45655bbb6e 100644 --- a/main/admin/course_add.php +++ b/main/admin/course_add.php @@ -1,5 +1,5 @@ applyFilter('visual_code','strtoupper'); $form->addRule('wanted_code',get_lang('Max'),'maxlength',$maxlength); $form->addElement('select', 'tutor_id', get_lang('CourseTitular'), $teachers); $form->addElement('select', 'course_teachers', get_lang('CourseTeachers'), $teachers, 'multiple=multiple size=5'); +//Title $form->add_textfield('title', get_lang('Title'),true, array ('size' => '60')); +$form->applyFilter('title','html_filter'); +$form->applyFilter('title','trim'); + $categories_select = $form->addElement('select', 'category_code', get_lang('CourseFaculty'), $categories); CourseManager::select_and_sort_categories($categories_select); +//Course department $form->add_textfield('department_name', get_lang('CourseDepartment'),false, array ('size' => '60')); +$form->applyFilter('department_name','html_filter'); +$form->applyFilter('department_name','trim'); + +//Department URL $form->add_textfield('department_url', get_lang('CourseDepartmentURL'),false, array ('size' => '60')); +$form->applyFilter('department_url','html_filter'); + $form->addElement('select_language', 'course_language', get_lang('CourseLanguage')); $form->addElement('radio', 'visibility', get_lang("CourseAccess"), get_lang('OpenToTheWorld'), COURSE_VISIBILITY_OPEN_WORLD); $form->addElement('radio', 'visibility', null, get_lang('OpenToThePlatform'), COURSE_VISIBILITY_OPEN_PLATFORM); @@ -119,8 +130,7 @@ reset($teachers); $values['course_teachers'] = key($teachers); $form->setDefaults($values); // Validate form -if( $form->validate()) -{ +if( $form->validate()) { $course = $form->exportValues(); $code = $course['visual_code']; $tutor_name = $teachers[$course['tutor_id']]; @@ -135,7 +145,6 @@ if( $form->validate()) break; } } - $title = $course['title']; $category = $course['category_code']; $department_name = $course['department_name']; diff --git a/main/admin/course_edit.php b/main/admin/course_edit.php index 0cdd9696a5..27e5e353a5 100644 --- a/main/admin/course_edit.php +++ b/main/admin/course_edit.php @@ -1,4 +1,4 @@ -defaultRenderer(); $renderer -> setElementTemplate($element_template, 'group'); $form -> addGroup($group,'group',get_lang('CourseTeachers'),'

'); - +//title $form->add_textfield( 'title', get_lang('Title'),true, array ('size' => '60')); +$form->applyFilter('title','html_filter'); +$form->applyFilter('title','trim'); + $categories_select = $form->addElement('select', 'category_code', get_lang('CourseFaculty'), $categories); CourseManager::select_and_sort_categories($categories_select); + $form->add_textfield( 'department_name', get_lang('CourseDepartment'), false,array ('size' => '60')); +$form->applyFilter('department_name','html_filter'); +$form->applyFilter('department_name','trim'); + $form->add_textfield( 'department_url', get_lang('CourseDepartmentURL'),false, array ('size' => '60')); +$form->applyFilter('department_url','html_filter'); +$form->applyFilter('department_url','trim'); + + $form->addElement('select_language', 'course_language', get_lang('CourseLanguage')); $form->addElement('radio', 'visibility', get_lang("CourseAccess"), get_lang('OpenToTheWorld'), COURSE_VISIBILITY_OPEN_WORLD); $form->addElement('radio', 'visibility', null, get_lang('OpenToThePlatform'), COURSE_VISIBILITY_OPEN_PLATFORM); diff --git a/main/course_info/infocours.php b/main/course_info/infocours.php index 1a4c954739..555353c820 100644 --- a/main/course_info/infocours.php +++ b/main/course_info/infocours.php @@ -1,10 +1,10 @@ -applyFilter('visual_code', 'strtoupper'); $prof = &$form->addElement('select', 'tutor_name', get_lang('Professors'), $a_profs); $prof -> setSelected($s_selected_tutor); $form->add_textfield('title', get_lang('Title'), true, array ('size' => '60')); +$form->applyFilter('title','html_filter'); +$form->applyFilter('title','trim'); + $form->addElement('select', 'category_code', get_lang('Fac'), $categories); $form->add_textfield('department_name', get_lang('Department'), false, array ('size' => '60')); +$form->applyFilter('department_name','html_filter'); +$form->applyFilter('department_name','trim'); + $form->add_textfield('department_url', get_lang('DepartmentUrl'), false, array ('size' => '60')); +$form->applyFilter('department_url','html_filter'); + $form->addRule('tutor_name', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('select_language', 'course_language', get_lang('Ln')); $form->addElement('static', null, ' ', get_lang('TipLang')); @@ -289,13 +297,11 @@ $values['allow_learning_path_theme'] = api_get_course_setting('allow_learning_pa $form->setDefaults($values); // Validate form -if ($form->validate() && is_settings_editable()) - { +if ($form->validate() && is_settings_editable()) { $update_values = $form->exportValues(); - foreach ($update_values as $index => $value) - { - $update_values[$index] = mysql_real_escape_string($value); - } + foreach ($update_values as $index => $value) { + $update_values[$index] = Database::escape_string($value); + } $table_course = Database :: get_main_table(TABLE_MAIN_COURSE); $sql = "UPDATE $table_course SET title = '".$update_values['title']."', visual_code = '".$update_values['visual_code']."',