chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixing double string conversion when sending messages see #3827

Browse Source
skala
Julio Montoya 13 years ago
parent 342746d602
commit 5107a9ed9c
2 changed files with 15 additions and 15 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 16
      main/inc/lib/message.lib.php
  2. 14
      main/inc/lib/social.lib.php

16
main/inc/lib/message.lib.php
Unescape View File

@ -239,20 +239,20 @@ class MessageManager
if (!empty($receiver_user_id) || !empty($group_id)) {
// message for user friend
$subject = Database::escape_string($subject);
$content = Database::escape_string($content);
// message for user friend
$clean_subject = Database::escape_string($subject);
$clean_content = Database::escape_string($content);
//message in inbox for user friend
//@todo it's possible to edit a message? yes, only for groups
if ($edit_message_id) {
//title = '$subject',
$query = " UPDATE $table_message SET update_date = '".api_get_utc_datetime()."', content = '$content' WHERE id = '$edit_message_id' ";
if ($edit_message_id) {
$query = " UPDATE $table_message SET update_date = '".api_get_utc_datetime()."', content = '$clean_content' WHERE id = '$edit_message_id' ";
$result = Database::query($query);
$inbox_last_id = $edit_message_id;
} else {
$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date ) ".
"VALUES ('$user_sender_id', '$receiver_user_id', '1', '".api_get_utc_datetime()."','$subject','$content','$group_id','$parent_id', '".api_get_utc_datetime()."')";
"VALUES ('$user_sender_id', '$receiver_user_id', '1', '".api_get_utc_datetime()."','$clean_subject','$clean_content','$group_id','$parent_id', '".api_get_utc_datetime()."')";
$result = Database::query($query);
$inbox_last_id = Database::insert_id();
}
@ -271,7 +271,7 @@ class MessageManager
if (empty($group_id)) {
//message in outbox for user friend or group
$sql = "INSERT INTO $table_message (user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date ) ".
" VALUES ('$user_sender_id', '$receiver_user_id', '4', '".api_get_utc_datetime()."','$subject','$content', '$group_id', '$parent_id', '".api_get_utc_datetime()."')";
" VALUES ('$user_sender_id', '$receiver_user_id', '4', '".api_get_utc_datetime()."','$clean_subject','$clean_content', '$group_id', '$parent_id', '".api_get_utc_datetime()."')";
$rs = Database::query($sql);
$outbox_last_id = Database::insert_id();

14
main/inc/lib/social.lib.php
Unescape View File

@ -177,18 +177,19 @@ class SocialManager extends UserManager {
$tbl_message = Database::get_main_table(TABLE_MAIN_MESSAGE);
$user_id = intval($user_id);
$friend_id = intval($friend_id);
$message_title = Database::escape_string($message_title);
$message_content = Database::escape_string($message_content);
$clean_message_title = Database::escape_string($message_title);
$clean_message_content = Database::escape_string($message_content);
$current_date = date('Y-m-d H:i:s',time());
$sql_exist='SELECT COUNT(*) AS count FROM '.$tbl_message.' WHERE user_sender_id='.($user_id).' AND user_receiver_id='.($friend_id).' AND msg_status IN(5,6,7);';
$sql_exist='SELECT COUNT(*) AS count FROM '.$tbl_message.' WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status IN(5,6,7);';
$res_exist = Database::query($sql_exist);
$row_exist = Database::fetch_array($res_exist,'ASSOC');
if ($row_exist['count']==0) {
$sql='INSERT INTO '.$tbl_message.'(user_sender_id,user_receiver_id,msg_status,send_date,title,content) VALUES('.$user_id.','.$friend_id.','.MESSAGE_STATUS_INVITATION_PENDING.',"'.$current_date.'","'.$message_title.'","'.$message_content.'")';
$sql=' INSERT INTO '.$tbl_message.'(user_sender_id,user_receiver_id,msg_status,send_date,title,content)
VALUES('.$user_id.','.$friend_id.','.MESSAGE_STATUS_INVITATION_PENDING.',"'.$current_date.'","'.$clean_message_title.'","'.$clean_message_content.'") ';
Database::query($sql);
$sender_info = api_get_user_info($user_id);
@ -198,12 +199,11 @@ class SocialManager extends UserManager {
return true;
} else {
//invitation already exist
$sql_if_exist ='SELECT COUNT(*) AS count, id FROM '.$tbl_message.' WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status=7';
$sql_if_exist ='SELECT COUNT(*) AS count, id FROM '.$tbl_message.' WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status = 7';
$res_if_exist = Database::query($sql_if_exist);
$row_if_exist = Database::fetch_array($res_if_exist,'ASSOC');
if ($row_if_exist['count']==1) {
$sql_if_exist_up='UPDATE '.$tbl_message.'SET msg_status=5, content = "'.$message_content.'" WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status = 7 ';
//$sql_if_exist_up='UPDATE '.$tbl_message.'SET msg_status=5, set content = '.$message_content.' WHERE id='.$row_if_exist['id'].'';
$sql_if_exist_up='UPDATE '.$tbl_message.'SET msg_status=5, content = "'.$clean_message_content.'" WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status = 7 ';
Database::query($sql_if_exist_up);
return true;
} else {

Write Preview
Loading…
Cancel
Save