chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r21899] Cleaning some code see FS#4389

Browse Source
skala
Julio Montoya 17 years ago
parent 1d913d1301
commit 4fc5d56a52
1 changed files with 63 additions and 38 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 41
      main/messages/message.class.php

41
main/messages/message.class.php
Unescape View File

@ -23,7 +23,9 @@
*/ */
require_once api_get_path(LIBRARY_PATH).'/main_api.lib.php'; require_once api_get_path(LIBRARY_PATH).'/main_api.lib.php';
require_once api_get_path(LIBRARY_PATH).'/online.inc.php'; require_once api_get_path(LIBRARY_PATH).'/online.inc.php';
class MessageManager {
class MessageManager
{
function MessageManager() { function MessageManager() {
} }
@ -56,7 +58,6 @@ class MessageManager {
GetFullUserName($uid). GetFullUserName($uid).
"</b>"; "</b>";
} }
} else { } else {
$success=get_lang('MessageSentTo'). $success=get_lang('MessageSentTo').
"&nbsp;<b>". "&nbsp;<b>".
@ -120,6 +121,12 @@ class MessageManager {
*/ */
public static function get_message_data ($from, $number_of_items, $column, $direction) { public static function get_message_data ($from, $number_of_items, $column, $direction) {
global $charset; global $charset;
$from = intval($from);
$number_of_items = intval($number_of_items);
$column = intval($column);
if (!in_array($direction, array('ASC', 'DESC')))
$direction = 'ASC';
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
$request=api_is_xml_http_request(); $request=api_is_xml_http_request();
$sql_query = "SELECT id as col0, user_sender_id as col1, title as col2, send_date as col3, msg_status as col4 FROM $table_message " . $sql_query = "SELECT id as col0, user_sender_id as col1, title as col2, send_date as col3, msg_status as col4 FROM $table_message " .
@ -168,6 +175,7 @@ class MessageManager {
public static function send_message ($receiver_user_id, $title, $content) { public static function send_message ($receiver_user_id, $title, $content) {
global $charset; global $charset;
if (is_numeric($receiver_user_id)) {
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
$title = api_convert_encoding($title,$charset,'UTF-8'); $title = api_convert_encoding($title,$charset,'UTF-8');
$content = api_convert_encoding($content,$charset,'UTF-8'); $content = api_convert_encoding($content,$charset,'UTF-8');
@ -189,17 +197,22 @@ class MessageManager {
$result = api_sql_query($query,__FILE__,__LINE__); $result = api_sql_query($query,__FILE__,__LINE__);
return $result; return $result;
} }
} else {
return false;
}
return false; return false;
} }
public static function delete_message_by_user_receiver ($user_receiver_id,$id) { public static function delete_message_by_user_receiver ($user_receiver_id,$id) {
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
$id = Database::escape_string($id);
$sql="SELECT COUNT(*) as count FROM $table_message WHERE id=".$id." AND msg_status<>4;"; $sql="SELECT COUNT(*) as count FROM $table_message WHERE id=".$id." AND msg_status<>4;";
$rs=api_sql_query($sql,__FILE__,__LINE__); $rs=api_sql_query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($rs,'ASSOC'); $row=Database::fetch_array($rs,'ASSOC');
if ($row['count']==1) { if ($row['count']==1) {
$query = "DELETE FROM $table_message " . $query = "DELETE FROM $table_message " .
"WHERE user_receiver_id=".Database::escape_string($user_receiver_id)." AND id=".Database::escape_string($id); "WHERE user_receiver_id=".Database::escape_string($user_receiver_id)." AND id=".$id;
$result = api_sql_query($query,__FILE__,__LINE__); $result = api_sql_query($query,__FILE__,__LINE__);
return $result; return $result;
} else { } else {
@ -217,7 +230,6 @@ class MessageManager {
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "DELETE FROM $table_message " . $query = "DELETE FROM $table_message " .
"WHERE user_sender_id=".Database::escape_string($user_sender_id)." AND id=".Database::escape_string($id); "WHERE user_sender_id=".Database::escape_string($user_sender_id)." AND id=".Database::escape_string($id);
$result = api_sql_query($query,__FILE__,__LINE__); $result = api_sql_query($query,__FILE__,__LINE__);
return $result; return $result;
} }
@ -260,6 +272,13 @@ class MessageManager {
*/ */
public static function get_message_data_sent ($from, $number_of_items, $column, $direction) { public static function get_message_data_sent ($from, $number_of_items, $column, $direction) {
global $charset; global $charset;
$from = intval($from);
$number_of_items = intval($number_of_items);
$column = intval($column);
if (!in_array($direction, array('ASC', 'DESC')))
$direction = 'ASC';
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
$request=api_is_xml_http_request(); $request=api_is_xml_http_request();
$sql_query = "SELECT id as col0, user_sender_id as col1, title as col2, send_date as col3, user_receiver_id as col4, msg_status as col5 FROM $table_message " . $sql_query = "SELECT id as col0, user_sender_id as col1, title as col2, send_date as col3, user_receiver_id as col4, msg_status as col5 FROM $table_message " .
@ -315,15 +334,17 @@ class MessageManager {
public static function show_message_box () { public static function show_message_box () {
global $charset; global $charset;
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
if (isset($_GET['id_send'])) { if (isset($_GET['id_send']) && is_numeric($_GET['id_send'])) {
$query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".$_GET['id_send']." AND msg_status=4;"; $query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".Database::escape_string($_GET['id_send'])." AND msg_status=4;";
$result = api_sql_query($query,__FILE__,__LINE__); $result = api_sql_query($query,__FILE__,__LINE__);
$path='outbox.php'; $path='outbox.php';
} else { } else {
if (is_numeric($_GET['id'])) {
$query = "UPDATE $table_message SET msg_status = '0' WHERE user_receiver_id=".api_get_user_id()." AND id='".Database::escape_string($_GET['id'])."';"; $query = "UPDATE $table_message SET msg_status = '0' WHERE user_receiver_id=".api_get_user_id()." AND id='".Database::escape_string($_GET['id'])."';";
$result = api_sql_query($query,__FILE__,__LINE__); $result = api_sql_query($query,__FILE__,__LINE__);
$query = "SELECT * FROM $table_message WHERE msg_status<>4 AND user_receiver_id=".api_get_user_id()." AND id='".Database::escape_string($_GET['id'])."';"; $query = "SELECT * FROM $table_message WHERE msg_status<>4 AND user_receiver_id=".api_get_user_id()." AND id='".Database::escape_string($_GET['id'])."';";
$result = api_sql_query($query,__FILE__,__LINE__); $result = api_sql_query($query,__FILE__,__LINE__);
}
$path='inbox.php'; $path='inbox.php';
} }
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
@ -334,7 +355,9 @@ class MessageManager {
if ($row[1]==$user_con[$i]) if ($row[1]==$user_con[$i])
$band=1; $band=1;
if ($band==1 && !isset($_GET['id_send'])) { if ($band==1 && !isset($_GET['id_send'])) {
$reply = '<a onclick="reply_to_messages(\'show\','.$_GET['id'].',\'\')" href="javascript:void(0)">'.Display::return_icon('message_reply.png',api_xml_http_response_encode(get_lang('ReplyToMessage'))).api_xml_http_response_encode(get_lang('ReplyToMessage')).'</a>'; if (is_numeric($_GET['id'])) {
$reply = '<a onclick="reply_to_messages(\'show\','.Security::remove_XSS($_GET['id']).',\'\')" href="javascript:void(0)">'.Display::return_icon('message_reply.png',api_xml_http_response_encode(get_lang('ReplyToMessage'))).api_xml_http_response_encode(get_lang('ReplyToMessage')).'</a>';
}
} }
echo '<div class=actions>'; echo '<div class=actions>';
echo '<a onclick="close_div_show(\'div_content_messages\')" href="javascript:void(0)">'.Display::return_icon('folder_up.gif',api_xml_http_response_encode(get_lang('BackToInbox'))).api_xml_http_response_encode(get_lang('BackToInbox')).'</a>'; echo '<a onclick="close_div_show(\'div_content_messages\')" href="javascript:void(0)">'.Display::return_icon('folder_up.gif',api_xml_http_response_encode(get_lang('BackToInbox'))).api_xml_http_response_encode(get_lang('BackToInbox')).'</a>';
@ -375,8 +398,10 @@ class MessageManager {
public static function show_message_box_sent () { public static function show_message_box_sent () {
global $charset; global $charset;
$table_message = Database::get_main_table(TABLE_MESSAGE); $table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".$_GET['id_send']." AND msg_status=4;"; if (is_numeric($_GET['id_send'])) {
$query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".Database::escape_string($_GET['id_send'])." AND msg_status=4;";
$result = api_sql_query($query,__FILE__,__LINE__); $result = api_sql_query($query,__FILE__,__LINE__);
}
$path='outbox.php'; $path='outbox.php';
$row = Database::fetch_array($result); $row = Database::fetch_array($result);

Write Preview
Loading…
Cancel
Save